For everyone, especially persecuted groups
For everyone, especially journalists, academics, public servants
Ethical hacking, web publishing, AI/LLM
For activists, whistle blowers, freedom fighters
For anyone under oppressive governments
For activists, whistle blowers, freedom fighters
Technology, freedom, democracy | Tools, education
For anyone under oppressive governments, or blocked from going certain places online, by firewalls at workplaces, libraries, universities, or an abusive partner. | 2025.12.23
Book security testing or workshop. And support the development of Abstrude.
The Domain Name System (DNS) resolves domain names – web addresses such as www.abstru.de – into it's actual Internet Protocol address (IP), which looks something like: 123.123.123.123. Sort of like a catalogue of phone numbers, but for the internet. Domain names are obviously a lot easier to remember than strings of numbers.
If not changing any settings from default, the DNS used will the the one set by your Internet Service Provider (ISP). Most commonly these queries are sent from your browser over the internet to the DNS server, unencrypted. This means that whoever is administrating the DNS, may configure the sever to either block the request – effectively censoring the website, or route your request to another website – that looks identical to the real one, but is fake. This either to serve you modified or completely false information, or to trick you into entering your username and password.
Do not change any settings related to DNS, if you're using VPN to achieve some level of anonymity. The VPN service takes care of encrypting all internet traffic – including DNS queries and thus avoids (de-anonymizing) DNS leaks. If you're trying to evade censorship, while not concerned with anonymity, try all three scenarios:
– VPN active and no changes to DNS (VPN server handles DNS)
– VPN active and Quad9 DNS configured as custom DNS, in VPN app/settings (Quad9 handles DNS)
– VPN disabled and Quad9 DNS configured as custom DNS, in OS settings or router settings (Quad9 handles DNS)
Quad9 is a not-for-profit organization based in Switzerland, operated by the Quad9 Foundation. It's a collaboration between IBM, the Global Cyber Alliance, and Packet Clearing House. They support DNS over TLS (DoT), DNS over HTTPS (DoH), and DNSCrypt, with malware blocking and DNSSEC validation.
In their own words: "Quad9 is the custodian of a global DNS infrastructure which exists to facilitate human rights of communication and participation in governance and civil society. We exist to serve the privacy, security, and performance needs of our users. Quad9 safeguards our users’ privacy by not collecting our users’ personal data; we serve the public benefit directly, rather than profiting from their personal data. Quad9 safeguards our users’ security by blocking connections between their devices and malicious domains on the Internet. /---/ Quad9 is the only large DNS resolver with a founding charter that includes privacy as a primary goal..."
– Android 9 and later
– iOS 14 and later
– Windows 11
– macOS Big Sur and later
– Ubuntu 22.04
– pfSense
*Disable Quad9 DNS when using VPN
*Verify that you're using Quad9 DNS
*FAQ
Mullvad is a Swedish VPN provider with a very good reputation, owned by Amagicom. Both of these companies are 100% owned by the founders Fredrik Strömberg and Daniel Berntsson, who are actively involved. Mullvad also provides encrypted DNS, and a privacy focused browser.
In their own words: "We live in a world where everything we do on the internet is tracked and stored (if we don’t oppose with privacy-focused services). How might it affect you – today or tomorrow? And what will the data collection lead to, if we don’t resist?"
– Browsers
– Android 9 and later
– iOS/iPadOS
– Windows 11
– macOS 13 and later
– Linux (Ubuntu, Fedora)
*Disable Mullvad DNS when using VPN
*Verify that you're using Mullvad DNS
*FAQ
The TOR Project makes use of a number of various techniques for security, privacy, anonymity – and censorship evasion, which I've written about here.
In their own words: "WebTunnel is a censorship-resistant pluggable transport designed to mimic encrypted web traffic. For someone monitoring the network, it makes the traffic look like a regular HTTPS connection to a webpage server giving the impression that the user is simply browsing the web. /---/
Bridge relays are TOR relays that are not listed in the public TOR directory. That means ISPs or governments trying to block access to the TOR network can't simply block all bridges. Bridges are useful for TOR users under oppressive regimes, and for people who want an extra layer of security because they're worried somebody will recognize that they are contacting a public TOR relay IP address. /---/
Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Obfsproxy bridges address this by adding another layer of obfuscation. Setting up an obfsproxy bridge requires an additional software package and additional configurations.
[Connection Assist is a] feature in Tor Browser that when required will offer to automatically apply the bridge configuration which works best in the user's location."
