Reddit on ACT Fibrenet

[Shubham]

send me some blocked domains on jio to check whether they are working or not.

Streamable is still not working. Neither are the porn websites.

 

[elepton]

Sites are blocked irrespective of trr setting. I do pass all 4 tests on cloudflare ESNI testing page. I have DNS set to 1.1.1.1 in my Asus router itself.

If ESNI is working but the site is still blocked, make sure you're using HTTPS and then try using DoH.

There are four methods of blocking that have been used by wireline ISPs:
1. DNS hijacking (easiest)
2. IP address blocking (difficult as IP addresses can keep changing)
3. HTTP blocking (deep packet inspection based on Host header and/or URI)
4. HTTPS blocking (deep packet inspection based on SNI)

DNS blocking can be implemented in two ways:

• ISP DNS server blocks the site but allows third-party DNS. Workaround: use any public DNS server
• ISP DNS server blocks the site and prevents (or intercepts) third-party DNS. Workaround: DoH

IP address blocking was very common in the old days but is rare these days.

HTTP blocking is widely used. Working around this is quite complicated and sometimes impossible without a proxy server or a VPN. Its easier to use HTTPS.

HTTPS blocking is used by large ISPs (this requires high-end routers). Workaround: ESNI

With HTTPS, DoH, ESNI and CDNs, website blocking is pretty much impossible as of today. The only feasible way would require DoH providers and CDNs to do the blocking themselves based on the geolocation of the user.

 

[d5aqoëp]

@elepton
What you say is all theory. But in practice, here on hathway, I have enabled DoH, ESNI, 1.1.1.1, as per instructions for Firefox on reddit. I pass all the 4 cloudflare tests but still all the blocked websites fail to load. Firefox statusbar says performing TLS handshake. Then it says connected at the bottom and then says "Secure Connection Failed"
This happens irrespective of DoH ESNI or the browser I use. Beginning to think this ESNI nonsense is another failed vaporware where everyone is hyping each other. But in reality it does NOT work as advertised.

 

[Shubham]

Yeah it has unblocked some sites, not all. So it doesn't work in reality.

 

[d5aqoëp]

For me zero sites are unblocked. Totally failed tech.

 

[elepton]

ESNI requires both server and client support. ESNI is a new technology and adoption in servers are very low.

It looks like the blocked websites that you're visiting don't support ESNI (yet).

 

---

[Sushubh]

And it seems that only Cloudflare hosted domains have access to it. Couldn't find any apache addon for it

 

[Shubham]

BRB After tweeting to Pornhub to implement ESNI

 

[Smh]

yeah contact both PH and Xvid+network to implement this

 

[d5aqoëp]

Guys I have tried this with all alleged cloudflare domains and sites which are blocked REMAIN BLOCKED irrespective of ESNI & DoH enabled or disabled. Who comes up with such shit tech? If this is not working with cloudflare's own hosted sites, I have zero hopes. I am already back to PIA's Firefox VPN plugin.
If I use trr = 2 (as suggested on reddit and all over internet) in firefox config, even this site fails to open. haha. Colossal fail !