| ▲ | Imgur Geo-Blocked the UK, So I Geo-Unblocked My Network(blog.tymscar.com) |
| 181 points by tymscar 4 hours ago | 71 comments |
| |
|
| ▲ | omnicognate 3 hours ago | parent | next [-] |
| > Second, even if I installed a VPN on my main machine, what about my phone? My laptop? My desktop? Every device would need the VPN running, and I’d have to remember to connect it before browsing. It’s messy. This is what routers are for. My router (a cheap fanless box with several network ports running linux) is the only thing on my network that knows there's a VPN. I can selectively route whatever I want through it, including having a separate SSID/VLAN from which everything is routed through the VPN. It's wireguard based so there's no "installing a VPN", just an interface/network configured in systemd-networkd (once, on the router). Edit: Routing by domain name could be tricky, though. I haven't had a need for that, and a proxy with local DNS override (as in the article) might needed if it came to that. I'd still do it on the router, though. |
| |
| ▲ | mr_mitm 2 hours ago | parent | next [-] | | You can just use FoxyProxy instead of a separate browser instance. This firefox addon will use a proxy based on URL patterns. | | |
| ▲ | Havoc an hour ago | parent [-] | | You don't even need an extension - FF can do it natively via proxy file |
| |
| ▲ | slig 2 hours ago | parent | prev [-] | | > a cheap fanless box with several network ports running linux Do you remember the name of the product? | | |
| ▲ | bitwize 9 minutes ago | parent | next [-] | | Qotom is a good chinesium brand for small cheap fanless multi-NIC PCs: https://qotom.net | |
| ▲ | iam-TJ an hour ago | parent | prev [-] | | Two devices I use - both running Debian, and both being open-source hardware to some degree or other: PC Engines APU2, AMD x86_64, 4-core, 4GiB, 3x Gigabit Ethernet, 3 x mini PCIe, SIM slot, USB 3, Serial, SATA ports. Mine has dual band WiFi in one mPCIe, SSD in another. Turris Mox, Marvel aarch64. This can expand via plug and go via a range of extension modules. I've got one with 25 Gigabit (3 x 8-port modules) Ethernet, 1 x SFP, 5 x USB3, Wifi, Serial. | | |
|
|
|
| ▲ | JoshTriplett 2 hours ago | parent | prev | next [-] |
| I was hoping, from the title ("Geo-Unblocked") that this would be about arranging an IP address block that wasn't associated with the UK, rather than just selectively running some traffic through a VPN. |
| |
| ▲ | HotGarbage 2 hours ago | parent | next [-] | | If you're your own ISP you can be wherever you want to be https://blog.lyc8503.net/en/post/asn-5-worldwide-servers/ | | |
| ▲ | immibis an hour ago | parent [-] | | Sometimes. You can publish whatever geolocation data file you want, but others aren't required to respect that file. It's known that geolocation providers run pings and traceroutes from different locations as well as looking at BGP data. | | |
| ▲ | mx7zysuj4xew an hour ago | parent [-] | | I guess maybe we should start some kind of initiative to detect these geolocation providers so we can blacklist them. Maybe it can be some kind of database that is used to null-route all traffic coming from their network /s |
|
| |
| ▲ | ToucanLoucan 2 hours ago | parent | prev [-] | | I don't think that would work though. If you changed your WAN address it wouldn't be dissimilar from changing your IP to a different schema on a machine in a given network, no? It just wouldn't work at all. |
|
|
| ▲ | bennyp101 3 hours ago | parent | prev | next [-] |
| "Is this overkill for viewing the occasional Imgur image? Probably." From the last couple of weeks of researching some stuff, it makes perfect sense - I keep stumbling across blogs and documentation that uses Imgur, and it's really quite annoying that I can't see the screenshot or image that is being referenced. It hasn't /quite/ hit the point to put something in place, but this is super helpful for the final straw - when it comes! |
| |
| ▲ | tim333 a few seconds ago | parent | next [-] | | I've found it a bit harder than I thought to bypass but veepn free with the location set to Singapore kind of works, if slowly. | |
