Need a US IP Address?
Here’s a question that many people want the answer to – How can I obtain a US IP address? Well hopefully this post will help. If you don’t want an explanation and simply want an American IP address at a very low cost – then try this service – here, for a few bucks a month you can have a host of secure, fast US IP addresses plus Canadian, UK, Australian and lots of other countries at your fingertips.
Many web sites determine what you see based on your location, so for example if you want to watch Hulu – you need to be in the USA. Access is controlled by location so it doesn’t matter if you’re a US citizen, if you’re trying to access Hulu from a hotel in Rome then you’re Italian and you’ll get blocked. This is why changing your real IP address is becoming a much more common requirement, simply because that loads of the best websites restrict access depending on the location of your computer.
So for example anyone outside America may get blocked from a US banking site, and you’d certainly be blocked from accessing US-only sites like Hulu or Pandora.
More and more sites are restricting access based on location, it’s often due to licensing issues. Another reason is economic, many websites operate price discrimination (basically charging different prices to different people to maximise their profits), they obviously don’t like consumers finding the cheaper options!
So if you wanted to access a US only site and you’re outside the US, then you need to acquire a US IP Address. Then you could buy from a US only site or watch something like Hulu or Pandora irrespective of your location. Now your IP address is assigned to you by your ISP when you initially connect, there’s no way to change this without losing internet access.
However although you can’t change your IP address - you can hide your true address and present another one. You do this by connecting via either a VPN or a proxy server, both of these will obscure your real IP address. They both operate in similar ways, the proxy server routes all your web traffic via itself and simply forwards all data in both directions. The VPN is actually a secure, encrypted tunnel which routes all traffic from your computer through the VPN server. Both have strengths and weaknesses. In reality a VPN is more difficult to detect by remote web sites, although this can involve a slight overhead on speed in some situations.
Which one you choose is really dependent on what your requirements are – a VPN gives you security and more access to remote sites. But if you just wanted to access something like BBC Iplayer from outside the UK for example a proxy server is enough.
So perhaps we want to watch some shows on Hulu but we are based in Europe, for this particular channel a proxy won’t work as Hulu is able to detect them – so we need a VPN service. Unfortunately there are no free VPN services available unless you can access one through your employer or college. Many multinational companies have VPN/Remote access services to allow employees to access their home location. It’s worth checking this out although you should ask your IT department for clearance . Or you could make your own by installing a VPN service on a rented server or a friends US based computer.
But an easier option is to just select a VPN service which allows access to a wide variety of servers especially if you want to use it with an iPad or mobile device, check this post - Watching BBC Iplayer on Ipad in US. These services are all pretty low cost now and the best ones include servers all across the world. Here’s some things to check out when looking for a decent service :-
- Firstly check that the company have some method to allow easy connection. The decent companies have custom connection software to allow you to connect/disconnect easily.
- Make sure your subscription allows access to multiple servers in different countries included.
- Speed is essential if you’re going to use the service for watching video or any streaming media – try to choose a trial account first to test this.
- Be careful you don’t get locked into renewing accounts – use a payment system like Paypal if you can which you can cancel easily.
Unfortunately although there is now lots of choice, many of these services don’t have the knowledge and infrastructure to support high speed access. Avoid anything that seems too cheap or sponsored by advertisements, always test first with a short subscription or trial.
I basically use two different services which offer both proxy and VPN functionality at a decent price. Basically these will give you a full US IP address plus loads of different nationalities at a click of a button
Identity Cloaker is primarily a security product but offers both proxy and VPN modes for accessing BBC Iplayer, Hulu and all media sites. They have loads of US and even more UK based servers so if you want to watch the BBC Iplayer service then it’s probably your best option. They do have lots of servers in the France, Germany, Australia, Canada and throughout Europe as well though. They also don’t automatically renew your subscription either which I like.
Overplay is another great little company, I like their connection software which is easy to use. Lots of US servers included in the standard subscription. They also have the widest selection of servers although perhaps many won’t use most of them. If you need a server in somewhere unusual they are most likely to have them. The support staff know their stuff and are very helpful.
