All you need to know about Data Sense on Windows Phone 8.1 – Daniel Rubino

Windows Phone 8.1 introduces a handful of new features like Cortana, Notification Center and Wi-Fi Sense, but also improves on older features like Data Sense. We’ll be going into detail over the next few days about all the various features. We figured we’d make ‘sense’ of Windows Phone 8.1 by spending quality time with Data Sense, Storage Sense and Wi-Fi Sense. Here’s the page you bookmark to know everything you want about Data Sense.

Data Sense

As much as we’d like, data isn’t unlimited anymore. Depending on your situation, you might be grandfathered into an old unlimited plan, but the vast majority of consumers have a limit to the amount of data they can use on their Windows Phone. Even if you have “unlimited” data, you might have access to the highest speed possible (usually 4G/LTE), but will be throttled to a lower connection after using up a specific amount of data.

Which is why we’re pretty excited that Microsoft has improved upon the Data Sense feature first introduced in Windows Phone 8.0. Now in Windows Phone 8.1, Data Sense is better and more useful than ever.

Data Sense is a feature that helps monitor your data usage and it can even optimize that data, this way your phone doesn’t cost you overage charges. There are a mix of tricks, like compressing browser info, which Data Sense uses to help keep you in within the limits of your carrier plan.

It’s worth pointing out that there are three components that make up Data Sense. There’s the Data Sense app, the Browser Optimization Service (BOS) found in Internet Explorer 11 and the ability to map nearby Wi-Fi hotspots. We’ll take an in-depth look at those features.

Data Sense App

Data Sense Screenshot

Before you get too excited about Data Sense, you’ll need to be with a carrier that supports the feature. You’ll know your carrier supports Data Sense if you scroll over to the App list and see the Data Sense app. See it? We’re good to go.

The beauty of Data Sense is that you can set up and customize the app to meet your specific requirements. You might be on plan that gives you 500 MB per month or you might have an unlimited plan, it doesn’t matter since Data Sense will still help you.

The first time you launch the Data Sense app you’ll be asked to set a data limit. You can do this at any time if you skip it initially, and you can edit the information you enter whenever you want. Though keep in mind, skipping this step will make Data Sense assume you have an unlimited plan.

Data Sense Set Up

You have a few options for selecting a limit in the Data Sense app.

None specific – Will help you conserve cellular data, but Data Sense can do more if you enter your data limit. One time – This is useful for those on prepaid plans. Select this option to enter the remaining days until your data expires and the amount of available data. Data Sense will notify you when you approach your limit. Monthly – This is for those on contracts who have a given amount of data that they must use within the month. You can select which day of the month your data resets and how much data you’re allowed to use in that month. Like the above option, Data Sense will notify you when you approach your limit. Unlimited – This is for those who truly do have unlimited data. Most data will go over your cellular connection, but Data Sense will still keep track of how much data you and your apps are using.

It’s very important for you to select either the one time or monthly option if you fit into those situations. Data Sense will help control the amount of data your apps use in the background. For example, if you have a limited amount of cellular data, Windows Phone 8.1 and Data Sense will save certain downloads and background activities for when you’re connected to a Wi-Fi network. Look for a shield icon over the Live tile for Data Sense on your Start screen.

Pro tip: Pin Data Sense to your Start screen, as the app has a Live Tile that reveals your current usage

Through the app, you’ll see the number of days and amount of data remaining if you have a one time or monthly limit set. Do you have an unlimited data plan or didn’t specify a limit? The Data Sense app will still show your cellular and Wi-Fi data use over the past 30 days. The Live tile for Data Sense will also keep all this information surfaced on your Start screen if you pin it, which is why we highly recommend doing it.

Data usage can be sorted by app

All that information about your cellular usage, Wi-Fi usage, days remaining and data remaining is found on the overview page of the Data Sense app. That’s the default view you’ll see anytime you launch, because it’s the most important. But if you swipe to the side you’ll be on the usage page where you can get detailed information about data usage by application. Do you use Facebook a lot? Then you’ll probably see the Facebook app sitting at the top of of the apps list. It’s worth pointing out that this page is sorted by cellular data. This is also a good place to go to see which apps are using more data than you expected. 

Control how your phone uses background data

Data Sense Background Data

On the bottom of both the overview and usage page in Data Sense, you’ll see the settings icon. Tap that and you’ll get even more control over how data is used on your phone. Here you can adjust your data limit, which you can also do on the overview page of Data Sense. But this settings page is very important if you want to control how your phone uses background data. It’s also where you control the Browser Optimization Service found in Internet Explorer 11. We’ll go into detail about IE11 further below, but for now let’s focus on background data.

You’ll see two toggles that you can control in this settings page. One is to restrict background data and the other is to restrict background data while roaming. Remember, anytime background data is restricted you’ll see a shield icon on the Live tile for Data Sense.

When you tell Data Sense to restrict background data you’ll have the option to do so only when you approach your data limit or always. Whatever you select will depend on the penalties you have with your carrier for going over your limit. You can also tell Data Sense to restrict your background data whenever you’re roaming, a useful feature if you get charged more when consuming data that is on another network. (Make sure to check your carrier's policy on data roaming).

Again, restricting background data just means that Windows Phone 8.1 and Data Sense will be a little more aggressive with how apps are used in the background.

Find nearby Wi-Fi hotspots with Windows Phone 8.1 and Data Sense

Map Nearby WiFi Windows Phone

One of those three Data Sense components in Windows Phone 8.1 is the ability to find nearby Wi-Fi hotspots. If you’re on a limited data plan you’ll probably prefer connecting to a local Wi-Fi hotspot vs. consuming cellular data. The feature is officially called Data Sense Wi-Fi Guide and it’s one we’ve seen for a while on Windows Phone. It just gets even better on Windows Phone 8.1.

The ability to find nearby Wi-Fi hotspots is integrated into the native Maps application on Windows Phone 8.1 (Note: Nokia devices will default to HERE Maps instead, which does not have this feature). Over 1 million hotspots around the world are part of Microsoft’s vast collection of public Wi-Fi locations. The data comes from mobile operators, Wi-Fi providers and crowdsourcing. There are a few different ways to find Wi-Fi on your Windows Phone 8.1 device:

From the Data Sense app, tap the three dots menu to bring up the app bar and click ‘map nearby Wi-Fi’. When using the Maps application, tap the three dots menu to bring up the app bar, tap show more options and click show ‘nearby Wi-Fi’. Go to settings, then tap Wi-Fi and tap ‘find nearby Wi-Fi’.

Sadly, we couldn’t get Cortana to show us nearby Wi-Fi. We tried a few different commands and it looks like you’ll need to use your fingers to find a local hotspot.

What’s really cool about Wi-Fi on Windows Phone 8.1 is the ability to automatically join nearby networks. There’s a feature called Wi-Fi Sense that will effortlessly connect to free and public Wi-Fi locations by automatically completing the sign-in process for you. We’ll go into more detail over Wi-Fi Sense soon.

Browser Optimization Service in Internet Explorer 11

Browser Data Savings
Uncompressed image on the left and the same image on the right after being compressed.

The third way that Data Sense works to save you data on Windows Phone 8.1 is through the Browser Optimization Service or BOS. This works by reducing the data you consume while browsing the web with Internet Explorer 11. The webpages you view through IE11 go through proxy server that Microsoft uses to compress images, HTML text and JavaScript. This allows less data to be consumed by you when browsing the web. Don’t worry, Microsoft does not store any personal information that goes through their Browser Optimization Service.

You can select between three different modes for browser optimization on Windows Phone 8.1. You can set it yourself be going to Internet Explorer > Settings > Data Sense savings or by going to Data Sense > Settings > Browser data savings. Why they’re called slightly different things in the settings of IE11 and Data Sense is beyond me, but the options available are the same with the same results.

