How do authorities use firewalls and other tools of internet control?

What is a firewall? 

A firewall is like a security guard for your computer or a network. It watches the data that comes in and goes out and decides whether to allow it or block it based on a set of security rules. In principle, a firewall on your own devices isn’t a bad thing. It can help protect your system from cyber criminals and other threats by keeping unwanted or harmful data out or specific data in. 

However, governments across the globe are increasingly deploying mass surveillance technologies and systems of censorship—including firewalls—to monitor communications, block access to content online and restrict access to social media at scale.  

Censorship systems take various forms, typically involving the monitoring of telephone and internet traffic through telecom operators and internet service providers. This monitoring is often mandated by communication regulators, security agencies or even required by law. In practice, national firewalls and similar internet censorship technologies are just one among many tools in the box of mass surveillance systems. 

Government-installed firewalls are one such example of censorship. They can block free access to the internet by restricting certain websites or content online. When governments do this, they are restricting fundamental human rights like freedom of expression and access to information.  

How does a national firewall work? 

To censor content online or block internet traffic, it is first necessary to monitor the requests of internet users and identify the websites and services they are trying to use before they can be blocked. National firewalls have this built-in monitoring functionality

Some of the ways in which government-installed censorship firewalls are used as tools for internet control include: 

  • Filtering Content: Firewalls use filters to block specific keywords, internet protocol addresses (known as IP addresses, unique numbers that identify a device on the internet, allowing it to send and receive information), or domains (for example, www.amnesty.org) which have been added to the block list. When a user tries to access a blocked site, the firewall prevents the connection entirely or throttles the connection, so it feels a lot slower. 
  • Domain Blocking: Firewalls can also monitor and block specific domains at the domain-name level. A domain is a readable name, like amnesty.org, that is used to find and access websites on the internet instead the numerical IP address. When someone tries to access a blocked website, a request is made to find the address of that website. Internet service providers and national filters can block or modify the IP address received in response, preventing the website from loading. 
  • IP Blocking: Firewalls can block access to specific IP addresses. This means that any content hosted on that IP address, such as a website or server, is inaccessible to users behind the firewall. This can cause collateral censorship where other non-targeted websites also get blocked 
  • Deep Packet Inspection: Most modern firewalls can also perform deep packet inspection to analyze and filter internet traffic. Deep packet inspection is a method used to check the contents of data being sent over the internet to see exactly what it is, rather than just looking at basic information like where it’s going. This can be used to block specific types of content or applications such as messenger apps or VPNs (virtual private networks) by identifying VPN traffic patterns. 
  • Keyword Filtering: Firewalls may scan web traffic for specific keywords or phrases and block pages or content that include these terms, particularly when the web content is unencrypted. “Unencrypted” means that the information is not protected or hidden, so anyone who intercepts it can read or see it easily. 

How are national firewalls used? 

Recently, governments have used similar firewalls and censorship technology in the context of unrest and armed conflicts to block media websites or carry out full internet shutdowns. For example, Israel blocked Al Jazeera’s website in May 2024, and several European countries took steps to block access to Russian state-linked media after Russia invaded Ukraine in 2022. Internet shutdowns are also deployed during elections, such as Pakistan’s February 2024 shutdown during election day. 

Some governments use national firewalls and censorship technology to broadly limit access to information critical of the government’s action. For example, countries like Algeria, China, Iran, Russia and Viet Nam have blocked websites of human rights organizations including Amnesty International, to limit access to information about human rights violations. 
 
Many countries and internet providers also use these types of censorship technologies to block content and websites when required by a court of law or an administrative ruling. Following cases taken by copyright holders in various European Union states and North America, court rulings have widely blocked or restricted peer-to-peer file sharing websites and archives of academic journals. 

Why are national firewalls a human rights issue? 

According to international human rights law, there are some situations in which a government can restrict the right to freedom of expression. This is only possible if the government can clearly show that the restrictions are legitimate, grounded in law, and are strictly necessary and proportionate.  