Instructions for Debian based Linux, such as Ubuntu, or Mint:
1. Download TOR Browser here (.tar.xz)
2. Download TOR Browser's signature file here (.tar.xz.asc)
3. In Terminal, fetch the Tor Developers key (.keyring):
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
The result should look similar to this, but with the exact same long string of letters/numbers (EF6...):
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org"> imported
gpg: Total number processed: 1
gpg: imported: 1
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
4. Save the fetched Tor Developers key to a file, in the Downloads folder:
gpg --output ~/Downloads/tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
At this point you should have three files in the Downloads folder:
a) tor-browser-linux-x86_64-15.0.0.tar.xz
b) tor-browser-linux-x86_64-15.0.0.tar.xz.asc
c) tor.keyring
5. Verify signature authenticity of downloaded TOR Browser, before opening the archive:
gpgv --keyring ~/Downloads/tor.keyring ~/Downloads/tor-browser-linux-x86_64-15.0.0.tar.xz.asc ~/Downloads/tor-browser-linux-x86_64-15.0.0.tar.xz
The result should contain:
gpgv: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>"
6. Extract the Tor Browser archive
7. Change directory, into the new folder:
cd ~/Downloads/tor-browser-linux-x86_64-15.0.0/tor-browser
8. Run the script in Terminal:
./start-tor-browser.desktop
The free version of the app/service has a limited feature set, and just a few servers available. But even that might get you past more basic censorship. Try with these settings:
– OpenVPN (TCP, port 443)
– Activate the killswitch
Ideally also:
– Disable WebRTC
– Disable IPv6
– Don't change any DNS settings on your device (Proton VPN will handle DNS)
– Verify that you're using Proton VPN (whatismyip.com | whatismyipaddress.com)
– Check for DNS leaks (dnsleaktest.com | controld.com)
– Check for WebRTC leaks (browserleaks.com | dnsleaktest.com/webrtc)
– Check for IPv6 leak. In Terminal, make sure IP is different with/without VPN (Windows, macOS, Linux, Android, iOS):
curl -4 icanhazip.com
*If you need someone else to download it for you, send them this link https://account.protonvpn.com/signup?plan=free&ref=noupsell
The aim of Proton's services, incl. encrypted email, calendar, cloud storage, password manager, and crypto wallet is to: "...play a crucial role in ensuring freedom and privacy worldwide, [while knowing] authoritarian governments [will] try to block them."
Proton's Stealth protocol can avoid detection, and let you bypass internet censorship and VPN blocks: "We’re pleased to announce Stealth, a new, undetectable VPN protocol that can bypass most firewalls and VPN blocking methods. You’ll be able to bypass advanced VPN blocks, access censored sites, and communicate with people on social media, even if your government is trying to restrict access. /.../
Stealth uses obfuscation to hide your VPN connection from censors. The general idea is to make VPN traffic look like 'normal' traffic — or common HTTPS connections. Stealth does this by using obfuscated TLS tunneling over TCP. This is different from most popular VPN protocols that typically use UDP, making them easier to detect and block. Without going into too much detail, Stealth also establishes VPN connections in a specific and unique way that avoids alerting internet filters."
Proton VPN is available for Windows, macOS, Linux, Chromebook, Android, iPhone/iPad, Apple TV, Android TV, Fire TV.
If protonvpn.com is not accessibale for you, try these alternative paths:
– Apple App Store
– Google Play app store
– Amazon app store
– F-Droid app store (Android)
– GitHub (All apps are fully open-source and available for download, you can also download their source code)
If none of that works for you, I suggest this workaround:
– Ask a trusted friend to download the installer file you need
– Have them put the installer file in a new folder, compress and encrypt the folder, thereby requiring a password to open the archive file (use 7-Zip for this, and make sure it's the latest version)
– Have them send the archive file to you, or make it available for downloading via some file transer service
– Have them send you the password via a different path (Signal, Telegram, email, social media, or even codewords in physical/snailmail)
In the settings, configure it to:
– Use the Stealth protocol
– Allow alternative routing
– Choose a specific country's exit node (not your current country), where your traffic will be decrypted, exit the VPN tunnel and enter the normal internet
– On some of their apps the Smart protocol setting tries different protocols and ports, to see what works
– For a bit of additional protection against governments spying, choose a Secure Core server
– Activate the killswitch
Ideally also:
– Disable WebRTC
– Disable IPv6
– Don't change any DNS settings on your device (Proton VPN will handle DNS)
– Verify that you're using Proton VPN (whatismyip.com | whatismyipaddress.com)
– Check for DNS leaks (dnsleaktest.com | controld.com)
– Check for WebRTC leaks (browserleaks.com | dnsleaktest.com/webrtc)
– Check for IPv6 leak. In Terminal, make sure IP is different with/without VPN (Windows, macOS, Linux, Android, iOS):
curl -4 icanhazip.com
Sign up for Proton VPN – 14 Days Free!
Another VPN service provider with a very good reputation is Mullvad, based in Sweden. Consider using Mullvad VPN with Bridge Mode:
"Built with the intention of circumventing internet censorship. The Shadowsocks proxy makes it difficult for firewalls to differantiate the internet traffic, which makes it a popular choice for users located in countries that censor internet traffic.