Both these companies allow Paypal and are easy to cancel when you need. They also had the fastest servers out of the ones I looked at. Don’t worry that they don’t openly advertise the bypassing functionality for sites like Hulu, BBC, ABC etc – it’s deliberate, the services which openly promote this functionality get closed down eventually.
Looking for a High Anonymous Proxy – Some Thoughts
If you’re looking for a super secure, highly anonymous proxy then it can be rather confusing. After all what does constitute such a server, there are no real definitions only opinions.
The first thing to be aware of is that if someone just adds the word secure or highly secure to their description it means nothing. There are literally thousands of one page proxy servers running as default installations on some free web hosting space which describe themselves as secure – they are not. To keep a proxy secure needs time, technical skill and a very real commitment to keeping the infrastructure secure.
For instance, there are loads of people running proxies who never even consider the question of which user context the proxy should be running in. It’s actually very important but surprisingly a huge number of people run their proxy services as root.
This is a very bad idea, not only does this potentially give an attacker a very real chance of obtaining complete control not only to the proxy but the server it runs on. The slightest bug or vulnerability in the service can be exploited – there goes the server, the data, user accounts and logs.
A Step Towards a Properly Secure Proxy
Someone more security aware might run the proxy service in the context of the ‘nobody’ user. The advantage of this account is that it has no real administrative rights or privileges and there the integrity of the server is maintained even if the account is compromised. It does have some rights though and can access public directories and any other directories or services running in the ‘nobody’ user context.
But the real secure way is to create a dedicated user account specifically to run the proxy server in. It would have no other function and importantly no other rights or permissions applied. This protects the server, the logs and any users data that may be on the machine. It’s a simple point but a fundamental step in running a truly secure proxy server and giving you a secure IP address to use – 99% of the proxies you find online won’t be set up like this.
The unfortunate thing is that people tend to imagine that a proxy server that obscures your IP address adds a level of security and anonymity automatically. This is simply not the case and a badly configured proxy is far worse than using no proxy at all. Remember that when you use a proxy server all your data is diverted through that server and everything is probably logged too. It’s a huge risk using a badly configured server, whether it’s meant to be a simple porn proxy or highly secure VPN!
The security of the proxy server is really dependent on the technical expertise of the people who set it up and run it. You’ll never get a secure proxy server for nothing simply because professionals don’t work for free. Kids running proxies on free web space who have no concept of security – do however.
Updated Content and Tags – May 10th, 2013
The Truth About Proxies
If you search on the internet you’ll find many proxy sites including plenty of USA based proxies – usually they consist of loads of adverts and a little slot in the middle of the page where you type the website you want.
These sites promise you the following -
- security
- anonymity
- ability to bypass firewalls
- ability to bypass content filters
In reality you’ll normally get none of these although to be fair there are some benefits. Here’s the truth about these proxies and the claimed benefits to help you make your own decision.
Security
If you’re really concerned about security and your privacy then the answer is don’t use these websites. certainly never use them to access any site that requires passwords or personal credentials. These sites normally are set up quickly and easily using a proxy software called Glype. This is simply installed on some cheap or free hosting account and surrounded by adverts in an attempt to make money.
Of course there’s nothing wrong with that but be aware the server is not secured, they are also not highly anonymous and there will be no mention of what happens to the logs and you are trusting that website with whatever data you send through it. In reality all you are doing is adding another risk to your browsing. There are some malicious web sites which exist just to steal any credentials that are sent through it.
Anonymity
The claim for anonymity for these sites can be partially true if they are configured correctly. What they can protect from is the web site you are visiting storing your IP address in it’s logs. The main problem with trying to stay anonymous on the web is two fold – firstly your browsing is logged in its entirety at your ISP, secondly it’s all in clear text so is readable by anyone.
The proxies will sometimes stop your IP address being logged at the web site you visit – that’s it. But in exchange it will be logged on their server which may well be run by a 16 year old in his spare time.
Using Proxies to Bypass Firewalls
This can work in a particularly lax environment but in those cases you probably won’t need a proxy server! If the firewall just blocks access to specific IP addresses or URLs then this might work. However most environments are rather more sophisticated than that. Also the majority of web proxy sites are themselves blocked anyway. They can be useful in countries with basic blocks on popular sites like Facebook and YouTube for example.