By default, it looks like Windows Phone 8.1 will put you into the Automatic Savings Mode for the Browser Optimization Service, though you can turn it off. Here are the three settings and what they do:

Standard Savings Mode – This mode saves up to 45% of browsing data with minimal impact on your browsing experience. Photos are slightly compressed, but we couldn’t really notice a difference. High Savings Mode – This is for when you’re on a very limited data plan or you’re running out of data. Selecting this mode will save up to 70% of browsing usage data. Some ads might not load, images will be compressed even more with a slightly noticeable reduction in quality. If it’s a long webpage you’re on, the bottom half might not load until you scroll down. This is the mode for when you need to save as much data as possible. Automatic Savings Mode – Most of you will be quite happy with this setting. It’ll switch between from the standard saving mode to the high savings mode when you reach the last 5 percent of your data limit.

You can of course turn the Browser Optimization Service completely off if you don’t want any reduction in quality when using IE11. If you’re on an unlimited plan you might want to do that, though we recommend trying out the Automatic Savings Mode just to get a faster browsing experience.

Does Data Sense make sense?

Avoid going over your data
Stay within your data limits by using Data Sense.

Congratulations, we’ll all now experts in how Data Sense now works on Windows Phone 8.1. Feel free to share this article with any friends or family members that don’t quite understand how Data Sense works. Or bookmark it yourself for future reference.

We’ll be looking at the Wi-Fi Sense, Storage Sense and Battery Saver features in future articles. In the meantime, feel free to ask any questions about Data Sense below in the comments. You can also ping me on Twitter (@samsabri) if you’re reading this way in the future and I might miss your comment. But the best solution out of all is to head to the Windows Phone Central forums where the community can help you out!

Sam Sabri Managing Editor

"Windows Phone 24/7. XBL Gamertag - GeneralSham. Instagram/Twitter/Etc - samsabri"

Internet Survival Techniques – Sri Lanka Guardian

| by C. Sugumar

( April 19, 2014, Colombo, Sri Lanka Guardian) Internet users in many of the less progressive countries of the world frequently encounter problems in accessing political and news websites and sometimes even social networking sites due to the intentional blocking of these sites by their governments. Fortunately, it is possible to overcome these attempts to control the exchange of information by repressive governments by dint of knowing a handful of tricks, or workarounds. Just as love laughs at locksmiths, technology can laugh at censors and make it very difficult for them to prevent the free flow of news and information. So, here are a few techniques or methods that will prove helpful and deliver the goods the next time you are stymied when attempting to download or upload data from and to a blocked site.

There are certain intermediary websites that do not contain any information of their own other than routing instructions. These are known as proxy sites or proxy servers. Their function is to merely act as communication relay nodes between web surfers and other websites that do contain information. There are innumerable such servers and you can easily find them by typing “proxy site” or “proxy server” in the search box of any search engine. If you type “list of proxy sites” or “list of proxy servers” you will be rewarded with an embarrassment of riches! New proxy sites are cropping up all the time and it would be an impractical task to track down each and every one of them and block same!

Once you spot a likely proxy site, just click on the link; its home page (usually the only page) will open and you will be presented with a simple user interface. This will contain an address bar into which you must type in the URL of the blocked website and then click the GO button. You may have to try out a few of these proxy sites until you identify one that is able to reach the target site and works to your satisfaction. Sometimes you may have to enter the full address including the http:// part too. In the case of a secure website enter that as https://. That is all there is to it!

Proxy sites will also hide your computer’s IP address at the other end so that the website you are visiting will not be able to trace you and identify your location easily.

There is an interesting website that calls itself, www.hidemyass.com (sic). This is an efficient proxy website that can in addition to circumventing blocks provide you with a temporary/anonymous email address that could prove very useful when a website insists on your registering and logging in even to perform the simplest of actions like say, download a file or post a comment. Such an email address can protect your online identity and come in handy when you find that you cannot proceed any further on a matter unless you forward your email address to some unknown website but have reservations about disclosing the primary email address that you use for your important and confidential communications, either because you do not fully trust that site or perhaps you are concerned it will start flooding your mailbox with spam. The anonymous email address you obtain can be active for a limited period, ranging anywhere from say, one day, one week, one month, six months or one year according to your choice, and it will be free to use! There are other sites too that offer temporary and anonymous email addresses, which you can find easily by doing a search.

A really neat way to access blocked websites and keep your personal information secret is to use the Tor browser. The Tor Browser Bundle can be downloaded from www.torproject.org. This software is based on the Firefox browser and when you use it you don’t have to bother with proxy sites. The Tor browser can access blocked sites directly while hiding your IP address and location. It uses the Tor network of multiple servers that keep changing the signal route every ten minutes or so, making it very difficult for others to latch onto any data stream and keep tracking it or trace the origin and destination of web based communication. Further, the data that bounces from server to server is encrypted to frustrate eavesdroppers, but on the downside, due to the zigzag route taken by the signal, a distinct lag will be experienced when connecting with any website and even when moving from page to page.

The Tor Browser can be installed on your hard disk or even on a pen drive! You simply have to open the Tor folder and double-click on the application file to run it. It does not make any changes to the registry. If you wish to remove this program there is no need to go into the control panel to uninstall it. You simply delete the folder to remove it from your computer. It is possible to load this program onto a computer’s memory from a pen drive and start browsing right away! This unusual feature could prove very useful if say, a journalist had to upload a file to a blocked website from a roadside Internet café that used a connection from an ISP that interfered with communication due to regulatory pressures. Such use will not copy or install any software or leave any trace of the message or browsing history on the third party computer the journo uses. While this can be accomplished with regular proxy servers too, the Tor browser, if used correctly can provide a significantly higher level of security and anonymity.

As you are most probably reading this on the screen of a computer or a similar device connected to the Internet you need to be aware how to access information readily, without hassle. No one has the divine right to decide what you should read, hear or view. I hope the tips and tricks given here prove helpful. If you are planning to use the Tor browser, you should read the comprehensive information available on their website, as this article provides only a brief overview.

It is very curious indeed that governments rarely block pornographic websites but keep obstructing news websites persistently. One can only conclude that according to them, reading any news that reflects negatively on a government is an act of greater moral turpitude than watching porn!

The ultimate guide to staying anonymous and protecting your privacy online – ExtremeTech

Binoculars

Whenever you browse the web, your privacy is under constant barrage. Advertisers are trying to track every move you make, and governments around the world want in on the action as well. Getting tracked by Facebook and Google is bad enough, but knowing that the NSA has its eyes on your web traffic is more than a little worrisome. Thankfully, there are steps you can take to protect your anonymity on the web, and prevent other organizations from monitoring your browsing habits, ensuring your privacy online.

In this post, I’m going to highlight thirteen different methods you can use to keep prying eyes off of your web traffic. Some methods are more complicated than others, but if you’re serious about privacy, these tips will help you remain anonymous on the open web. Of course, internet security is a topic in and of itself, so you’re going to need to do some reading to remain thoroughly protected on all fronts. And remember, even the most careful among us are still vulnerable to imperfect technology.

Third-party cookies

Blocking third-party cookies

Third-party cookies are one of the most common methods that advertisers use to track your browsing habits. If you visit two sites using the same advertising service, rest assured that the advertiser is keeping tabs on that information. Thankfully, every major web browser offers the ability to turn off tracking cookies. Without third-party cookies, advertisers have to work much harder to monitor which pages you visit. While this is far from a panacea, it shuts down the most common vector used by advertisers to build usage profiles.