| ▲ | muyuu 24 minutes ago | parent | prev | next [-] | | it will certainly not stop at Imgur also, if foreign servers notice no real loss of traffic because people just circumvent draconian censorship measures from authoritarian regimes, then they can more safely ignore them without real repercussions the EU seems to be following soon, so it's important that people have readily available tools so the power dynamics change and it doesn't become economically unfeasible to refuse censorship pressures | |
| ▲ | jamesbelchamber 3 hours ago | parent | prev [-] | | It's been eye-opening how far-reaching Imgur really is - for example, some of the images on the Core Devices (the new Pebble folks) website are actually on Imgur. This simple block is relatively trivial to bypass - but if they disappear tomorrow, a lot of things break. | | |
| ▲ | jsheard 2 hours ago | parent | next [-] | | > but if they disappear tomorrow, a lot of things break. Tale as old as time, long-running forums are graveyards of dead Photobucket, Tinypic and Imageshack embeds. Imgur has lasted longer than most but the cycle will probably repeat eventually, especially since they were acquired by faceless corpos a few years ago. | | |
| ▲ | rafabulsing 2 hours ago | parent | next [-] | | I've said before that the age of an internet user can be estimated by how many free image hosting services they have seen come and go, like rings on a tree trunk. | |
| ▲ | bennyp101 2 hours ago | parent | prev [-] | | A service shutting down, or being replaced is very different to one being blocked at a country level because of waves hands things | | |
| ▲ | NooneAtAll3 2 hours ago | parent [-] | | > waves hands things government censorship called it for what it is | | |
| ▲ | jsheard 2 hours ago | parent [-] | | The Online Safety Act is clear-cut censorship but that's not why Imgur left the UK. They were facing fines for violating the UKs data protection laws, specifically a set of rules that were introduced years before the OSA was even passed. Their parent company hasn't pulled any of their other services from the UK either, which you'd expect them to do if their goal was to protest or avoid the OSA. |
|
|
| |
| ▲ | NooneAtAll3 2 hours ago | parent | prev [-] | | makes me thankful for imgur deleting anonymous uploads a year or 2 ago that made multiple forums I've been on rush to download everything to their servers |
|
|
|
| ▲ | p0w3n3d 13 minutes ago | parent | prev | next [-] |
| I wonder how did you overcome https. As I understand the request that goes to rerouted Imgur proxy will have different cert. |
| |
| ▲ | tshaddox 4 minutes ago | parent [-] | | Presumably TLS still only happens at the browser and at the Imgur origin server. Everything in between just routes the request without being able to read any of the encrypted stuff. This is no different than using your browser while your computer is connected to the web via a VPN, except that in this case only a small subset of requests go through the VPN. |
|
|
| ▲ | qwertox 2 hours ago | parent | prev | next [-] |
| > First, I just upgraded to 2.5 Gbps internet and I don’t want to route all my traffic through a VPN and take the speed hit. I have this bandwidth for a reason You don't have to. You create a container which runs openvpn to connect to your vpn provider, and also hosts an ssh daemon. The ssh daemon receives incoming SOCKS5 connections from a firefox portable browser, which has been configured to use the proxy (your Docker openvpn-container) for browsing and DNS resolution, and pipes it through the VPN tunnel. So you have that one browser just to surf imgur. if that's your thing. And you could also use Firefox on Android (maybe also iOS) with those proxy settings (a secondary Firefox browser, like the beta version). So you get very high control about what you are using the VPN for, you don't just pipe your entire OS's network traffic through the VPN. |
| |
| ▲ | tshaddox a minute ago | parent | next [-] | | This would have the exact problem mentioned immediately after the paragraph you quoted. Every computer, phone, etc. would need specific setup. The author is clear about their goal: > I wanted something cleaner: a solution that works for every device on my network, automatically, without any client-side configuration. | |
| ▲ | apimade 2 hours ago | parent | prev | next [-] | | https://addons.mozilla.org/en-US/firefox/addon/container-pro... You can default route domains through a VPN using a Firefox tab container, you don’t need a separate browser instance running! | |
