[HN Gopher] Imgur Geo-Blocked the UK, So I Geo-Unblocked My Network
___________________________________________________________________
Imgur Geo-Blocked the UK, So I Geo-Unblocked My Network
Author : tymscar
Score : 219 points
Date : 2025-11-28 18:15 UTC (4 hours ago)
(HTM) web link (blog.tymscar.com)
(TXT) w3m dump (blog.tymscar.com)
| toomuchtodo wrote:
| Great work! Perhaps not the appropriate OSI layer, but would be
| cool if this could pull the imgur blob from the wayback machine
| if unavailable on imgur proper. You'd still need this networking
| setup, as archive.org is blocked as well in the UK per ground
| truth from others on HN.
| 1317 wrote:
| > archive.org is blocked as well in the UK
|
| it isn't
| toomuchtodo wrote:
| https://news.ycombinator.com/item?id=45430848 is the thread
| where I learned of this. I'll have to do more research,
| thanks.
|
| https://www.privateinternetaccess.com/blog/internet-
| archive-...
| jamesbelchamber wrote:
| The op in the thread is wrong, it's not blocked.
|
| Source: am British, on phone.
| 2b3a51 wrote:
| I'm in the UK and we use 'mobile broadband' for our
| domestic Internet connection. So a mains powered router box
| that connects to the local G4 (or G5) mobile data network
| and provides wifi and a few cat 5 sockets. We don't need to
| subscribe to a phone line (e.g. last mile supplied by
| Openreach/BT or fibre from Virgin or whoever). I pay a
| single flat fee monthly by credit card. It is reasonably
| fast and meets our modest needs. There is no hard data cap.
| We average 150 Gb per quarter or so.
|
| archive.org is blocked (along with other nsfw type sites),
| but as the last post in your link to an earlier discussion
| says, I could get it unblocked by filling in a declaration
| that I'm over 18. Paying by credit card isn't enough to
| unblock automatically for this particular package.
|
| I've chosen not to unblock for no particular reason. The
| block sort of makes sense to me because archive.org records
| a lot of Web sites, some of which may have what is regarded
| as adult content, and it is unreasonable to expect
| archive.org to label individual records of sites according
| to the criteria the UK uses (each country probably has its
| own set of criteria e.g. gambling Web sites of certain
| kinds in the US).
|
| archive.org _is_ easily accessible in the UK from most wifi
| connections in cafes, libraries and, hilariously, colleges
| (where people under 18 gather in large numbers), and also
| from domestic adsl or fibre Internet connections.
| ErroneousBosh wrote:
| > archive.org is blocked (along with other nsfw type
| sites), but as the last post in your link to an earlier
| discussion says, I could get it unblocked by filling in a
| declaration that I'm over 18. Paying by credit card isn't
| enough to unblock automatically for this particular
| package
|
| That's something to do with your provider. Maybe you need
| a non-crappy provider.
|
| You do not need to provide any kind of declaration that
| you're over 18 to access archive.org in the UK.
| 2b3a51 wrote:
| See comment from another UK resident further down. I
| suspect it depends on the contract you have, and quite
| possibly when the contract started.
| ErroneousBosh wrote:
| It appears to be something to do with using PAYG SIMs for
| mobile broadband. Back when I lived ten minutes from one
| of the largest cities in the country I used 4G, but
| didn't run into this or their CGNAT crap because I
| tunneled out to a sane ISP.
|
| Given that you can buy a SIM that'll give you a couple of
| hundred GB of data for under a tenner, it seems
| reasonable that they'd block stuff you didn't want young
| children getting access to (easily).
| exasperaited wrote:
| > as archive.org is blocked as well in the UK per ground truth
| from others on HN
|
| I am in the UK.
|
| archive.org is not blocked -- not the Library or the Wayback
| Machine.
|
| ETA: I just checked re: the comment toomuchtodo linked to, and
| it actually _is_ blocked by default on my mobile phone as adult
| content, because I 've never bothered to disable the adult
| content lock on that device. I get redirected to a page
| operated by my mobile network where I can undo the lock by
| giving them info; I might do that one day, might not.
|
| For non-UK users: UK mobile phone providers all block adult
| content by default at the account level as a simple parental
| control measure, and have done for some time, largely because
| PAYG data is really rather cheap here.
|
| Interesting but not particularly bothersome. Apparently this
| decision is about eleven years old.
| internet2000 wrote:
| > [?]+F, "vote", Not found
|
| Seems the author forgot one step.
