The internet is not so free as it seems: even outside of authoritarian countries like China and its Great Firewall, many people are routinely denied access to sites that have content authorities deem harmful. How do these blocks work, though? What methods do governments employ to control the web?

Why Censor the Web?

Before we look at the how, let's take a look at the why. There are plenty of reasons governments would want to censor the web to some extent: Russia for example blocks many news sites that don't put the invasion of Ukraine in a positive light. China doesn't want any news that hasn't been approved by the government shown to its people.

It's not just authoritarian regimes that block certain web sites, though: many western countries block extremist content, for one, and in the U.S. the National Coalition Against Censorship is campaigning against the way public libraries block sites using keywords associated with sexually explicit content---including sex education materials.

Manipulating Search Results

That brings us to one common way to censor the web: manipulating search results and  keep people from seeing specific material. China is famous for this, with weird results when you search for anything politically sensitive.

However, it's not just the People's Republic that has search engines filter out unwanted results: for the past two decades, Google won't display search results for extremist content in Germany and France, including neo-Nazi material as well as that associated with religious fundamentalism.

Blocking the Web

However, not all methods used are this subtle. Many governments, especially of the strongman variant, will use more direct ways to curtail what their citizens can consume online, by placing blocks.

Blocking IPs

Probably the most common of these is IP blocking, where the authorities block access to a set of IP addresses, usually through internet service providers (ISPs). If you try to access an IP associated with Facebook from, say, China, the Chinese ISP you're using will not let your traffic through because the People's Republic has decided Facebook is not for China.

We suspect that blocking is the most widely used tool because it's pretty easy to set up: you're just telling a server that it can't connect somewhere, it's as simple as filling out a list. However, it's pretty easy to get around, all you need to do is change your IP address to one that can get around the block and that's it---we'll talk more about this later.

Though it's used a lot by authoritarian governments to control who accesses what, IP blocking isn't just a tool of repression. It's also used by companies to make sure only people from certain countries access their services, or by streaming services like Netflix to offer specific content to certain countries.

DNS Tampering and Hijacking

A second method that can be used is DNS tampering. DNS servers connect an IP address to a site name and messing with their records means you effectively block a site. Think of it like IP blocking with extra steps, so instead of denying access to a range of IPs, you're saying all IPs associated with a certain name, let's say facebook.com, are blocked.

A variant of this is DNS hijacking or redirection, where a DNS server has been altered to take you to a different site. China has been reported to have done this a lot in the past, though less thanks to it causing issues in the wider network. Criminals still like it a lot, though, and will have a reputable site's DNS server redirect you to an identical fake to steal your login credentials and personal data---Cloudflare has a full report.

Port Blocking

A third way to outright deny traffic going in and out of a system is through port blocking, also called blacklisting. In networking, a port is a connection to the internet for a specific type of traffic. Most modern email, for example, uses port 587. Were you to block that port on a specific network, no email will be sent or received.

According to at least one academic paper, China uses this method to block encrypted traffic when it has overcome the country's IP blocks. It's effective because it's hard to get around it, but it doesn't seem to be used routinely since it can also shut down legitimate traffic on connected networks.

Shutting Down the Web

Of course, all the above methods still let people use the web, just not all of it. However, when pressured, authoritarian regimes the world over have been more than happy to simply hit the "off" button when their people become a bit too rebellious.

One example is Egypt in 2011, when massive protests, partially organized via social media, looked like they might make the government under strongman Hosni Mubarak fall. To prevent further communication, Mubarak's government simply ordered the entire Egyptian internet shut down with just a few phone calls. The military dictatorship in Myanmar did something similar in the months following its successful coup in 2021.

The reasons why these regimes can so easily switch off the web are a little hard to summarize, but in short these countries usually have only a few points of access to the internet. Egypt, for example, only had three access points in 2011, so forcing those three to cooperate---not too hard in an economy controlled by the state---meant that's all it took. Myanmar has similar issues.

The Chinese web is more developed than these two countries, but there the government has made it so that as much as 80 percent of its internet flows through just one access point. If Beijing ever wants to shut down its internet, one phone call might be all it takes.

How You Can Get Around Censorship

There is some good news, though: though a full shutdown is hard to get around, getting around regular censorship is actually not that bad. There are several tools that can help you get around most blocks, whether they block IPs, mess with DNS, or just hide search results. The trick is to connect to a location outside of the block and then access the web like normal.

The two best pieces of technology for this are Shadowsocks and virtual private networks. Though they can't deal with port blocking, which is only a tiny step removed from cutting off the web entirely, they sail past all other forms of blocking.

Both have their pros and cons---check out our Shadowsocks versus VPN comparison for more on them---but in each case with a small investment of time or money you can be up and running and accessing the web without any issue.