| ▲ | martijn_himself 2 hours ago | parent | prev | next [-] | | This is a great idea except for me (and for the author I suspect) I regularly come across attachment of Imgur hosted images on sites (like a post on a DIY forum but not all of them) so it wouldn't solve my issue unless I were to use your browser in the container all the time (I suspect the author also doesn't just 'surf imgur' but randomly comes across images hosted on imgur linked to from other locations). | | |
| ▲ | therein 2 hours ago | parent [-] | | In that case FoxyProxy's proxy by URL pattern would be what you'd want to use. |
| |
| ▲ | CWIZO 2 hours ago | parent | prev | next [-] | | That doesn't seem very practical. The issue is that imgur links are everywhere and you wouldn't want to switch browsers whenever you encounter one. Not to mention it requires per device setup. Author's solution is much better than what you describe. | |
| ▲ | hexbin010 32 minutes ago | parent | prev [-] | | Nope, security/privacy is always a trade off. It's much much safer just to route all your traffic through a VPN. I get ~200-500 Mbps with Mullvad, that seems good enough. Sucks if you upgraded to 2.5 Gbps before checking, but oh well |
|
|
| ▲ | sunaookami 5 minutes ago | parent | prev | next [-] |
| What's annoying about this block is that Imgur detects Telegram's server for image previews as coming from the UK but they are in the Netherlands so when someone sends an imgur link through Telegram with the little preview attached you now only get the "not available" image as prevew... |
|
| ▲ | nvarsj 2 hours ago | parent | prev | next [-] |
| I've done similar. But I just used PBR (policy based routing) on my OpenWRT router. Took about 15 minutes to set it up. You can pick which domains go through VPN. Works great. |
|
| ▲ | jc__denton 3 hours ago | parent | prev | next [-] |
| I feel like I'd rather solve this with a proxy PAC file. I recently started using this on airplane Wi-Fi where they'd block VPNs, but strangely not SSH. Dynamic forwarding with a good PAC to "direct" connect the onboard entertainment and flight tracking hosts/URLs works great! |
|
| ▲ | sunshinekitty 3 hours ago | parent | prev | next [-] |
| a-ha, if you happen to have a Unifi router then a simpler setup would be to do policy based routing by hostnames through a vpn client maintained in the router config |
|
| ▲ | kilroy123 3 hours ago | parent | prev | next [-] |
| Nice work. I've thought about doing something similar as well! It drives me nuts this ban, everywhere I look I see these blocked images. I thought about making a chrome extension that proxies. |
|
| ▲ | netXten an hour ago | parent | prev | next [-] |
| So you are just a simple GB citizen and some external site blocked access by country affiliation?! Is there any practical reason for blocking access to that site by geotargeting? |
| |
| ▲ | michaelt an hour ago | parent [-] | | The UK’s “online safety act” means a number of medium sized sites have decided it’s not worth doing business in the UK. | | |
| ▲ | juntoalaluna an hour ago | parent [-] | | This is not why imgur have left though, they didn't want to comply with Data Protection laws. | | |
| ▲ | michaelt 38 minutes ago | parent [-] | | The "online safety act" introduced mandatory age verification starting in July 2025. The government announced "plans to fine Imgur after probing its approach to age checks and use of children's personal data" in September 2025 [1] Are you telling me those were unrelated? How are you going to fine a website over age checks without the law that requires age checks? [1] https://www.bbc.co.uk/news/articles/c4gzxv5gy3qo | | |
| ▲ | philjohn 18 minutes ago | parent | next [-] | | Seeing as the investigation was by the ICO instead of OFCOM, yes, very much so. Do you have any evidence to the contrary? | |
| ▲ | ww520 21 minutes ago | parent | prev [-] | | The governments of the countries that dabbling into the "think of the children" laws should build their own internets for their citizens, walling them in, requiring them to "verify their age" before letting them out of their cages into the Internet. |
|
|
|
|
|
| ▲ | Seattle3503 3 hours ago | parent | prev | next [-] |
| Could this be built into open source routers? If you wanted to get fancy you could even select the best VPN for the particular service. |
| |
| ▲ | nvarsj 2 hours ago | parent | next [-] | | OpenWRT supports PBR which makes this a breeze. | |
