[ctbritt]

Hello all-- I'm hoping someone can offer some advice.

I'm moving soon to a country that shall not be named, but it's got hella internet filters because it wants to protect its poor citizens from the evils of the West. It even deems Flickr a threat. Whatever.

I would like a solution to get around this, and I need to get it before I move to said country because their filters block access to proxies, information about proxies or information about evading the filters.

Email is not a problem. I already use secure email using OS X that is encrypted and signed. My wife uses hotmail and doesn't care.

Its normal internet traffic that's the problem. I'm thinking I need to set up a server in the states (ideally using a Mac Mini) on a home DSL line at my brothers'. I want to be able to connect securely to this machine that will then route my Net traffic back to me, by passing this country's filters. The problem is I'm not sure exactly what this involves. Web ssl? SSH? I've been doing some research but it's very technical and I"m not understanding it so much. I think I need to set up a VPN to connect to the Mac Mini that then acts as a web proxy, right?

I'd like the system to be like this:

1. I set up the networking system pref on my laptop to connect to a proxy server (or VPN) on both mine and my wife's MacBook Pros and forget it.
2. The USA-based system should be as maintenance free as possible. (I'm hoping with screen sharing in leopard, I'll be able to maintain it.)
3. I want to be able to connect to a innocuous URL (for the proxy) that I already own that resolves to the Mac Mini in the states.
4. It should be open-source if possible or OS X-based.
5. It should all run on Mac OS X Leopard. (Do I need the server version to do this?)

Any thoughts on how to do this? Simple and transparent are the watchwords once it's set up... I don't mind a bit of complexity in the middle, if it's easy enough to follow. But my wife is very non-technical and she doesn't want to bother with a bunch of terminal commands.

Thanks very much, and I hope someone can point me in the right direction.

best,
chris

[Cold Warrior]

My first suggestion would be to not use your name on the Internet when asking that question. A quick Google search for you by a 3rd-party intelligence service would no doubt turn up this question.

VPN is simple and effective. You can purchase a router for your US-based residence, and you'll be able to use OS X to tunnel securely to it. At that point anything you choose to do on the net will appear as if it's coming from your US broadband connection.

Another option is to use a commercial VPN provider. I use VPNout and they work well. You'd need to use the openvpn client and Tunnelblick as your GUI (if you want a gui). Openvpn needs only a single port open. It automatically searches for it, then uses it to encrypt the connection to your VPN.

If that country is serious about filtering, it may employ people who scan logs for lots of encrypted activity outside of standard SSL web traffic.

[bearcatrp]

I wish I could remember the site I read about. I was reading a newsgroup in one of the many I have about defense. They were talking about a series of servers set up for journalist in some of these countries to bypass the country there in and bounce through 5 or 6 hosts to get messages out and stuff. I was on the site once and even asked for other volunteers to set there computer up to help with the cause. I'll try to find it and get back to you but this would work for you (if I can find it again). Try doing a search on journalist in foreign countries and see if you find it.
Randy

[ctbritt]

you make a good point, cold warrior, and i've edited the post. I also found Witopia.net, which seems like a good solution. I'm looking at VPNout, too.

Thanks!

[hwojtek]

Don't forget Saudi Arabia bought enough equipment to make life much harder than expected if these (relatively) low-end VPN solutions are used.
AFAIK the only way for an uncensored internet experience is to connect through the independent link your Embassy has. Which means - going to the Embassy's library.

[Cold Warrior]

If you have plenty of money, you could also try to use a satellite solution.

[rjt1000]

Using an SSH SOCKS proxy would work for you in most places in the world, allowing you to create an encrypted tunnel between the hostile country and your USA based computer (for more info check out my post in this thread). But if the country you are moving to may be monitoring internet traffic for any use of encryption, and possibly penalize you heavily if you do, I could not advise you to use it. I would suggest speaking with western expats once you arrive and get their advice on how best to connect to the west. Good luck.

[dimmer]

The "Reports without Borders" document on this topic may be of use to you as well. As may the BoingBoing.net page.