Using Proxies to Bypass Content Filters
This is a complete non starter as no web proxy will have the slightest effect here. The problem is that although a content filter also looks for specific web sites, IP addresses and content to block it actually looks at the request itself. Most filters look inside the packet themselves so proxies will have no effect whatsoever apart from getting you flagged by the IT Admins for trying to circumvent any restrictions. There is only one way to bypass a sophisticated content filter and that’s to use a concealed proxy server plus encrypt all your data. The encryption means that the content filter can’t look inside the packet and work out the destination. So if you don’t want to have every thing you do online logged and recorded by your ISP and/or employer then encryption is a must. It’s often used when people access pornography online – particularly popular in the middle East where a porn proxy are standard because of the various blocks implemented by the Governments.
Updated -
Time to Use a Proxy in Turkey?
I’m not sure of everyone else but when I hear that someone has been convicted of blasphemy, I instantly think it refers to the medieval ages or at least a long time ago. However this latest news story refers to a composer and pianist who has been convicted of blasphemy by a supposedly secular Turkish court.
The court has convicted the pianist and composer – Fazil Say of blasphemy and inciting hatred, for a series of Tweets that he made last year. The ten month sentence has been suspended however any similar offence would mean he’d be imprisoned, in a Turkish prison.
So what did he say ?
Well one message he tweeted a verse from a Persian poet called Omar Khayyam which attacks the pious and their hypocrisy. I’m not sure if anything happened to Omar but it sounds like 11th Century Persia was a little bit open minded about free speech than present day Turkey.
Other tweets made fun of certain religious practices and in particular teasing people about the Muezzin (the Muslim call to to prayer). All this apparently amounts to blasphemy in the country that was once a beacon for secular rule and free speech in the Muslim world.
Of course the fact that Fazil Say had been openly critical of the ruling party and the Turkish prime minister Recep Tayyip Erdogan, may have something to do with this ridiculous ruling. Other artists and intellectuals are increasing being targeted for any criticisms voiced in public.
Turkey is a wonderful country, however the ideals set out by Mustafa Kemal Atatürk seem to be slowly losing their importance in this country.
I have no religion, and at times I wish all religions at the bottom of the sea. He is a weak ruler who needs religion to uphold his government; it is as if he would catch his people in a trap. My people are going to learn the principles of democracy, the dictates of truth and the teachings of science. Superstition must go. Let them worship as they will; every man can follow his own conscience, provided it does not interfere with sane reason or bid him against the liberty of his fellow-men.
Many organisations have expressed concern, including the European Union. The EU Foreign Policy chief suggested that Turkey must respect the principle of freedom of speech. Fazil Say has not commented much yet, other than to express his disappointment at the ruling. He has suggested previously that he would leave the country if convicted, which of course as an International star he is able to do.
I know lots of Turkish people and have family there, this decision will not be popular. Turkish people are relaxed, fair minded and value freedom of expression as much as anyone. But the sad reality is that slowly Turkey becoming a society where people are scared to speak their mind. Slowly the internet is becoming more and more filtered in Turkey mainly due to pressure from religious groups. If you want to surf the internet without Government filters and controls you will already need to use proxy server or something similar.
Watching BBC Iplayer on an iPad in the US – Setting Up an iPad VPN
I’ve started to leave my laptop at home nowadays in preference to the wonderful iPad I bought last year. After I got used to the fear of dropping it, it’s become an essential companion – much easier to carry than a laptop, starts up immediately and is basically just a joy for a traveler.
Of course there are limitations, including the well documented Flash problem. However one of my main issues was the fact when I travelled to the USA, lots of my UK sites like BBC Iplayer and ITV just wouldn’t work. Now this isn’t a problem with the iPad specifically but it’s due to the fact that most of the UK media sites block access to anyone outside Great Britain. So I had to figure out how to change my IP address to a UK one by using proxies or VPNs to bypass these blocks.
Watching Iplayer using an IPad VPN
Now I work in IT Security and one of my favorite tools is Identity Cloaker which I also use to bypass all these location blocks. It works great on my laptop and PC but the software wasn’t currently available for the Mac OS or iPpad. However fortunately all of their servers including the US ones are VPN enabled – so all I needed to do was connect to one of those.