| ▲ | rahimnathwani 3 hours ago | parent | prev | next [-] | | You can run the shadowsocks client on some routers and pass selected traffic via your external shadowsocks server. I haven't needed to do this since I move to the US, but IIRC the rules were based on IP subnets. The approach in TFA is more sophisticated and fine-grained. | |
| ▲ | sneak 2 hours ago | parent | prev [-] | | gl.inet routers running OpenWRT do this easily in the newer firmware versions the last few months. |
|
|
| ▲ | KaiserPro 2 hours ago | parent | prev | next [-] |
| I've not managed to succesfully use a VPN to get around the geoblock. It seems that most of VPN exit nodes are also blocked (but in a different way) |
|
| ▲ | prism56 an hour ago | parent | prev | next [-] |
| Interesting. I have nextdns.io and VPN proxy and a unifi router. Is this possible for me? |
|
| ▲ | oliwarner 3 hours ago | parent | prev | next [-] |
| This is quite easy with OpenWRT. Install the Wireguard packages, create a connection to your VPN of choice in a nearby country (I chose Sweden). Then I used the "vpn-policy-routing" package to route Imgur IPs (199.232.196.193 199.232.192.193) through the VPN. Works for websites that keep nagging you for age verification too. But seriously, it's been more emotional than I'd expected to get my cat memes back. |
| |
| ▲ | Kaxo 2 hours ago | parent | next [-] | | Yeah, doing it with OpenWRT and PBR is definately much simpler than this approach. However by using hard-coded IP addresses you are at risk of breakage if they change in the future. Also fastly-hosted services are a bit awkard to configure IP ranges to cover whole blocks as they seem to not use normal CIDR-blocks for different customers. But you use PBR's ntfset functionality to have your dns server automatically update a set whenever an DNS entry is resolved, then set the policy rules based on the set. | |
| ▲ | prism56 an hour ago | parent | prev [-] | | Didn't even know it was possible. But thanks to this comment - got the same setup via my Unifi router too. Thanks! |
|
|
| ▲ | int0x29 2 hours ago | parent | prev | next [-] |
| For some reason T-Mobile in the Bay Area can get randomly geoIPed to the UK so imgur just randomly breaks on my phone. Marvelous |
|
| ▲ | killingtime74 2 hours ago | parent | prev | next [-] |
| Why not call it split tunneling, which is what it is. |
| |
| ▲ | distantsounds an hour ago | parent [-] | | because saying "i used a split tunnel to access geo-blocked resources" doesn't get you those sweet sweet internet points on hacker news, ofc |
|
|
| ▲ | arjie an hour ago | parent | prev | next [-] |
| Another thing that you can do when you have the IP address range is just run a traditional split-tunnel. A simple way to do that is to run Wireguard on a cheap VPS, then have only traffic to those fixed IPs go to that tunnel. The nice thing about this is that tiny WiFi routers (e.g. hAP AX S) these days support Wireguard at pretty decent speeds. Then anyone on your network gets this, and if you want it while you roam you can just run the Wireguard VPN on your phone as well with the same rules. |
|
| ▲ | toomuchtodo 3 hours ago | parent | prev | next [-] |
| Great work! Perhaps not the appropriate OSI layer, but would be cool if this could pull the imgur blob from the wayback machine if unavailable on imgur proper. You'd still need this networking setup, as archive.org is blocked as well in the UK per ground truth from others on HN. |
| |
| ▲ | 1317 3 hours ago | parent | next [-] | | > archive.org is blocked as well in the UK it isn't | | |
| ▲ | toomuchtodo 3 hours ago | parent [-] | | https://news.ycombinator.com/item?id=45430848 is the thread where I learned of this. I'll have to do more research, thanks. https://www.privateinternetaccess.com/blog/internet-archive-... | | |
