How is Airtel Blocking Even https:// Sites?

[demonicult]

This thread is so much in chaos and confusion. I read this thread 2 times really to understand whats been concluded here.

What scary from this thread is, Airtel is continuously experimenting with enforcing censorship even on https traffic and at some level they have been successful, in few years they probably will be able to achieve complete censorship control as most traffic (for almost all ISPs) pass through airtel and tata. The censorship for https traffic might be limited to airtel customers at first but once its successful a backroom meeting might force/tempt other ISPs to use their technology as it ensures DoT directives are upheld very well!
Capitalism FTW! /s

 

[Sushubh]

well the sooner people realize the value of a good VPN, the better it would be the people of this country. not only to get around stupid blocks but also to prevent snooping by your isp and your government.

 

[apuw]

I read this thread 2 times really to understand whats been concluded here.

Then you probably didn't read it good. Its been proven that Airtel uses Netsweeper by looking at the URL parameters and even news reports of the same.

 

[Jiharsh]

Even bsnl block some https links.

 

[apuw]

Thanks for letting us know @Jiharsh. Can you please paste here the page source where the https:// linked is blocked. We maybe able to get more information out from it.

 

[apuw]

@Sushubh I was recently getting a NET::ERR_CERT_AUTHORITY_INVALID error on websites due to some configuration error on a Cisco product used by my LCO. This certificate was being used: Cisco Umbrella Secondary SubCA hkg-SG

This Google forum post describes my issue: exactly Google Groups

The error has since been resolved by contacting the LCO.

Any idea which Cisco product they are using and why?

 

[Sushubh]

this is something that @x720 might know something about. i am not really into these things.

 

[x720]

From what I know, Cisco Umbrella provides DNS level security/filtering. Here's a nice video from Cisco. I'm guessing your ISP did not set up the policy correctly, leading to legit sites also getting blocked.

 

[apuw]

@x720 You are probably right. I knew instantly that it was a problem from the LCO's side as I had previously seen phishing websites getting blocked by OpenDNS which I do not use. The certificate issue is there again and the LCO is still trying to fix it.

It is probably a configuration problem on a network device which is corrupting the secure certificate chain and leading to the aforementioned certificate errors.

 

[liverpool79]

Since last 1 week i'm unable to access T P B: Firefox can’t find the server at....

Tried pinging and can't find host.Should i change to Google DNS on my device?