To provide the censorship circumventing Bridge Mode feature, Mullvad uses Shadowsocks proxies. This way your VPN traffic will masquerade as normal internet traffic, like non-VPN traffic, when scanned by DPI-firewalls (Deep Packet Inspection), and so will be let through.
Mullvad VPN has apps for both phones and computers, but Bridge Mode is only availabe in the apps for Windows, macOS and Linux (Debian, Ubuntu, Fedora, and manual .deb installation for others). Unfortunately it's not available in the mobile apps, however – on Android, you can use the Shadowsocks app together with the OpenVPN Android app.
– mullvad.net/.../windows
– mullvad.net/.../macos
– mullvad.net/.../linux
Ideally:
– Disable WebRTC
– Disable IPv6
– Don't change any DNS settings on your device (Mullvad VPN will handle DNS)
– Verify that you're using Mullvad VPN (whatismyip.com | whatismyipaddress.com)
– Check for DNS leaks (dnsleaktest.com | controld.com)
– Check for WebRTC leaks (browserleaks.com | dnsleaktest.com/webrtc)
– Check for IPv6 leak. In Terminal, make sure IP is different with/without VPN (Windows, macOS, Linux, Android, iOS):
curl -4 icanhazip.com
Another way to evade internet censorship – or internet blackouts, regardless of the cause (intentional shutdown, intentional restriction, natural distaster, accident, war...) is using an internet service provider – ISP, with satellite connection.
First, let's have a look at what the common ways of connecting to the internet is:
– Fibre (optical fibre cables)
– Cable (TV cables, copper)
– ADSL (telephone cables, copper)
– Mobile 5G, 4G, 3G, 2G (cellphone towers)
– Satellite (dish antenna directly connecting to satellites)
– Private local networks (Meshtastic, GoTenna, HAM radios, etc.)
Of all the above, a satellite internet connection is the only one that will generally not be affected by an internet shutdown, because it's not part of the local, main stream, internet network infrastructure. This is especially true when powered via solar, water, wind, diesel generator, or other generator acceleration such as pedals or handcrank.
Many people – myself included, don't like this company because of the CEO Elon Musk making nazi-salutes, supporting "israel's" genocide against Palestinias, his questionable work within the US government (DOGE) under Trumps increasingly fascistic administration and government overreach, as well as open support for Germany's extreme far right party AfD.
If one can stomach all that (and more), the Starlink satellite internet has several good features, either as a complement or as an alternative to other ways of getting internet access. It's quite fast (ca. 200 ping, ca. 200/20 Mbit down/up), and now there's a small antenna dish that you can pretty much hike around with attached to your backpack.
Other satellite ISPs might suit you better, for various reasons. For the moment though, most of them – if not all of them, will be slower and potentially more expensive than Starlink, mostly because they're positioned in an orbit a lot further away from earth.
Sign up for Starlink – 30 Days Free!
There's a few solutions for messaging, GPS, and emergency SOS. Fully off-grid – no need for cellphone networks or WiFi.
With iPhone 14 and newer (all models) one can send iMessages, SMS messages, and emergency SOS, via satellite.
The Garmin inReach devices are small, light weight, has a long battery life, supports messaging, GPS, and emergency SOS.
In their own words: "Meshtastic is a project that enables you to use inexpensive LoRa radios as a long range off-grid communication platform in areas without existing or reliable communications infrastructure. This project is 100% community driven and open source!"
– meshtastic.org/docs/introduction
– lora-alliance.org/about-lorawan
– meshtastic.org/docs/software/integrations/integrations-atak-plugin | Combine with ATAK, read below [ATAK]
In their own words: "Android Team Awareness Kit (ATAK, also as Android Tactical Assault Kit, and Android Tactical Assault Kit for Civilian Use ATAK-CIV) is an Android smartphone geospatial infrastructure and military situation awareness app. It allows for precision targeting, surrounding land formation intelligence, situational awareness, navigation, and data sharing.
This Android app is a part of the larger TAK family of products. ATAK has a plugin architecture which allows developers to add functionality. This extensible plugin architecture that allows enhanced capabilities for specific mission sets (Direct Action, Combat Advising, Law Enforcement, Protection Operations, Border Security, Disaster Response, Off-grid Communications, Precision Mapping and Geotagging)."
– wikipedia.org/wiki/Android_Team_Awareness_Kit
– reddit.com/r/ATAK/wiki/index
– getgotak.com/collections/atak-ready-radios
– play.google.com
For this context, the main two-way radio capabilites to learn about is:
– Analog, e.g. Baofeng
– Analog and digital, e.g. Baofeng
– Analog and digital, with encryption on digital, e.g. Motorola XTS 3000 (check ebay.com)
Analog is unencrypted – anyone with a cheap radio can listen in. Digital is also unencrypted, normally. Even if anyone can listen in also on digital, it's generally less of a chance due to technicalities.