Anyway here’s the steps I followed to watch BBC Iplayer from the US -
- Select Settings
- Select General
- Select Networks
- Select VPN
All being well – you’ll be at this screen
So in this screen you can already see one VPN already set up – this one is for the US. But I need to add a UK one so -
Click - Add VPN Configuration
You should then find yourself in this screen -
Looks a little confusing but it’s not actually that difficult. Now two pieces of information are not published by Identity Cloaker for security reasons – but these are in the members area when you log in or email and ask for help if needed.
Here’s how you fill the fields in -
- Description – Give it a descriptive name – usually country name is best.
- Server – This is in the member area for Identity Cloaker users- UK VPN server names
- Account Name – Your Identity Cloaker Username
- RSA SecurID – Ignore this
- Password – Your IDC password.
- Secret – This is in members area for Identity Cloaker users under – VPN Secret Name
That’s all there is to it – just remember to Save the VPN configuration before you exit. It is there ready for you to use, whenever you need a UK address then you just enable the VPN as follows.
So to enable the VPN just turn it on from this screen, switch the slider to on. In this situation we would turn the British one on so we can watch BBC Iplayer outside the UK. Remember when you enable the VPN all data is routed through that server down an encrypted tunnel. You may want to disconnect to do your normal browsing after – although you should use it for secure browsing – online banking etc.
When the VPN is enabled properly then you should see this in the top left corner of your Ipad.
This method will probably work with other proxy/VPN subscription services as long as their servers are set up for VPN access – just ask them for the information you need. To get access on a laptop or PC then check out this other post - BBC Iplayer outside UK.
If you haven’t got an Identity Cloaker subscription – it’s best to try this cheap ten day trial first to make sure you can get it working.
Updated – included extra information on VPN
Why Can’t I Watch the BBC Online Abroad?
You might have heard the terms before, but the real reason people are increasingly using VPNs and proxies is simply that thousands of wonderful media sites online are now restricted based on your location and IP address. When you connect, they check your location based on your IP address and then decide what you can see – it’s the reason why I can’t access M6 Replay outside France or watch BBC Iplayer anywhere except the UK.
For instance, I was recently in Spain with my work and got kinda bored staying in a hotel. So decided to watch some UK television online using my laptop. Unfortunately I then discovered that because I then had a Spanish IP address (from the hotels Wifi), I was now blocked from all the best UK websites like the BBC Iplayer and ITV etc. It was kind of annoying until I discovered there was a solution and an easy one at that.
By the way if you don’t know why people are so keen to get access to BBC Iplayer - you should really check it out. It’s without doubt one of the best media resources available online, in fact I don’t think anything comes close although there are some excellent US sites like Hulu and Pandora for music.
Anyway for those of us who either live or travel abroad a lot, having access to these sites is a godsend. You don’t have to sit watching a TV show in a language you don’t understand or some awful cable channel.
So What is the Solution to Watching BBC IPlayer Abroad?
Basically the problem is your IP address, everyone is linked to a specific country and it’s very easy to look up. Many websites look your location up as soon as you access their site, they then tailor what you can see based on that information. It’s called Geotargeting and frankly it’s extremely annoying – you’ll normally get an error message like the image below.
Or perhaps this one if you try and access Pandora outside the US.
The way around it is quite simple, you just have to make the website think your in a different country by using an IP address from the required country. Unfortunately you can’t modify your own address easily as this is assigned by your ISP. However you can connect via a proxy server based in the correct country and use it’s address.
So for example to watch BBC Iplayer outside the UK you’d connect through a UK proxy. If you wanted to watch Hulu from outside the US then you’d need a proxy based in the USA, Pandora needs an American one too and so on.
It’s really that simple – the website sees the IP address of the proxy server and not your real one. This short video shows the steps -
Where do I get a Proxy Server to Watch Iplayer or Hulu?
There’s a few options depending on time and budget. You can find some free ones online if you search – however it takes a long time to find one in the right country and fast enough to relay video through. In reality you’ll be best to settle on one of the many services that are available. A commercial service should be plenty fast enough and you know it will always be working when you want to watch something.