| petercooper wrote:
| The law was drafted by the government of one party, enacted by
| the government of the other party.
| jamesbelchamber wrote:
| And backed by popular support.
| okuntilnow wrote:
| It's another good example of internet sentiment being far
| different to popular sentiment.
|
| Polling shows around 70% supported it, though far fewer
| thought it would be effective. Pretty much matches my views
| on it.
| airhangerf15 wrote:
| This little "solution" might be fine for .. imgur .. but
| it shows your nation is well into the authoritarian
| descent. And there's no where left in the western world
| to move to either ... It's not a slippery slope, it's a
| landslide.
| Acrobatic_Road wrote:
| Imagine having to install a vpn to browse the internet in a first
| world country.
| philjohn wrote:
| Imagine deciding to pull out of a country because you refuse to
| comply with protecting the personal data of actual children.
| bennyp101 wrote:
| "Is this overkill for viewing the occasional Imgur image?
| Probably."
|
| From the last couple of weeks of researching some stuff, it makes
| perfect sense - I keep stumbling across blogs and documentation
| that uses Imgur, and it's really quite annoying that I can't see
| the screenshot or image that is being referenced. It hasn't
| /quite/ hit the point to put something in place, but this is
| super helpful for the final straw - when it comes!
| jamesbelchamber wrote:
| It's been eye-opening how far-reaching Imgur really is - for
| example, some of the images on the Core Devices (the new Pebble
| folks) website are actually on Imgur.
|
| This simple block is relatively trivial to bypass - but if they
| disappear tomorrow, a lot of things break.
| jsheard wrote:
| > but if they disappear tomorrow, a lot of things break.
|
| Tale as old as time, long-running forums are graveyards of
| dead Photobucket, Tinypic and Imageshack embeds. Imgur has
| lasted longer than most but the cycle will probably repeat
| eventually, especially since they were acquired by faceless
| corpos a few years ago.
| bennyp101 wrote:
| A service shutting down, or being replaced is very
| different to one being blocked at a country level because
| of _waves hands_ things
| NooneAtAll3 wrote:
| > waves hands things
|
| government censorship
|
| called it for what it is
| jsheard wrote:
| The Online Safety Act is clear-cut censorship but that's
| not why Imgur left the UK. They were facing fines for
| violating the UKs data protection laws, specifically a
| set of rules that were introduced years before the OSA
| was even passed. Their parent company hasn't pulled any
| of their other services from the UK either, which you'd
| expect them to do if their goal was to protest or avoid
| the OSA.
| rafabulsing wrote:
| I've said before that the age of an internet user can be
| estimated by how many free image hosting services they have
| seen come and go, like rings on a tree trunk.
| NooneAtAll3 wrote:
| makes me thankful for imgur deleting anonymous uploads a year
| or 2 ago
|
| that made multiple forums I've been on rush to download
| everything to their servers
| muyuu wrote:
| it will certainly not stop at Imgur
|
| also, if foreign servers notice no real loss of traffic because
| people just circumvent draconian censorship measures from
| authoritarian regimes, then they can more safely ignore them
| without real repercussions
|
| the EU seems to be following soon, so it's important that
| people have readily available tools so the power dynamics
| change and it doesn't become economically unfeasible to refuse
| censorship pressures
| tim333 wrote:
| I've found it a bit harder than I thought to bypass but veepn
| free with the location set to Singapore kind of works, if
| slowly.
| Seattle3503 wrote:
| Could this be built into open source routers? If you wanted to
| get fancy you could even select the best VPN for the particular
| service.
| rahimnathwani wrote:
| You can run the shadowsocks client on some routers and pass
| selected traffic via your external shadowsocks server.
|
| I haven't needed to do this since I move to the US, but IIRC
| the rules were based on IP subnets.
|
| The approach in TFA is more sophisticated and fine-grained.
| sneak wrote:
| gl.inet routers running OpenWRT do this easily in the newer
| firmware versions the last few months.
| nvarsj wrote:
| OpenWRT supports PBR which makes this a breeze.
| kilroy123 wrote:
| Nice work.
|
| I've thought about doing something similar as well! It drives me
| nuts this ban, everywhere I look I see these blocked images. I
| thought about making a chrome extension that proxies.