| ▲ | 2b3a51 3 hours ago | parent | next [-] | | I'm in the UK and we use 'mobile broadband' for our domestic Internet connection. So a mains powered router box that connects to the local G4 (or G5) mobile data network and provides wifi and a few cat 5 sockets. We don't need to subscribe to a phone line (e.g. last mile supplied by Openreach/BT or fibre from Virgin or whoever). I pay a single flat fee monthly by credit card. It is reasonably fast and meets our modest needs. There is no hard data cap. We average 150 Gb per quarter or so. archive.org is blocked (along with other nsfw type sites), but as the last post in your link to an earlier discussion says, I could get it unblocked by filling in a declaration that I'm over 18. Paying by credit card isn't enough to unblock automatically for this particular package. I've chosen not to unblock for no particular reason. The block sort of makes sense to me because archive.org records a lot of Web sites, some of which may have what is regarded as adult content, and it is unreasonable to expect archive.org to label individual records of sites according to the criteria the UK uses (each country probably has its own set of criteria e.g. gambling Web sites of certain kinds in the US). archive.org is easily accessible in the UK from most wifi connections in cafes, libraries and, hilariously, colleges (where people under 18 gather in large numbers), and also from domestic adsl or fibre Internet connections. | | |
| ▲ | ErroneousBosh 3 hours ago | parent [-] | | > archive.org is blocked (along with other nsfw type sites), but as the last post in your link to an earlier discussion says, I could get it unblocked by filling in a declaration that I'm over 18. Paying by credit card isn't enough to unblock automatically for this particular package That's something to do with your provider. Maybe you need a non-crappy provider. You do not need to provide any kind of declaration that you're over 18 to access archive.org in the UK. | | |
| ▲ | 2b3a51 3 hours ago | parent [-] | | See comment from another UK resident further down.
I suspect it depends on the contract you have, and quite possibly when the contract started. | | |
| ▲ | ErroneousBosh an hour ago | parent [-] | | It appears to be something to do with using PAYG SIMs for mobile broadband. Back when I lived ten minutes from one of the largest cities in the country I used 4G, but didn't run into this or their CGNAT crap because I tunneled out to a sane ISP. Given that you can buy a SIM that'll give you a couple of hundred GB of data for under a tenner, it seems reasonable that they'd block stuff you didn't want young children getting access to (easily). |
|
|
| |
| ▲ | jamesbelchamber 3 hours ago | parent | prev [-] | | The op in the thread is wrong, it's not blocked. Source: am British, on phone. |
|
| |
| ▲ | exasperaited 3 hours ago | parent | prev [-] | | > as archive.org is blocked as well in the UK per ground truth from others on HN I am in the UK. archive.org is not blocked — not the Library or the Wayback Machine. ETA: I just checked re: the comment toomuchtodo linked to, and it actually is blocked by default on my mobile phone as adult content, because I've never bothered to disable the adult content lock on that device. I get redirected to a page operated by my mobile network where I can undo the lock by giving them info; I might do that one day, might not. For non-UK users: UK mobile phone providers all block adult content by default at the account level as a simple parental control measure, and have done for some time, largely because PAYG data is really rather cheap here. Interesting but not particularly bothersome. Apparently this decision is about eleven years old. |
|
|
| ▲ | Acrobatic_Road 3 hours ago | parent | prev | next [-] |
| Imagine having to install a vpn to browse the internet in a first world country. |
| |
| ▲ | philjohn 18 minutes ago | parent [-] | | Imagine deciding to pull out of a country because you refuse to comply with protecting the personal data of actual children. |
|
|
| ▲ | internet2000 3 hours ago | parent | prev [-] |
| > ⌘+F, "vote", Not found Seems the author forgot one step. |
| |
| ▲ | petercooper 3 hours ago | parent [-] | | The law was drafted by the government of one party, enacted by the government of the other party. | | |
| ▲ | jamesbelchamber 3 hours ago | parent [-] | | And backed by popular support. | | |
| ▲ | okuntilnow 2 hours ago | parent [-] | | It’s another good example of internet sentiment being far different to popular sentiment. Polling shows around 70% supported it, though far fewer thought it would be effective. Pretty much matches my views on it. | | |
| ▲ | airhangerf15 an hour ago | parent [-] | | This little "solution" might be fine for .. imgur .. but it shows your nation is well into the authoritarian descent. And there's no where left in the western world to move to either ... It's not a slippery slope, it's a landslide. |
|
|
|
|
