The government of Uganda through its regulatory body the Uganda Communications Commission (UCC) has ordered all Internet Service Providers (ISPs) to block Social Media, VPNs, App stores, and YouTube rendering the Over The Top (OTT) tax useless.
The Social media platforms that have been suspended include Facebook, Twitter, WhatsApp, Signal, Telegram, Skype, Zoom, Teams to mention but a few. And just like before both the iOS AppStore and Google PlayStore are also no more in Uganda at least for now.
The ban comes days after the 14th January elections which saw Uganda stagger in a full internet shutdown for 5 days only to be restored on Monday 18th Jan, 2021.
The most worrying aspect of this new ban is the VPN ban, as most Ugandans are relying on these VPNs to access social media and other content that is not available locally.
VPN blocking explained
There are several types of blocks that can be used to prevent people from using VPNs to access certain content. This means that VPN providers have to stay ahead of the game on multiple levels. For users, the implication is that even if your VPN can bypass one type of block, it doesn’t mean it can circumvent them all. For example, even if your VPN can enable access to Netflix, it may not help you bypass censorship in China or Iran.
Lets look at the ways the government can block VPNs and where you’ll typically come across them:
Internet traffic is transmitted and received via ports, with specific types of traffic generally using certain ports. For example, most regular HTTP traffic uses TCP port 80 and secure (HTTPS) traffic uses TCP port 443. OpenVPN traffic typically uses UDP port 1194, so firewalls often monitor port 1194 and block any encrypted traffic that attempts to use it.
This method is fairly simple to put in place, so it’s likely used by many organizations and governments. However, it’s also fairly easy to circumvent, so it’s often used alongside another blocking method.
IP address blocks
Another method used to detect and block VPN traffic is based on IP addresses. When you connect to a VPN, your real IP address is replaced with one from your VPN server. Many VPNs use shared IP addresses, such that everyone connected to a given server shares the same IP address. If that IP address is discovered, it can simply be blocked by a website or internet service provider (ISP).
This type of blocking is often used by Netflix, Hulu, Amazon Prime Video, and other streaming sites. It is also used in China as part of the Great Firewall, although this is not the only method used.
VPN traffic detection
Instead of looking at where the traffic is coming from or going to, more advanced blocking methods look at the nature of the traffic itself. OpenVPN traffic uses SSL (as does HTTPS traffic). However, it has unique signatures, making it distinct and detectable with the right tools. Deep Packet Inspection (DPI) looks for these signatures and blocks traffic if they’re detected.
DPI is a major component of China’s Great Firewall and is difficult to circumvent.
Can you make your VPN undetectable?
Yes, if you find your VPN is being blocked, there are some tricks you can try to make your VPN undetectable and bypass the restriction. Good VPN services rely on 3 major factors to avoid being blocked and this includes Changing ports, Switching servers, and Changing protocols.
VPN for bypassing VPN blocks. Good services will be able to provide a fast, reliable service that works anywhere in the world, including China and now Uganda. You should choose a highly secure VPN service that will provide access to geo-restricted content, including that from Netflix, Hulu, and Amazon Prime Video. We always recommend a paid VPN.
If you’re already using a VPN that doesn’t provide you with a way to bypass blocks, you may not need to purchase another subscription just yet. While these solutions aren’t as straightforward as using the above VPNs, there are a few methods you can use to mask your existing VPN traffic, which includes; Obfsproxy, SSH tunneling, and SSL/TLS tunneling. There are also a couple of methods that could work alone, without the use of a VPN like Tor browser and Shadowsocks.
Since this is an indefinite suspension, there is no way of telling when the government will order the ISP to switch them back on. Last week when justifying why social media has been switched off, President Museveni said, “I told our people to warn those Facebook people. If they do not want to corporate, they shall not operate here. I am sure the government has already closed social media. I told our people to warn those Facebook people. If they do not want to corporate, they shall not operate here. I am sure the government has already closed social media”.