Closed StudioMaX closed 6 years ago
Well, The one step for fixing this, is a VPN.
Wysłane z aplikacji Poczta dla Windows 10
Od: Pavel Starosek Wysłano: چهارشنبه, 5 اردیبهشت 1397 09:51 ق.ظ Do: nvaccess/nvda DW: Subscribed Temat: [nvaccess/nvda] nvaccess.org is blocked in Kazakhstan (#8204)
Steps to reproduce:
Half the time these sort of blocks are due to blanket blocking of something accidentally blocking other things due to their ineptitude. Can you set up a proxy outside that you can access? Otherwise, maybe nvda has an alternate site out there, but of course that won't work for auto updates.
Is dropbox blocked? If you have any friends outside then they could easily put it up for download, though this is no answer in the long run.
Brian
Personally for me it's not a problem - set up a VPN, proxy or something else, since I'm only a developer and testing our website for accessibility. But the installation of any VPN software greatly increases the complexity of installing the application for ordinary users. Maybe the website could change the IP address? (I understand, of course, that it is foolish to adjust due to one country).
can you give us info on the reason for blockage?
wait, does your country make you install an SSL cert into your browser to let your government violate your rights? that site gives me an invalid cert ere in the USA.
There is no official reason for the blocking. Yes, we are forced to install a root certificate for the possibility to use all government services via the Internet (it is not used for MITM of all sites on the Internet). They wanted to use it for MITM a few years ago, but eventually changed their mind.
A root certificate can be used to sign any website the government wants. I would be shocked if the government didn't use their certificate for MITM, at least for targeted individuals.
@jimbo1qaz This is bad, I do not argue with this. MITM is also possible with this certificate, but I never noticed it used for this purpose (although they wanted to use it for MITM a couple of years ago). As far as I know, our root certificate even passed an international security audit some time ago and was suggested to browser developers for inclusion in the list of preinstalled ones.
Specifically in this case, the certificate is not related to the blocking of nvaccess.org.
After repeated complaints to the Ministry, nvaccess.org was unblocked (I hope that this is not temporary).
Steps to reproduce:
Expected behavior:
Actual behavior:
Technical details:
Connection to 45.33.21.113 on port 443 is successful (
telnet 45.33.21.113 443
), but when trying to set up a TLS session, the responses from the server stop coming. Probably blocked by the Deep Packet Inspection hardware.Informational resources:
The official response from the Ministry of Information of Kazakhstan is that they do not block the nvaccess.org (you can critically treat these words, as they almost always lie): https://dialog.egov.kz/questioncontroller/view?id=491464 (use Google Translate)
Information from the service for checking the availability of websites from different countries and cities (nvaccess.org is not available from all cities of Kazakhstan): http://ping-admin.ru/free_test/result/1524641686k06u9135r8cv9953g38h8.html