Location

Blocking location data

Recently, many web sites have begun to use location data to offer specific services, and display local advertisements. Mapping applications obviously have legitimate reasons for gathering location data, but that same technique can be used to help identify who you are. Any legitimate browser should offer the ability to toggle on and off location data, and I recommend leaving it off completely. At the very least, demand that websites prompt you for access before gathering the data.

That said, IP-based geolocation data is incredibly trivial to acquire, so remain vigilant. If you’re browsing the web without a proxy or a VPN, you’re effectively broadcasting your IP to every server you come across, and that information can be used against you. It’s not necessarily something you have to worry about constantly, but it’s worth keeping that fact in the back of your mind if you’re criticizing your local dictator or blowing a whistle on the NSA.

Do Not Track

Do not track

The “Do not track” HTTP header is an optional message that browsers can send to web servers. You can easily enable it in your browser’s settings, but it’s rather limited in scope. For this to work at all, the web server needs to be configured to respect this flag. There is absolutely no requirement of any kind that any website needs to obey this setting, so don’t expect widespread protection from trackers. Still, you don’t have anything to lose, so there’s no reason not to take advantage of this built-in protection.

Plug-ins

Plug-in management

Even if your browser is configured properly to hide your identifying information, plug-ins can still be used to endanger your anonymity. If you’re serious about remaining anonymous, you should avoid running plug-ins all together. Unfortunately, that can leave a number of popular websites completely unusable. To solve this problem, I recommend a hybrid approach.

First of all, you need to configure your browser to require your approval to run any plug-in. Chrome offers this functionality in its settings, and extensions offer this capability in other browsers. Next, you need to make sure you’re running sandboxed plug-ins. While this is mostly considered a security issue, a rogue plug-in could certainly be used to gather your personal information by an organization like the NSA. Chrome can be configured to completely disallow un-sandboxed plug-ins, but it can be trickier with some other browsers. Windows users can opt to run their browsers inside of an application called Sandboxie, so even less sophisticated browsers can receive similar benefits.

Next page: JavaScript blocking, User-Agent spoofing, using HTTPS Everywhere

Protect your device from malicious ads – CNET

Much attention has been paid this week to the Heartbleed security hole that has affected hundreds of thousands of Web servers. Read staff writer Richard Nieva explain how you can protect yourself from the Hearbleed bug.

In a nutshell, the best protection is to change your Web passwords. All of them. In a post from December 2011, I explained how you can master the art of passwords.

There's not much consumers can do to guard against infected servers, but there's plenty we can do to prevent becoming the next victim of the growing legion of malware purveyors. In a nutshell, don't click that link. This goes double for links in apps on our mobile devices, which generally aren't as well protected as PCs.

According to the Cisco Security Blog's March 2014 Threat Metrics released earlier today, advertising is the most likely source of malware on mobile devices, increasing from 13 percent of mobile malware occurrences in February 2014, to 18 percent last month. Business sites were the source of 13 percent of mobile malware encounters in March, down from 20 percent the previous month; video sites accounted for 11 percent of mobile infections in the most recent month, compared to only 7 percent in the preceding month, according to the report.

Don't be tricked into a malicious click

Security vendor Blue Coat Systems' 2014 Mobile Malware Report points out the increasing danger of ads on mobile devices. According to the report, Web ads supplanted pornography as the most frequent source of mobile malware, accounting for just under 20 percent of all mobile "threat vectors" in February 2014, compared to only 5.7 percent in November 2012; porn-based threats decreased to 16.5 percent of mobile malware encounters from more than 22 percent in the earlier period.

The malicious ads use a tried-and-true infection technique: a legitimate-looking alert warns that the device is infected and prompts you to click to remove the infection. On Android devices, you'll then be prompted to change your settings to allow third-party downloads from sources other than the Google Play store.

That's why one of the recommendations in the report is to download apps only from authorized sources. The company also suggests that you block mobile ads, but doing so takes a concerted effort, and that effort may not be much use.

For example, Eyeo's AdBlock Plus, one of the most popular ad-blocking services for PC browsers (available for Internet Explorer, Firefox, and Google Chrome), isn't available in either Google Play or iTunes. (There is an app called "AdBlock" on iTunes, but it's from a developer I've never heard of, and it appears to be a standalone browser; I describe an alternative ad-blocking browser for Android and iOS below.)

You can download a version of AdBlock Plus for Android devices, but doing so requires that you change the setting to allow downloads from sources outside the Google Play service. Also, you have to configure the app manually by changing your proxy settings.

AdBlock Plus for Android proxy configuration instructionsInstalling the version of AdBlock Plus for Android requires manually configuring the device's proxy settings. Screenshot by Dennis O'Reilly/CNET

Even after the ad blocker is configured, you'll still be shown ads in the device's native browser and in other apps. The clunky configuration process and inconsistent ad blocking lead me to the conclusion that there's a better way, or two actually: the free version of the Mercury browser, which includes an ad-blocking option; and the free Lookout Mobile Security app, which offers a real-time malware scanner. Both programs are also available for each platform from the iTunes and Google Play stores.

An ad-blocking browser

The Mercury browser's ad-blocking feature is off by default. To enable ad blocking in the iOS version, press the settings icon in the top-right corner of the window and choose Settings. Tap Extensions, and toggle the Ad Block setting to On. On Android devices, Mercury's settings icon is at the bottom of the Window. After you choose the Settings option on the menu, press Plug-ins and check the box to the right of Ad Block.

Mercury browser for AndroidThe free Mercury browser for Android and iOS devices includes an ad-blocking extension (Android version shown here). Screenshot by Dennis O'Reilly/CNET

The Mercury browser has many other security and usability features, including a private-browsing mode, login passcode, day/night mode, and an auto-brightness setting. I tested only the program's ability to block ads, which worked well in my testing.

The problem is, most popular Web sites encourage mobile users to download their standalone apps, so browsers aren't used as much on phones and tablets as they are on PCs. That's why an app that monitors all activity on the device is more effective at preventing a malware infection. This is where Lookout's Process Monitor feature shines.

The free version of Lookout for Android and iOS devices includes Process Monitor, which scans your apps and alerts you when one is running a malicious process. (I previously wrote about the Android version of Lookout in September 2012.) The iOS version notifies you of updates and warns you when an attempts to jailbreak the device. You also can back up your contacts and photos and locate a missing device by signing into your account on Lookout.com.

Lookout Mobile Security for iOSThe free Lookout Mobile Security app monitors your Android and iOS devices for malicious activity. Screenshot by Dennis O'Reilly/CNET

The premium version of the program costs $3 a month or $30 a year, and adds the Privacy Advisor and Safe Browsing features. You can try the premium version for 14 days without having to provide a credit card number.

Privacy Advisor lets you know which apps are tracking your location, reading your identity information, and accessing your messages and contacts.

Lookout Mobile Security Privacy DashboardThe Lookout Privacy Dashboard lists the apps that are tracking your location, reading your info, and accessing your messages and contacts. Screenshot by Dennis O'Reilly/CNET

The app's Safe Browsing feature warns you when you're about to click a dangerous link. When you open your browser, an alert appears to let you know Safe Browsing is enabled. In my testing I didn't encounter any links Lookout considered unsafe, so I don't know how the app alerts you or otherwise responds to a dangerous link.

Blocking ads is less effective at deterring infections on mobile devices than the real-time monitoring offered by Lookout. But your best defense is to avoid clicking ads specifically and links in general, particularly when you're unsure of the source -- whether in an email, on a social network, or embedded in an app. In this case, thank you for not sharing.

PC Magazine April Issue Now on Sale: Privacy Takes the Stage at SXSW – PC Magazine

Defiance picks up pace against Turkey’s Twitter – Europe Online Magazine

Istanbul (dpa) - Users were deftly employing workarounds to defy the blackout of Twitter in Turkey, leading to increases in the volume of messages posted from the country, as the government‘s ban of the popular social networking site entered its second day Saturday.