The one I use is Identity Cloaker which has been around for many years – it’s way better than any of the TV watching services and does much more. Try the trial first if you are unsure to test it out -
Identity Cloaker 10 day trial – it gives you access to all the top media sites in UK, USA, France, Canada and Germany to name only a few.
Iceland Seeks to Ban Pornography Online
Well if you like to idle away those long winter nights (and days) in Reykjavik by surfing a little porn online, then you might want to consider moving away. The Iceland Government have decided they want to do something good for their citizens (as opposed to bankrupting the country with a hopeless banking system) and are going to ban pornography from the web in Iceland.
Every time I see these sort of stories my heart sinks, why can’t people just leave the internet alone and let people make up their own minds. You might think that it’s all for a good cause, banning all that nasty porn stuff and everyone will behave and be nice to each other. Who knows they might be right, but what I do know is that censoring and filtering the internet doesn’t work – it never does.
An adviser to Iceland’s interior minister- Ogmundur Jonasson who is drafting the legislation was quoted as follows -
“At the moment, we are looking at the best technical ways to achieve this…..but surely if we can send a man to the moon, we must be able to tackle porn on the internet.”
A comment that first got me thinking, can Iceland actually send a man to the moon and secondly they haven’t got a clue about how to achieve this and what sort of issues they will face.
It’s just another of these populist ideas that politicians have, the fact that when you start censoring and filtering the internet, you also start to erode people’s civil liberties. I have no idea if there is any scientific basis to the argument that no porn on internet = less rape and sex crimes, I suspect very little. However I do know that any content filtering will only work against a minority of citizens and almost exclusively on the law abiding ones.
There are so many ways to bypass these filters, that your average sexual predator will easily be able to access whatever pornography they like. The Chinese Government have invested billions in their Great Firewall of China and yet your average 12 year old Beijing schoolboy can easily bypass them using a simple VPN or high anonymity proxy. Do we have any evidence that Iceland will come up with a technical solution more advanced than the People’s republic of China – obviously it it’s not going to happen.
What will happen is that another Government will have a little more control over it’s citizens, but only the ones who follow rules anywhere. The Iceland government will also have this infrastructure installed so maybe next year they’ll think of some thing else we shouldn’t do online and will add that to the banned list. It always happens you start by banning one thing then it just get’s easier and easier to control more aspects of what people can do online.
It’s negative, oppressive and most of all it doesn’t work…..
If you’re in Iceland, Kuwait, Iran, China or anywhere else where the Governments decides whether you can watch porn, politics , sports or whatever – then try this – Identity Cloaker, it’s not just a simple proxy for watching porn over, but a sophisticated security product that can bypass all sorts of blocks and filters and keep you hidden whilst you do so!
Using a Proxy Server to Enhance Freedom on the Internet
The United States of America is known for its declarative stances on life, liberty and the pursuit of happiness. However, this doesn’t seem to be the case when we spend a lifetime – pursuing liberty – only to be met with the unhappiness of censorship. In today’s modern world, the battle for freedom, along with the war against freedom of expression, has shifted gears online. Repressive regimes persistently undermine global civil liberties; cunningly employing various Internet censorship techniques to appear stagnant and under the radar.
The magnitude of Internet filtering and censorship in any given nation is measured by the OpenNet Initiative, or “ONI.” According their website mission statement, the OpenNet Initiative aims to “identify and document Internet filtering and surveillance, and to promote and inform wider public dialogues about such practices.” There are 5 categories of censorship magnitudes (in addition to various nations profiled on ONI’s website) that are structured upon the following bases:
1.) Lack of Evidence
In this case, there is no apparent evidence that websites are being blocked by the government, though forms of control may be employed. The biggest offending countries of proof-voided corroboration are: Afghanistan, Algeria, Bangladesh, Egypt, France, Germany, Iraq, Israel, Malaysia, Nepal, Nigeria, Uganda, Ukraine, United Kingdom, United States, Venezuela and finally, Zimbabwe.
2.) Suspected
This category alludes to suspicion of blocked websites by governmental influences, yet without tangible confirmation. A prime example is North Korea, which has a national intranet with approximately 30 approved websites. North Korea is an extremely isolated country, and this separation contributes to the difficulties posed in obtaining substantial information.
