search

nvaccess / nvda

NVDA, the free and open source Screen Reader for Microsoft Windows
https://www.nvaccess.org/
Other
2.09k stars 631 forks source link

nvaccess.org is blocked in Kazakhstan #8204

Closed StudioMaX closed 6 years ago

StudioMaX commented 6 years ago

Steps to reproduce:

  1. Live in Kazakhstan
  2. Browse to nvaccess.org
  3. Notice that the website doesn't open

Expected behavior:

nvaccess.org should be accessible

Actual behavior:

nvaccess.org is blocked

Technical details:

Connection to 45.33.21.113 on port 443 is successful (telnet 45.33.21.113 443), but when trying to set up a TLS session, the responses from the server stop coming. Probably blocked by the Deep Packet Inspection hardware.

Informational resources:

The official response from the Ministry of Information of Kazakhstan is that they do not block the nvaccess.org (you can critically treat these words, as they almost always lie): https://dialog.egov.kz/questioncontroller/view?id=491464 (use Google Translate)

Information from the service for checking the availability of websites from different countries and cities (nvaccess.org is not available from all cities of Kazakhstan): http://ping-admin.ru/free_test/result/1524641686k06u9135r8cv9953g38h8.html

zstanecic commented 6 years ago

Well, The one step for fixing this, is a VPN.

Wysłane z aplikacji Poczta dla Windows 10

Od: Pavel Starosek Wysłano: ‏چهارشنبه,‏ ‏5 ‏اردیبهشت ‏1397 ‏09:51 ‏ق.ظ Do: nvaccess/nvda DW: Subscribed Temat: [nvaccess/nvda] nvaccess.org is blocked in Kazakhstan (#8204)

Steps to reproduce:

  1. Live in Kazakhstan
  2. Browse to nvaccess.org
  3. Notice that the website doesn't open Expected behavior: nvaccess.org should be accessible Actual behavior: nvaccess.org is blocked Technical details: Connection to 45.33.21.113 on 443 is successful (telnet 45.33.21.113 443), but when trying to set up a TLS session, the responses from the server stop coming. Probably blocked by the Deep Packet Inspection hardware. Informational resources: The official response from the Ministry of Information of Kazakhstan is that they do not block the nvaccess.org (you can critically treat these words, as they almost always lie): https://dialog.egov.kz/questioncontroller/view?id=491464 (use Google Translate) Information from the service for checking the availability of websites from different countries and cities (nvaccess.org is not available from all cities of Kazakhstan): http://ping-admin.ru/free_test/result/1524641686k06u9135r8cv9953g38h8.html — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Brian1Gaff commented 6 years ago

Half the time these sort of blocks are due to blanket blocking of something accidentally blocking other things due to their ineptitude. Can you set up a proxy outside that you can access? Otherwise, maybe nvda has an alternate site out there, but of course that won't work for auto updates.

Is dropbox blocked? If you have any friends outside then they could easily put it up for download, though this is no answer in the long run.

Brian

StudioMaX commented 6 years ago

Personally for me it's not a problem - set up a VPN, proxy or something else, since I'm only a developer and testing our website for accessibility. But the installation of any VPN software greatly increases the complexity of installing the application for ordinary users. Maybe the website could change the IP address? (I understand, of course, that it is foolish to adjust due to one country).

derekriemer commented 6 years ago

can you give us info on the reason for blockage?

derekriemer commented 6 years ago

wait, does your country make you install an SSL cert into your browser to let your government violate your rights? that site gives me an invalid cert ere in the USA.

StudioMaX commented 6 years ago

There is no official reason for the blocking. Yes, we are forced to install a root certificate for the possibility to use all government services via the Internet (it is not used for MITM of all sites on the Internet). They wanted to use it for MITM a few years ago, but eventually changed their mind.

nyanpasu64 commented 6 years ago

A root certificate can be used to sign any website the government wants. I would be shocked if the government didn't use their certificate for MITM, at least for targeted individuals.

StudioMaX commented 6 years ago

@jimbo1qaz This is bad, I do not argue with this. MITM is also possible with this certificate, but I never noticed it used for this purpose (although they wanted to use it for MITM a couple of years ago). As far as I know, our root certificate even passed an international security audit some time ago and was suggested to browser developers for inclusion in the list of preinstalled ones.

Specifically in this case, the certificate is not related to the blocking of nvaccess.org.

StudioMaX commented 6 years ago

After repeated complaints to the Ministry, nvaccess.org was unblocked (I hope that this is not temporary).