Estimates by data services say millions of tweets have been sent in the first 36 hours of the ban, including some by President Abdullah Gul, who was critical of the move, and pro-government newspapers, which have posted messages trying to justify the decision.

Social media rating agency Somera said usage of Twitter increased by 33 per cent since the ban went into effect.

Hashtags about the ban were trending both inside the country and abroad, making the topic of Twitter in Turkey one of the most talked about issues on social media.

The ban started hours after embattled Prime Minister Recep Tayyip Erdogan promised to "root out" Twitter, which has been utilised by anonymous users to publish audio recordings appearing to implicate the country‘s political elite in bribery and corruption.

The Sabah newspaper printed a list of 16 reasons given by the prime minister‘s office for the ban. One specifically referenced the online wiretap leaks, including recordings of Erdogan‘s private conversations.

"Twitter has become a way for gangs to post illegally obtained montages and voice recordings of a person, which leads way to character assassination," according to reason number four on the list.

The paper also compared the recordings and the wholesale ban of Twitter to Germany blocking specific neo-Nazi accounts on the social media site.

Data-crunching services estimated some 17,000 tweets were being sent a minute from the country. While initially usage dipped in the early hours of Friday, users quickly discovered workarounds.

Some of the most popular methods included changing DNS settings to Google‘s public domain, employing proxy networks known as VPNs, connecting via the Tor network of virtual tunnels and similar systems, many of which are free.

Graffiti and posters went up around Istanbul publicizing the ways to get around the ban. Some Turkish television and radio stations also explained to their audiences how to circumvent the blackout.

Humour has also been deployed. One cartoon depicted Erdogan trying to shoot the blue Twitter mascot, which was on his foot. Another showed him using pepper spray on the blue bird, a reference to heavy handed police tactics for dispersing anti-government protests with tear gas and water cannons.

Turkey passed a controversial new Internet law last month which allows the government to track users‘ browsing history and block websites or specific web pages.

Even prior to the new law, some 40,000 sites were blocked in the country, which also has the highest number of jailed journalists.

The government says it attempted to have Twitter itself block accounts it found problematic, but the company declined.

"Twitter officials have been neglecting hundreds of court decisions since January," the government said, in an apparent reference to law suits brought by members of the ruling Justice and Development Party (AKP) against accounts which they claimed were in violation of privacy laws.

"We stand with our users in Turkey who rely on Twitter as a vital communications platform. We hope to have full access returned soon," Twitter‘s policy team said in a tweet, posted in English and Turkish.

Hurriyet newspaper said the company had employed a lawyer who was engaged in talks with the government, seeking to end the ban.

Experts have cautioned that the government‘s ways of blocking websites may become more sophisticated in the future, making workarounds more difficult.

Level 3 and Cogent ask FCC for protection against ISP “tolls” – Ars Technica

Network operators Level 3 and Cogent Communications today urged the Federal Communications Commission to prevent Internet service providers from charging what they deem to be excessive fees for interconnection.

The Federal Communications Commission's first attempt to create net neutrality rules, which were struck down in court after a challenge by Verizon, prevented discrimination, blocking, and pay-for-play charges on the so-called last mile of broadband networks. This required ISPs like Comcast, Verizon, and AT&T to treat Web services equally once traffic entered their networks and started making its way to residential and business customers.But the FCC implemented no rules for the interconnections between consumer ISPs and Internet transit providers like Level 3 and Cogent. Notably, Netflix pays Level 3 and Cogent to distribute its traffic across the Internet, and ISPs are demanding payment from all three of these companies in exchange for accepting traffic. Level 3 and Netflix both pay Comcast while Cogent has held out. Verizon and AT&T are also both seeking payment from Netflix.

While ISPs say the traffic loads are too heavy, Level 3, Cogent, and Netflix argue that ISPs are abusing their market power, since customers often have little to no choice of Internet provider. That means there's only one path for Netflix traffic to reach consumers, at least over the last mile.

FCC Chairman Tom Wheeler has said he intends to issue new net neutrality rules. Netflix argued for rules that cover interconnection agreements last night, and both Level 3 and Cogent filed comments with the FCC today to outline proposals.

"Level 3 urges the Commission to protect the Internet from this abuse, by ensuring that bottleneck ISPs, which control the only means of Internet access to millions of consumers, are not permitted to impose these arbitrary access charges," Level 3's filing said. "That does not mean that ISPs should not be able to offer—and charge for—CDN, transit, or other services to edge providers and others. Rather, the Commission should declare that large bottleneck ISPs, in addition to offering any commercial services they chose to make available, must also exchange Internet traffic on commercially reasonable terms without imposing access charges. That is, ISPs should be permitted to charge other providers for services they provide, but they may not charge fees simply for the privilege of accessing that ISP’s customers."

Level 3 acknowledged that its proposal lacks some important specifics. "Level 3 does not here propose to define (and the Commission need not define at the outset) every potentially commercially reasonable approach to interconnection," the company said. "But the Commission should set out some principles for, and examples of, commercial reasonableness."

Cogent's filing is similar, with one difference being that Cogent asked the FCC to reclassify broadband providers as common carriers, which would allow implementation of stricter rules. Recognizing that a common carriage classification isn't likely, Cogent spent most of its filing describing steps the commission could take, short of reclassification.

Cogent argued for stricter transparency rules forcing ISPs to disclose network management practices. It also asked for required testing that would show performance data of "the actual speeds at which popular edge-provider content [like Netflix and YouTube] is being downloaded during peak usage periods (7:00-11:00p.m., adjusted for local time zones) on a system-specific level."

When interconnection points become congested, the FCC should have authority to intervene, Cogent said. This would force the broadband provider "to show cause why it should not be required to implement prompt remedial measures to relieve the sustained state of congestion," Cogent said.

Cogent claims its proposal wouldn't prevent ISPs from seeking paid peering agreements, but in practice, the FCC under Cogent's proposal could force ISPs to relieve congestion without payment. "[T]he proposal would allow a broadband ISP the flexibility to attempt to reach a paid peering agreement with peering partners in order to relieve a sustained state of congestion," Cogent wrote. "However, if such agreement cannot be reached, then the broadband ISP must upgrade its interconnection with its peering partner(s) as is necessary to relieve the sustained state of congestion."

The interconnection points carry all sorts of Web traffic, so congestion can slow down e-mail or general Web browsing, but streaming video suffers more because of how much bandwidth it requires.

Netflix's payment to Comcast for a direct connection to its network wouldn't necessarily be outlawed under this proposal, Cogent said. "As long as a broadband ISP's network is not congested at interconnection points to the degree that its customers are not able to reasonably access the open Internet, then the fact that one or more edge providers are paying for a 'dedicated lane' is not inconsistent with the reasonable and timely deployment of broadband service to all Americans," Cogent said.

However, if the payments for "dedicated lanes" are "the product of anticompetitive conduct, then such conduct can and should be addressed by the antitrust enforcement authorities."

While Level 3 and Cogent are in lock step today, they weren't always so friendly. In 2005, Level 3 cut off its peering connection with Cogent, making the same arguments Comcast, Verizon, and others make today.

"In order for free peering to be fair to both parties, the cost and benefit that parties contribute and receive should be roughly the same," Level 3 said at the time, the same argument ISPs have recently made about Level 3 and Cogent. "We determined that the agreement that we had with Cogent was not equitable to Level 3. There are a number of factors that determine whether a peering relationship is mutually beneficial. For example, Cogent was sending far more traffic to the Level 3 network than Level 3 was sending to Cogent's network."