3.) Selective
This grouping implies that a small number of websites may be blocked, and/or a small number of people may see filtered results. Countries such as Armenia, Azerbaijan, Belarus, Georgia, India, Italy, Jordan, Kazakhstan, Libya, Moldova, Morocco, Russia, Singapore, Tajikistan, Thailand and Turkey serve as the deeming nations under this category.
4.) Substantial
This category identifies nations that filter search results, while further blocking websites at a regularly-low or moderate level. Countries likely to be considered under this grouping are Burma, Ethiopia, Gaza and the West Bank, Indonesia, Pakistan, South Korea, Sudan and Uzbekistan.
5.) Pervasive
Under this extreme magnitude, massive censorship is implemented by the government. Many websites are blocked and freedom of expression is severely limited. Participating nations include: Bahrain, China, Iran, Kuwait, Kyrgyzstan, Lebanon, North Korea, Oman, Qatar, Saudi Arabia, Syria, Tunisia, Turkmenistan, United Arab Emirates, Vietnam and Yemen.
In an attempt to expose cyber filtering and surveillance practices, OPI monitors and rates four areas of Internet activity, as listed below.
i.) Social
These websites generally centralize around taboo issues; ranging from sexually-explicit content, various forms of betting and drugs. The worst offending countries are considered to be: North Korea, Yemen, Uzbekistan, United Arab Emirates, Tunisia, Saudi Arabia, Qatar, Oman, Kuwait, Iran and Bahrain.
ii.) Political
This area pertains to website content that opposes, refutes or negates governmental control. Additionally banned are issues regarding human rights and freedom of expression. Implied transgressing countries are North Korea, Vietnam, Turkmenistan, Tunisia, Syria, Libya, Iran, China, Burma and Bahrain.
iii.) Internet Tools
This degree interferes, monitors and tampers with e-mail; web hosting; search and translation; VoIP communications and social media. In light of the Arab Spring uprising, social media has skyrocketed as expressive platforms that convey both sentiments and information in opposition with imposed, authoritative control. The worst offending nations are North Korea, Yemen, United Arab Emirates, Tunisia, Syria, Saudi Arabia, Qatar, Kuwait and Iran.
iv.) Conflict & Security
This classification includes anything spanning a vast military spectrum, with sectors in opposition, separatist movements and militant groups. The nations assumed under this category are North Korea, South Korea and China.
In a June 2011 issue of the New York Times, the United States was chronicled as a nation engaged in a global effort to “deploy shadow Internet and mobile phone systems[in which] dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.” Additionally, internet censorship can be circumvented by utilizing a proxy server website to access banned data. A proxy server website is an un-blocked server that is outside of the censored geographic area of the user. This website tool enables retrieval of censored data. Another way to informationally-intervene is by changing a censored IP address to that of an IP from a non-censored country. For assistance in visualizing the above information, look at our infographic below which showcases the key points of anti-censorship data. After all, it’s only fair that a democratic nation encourages “freedom of speech” as a globally-applicable entitlement.
Source: http://en.wikipedia.org/wiki/Internet_censorship
Source: http://en.wikipedia.org/wiki/Internet_censorship_circumvention
Source: http://en.wikipedia.org/wiki/Proxy_server
Source: http://opennet.net/research/profiles
Source: http://answers.yahoo.com/question/index?qid=20080223102536AAU9EcG
The Internet – A Forum for Free Speech
Freedom of expression is classed as a basic human right both in UN statute and International law. Of course this doesn’t mean that all countries and governments respect this right – clearly when you look at countries like Iran, China and Syria that certainly isn’t the case.
Post something critical online about the Thai royal family and if you live in Thailand, expect a knock on the door very soon. Egypt, Turkey, Gaddafi’s Libya and lots of other Middle Eastern countries also have take a very keen interest in controlling what is posted and discussed on the internet.
The control is usually implemented by fear supplemented by draconian filtering and censoring technologies. Facebook and YouTube are routinely blocked in lots of countries across the world simply because they are very lightly moderated and actively encourage free discussion.
Forums are also a great way for people to gather and discuss various topics and I want to tell you the story of an Arabic discussion forum called Tomaar.net. The site was initially created as a place for Saudis to discuss philosophical aspects of Islam – here’s a screenshot of it.