| jc__denton wrote:
| I feel like I'd rather solve this with a proxy PAC file. I
| recently started using this on airplane Wi-Fi where they'd block
| VPNs, but strangely not SSH. Dynamic forwarding with a good PAC
| to "direct" connect the onboard entertainment and flight tracking
| hosts/URLs works great!
| omnicognate wrote:
| > Second, even if I installed a VPN on my main machine, what
| about my phone? My laptop? My desktop? Every device would need
| the VPN running, and I'd have to remember to connect it before
| browsing. It's messy.
|
| This is what routers are for. My router (a cheap fanless box with
| several network ports running linux) is the only thing on my
| network that knows there's a VPN. I can selectively route
| whatever I want through it, including having a separate SSID/VLAN
| from which everything is routed through the VPN. It's wireguard
| based so there's no "installing a VPN", just an interface/network
| configured in systemd-networkd (once, on the router).
|
| Edit: Routing by domain name could be tricky, though. I haven't
| had a need for that, and a proxy with local DNS override (as in
| the article) might needed if it came to that. I'd still do it on
| the router, though.
| slig wrote:
| > a cheap fanless box with several network ports running linux
|
| Do you remember the name of the product?
| iam-TJ wrote:
| Two devices I use - both running Debian, and both being open-
| source hardware to some degree or other:
|
| PC Engines APU2, AMD x86_64, 4-core, 4GiB, 3x Gigabit
| Ethernet, 3 x mini PCIe, SIM slot, USB 3, Serial, SATA ports.
| Mine has dual band WiFi in one mPCIe, SSD in another.
|
| Turris Mox, Marvel aarch64. This can expand via plug and go
| via a range of extension modules. I've got one with 25
| Gigabit (3 x 8-port modules) Ethernet, 1 x SFP, 5 x USB3,
| Wifi, Serial.
| placatedmayhem wrote:
| Just a heads up that PC Engines is winding down. The chip
| they use in the APU2 is EOL, and they've decided to shut
| down altogether.
|
| https://pcengines.ch/eol.htm
| echelon wrote:
| Wildly ironic that an EU company doesn't ship to the EU.
|
| Regulatory compliance shouldn't be hard. The idea is to
| quell negative externalities, not to shut off innovation
| itself.
|
| > Because of unbelievably bureaucratic recycling
| regulations, PC Engines will NOT sell directly to end
| users within the EU.
|
| https://pcengines.ch/order.htm
|
| > EU - a single market ?
|
| > Far from it, there are separate registration and
| recycling schemes for each of the 28+ EU member
| jurisdictions (and even a few of their provinces). What
| part of COMMON MARKET was so hard to understand for EU
| lawmakers ? Since there is no single registration
| available, and separate registration would involve
| mindboggling complexity, bureaucracy and costs, we do not
| sell to EU end users until the EU gets their act
| together. Please order from EU based distributors, or as
| a business customer.
|
| > Business customers are expected to meet their
| obligations by registering in the EU countries they sell
| in.
|
| https://pcengines.ch/recycle.htm
| bitwize wrote:
| Qotom is a good chinesium brand for small cheap fanless
| multi-NIC PCs: https://qotom.net
| mr_mitm wrote:
| You can just use FoxyProxy instead of a separate browser
| instance. This firefox addon will use a proxy based on URL
| patterns.
| Havoc wrote:
| You don't even need an extension - FF can do it natively via
| proxy file
| sunshinekitty wrote:
| a-ha, if you happen to have a Unifi router then a simpler setup
| would be to do policy based routing by hostnames through a vpn
| client maintained in the router config
| oliwarner wrote:
| This is quite easy with OpenWRT.
|
| Install the Wireguard packages, create a connection to your VPN
| of choice in a nearby country (I chose Sweden). Then I used the
| "vpn-policy-routing" package to route Imgur IPs (199.232.196.193
| 199.232.192.193) through the VPN.
|
| Works for websites that keep nagging you for age verification
| too.
|
| But seriously, it's been more emotional than I'd expected to get
| my cat memes back.
| Kaxo wrote:
| Yeah, doing it with OpenWRT and PBR is definately much simpler
| than this approach. However by using hard-coded IP addresses
| you are at risk of breakage if they change in the future.
|
| Also fastly-hosted services are a bit awkard to configure IP
| ranges to cover whole blocks as they seem to not use normal
| CIDR-blocks for different customers.
|
| But you use PBR's ntfset functionality to have your dns server
| automatically update a set whenever an DNS entry is resolved,
| then set the policy rules based on the set.