Level 3 and Cogent eventually settled and began exchanging traffic again. Analyst Dan Rayburn pointed out this past dispute today in a blog post accusing Netflix and Level 3 of ignoring inconvenient facts while making arguments that could benefit them financially.

Rayburn argued that Netflix failed its own customers by sending traffic through congested links at Level 3 and Cogent when it "could use multiple providers to connect to ISPs and could also use third-party CDNs like Akamai, EdgeCast, and Limelight, who are already connected to ISPs, to deliver their traffic. In fact, this is how Netflix delivered 100 percent of its traffic for many, many years, using third-party CDNs. Netflix likes to make it sound like there is only one way to deliver videos on the Internet when in fact, there are multiple ways."

In another filing with the FCC today, the Telecommunications Industry Association argued against "prescriptive network management rules," saying they deter network investment. The lobby group also said regulation and enforcement should come only after the identification of "actual harm" and be narrowly tailored.

Level 3 today argued that the un-competitive nature of the consumer ISP market means that ISPs can charge whatever they want and actually charge more for peering than Level 3 does for transit:

Both tolls on edge providers and tolls on transit providers pose the same risks to the free and open Internet. That is, just as an ISP has the incentive and ability to charge tolls to edge providers in order to generate revenues (and which generate significant negative externalities), it has the same incentive and ability to charge tolls to transit providers to generate revenue. If an ISP’s tolls were charged and paid, transit providers, which operate in a highly competitive market which has seen tremendous price compression over the years, would have no choice but to pass these significant, additional costs on to those who purchase transit from them—the very edge providers that the Commission was attempting to protect from such tolls.

While the precise size of the tolls demanded vary from ISP to ISP, in Level 3’s experience they frequently equal or even exceed the price that Level 3 charges its customers for transit to those ISPs’ networks (and the rest of the Internet as a whole). Said another way, some ISPs want to charge an access fee for access to their little corner of the Internet (i.e. their customers) that frequently equals or exceeds the fees Level 3 charges its transit customers to reach every destination on the Internet.

In response to Level 3's latest statements, Rayburn wrote that the proposal itself is too vague to be properly evaluated, and that the failure of companies to release details of existing agreements makes it even harder to decide what a proper outcome should be.

"What I want are all the facts so I can make an informed decision of what should be done. But without details on the current business terms and how they work between all the parties involved and details, with numbers, on how they want it to change, it really keeps all of us in the dark," he wrote.

Comcast declined comment today, but in response to Netflix yesterday, Comcast noted that it supported the FCC's previous net neutrality rules "because they struck the appropriate balance between consumer protection and reasonable network management rights for ISPs."

"The Open Internet rules never were designed to deal with peering and Internet interconnection, which have been an essential part of the growth of the Internet for two decades," Comcast said. "Providers like Netflix have always paid for their interconnection to the Internet and have always had ample options to ensure that their customers receive an optimal performance through all ISPs at a fair price."

UPDATE: AT&T Senior VP James Cicconi gave his company's take in a blog post published late Friday. Cicconi disputed Netflix CEO Reed Hastings' arguments and accused Netflix of forcing AT&T to build new facilities and pass costs on to customers who may or may not subscribe to Netflix.

"[If] Netflix is delivering that increased volume of traffic to, say, AT&T, we should accept the fact that AT&T must be ready to build additional ports and transport capacity to accept the new volume of capacity as a consequence of Netflix’s good business fortune," Cicconi wrote. "And I think we can all accept the fact that business service costs are ultimately borne by consumers. Mr. Hastings blog post then really comes down to which consumers should pay for the additional bandwidth being delivered to Netflix’s customers. In the current structure, the increased cost of building that capacity is ultimately borne by Netflix subscribers. It is a cost of doing business that gets incorporated into Netflix’s subscription rate.  In Netflix’s view, that’s unfair. In its view, those additional costs, caused by Netflix’s increasing subscriber counts and service usage, should be borne by all broadband subscribers—not just those who sign up for and use Netflix service."

Cicconi went on to compare Netflix's streaming service with the mail order service that got Netflix started. "When Netflix delivered its movies by mail, the cost of delivery was included in the price their customer paid," Cicconi wrote. "It would’ve been neither right nor legal for Netflix to demand a customer’s neighbors pay the cost of delivering his movie. Yet that’s effectively what Mr. Hastings is demanding here, and in rather self-righteous fashion...  It’s simply not fair for Mr. Hastings to demand that ISPs provide him with zero delivery costs—at the high quality he demands—for free. Nor is it fair that other Internet users, who couldn’t care less about Netflix, be forced to subsidize the high costs and stresses its service places on all broadband networks."

UPDATE 2: Level 3 VP Mark Taylor offered an explanation as to why the Level 3/Cogent dispute in 2005 is different from the disputes Level 3 has with ISPs today. The dispute came at a time when "our business models diverged and the peering agreement hadn't contemplated that," he said. "Level 3 very significantly extended the geographic coverage of its network, particularly in Europe. At the same time Cogent focused more heavily on one part of the Internet market; Content companies. That meant we ended up carrying bits that moved through our interconnection points for a far greater distance than those bits travelled over the Cogent network. We no longer shared costs equally."

Level 3 still believes that "business benefit and costs should be equally shared," and that cost should be measured in terms of "bit miles," the distance traffic is carried rather than the direction it flows in. Taylor continued:

[T]here are three fundamental differences with that when a global backbone network like Level 3’s connects to a broadband provider like AT&T.

First, if an AT&T subscriber asks to see Internet content, whatever provider is delivering that content has no option but to use AT&T to deliver it to the AT&T customer that asked for it. In other words, unlike the Internet backbone, there is no competitive choice in the last mile of the Internet.

Secondly, our business models are completely different. The backbone operator’s commercial model is to sell services based on the amount of traffic a customer uses at the busiest time. So Level 3’s revenues go up and down as traffic goes up and down. In contrast the broadband operators sell services on a fixed monthly fee irrespective of the amount of traffic consumed.

Thirdly, our network is fully synchronous [and] theirs is asynchronous. Broadband operators sell a service that is built to deliver more bits in one direction than the other. Consumption patterns magnify that effect. It simply isn't even possible to be in balance—not even close.

And so it becomes pretty obvious pretty quickly that a simple ratio of send to receive traffic in no way acts as a proxy for equal business benefit or equal cost.

The market at the Internet's "backbone" where companies like Level 3 operate is a lot more competitive, Taylor said. "Carriers in the backbone of the Internet have similar business models," he said. "They sell services to content companies, businesses and to other network providers like the broadband networks. The backbone of the Internet is highly competitive, and the networks operated there are fully synchronous; that is the pipes that comprise those networks are capable of sending and receiving the same amount of traffic. If a network company is in the same, competitive business, has a similar geographic network and a similar network design then three things are likely true; both networks will benefit equally from interconnection; both networks will incur equal cost for carrying a packet from a to b across their interconnection points; and if either network operator does not want to do business with the other, competitive alternatives are available."

PSA: Having trouble accessing MobileSyrup from Chrome on Android or iOS … – MobileSyrup.com

We’ve been hearing about readers having difficulty accessing MobileSyrup.com from their mobile browsers, specifically when using Chrome for Android or iOS. While the issue isn’t widespread, we’ve nailed down the reason, which is unfortunately out of our control at the moment.

It appears that Google’s Bandwidth management feature, which was brought to Chrome on both Android and iOS last year, is blocking the site from loading across a small subset of IP addresses. The feature sends all mobile data through a Google proxy server, which compresses the data and sends it down to your phone or tablet. At the moment, the only solution to accessing the site when it is not loading appears to be turning this feature off, which could potentially cause you to use more data over a cellular or WiFi network.