However, problems arise when: 

  • Overreach: Governments use firewalls to block entire social media or messaging platforms, which is disproportionate as it limits legitimate freedom of expression related to anything shared on that site.  
  • Censorship: Firewalls are used to censor protected expression, such as by silencing political discussions or dissenting opinions, preventing people from expressing themselves freely. An example would be the blocking of news websites or critical information which authorities dislike. Another example would be blocking specific topics like human rights or sexuality, stopping people from learning, connecting and sharing information. 
  • Lack of Transparency: Authorities block websites without clear legal rules or oversight, leading to arbitrary and unchecked censorship. 

Can mass surveillance and censorship technology be used legally? 

Mass surveillance targets anyone and everyone, which means it is simply incompatible with international human rights law. It stops people from expressing themselves freely. It’s a serious violation of our privacy. Knowing that their communications are being watched can make people less willing to speak openly. 

Telephone interception technology (such as phone tapping) has been around for decades and can be used legally if it meets strict human rights rules. These include that it must be necessary, targeted, and approved and overseen by fully independent authorities, like judges. 

However, in the past decade, technology advances have supercharged surveillance systems, and it is now possible to monitor virtually everyone’s internet and phone communications at the same time – even entire countries. This form of mass surveillance is indiscriminate because it can target anyone without good reason.  

What can you do against national firewalls? 

Bypassing government-installed firewalls and censorship technology can be complex and risky, and in some countries may even be illegal. Here are some of the common methods people use to bypass censorship: 

  • Virtual Private Networks (VPNs): VPNs can encrypt your internet traffic and route it through servers in other countries, making it more difficult for certain national firewalls to detect and block your online activity. Amnesty International suggests finding a reputable VPN provider that respects your privacy. Unfortunately, many free-of-charge VPN providers do not meet minimum privacy standards.  
  • DNS (Domain Name System) Services: A DNS system is used to translate domains like amnesty.org into an IP address. Changing your DNS settings to use alternative DNS servers (e.g., Google DNS or Quad9) can sometimes bypass filtering and censorship based on blocking certain DNS queries. DNS requests are often not encrypted, which makes it easier for censors to block access to specific domains they want to censor. Modern websites and browsers support the “DNS-over-HTTPS” feature, which looks up domains in an encrypted fashion to find the correct IP-address, making it harder for censors to check and block specific requests. 
  • Encrypted messaging apps: A messaging app like Signal offers encrypted communication and may bypass certain types of internet monitoring and restrictions by keeping the content of your online communications safely encrypted. 
  • Mirror Sites: These are copies of websites hosted on different domains. If a site is blocked, you might be able to access its mirror website. Two examples are the Web Archive and Archive.is
  • The Tor Network: Tor is a privacy-focused network that routes your internet traffic through multiple servers to anonymize your activity and bypass censorship. It can be accessed using the free and open- source Tor Browser. The Amnesty International website is also accessible securely over a Tor onion service

Can a national firewall block Tor? 

Tor is a network that allows users to browse the internet anonymously and access websites that might be blocked by conventional censorship methods. 

A national firewall can indeed block Tor, but Tor’s design includes features to help you fend off censorship, such as using bridges (hidden entry points to the Tor network) and rotating IP addresses. As a result, blocking Tor can be an ongoing cat-and-mouse game between Tor developers and censors. In certain countries using a private bridge can help you bypass blocking attempts. 

Can a national firewall block VPNs? 

Yes, a national firewall can block VPNs using techniques like deep packet inspection to look for patterns in traffic originating from your device and categorizing it, even when that traffic is encrypted. Some VPN providers offer techniques to avoid detection and to bypass blocks, such as using different VPN protocols or disguising VPN traffic to look like regular web traffic. 

What else can I do to stay safe online?  

Apart from using VPNs, secure end-to-end-encrypted messaging apps, or the Tor network, there are many other steps you can take to protect your security and privacy online.  

Check out Amnesty International’s Security Lab’s Digital Security Resources Hub for more! 

We’re campaigning to stop the use of firewalls to censor and surveill people.

Support our work