South Korea will expand its site blocking measures with SNI eavesdropping, so HTTPS sites can be blocked as well. The new measure, which will also affect pirate sites, has generated widespread opposition. While it's more effective than standard DNS blocking, it's certainly not impossible to circumvent.

When it comes to pirate site blocking, South Korea is one of the most active countries in the Asia-Pacific region.

According to recent data from the Motion Picture Association, the country has blocked 456 sites to prevent the public from accessing pirated material.

These blocking orders are sanctioned by the Korean Communications Standards Commission (KCSC), which also oversees other blocking efforts, including those targeted at porn or illegal gambling sites.

While the ISP blockades work well for regular HTTP sites, they are fairly easy to bypass on HTTPS connections, something most sites offer today. For this reason, the Korean authorities are now stepping up their blocking game.

This week the Government announced that it will start eavesdropping on SNI fields, which identify the hostname of the target server. This allows ISPs to see which HTTPS sites users are trying to access, so these can be blocked if they’re on the Korean blocklist.

The new measures will apply to 895 foreign websites that are linked to porn, gambling or copyright infringement.

“The SNI blocking is a method of checking and blocking the target server in the SNI field. It is not related to communication interception and data packet interception,” the Government writes.

“In particular, the new method plans to block illegal sites related to child pornography, video piracy, and illegal gambling,” the translated press release adds.

The new blocking measures were already announced early last year as a new tool to deal with pirate sites, and are expected to take effect on February 22. From then on, users who access a blocked HTTPS site will be redirected to the following warning page.

The warning page

The new blocking policy is meeting quite a bit of resistance locally. A petition that was launched earlier this week has been signed by over 180,000 people already and this number is growing rapidly.

The petition warns that this type of censorship is limiting freedom of expression. At the same time, however, it notes that people will find ways to bypass the blockades.

“We will continue to bypass and evade Internet censorship. The new https blocking can also be bypassed through VPN programs or by activating ESNI. Do you really think limiting this way is effective?” it reads.

Indeed, SNI eavesdropping and blocking is useless when people use a VPN. In addition, more modern browsers and companies such as Cloudflare increasingly support encrypted SNI (ESNI). This prevents ISPs from snooping on SNI handshakes.

The nightly build of Firefox added support for ESNI last October, for example. As Bleepingcomputer notes, this is a more pressing issue now for South Koreans, which is exemplified by a recent message on Firefox’s bug tracker.

While it is no surprise that many South Koreans are not happy with the changes, at least their Government and ISPs are transparent about the matter. In Europe and elsewhere, HTTPS blocking is also fairly common, but it’s not always clear what measures are used.