To turn off this feature, head to Settings/Bandwidth management/Reduce data usage and turn the feature off. We apologize for the inconvenience, as we understand this is otherwise a very useful feature. We are actively working with both Google and our hosting company to fix the issue, but in the meantime, if you’re having issues accessing MobileSyrup on a mobile browser, this should do the trick.

Install and configure transparent squid <b>proxy</b> server : RHEL/CentOS <b>…</b>

In this tutorial,we will learn about how to install and configure transparent squid proxy server on RHEL/CentOS 6.x .In this practical,we will install Squid version 3.5.0 package in CentOS 6.5 / RHEL 6.5 . Squid server are designed to run in Unix like operating system. Up to version 2.7, Windows Operating System was supportive. Till the date of writing this post, no Windows Operating System supportive port has been developed in Squid version 3.x .

What is Squid Server

Squid is a web cache and web filtering server.It is based upon Harvest Cache Daemon.
Because Squid server has ability to do cacheing, it helps in improving the performance of web access. It can deliver the web content either static,dynamic or streaming way.It helps to speed up web browsing to its end clients.

Default port number use by Squid service

By-defualt port number 3128 is used by squid service

Squid : Transparent Web Proxy Server

Squid Server widely used for Web filtering and cacheing. It is also used as Transparent Web Proxy Server. Transparent Proxy is also known as Interception Caching.

Interception Caching is a process when a HTTP request from client ends redirected to Cache Server(Squid) without doing any configuration in end user clients. By this way,end user clients do not know the traffic has been redirected to cache server(Transparent Proxy)

Transparent Squid Proxy versus Ordinary Squid proxy

In Ordinary Squid Proxy Server, the end user client traffic is redirected to Squid proxy server but for this , we have to configure the web browser settings in each client machine.(We will also show,how to do settings in this tutorial)

In Transparent Squid Proxy, we do not have to do settings in web browser of each client machine.The traffic can be easily redirected to Squid Server. IPTABLES for NAT (Network Address Translation),play very crucial role to setup the Transparent Squid Proxy.(always remember this)

Squid Proxy Server

Install and Configure Squid Transparent Proxy Server

Follow the given below steps to install and configure the Squid Web Proxy Server.

Step 1: Create a yum client repo file in RHEL/CentOS. This step we are doing ,to get the latest Squid version.

vi /etc/yum.repos.d/squid.repo

vi /etc/yum.repos.d/squid.repo

Paste given below contents in file /etc/yum.repos.d/squid.repo

[squid] name=Squid repo for CentOS Linux 6 - $basearch #IL mirror baseurl=http://www1.ngtech.co.il/rpm/centos/6/$basearch failovermethod=priority enabled=1 gpgcheck=0

[squid]

name=Squid repo for CentOS Linux 6 - $basearch

#IL mirror

baseurl=http://www1.ngtech.co.il/rpm/centos/6/$basearch

failovermethod=priority

enabled=1

gpgcheck=0

Step 2: Install EPEL repository in system (For getting Perl packages)

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Step 3: By using yum command install Squid and perl-Crypt-OpenSSL

yum install squid perl-Crypt-OpenSSL

yum install squid  perl-Crypt-OpenSSL

Below given is reference.It shows the packages which will be installed on using command yum install squid perl-Crypt-OpenSSL

Dependencies Resolved ===================================================================================================== Package Arch Version Repository Size ===================================================================================================== Installing: squid x86_64 7:3.5.0.001-1.el6 squid 2.7 M Installing for dependencies: ksh x86_64 20120801-10.el6_5.3 updates 756 k libtool-ltdl x86_64 2.2.6-15.5.el6 base 44 k perl x86_64 4:5.10.1-136.el6 base 10 M perl-Crypt-OpenSSL-X509 x86_64 1.800.2-1.el6 epel 37 k perl-DBI x86_64 1.609-4.el6 base 705 k perl-Module-Pluggable x86_64 1:3.90-136.el6 base 40 k perl-Pod-Escapes x86_64 1:1.04-136.el6 base 32 k perl-Pod-Simple x86_64 1:3.13-136.el6 base 212 k perl-libs x86_64 4:5.10.1-136.el6 base 578 k perl-version x86_64 3:0.77-136.el6 base 51 k Transaction Summary ===================================================================================================== Install 11 Package(s) Total download size: 15 M Installed size: 47 M Is this ok [y/N]: y

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

Dependencies Resolved

=====================================================================================================

Package                         Arch           Version                        Repository       Size

=====================================================================================================

Installing:

squid                           x86_64         7:3.5.0.001-1.el6              squid           2.7 M

Installing for dependencies:

ksh                             x86_64         20120801-10.el6_5.3            updates         756 k

libtool-ltdl                    x86_64         2.2.6-15.5.el6                 base             44 k

perl                            x86_64         4:5.10.1-136.el6               base             10 M

perl-Crypt-OpenSSL-X509         x86_64         1.800.2-1.el6                  epel             37 k

perl-DBI                        x86_64         1.609-4.el6                    base            705 k

perl-Module-Pluggable           x86_64         1:3.90-136.el6                 base             40 k

perl-Pod-Escapes                x86_64         1:1.04-136.el6                 base             32 k

perl-Pod-Simple                 x86_64         1:3.13-136.el6                 base            212 k

perl-libs                       x86_64         4:5.10.1-136.el6               base            578 k

perl-version                    x86_64         3:0.77-136.el6                 base             51 k

Transaction Summary

=====================================================================================================

Install      11 Package(s)

Total download size: 15 M

Installed size: 47 M

Is this ok [y/N]: y

Step 4: After installing squid package, all squid related configuration files will be located at /etc/squid .Explore these files

[root@localhost ~]# cd /etc/squid/ [root@localhost squid]# [root@localhost squid]# ls -l total 48 -rw-r--r--. 1 root squid 419 Jan 27 18:19 cachemgr.conf -rw-r--r--. 1 root root 419 Jan 27 18:19 cachemgr.conf.default -rw-r--r--. 1 root root 1547 Jan 27 18:18 errorpage.css -rw-r--r--. 1 root root 1547 Jan 27 18:18 errorpage.css.default -rw-r--r--. 1 root root 11954 Jan 27 18:19 mime.conf -rw-r--r--. 1 root root 11954 Jan 27 18:19 mime.conf.default -rw-r-----. 1 root squid 2315 Jan 27 18:19 squid.conf -rw-r--r--. 1 root root 2315 Jan 27 18:19 squid.conf.default [root@localhost squid]#

[root@localhost ~]# cd /etc/squid/

[root@localhost squid]#

[root@localhost squid]# ls -l

total 48

-rw-r--r--. 1 root squid   419 Jan 27 18:19 cachemgr.conf

-rw-r--r--. 1 root root    419 Jan 27 18:19 cachemgr.conf.default

-rw-r--r--. 1 root root   1547 Jan 27 18:18 errorpage.css

-rw-r--r--. 1 root root   1547 Jan 27 18:18 errorpage.css.default

-rw-r--r--. 1 root root  11954 Jan 27 18:19 mime.conf

-rw-r--r--. 1 root root  11954 Jan 27 18:19 mime.conf.default

-rw-r-----. 1 root squid  2315 Jan 27 18:19 squid.conf

-rw-r--r--. 1 root root   2315 Jan 27 18:19 squid.conf.default

[root@localhost squid]#

Step 5:Take the backup of squid.conf file.

cp -p /etc/squid/squid.conf /etc/squid/squid.conf.orig

cp -p /etc/squid/squid.conf /etc/squid/squid.conf.orig

Step 5: Disable the SELINUX . Edit the file /etc/sysconfig/selinux and change the value of SELINUX=disabled

vi /etc/sysconfig/selinux SELINUX=disabled

vi /etc/sysconfig/selinux

SELINUX=disabled

Now restart the system so that SELINUX can take effect permanently.