| prism56 wrote:
| Didn't even know it was possible. But thanks to this comment -
| got the same setup via my Unifi router too. Thanks!
| killingtime74 wrote:
| Why not call it split tunneling, which is what it is.
| distantsounds wrote:
| because saying "i used a split tunnel to access geo-blocked
| resources" doesn't get you those sweet sweet internet points on
| hacker news, ofc
| JoshTriplett wrote:
| I was hoping, from the title ("Geo-Unblocked") that this would be
| about arranging an IP address block that wasn't associated with
| the UK, rather than just selectively running some traffic through
| a VPN.
| ToucanLoucan wrote:
| I don't think that would work though. If you changed your WAN
| address it wouldn't be dissimilar from changing your IP to a
| different schema on a machine in a given network, no? It just
| wouldn't work at all.
| HotGarbage wrote:
| If you're your own ISP you can be wherever you want to be
|
| https://blog.lyc8503.net/en/post/asn-5-worldwide-servers/
| immibis wrote:
| Sometimes. You can publish whatever geolocation data file you
| want, but others aren't required to respect that file. It's
| known that geolocation providers run pings and traceroutes
| from different locations as well as looking at BGP data.
| mx7zysuj4xew wrote:
| I guess maybe we should start some kind of initiative to
| detect these geolocation providers so we can blacklist
| them. Maybe it can be some kind of database that is used to
| null-route all traffic coming from their network /s
| int0x29 wrote:
| For some reason T-Mobile in the Bay Area can get randomly geoIPed
| to the UK so imgur just randomly breaks on my phone. Marvelous
| qwertox wrote:
| > First, I just upgraded to 2.5 Gbps internet and I don't want to
| route all my traffic through a VPN and take the speed hit. I have
| this bandwidth for a reason
|
| You don't have to. You create a container which runs openvpn to
| connect to your vpn provider, and also hosts an ssh daemon. The
| ssh daemon receives incoming SOCKS5 connections from a firefox
| portable browser, which has been configured to use the proxy
| (your Docker openvpn-container) for browsing and DNS resolution,
| and pipes it through the VPN tunnel.
|
| So you have that one browser just to surf imgur. if that's your
| thing. And you could also use Firefox on Android (maybe also iOS)
| with those proxy settings (a secondary Firefox browser, like the
| beta version).
|
| So you get very high control about what you are using the VPN
| for, you don't just pipe your entire OS's network traffic through
| the VPN.
| martijn_himself wrote:
| This is a great idea except for me (and for the author I
| suspect) I regularly come across attachment of Imgur hosted
| images on sites (like a post on a DIY forum but not all of
| them) so it wouldn't solve my issue unless I were to use your
| browser in the container _all the time_ (I suspect the author
| also doesn 't just 'surf imgur' but randomly comes across
| images hosted on imgur linked to from other locations).
| therein wrote:
| In that case FoxyProxy's proxy by URL pattern would be what
| you'd want to use.
| CWIZO wrote:
| That doesn't seem very practical. The issue is that imgur links
| are everywhere and you wouldn't want to switch browsers
| whenever you encounter one. Not to mention it requires per
| device setup. Author's solution is much better than what you
| describe.
| apimade wrote:
| https://addons.mozilla.org/en-US/firefox/addon/container-pro...
|
| You can default route domains through a VPN using a Firefox tab
| container, you don't need a separate browser instance running!
| hexbin010 wrote:
| Nope, security/privacy is always a trade off. It's much much
| safer just to route all your traffic through a VPN. I get
| ~200-500 Mbps with Mullvad, that seems good enough. Sucks if
| you upgraded to 2.5 Gbps before checking, but oh well
| tshaddox wrote:
| This would have the exact problem mentioned immediately after
| the paragraph you quoted. Every computer, phone, etc. would
| need specific setup. The author is clear about their goal:
|
| > I wanted something cleaner: a solution that works for every
| device on my network, automatically, without any client-side
| configuration.
| KaiserPro wrote:
| I've not managed to succesfully use a VPN to get around the
| geoblock. It seems that most of VPN exit nodes are also blocked
| (but in a different way)
| nvarsj wrote:
| I've done similar. But I just used PBR (policy based routing) on
| my OpenWRT router. Took about 15 minutes to set it up. You can
| pick which domains go through VPN. Works great.
| netXten wrote:
| So you are just a simple GB citizen and some external site
| blocked access by country affiliation?! Is there any practical
| reason for blocking access to that site by geotargeting?