Tomaar Forum
The forum became very popular primarily because it was a place where subjects like women’s rights, equality and homosexuality could be discussed by Saudi’s in the context of their religion. It soon started to attract visitors from across the world and became a hugely successful forum for Arabic speakers. Needless to say that site was not very popular with the religious fundamentalists who hated this sort of free discussion – and this included the Saudi Government.
The forum was hosted in the USA, so it couldn’t be closed down by the Saudi Government who did however block all access from any ISP situated in their country. Fortunately the forum users were sophisticated web users and were able to use circumvention tools like Identity Cloaker and TOR to bypass the blocks and filters. Also many users lived outside Saudi Arabia and were not subject to the ban and so the forum continued to grow in popularity.
What Happened Next to Tomaar.net?
Well the forum had a pretty tough time over the coming months after the Saudi blocks were put up. First of all their hosting providers suddenly pulled the plug, no warning just a letter terminating their contract. Then followed a succession of hosting providers but all were unable to keep the forum up for very long.
Tomaar.net was being targeted and overloaded by frequent DDOS attacks. DDOS stands for Distributed Denial of Service and is basically when a web server is overloaded by loads of computers (also called a botnet) all making repeated requests at the same time. The server hosting the forum was being overloaded and falling over.
You can defend against these attacks and in fact they tried valiantly to keep the forum up commissioning specialist companies like Prolexic Technologies to protect the site. However in the end it just became too costly to protect the site against these regular attacks, the Tomaar site died and a lively discussion forum exists only in the cache of sites like the Waybackmachine.
Was the Saudi Government responsible for all this, there’s no direct proof that I know of. However there are many who strongly believe they were behind the attacks. The reality is that is would be extremely easy for a Government to shut down a site like this, you can even buy large DDOS attacks online for a few hundred dollars.
This is perhaps the most worrying aspect that even a site hosted in a country famous for protecting freedom of speech is not safe. It’s so very simple to close down a website if you have some resources available – no problem at all if you’re an oil rich fundamentalist government.
How to Authenticate a User – Cookies
Nearly every web site faces this dilemma – how to authenticate and identify the users of it’s site. In real life it’s not difficult, you can give someone a photo id or pass, or even ask people to show their drivers license.
The point is that in the real world, you can provide proof of your identity by using a physical credential. So you can borrow a DVD from Blockbusters or get a discount in a hotel by simply showing a specific card that you possess.
The Digital Identification Dilemma
Unfortunately it’s not quite the same in the digital world, it’s impractical (although not impossible) to supply physical credentials to prove your identity. But it does work on basically the same premise – the web site request your credentials and you need to supply them to continue.
An online authentication system like a web site – needs to be supplied with one of the following:
- Something you possess
- Something you know
- Something you are
- Any or all of the above
All these are called ‘authentication factors’ and the more that is supplied – then supposedly the more secure the system is meant to be. For instance if you hear a phrase like ‘Two Factor Authentication’ it simply means that you need two of the above to verify your identity. For example an ATM machine is a good example as you need a card (something you possess) and a PIN access code (something you know) in order to draw out some cash from your account.
In the digital world there are many simple but slightly unreliable ones, for instance verifying your location by IP address is simple to code, but unfortunately unreliable as they c an change freqeuntly. There is one main way of authenticating a user online and that is the ‘cookie’. It’s a term that most of us will be aware of but perhaps not entirely sure what they are.
The cookie is defined as a ‘handle, transaction id, or other token of agreement between operating systems’. The cookie is like the ticket you get when you leave your suit at the dry cleaners. It’s good for only one thing, to get your suit back. The cookie is exactly the same in digital format – a record of a specific transaction or visit. The only difference apart from the lack of a physical token is that the cookie will be updated each time you come back and visit the same site.
This is basically what happens when you visit a web site:
- Web site asks browser to store some information.
- Web site supplies the information.
- Browser stores the information in a file locally (the cookie).
- Cookie doesn’t contain any private information.
- Cookie is presented on subsequent visits.
It’s not that complicated and it’s not intended to be. The real aim is to identify subsequent visits by the same individual – with the aim of storing passwords, preferences and choices made by that person. All the major browsers have the facility to block or restrict cookies of course if you are concerned about the privacy issues.