IMPORTANT NOTE : In case , you want to use SELINUX in ENFORCING mode, read this post .(You may have to use the same steps more than one times because of avc denial in SELINUX policy for Squid)

Step 6: Below given is default squid.conf file configuration settings.(You can use same settings for Ordinary Squid Proxy Server)

NOTE : egrep -v '^#|^$' will hide the lines starting with # and all blank lines.

[root@localhost ~]# egrep -v '^#|^$' /etc/squid/squid.conf acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 [root@localhost ~]#

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

[root@localhost ~]# egrep -v '^#|^$' /etc/squid/squid.conf

acl localnet src 10.0.0.0/8    # RFC1918 possible internal network

acl localnet src 172.16.0.0/12    # RFC1918 possible internal network

acl localnet src 192.168.0.0/16    # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535    # unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http

acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager

http_access deny manager

http_access allow localnet

http_access allow localhost

http_access deny all

http_port 3128

coredump_dir /var/spool/squid

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

refresh_pattern .        0    20%    4320

[root@localhost ~]#

Step 7: To make Squid Proxy Server as Transparent Proxy Server. Add “accel vhost allow-direct” with line “http_port 3128″ in /etc/squid/squid.conf file .

http_port 3128 accel vhost allow-direct

http_port 3128 accel vhost allow-direct

As per our network, we are using 172.16.0.0/255.255.0.0 inside LAN .Hence we will edit squid.conf file at acl localnet src

Now I will add the new local network acl line in squid.conf file and comment acl lines related to other local network(10.0.0.0/8 ,172.16.0.0/12, 192.168.0.0/16)

vi /etc/squid/squid.conf ## added this new line as per my network acl localnet src 172.16.0.0/16

vi /etc/squid/squid.conf

## added this new line as per my network

acl localnet src 172.16.0.0/16

Below given is complete configuration for Squid Transparent Proxy Server

acl localnet src 172.16.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny blocksites http_access allow localnet http_access allow localhost http_access deny all http_port 3128 accel vhost allow-direct cache_dir ufs /var/spool/squid 100 16 256 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

acl localnet src 172.16.0.0/16    # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535    # unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http

acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager

http_access deny manager

http_access deny blocksites

http_access allow localnet

http_access allow localhost

http_access deny all

http_port 3128 accel vhost allow-direct

cache_dir ufs /var/spool/squid 100 16 256

coredump_dir /var/spool/squid

refresh_pattern ^ftp:        1440    20%    10080

refresh_pattern ^gopher:    1440    0%    1440

refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

refresh_pattern .        0    20%    4320

Step 8 : Restart the Squid service

/etc/init.d/squid restart

/etc/init.d/squid restart

Step 9 : Create a IPTABLES script . You can modify the script as per your requirement. (Test the script in staging machine before applying it to live server)

Create bash script file

Paste below given contents in file /root/firewall.sh. Save and close the file after this

#!/bin/bash # # # # Ethernet device name connected to LAN ETHERNET_LAN="eth2" # Ethernet device name connected to Internet ETHERNET_INTERNET="eth0" # Squid Server IP Address SQUID_SERVER_IP="172.16.15.1" # Squid port number SQUID_PORT="3128" ### Multiple Port Number - TCP based MULTI_PORT="22,20,21" #### Flush iptables iptables -F ##### Delete a user-defined chain iptables -X ### -t defines table ### #### Flush NAT Rules/user-defined NAT chain iptables -t nat -F iptables -t nat -X #### Flush Mangle Rules/user-defined NAT chain (mangle — Used for specific types of packet alteration. ) ##### iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack modprobe ip_conntrack modprobe ip_conntrack_ftp ##### Enable IP forwarding for IPV4 #### echo 1 > /proc/sys/net/ipv4/ip_forward ## iptables -P INPUT DROP iptables -P OUTPUT ACCEPT ## INPUT/OUTPUT rules for loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i $ETHERNET_INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT iptables --table nat --append POSTROUTING --out-interface $ETHERNET_INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $ETHERNET_LAN -j ACCEPT iptables -A INPUT -i $ETHERNET_LAN -j ACCEPT iptables -A OUTPUT -o $ETHERNET_LAN -j ACCEPT iptables -t nat -A PREROUTING -i $ETHERNET_LAN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_IP:$SQUID_PORT iptables -t nat -A PREROUTING -i $ETHERNET_INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT ###### IPTABLE Allow rule for tcp based multiple port #### To disable - Use # in front of below given line iptables -A INPUT -p tcp -m multiport --dports $MULTI_PORT -j ACCEPT iptables -A INPUT -j LOG iptables -A INPUT -j DROP

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

#!/bin/bash

#

#

#

# Ethernet device name  connected to LAN

ETHERNET_LAN="eth2"

# Ethernet device name connected to Internet

ETHERNET_INTERNET="eth0"

# Squid Server IP Address

SQUID_SERVER_IP="172.16.15.1"

# Squid port number

SQUID_PORT="3128"

### Multiple Port Number - TCP based

MULTI_PORT="22,20,21"

#### Flush iptables

iptables -F

##### Delete a user-defined chain

iptables -X

### -t defines table ###

#### Flush NAT Rules/user-defined NAT chain

iptables -t nat -F

iptables -t nat -X

#### Flush Mangle Rules/user-defined NAT chain (mangle — Used for specific types of packet alteration. ) #####

iptables -t mangle -F

iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack

modprobe ip_conntrack

modprobe ip_conntrack_ftp

##### Enable IP forwarding for IPV4 ####

echo 1 > /proc/sys/net/ipv4/ip_forward

##

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

## INPUT/OUTPUT rules for loopback

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i $ETHERNET_INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables --table nat --append POSTROUTING --out-interface $ETHERNET_INTERNET -j MASQUERADE

iptables --append FORWARD --in-interface $ETHERNET_LAN -j ACCEPT

iptables -A INPUT -i $ETHERNET_LAN -j ACCEPT

iptables -A OUTPUT -o $ETHERNET_LAN -j ACCEPT

iptables -t nat -A PREROUTING -i $ETHERNET_LAN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_IP:$SQUID_PORT

iptables -t nat -A PREROUTING -i $ETHERNET_INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT

###### IPTABLE Allow rule for tcp based multiple port

#### To disable - Use # in front of below given line

iptables -A INPUT -p tcp -m multiport --dports $MULTI_PORT -j ACCEPT

iptables -A INPUT -j LOG

iptables -A INPUT -j DROP

Step 10 : Give execute permission to /root/firewall.sh and only to owner that is root

chmod 700 /root/firewall.sh

chmod 700 /root/firewall.sh

Step 11 : Execute the firewall.sh script

Client Side Configuration

Step 12: At client side,you do not have to configure Web browser.
The only requirement is, the IP Subnet of client should be allowed in Squid Proxy Server

sharad chhetri (366 Posts)

My name is Sharad Chhetri. I am a Linux System Engineer.I love working on Linux,Unix and Open Source Technology. I also support and advocate the Freedom of Open Source Softwares. Apart of Unix Based Operating System, I also have experience in Windows Server and Cisco Networking. If you find my post useful to you/your organization and would like to donate. I will be felt rewarded if you donate to any Open Source Project or Charity Organization.I honestly and proudly admit, some blog readers has done donation.I will also appreciate if you notify me about your donation via email at admin@sharadchhetri.com .