| michaelt wrote:
| The UK's "online safety act" means a number of medium sized
| sites have decided it's not worth doing business in the UK.
| juntoalaluna wrote:
| This is not why imgur have left though, they didn't want to
| comply with Data Protection laws.
| michaelt wrote:
| The "online safety act" introduced mandatory age
| verification starting in July 2025.
|
| The government announced "plans to fine Imgur after probing
| its approach to age checks and use of children's personal
| data" in September 2025 [1]
|
| Are you telling me those were unrelated? How are you going
| to fine a website over age checks without the law that
| requires age checks?
|
| [1] https://www.bbc.co.uk/news/articles/c4gzxv5gy3qo
| ww520 wrote:
| The governments of the countries that dabbling into the
| "think of the children" laws should build their own
| "safe" internets for their citizens, walling them in,
| requiring them to "verify their age" before letting them
| out of their cages into the Internet.
| philjohn wrote:
| Seeing as the investigation was by the ICO instead of
| OFCOM, yes, very much so. Do you have any evidence to the
| contrary?
| prism56 wrote:
| Interesting. I have nextdns.io and VPN proxy and a unifi router.
| Is this possible for me?
| arjie wrote:
| Another thing that you can do when you have the IP address range
| is just run a traditional split-tunnel. A simple way to do that
| is to run Wireguard on a cheap VPS, then have only traffic to
| those fixed IPs go to that tunnel. The nice thing about this is
| that tiny WiFi routers (e.g. hAP AX S) these days support
| Wireguard at pretty decent speeds. Then anyone on your network
| gets this, and if you want it while you roam you can just run the
| Wireguard VPN on your phone as well with the same rules.
| p0w3n3d wrote:
| I wonder how did you overcome https. As I understand the request
| that goes to rerouted Imgur proxy will have different cert.
| tshaddox wrote:
| Presumably TLS still only happens at the browser and at the
| Imgur origin server. Everything in between just routes the
| request without being able to read any of the encrypted stuff.
| This is no different than using your browser while your
| computer is connected to the web via a VPN, except that in this
| case only a small subset of requests go through the VPN.
| stordoff wrote:
| AIUI, nginx doesn't terminate the SSL/TLS connection - it is
| just passed through as is. `ssl_preread on` extracts the server
| name from the Server Name Indication (SNI) send as part of the
| TLS handshake, which is unencrypted.
|
| I just set up a similar system (Debian LXC permanently
| connected to a VPN, nginx proxying imgur.com and all its
| subdomains with the rest being dropped), and it works quite
| well. Setting DNS records for imgur.com and {api,i,s}.imgur.com
| seems to be sufficient to get the site and inline images
| working (not 100% if all are needed - I haven't fully tested it
| yet).
| sunaookami wrote:
| What's annoying about this block is that Imgur detects Telegram's
| server for image previews as coming from the UK but they are in
| the Netherlands so when someone sends an imgur link through
| Telegram with the little preview attached you now only get the
| "not available" image as prevew...
| dinvlad wrote:
| This is such a deep rabbit hole! Other alternatives include CDN
| and residential proxies, no VPN required
| Razengan wrote:
| Imgur doesn't even let me sign into my almost 10 year old account
| from many countries while traveling. Never seen this kind of wack
| shit anywhere else. The fuck's their problem?
| tom-9999 wrote:
| This can be done on UniFi using policy based routing too
| trivially if anyone wants to repeat this.
|
| Instructions using the unifi mobile app as it's what I have to
| hand:
|
| 1) download wireguard conf file from vpn provider. On mobile app
| settings -> vpn client -> add new -> wireguard. Upload the file
| and save it
|
| 2) settings -> policy engine -> policy based routes. New. Select
| what to route -> specific traffic. Source = all devices.
| destination = domain name. Here add any domains you like.
| Interface = add the vpn you added in step 1
| cpressland wrote:
| The only downside is this doesn't work if you have IPv6 enabled
| as UniFi Network still allows those to bypass the VPN.
|
| I ended up making a long list of firewall rules to block
| specific sites IPv6 ranges, which worked until I hit cloudflare
| backed sites.
|
| I'm really hoping UniFi start supporting IPv6 WireGuard soon.
| dom96 wrote:
| > The key detail is network_mode: "service:gluetun"
|
| Such a clear giveaway that this was written by an AI
___________________________________________________________________
(page generated 2025-11-28 23:00 UTC)