Digital can be encrypted, up to AES-256 – which is the only level you should use. Avoid proprietary encryption (closed source).
Several things can be done to obfuscate the use of radios, to avoid getting tracked down/geo-located, to minimize chance of interception/others listening in, to minimize information leak if communication is intercepted.
1. Talk less; talk short, talk correct, transmit only mission-critical information
2. Schedule less; minimize required reports, schedule communication windows
3. Move radios; move units, when in doubt – move (different location each time)
4. Chat, do not call; chat reports, requests, and brevity codes
5. Signal movement, tactical action; and convoys with one-arm hand and arm signals
6. Wire; communicate between stationary positions over wired connection – not radio
7. Mask antennas; place antennas behind barriers, buildings, woods, or hills
8. Reduce power; set radio to low power, shut it off when not in use
9. Prioritize LPD/LPI nets; know which nets are more vulnerable (*Low Probability of Detection/Interception)
10. Plan simple, flexible operations; that require less radio calls
1. Directional antennas; rather than omni-directional (one direction only, as opposed to all directions)
2. Repeaters/relays; use one or several
3. Coded language; e.g. "Unicorn. Teletubbie. Banana."
4. Avoid details; "Meet at the place, bring the thing."
5. Digital radios; avoid analog if possible
6. Encryption; AES-256
7. Make your own cipher; e.g. agree beforehand that A means letter 34 on page 57 in a specific book, and so forth – use this key to encrypt/decrypt text, or Morse code
*Emergency; send a Morse code SOS distress signal ( - - - — — — - - - ) with a flashlight, a mirror reflecting the sun, a horn, or a whistle
Varies from country to country, especially the use of encryption. Make sure you know what you're doing – whatever youre doing.
PMR446 (Private Mobile Radio, 446 MHz) is free to use in the EU, for anyone – without any sort of permit.
Apply for a permit to use other frequencies than 446 MHz:
– pts.se (Sweden)
While digital, encrypted communication is the only acceptable way for sensitive information, it may not always the best use case. For example, buying cheap and simple analog devices and them hand out in one's community, especially to non-technically oriented persons, may be the best option. This scenario would be optimized for readyness, ease of use (better chances it'll be used at all), perhaps as a complement to Meshtastic – which is both encrypted and legal to use, but does not support talking/calls.
– Is it more important, for Your community, to just an alternative ready to go, when mainstream infrastructure is non-functional? Opt for analog!
– Or is it more important, for Your use case, that whatever informations is communicated, regardless of current events, stays private? Opt for digital, encrypted!
– youtube.com/@S2Underground
– wikipedia.org/wiki/Amateur_radio
– reddit.com/r/amateurradio
The global Boycott, Divestment and Sanctions (BDS) movement, firmly believes that ending the complicity of states, corporations, and institutions in “israel’s” ongoing, live-streamed genocide against 2.3+ million Palestinians in Gaza [and the West Bank] is the most effective form of solidarity with the Palestinian struggle to end the genocide and dismantle “israel’s” 78-year-old regime of settler-colonialism and apartheid. – bdsmovement.net
Search brands and scan products, to see if it’s being boycotted and why. Make ethical shopping choices with confidence! – boycat.io
Read the PDF-file emails! [SFW, redacted] – jmail.world Watch the videos! [SFW, censored] – jmail.world/jefftube
From Latin abstrūdō; to conceal, hide, push or thrust away. Evolved to abstruse; difficult to comprehend or understand, obscure. Synonyms; cryptic, covert, secret.
No tracking, no cookies. Only HTML and CSS, plus one JavaScript function for color inversion – sessionStorage, deleted when closing browser.
Optimized for Brave – a privacy and security oriented browser.
All information is provided in a best effort, beginner friendly manner. Intended for educational purposes only – how anyone make use of it, is their own responsibility. By choosing to utilize any of the mentioned tools or methods – in part or in whole, You confirm Your agreement with the aforementioned statement.
Book security testing or workshop.
The continued efforts of developing Abstrude can be supported via:
– Buy Me a Coffee (Stripe)
– BTC bc1qxtfks0vy3x6w9p7t9cvxkxsx56ptmfm0wydwld
– ETH 0xa1AEbebe632D8170D7a4d716B44Ef93F64Ed62c6
– Referrals Proton
|
Starlink
|
Simply
hind.rajab@abstru.de
|
Instagram
|
UpScrolled
|
Substack
|
Twitter/X
|
GitHub
[A]bstrude © 2025 – 2026
"Censorship reflects a society's lack of confidence in itself. It is a hallmark of an authoritarian regime." ― Potter Stewart