Vladimir Putin, Internet Villain – Bloomberg View

Russian President Vladimir Putin and Turkish Prime Minister Recep Tayyip Erdogan appear to have an intuitive understanding of the work of Richard Heeks. The British academic, who predicted the overthrow of Ukrainian President Viktor Yanukovich, believes that countries with high levels of real-life oppression and lots of Internet freedom are most likely to experience revolutions.

Putin and Erdogan are responding in classic authoritarian style: Instead of reducing oppression, they're clamping down on access to the Internet.

Erdogan recently declared that he would not "leave this nation at the mercy of Facebook and YouTube," threatening to shut off access to both services after local elections later this month. This week's protests in Istanbul, which left two people dead, must have reinforced Erdogan's belief that the social networks serve only to provide his enemies with communication and propaganda channels.

Putin, for his part, moved decisively against Internet media critical of his actions. On Wednesday, Alexander Mamut, chairman of Rambler Afisha SUP, the holding company that owns the LiveJournal blog service and a number of popular websites, fired Galina Timchenko, editor of Lenta.ru, one of Russia's most popular websites with about 1.2 million daily visitors. The firing followed an official warning issued to Lenta for citing, neutrally, an anti-Russian rant by a Ukrainian ultranationalist. Timchenko's replacement, Alexei Goreslavsky, once ran a Kremlin-sponsored site, and the Lenta team saw the firing as politically motivated. Thirty-nine of 84 staffers, including 32 of 55 journalists, immediately resigned.

On Thursday, Russia's telecom regulator, on behalf of the prosecutor general, required Internet providers to block access to three anti-Putin opinion and commentary sites -- ej.ru, Grani.ru and Kasparov.ru, the latter operated by former world chess champion Garry Kasparov. Their alleged crime was "calling for illegal activity and the participation in mass rallies held in violation of the established order." The regulator also blocked opposition leader Alexei Navalny's LiveJournal blog, claiming the politician was not allowed to update it while under house arrest. Ekho Moskvy, Moscow's most popular talk radio station, was ordered to remove a mirror of the blog from its website or face a full blockage of the site. The station promptly obliged, though it says it will appeal the authorities' actions.

Russia's moves don't add up to a Great Chinese Firewall. They do, however, represent the biggest crackdown on Russian Web freedom yet -- and are clearly a consequence of Russia's invasion of Crimea. Putin is putting a squeeze on what his press secretary, Dmitri Peskov, recently termed "a nano fifth column" of critics. "This means the nation will soon be subjected to new torrents of lies," economist Sergei Aleksashenko wrote on his LiveJournal blog in what became one of the most widely shared posts on Russian social networks. Putin and his entourage sincerely believe the lies, he wrote, "because they have shut themselves off from all information sources that do not toe the party line."

Whether Putin believes his own propaganda, he has inundated television, the Kremlin-controlled press and even social networks with it. People who require a more multifaceted picture are already discussing ways to bypass a nationwide firewall when -- not if -- it is set up. At this point, the options are many, from using free public proxies provided by the likes of HideMyAss and ZenMate to switching to the Tor anonymous network, well-known to hackers and denizens of mail-order drug markets. Anonymizers that give a Russian user's computer an IP address from another country easily solve the problem of local blockages: A U.S. or, say, Hong Kong user can access any of the blocked sites.

The ease of bypassing blocks is no secret to Putin's cyberpolice. For now, they are just making it more difficult to use opposition resources in the hopes that most people won't want to waste their time on proxies, which tend to slow down browsing. Eventually, however, both Russian and Turkish users will need to rely on the experience of hackers who have been trying to pick apart the Chinese firewall since 2003, when it first came into existence.

China blocks Tor, using ingenious algorithms to track down machines trying to make connections to the encrypted network. Hackers must make a special effort to break through the defenses. Most publicly available proxy servers do not work in China, either: The addresses they employ are known to the Chinese Web police and are shut off. Right now, the only way to use Facebook and other blocked sites, including Bloomberg.com, is to subscribe to one of the smaller, lesser known paid virtual private network services. These are detected and cut off once in a while, but new ones spring up, allowing both Chinese people and visitors to venture outside the Great Firewall.

Curiosity and a thirst for information are impossible to stop these days. One would have to cut off Internet access completely to make any site truly unavailable. Many people will go to great lengths to retain sources they consider reliable and, at some point, to organize resistance. Once real-world oppression becomes unbearable, they will do more than subscribe to a VPN. As Ukraine's experience proves, they will sometimes pick up sticks and shields and fight on the barricades. Cracking down on Web freedoms is at best a temporary solution.

(Leonid Bershidsky writes on Russia, Europe and technology for Bloomberg View. Follow him on Twitter at @Bershidsky.)

To contact the writer of this article:
Leonid Bershidsky at lbershidsky@bloomberg.net.

To contact the editor responsible for this article:
Mark Whitehouse at mwhitehouse1@bloomberg.net.

Proxies

Hotel murah di Jakarta
Alfamart official partner
proksyfree.com
foxwebproxy
USA Proxy Golden
hide ip usa
deamen proxy
Hotel murah di Jakarta
Proxy Tube
Medo Proxy
Hide My IP
Proxies
Proxies
Proxies
Proxies
Proxies
spain proxy
snake proxy
unblock instagram
pakistan proxy
provide free web hosting
Private IP
Give Me Proxy
opera
opera
msproxyo
unblockbrowser
ded proxy
ulimnate hide
http://proxyforallsites.com/
alexeproxy
mega-surf
mostfastproxy
mostfastproxy
monsterproxy
monsterproxy
monsterproxy
checkproxi
ProProxy
opera
opera
opera
opera
opera
super fastttttt
opera
opera
opera
unblocker
opera
wamdpro free proxy service
obat penggugur kandungan
Hotel murah di jakarta
Alfamart Official Partner Merchandise Fifa Piala D
Unit Link Terbaik di Indonesia Commonwealth Life I
Kuliner Balikpapan
ProProxy
school proxy
super proxy free
PC Notdienst
Arif Hosting Harga Murah dan Hosting Terbaik di In
voyance gratuite en ligne sans inscription
proxy gratis
Alfamart official partner FIFA piala dunia 2014
Mobil Sedan Corolla terbaik

tarot de marseille
Eroxid - A Free Proxy
Newborn Pacifiers from Babvo Baby Shop
Escorts Services in Delhi
maxproxa
piiiiipoooooo
ipxxxxxxxxxx
miniprox
paprox
eproxa
unpro
biprox
zprox
Mobil Sedan Corolla
propox
PROXY
wikiyopi.com
maprox
maxprox
goodprox
speedprox
bita
go-net
FoJi
propo
thex
batt
Ojimo Phone Cases
voyance gratuite
Pakar SEO
propp
maxproxz
getprox
vimax asli
ffproxy
ttproxy
bigprox
faceprox5
faceprox4
faceprox3
faceprox2
faceprox1
fir4
fir3
fiiir2
fiiir
maxproxyx
camera.co.id toko kamera murah di indonesia
reiki
proxystar.net
rapid90.com
Jejak Seo
princeproxy
http://www.socialsurfing.tk/
http://bbc2proxy.blogspot.com/
proxy ssl
Uk Web Proxy
proxy03
Super Fast Proxy
Website Unblocker
http://reverse-proxy.info/
college online proxy
http://name-proxy.info/
Open Blocked Websites
Hide Me Thanks
Uk Web Proxy
Unblock Proxy
unblock facebook
Free Server Proxy
ip change
gag no ads
chat proxy
Mansy Proxy | Free Anonymous Browsing
Mansy Proxy | Free Anonymous Browsing
Mansy Proxy | Free Anonymous Browsing
Proxy 2 Fun
unblock facebook
hideurip.3owl.com
Franceproxy
Texas Proxy is not like any websites proProxy
The free proxy
GoxyProxy