Loading mirrors...
Mirrors are one of the most important tools for ensuring information accessibility under conditions of censorship and blocking. In this section, we will examine in detail what mirrors are, how they work at a technical level, what types of mirrors exist, and how to verify their authenticity.
A website mirror is an exact or near-exact copy of a web resource hosted on a different server and accessible at an alternative address. The concept of mirroring has existed since the early days of the internet and originally arose not because of censorship, but out of practical necessity — load distribution and ensuring fault tolerance.
In the early 1990s, when network bandwidth was extremely limited, large software archives, such as university FTP servers, created mirrors around the world. This allowed users to download files from the geographically nearest server, which significantly sped up the process. The GNU Project, for example, used a mirror system from the very beginning to distribute free software, and this practice continues to this day.
However, over time mirrors acquired another equally important function — bypassing censorship and blockades. When government agencies or internet service providers block access to a particular web resource, a mirror allows users to access the same content at an alternative address that has not yet been added to blocking lists. This turns mirrors into one of the key tools in the fight for freedom of information on the modern internet.
There are several main reasons why mirrors are created:
The history of mirroring is inseparably linked with the history of internet censorship. One of the first large-scale examples of using mirrors to bypass blocking was the WikiLeaks project. When in 2010 the organization faced unprecedented pressure — domains were blocked, accounts were frozen, hosting providers were disconnected — the community created over 2,000 mirrors worldwide. This became a vivid demonstration that in a decentralized network, suppressing the spread of information is virtually impossible.
Another significant example is the Sci-Hub project, created by Alexandra Elbakyan in 2011. This resource, providing free access to scientific publications, has repeatedly faced blocking and legal prosecution from major publishers. Nevertheless, thanks to a system of mirrors and the use of domains in various jurisdictions, Sci-Hub continues to operate to this day. According to researchers' estimates, Sci-Hub hosts over 85 million scientific articles, and the resource remains one of the most sought-after tools in the academic community.
The Flibusta library is yet another striking example. This Russian-language electronic book resource has existed since 2008 and has been repeatedly blocked within Russia. Nevertheless, thanks to mirrors on the regular internet, as well as an onion address on the Tor network and a mirror on I2P, the library remains accessible to readers. This demonstrates the effectiveness of a multi-layered approach to ensuring accessibility: when one mirror is blocked, users switch to another.
In China, where the Great Firewall operates, mirroring is an everyday practice. Chinese developers create mirrors of resources such as PyPI (the Python Package Index), npm (the Node.js package manager), Docker Hub, and many other technical resources that are inaccessible or work extremely slowly through the state firewall. These mirrors are officially maintained by organizations such as Tsinghua University and Alibaba Cloud, which speaks to the scale of the problem.
At a technical level, mirroring can be implemented in various ways, each of which has its own advantages and limitations. Understanding these mechanisms is necessary both for creating your own mirrors and for evaluating the reliability of existing ones.
The classic method of creating a mirror involves fully copying the site's content to another server using the rsync utility or similar tools. This creates an exact copy of the file structure, which is periodically synchronized with the original. This method is widely used for mirroring Linux distributions, software archives, and static sites. The advantage of this approach is the mirror's complete autonomy: even if the main server becomes unavailable, the mirror will continue to work with the last synchronized version of the data.
Another common approach is using a reverse proxy server (such as Nginx or HAProxy), which forwards user requests to the main server, acting as an intermediary. In this case, the mirror does not store a copy of the data but merely relays requests. The advantage is data freshness (it always matches the original); the disadvantage is dependence on the main server's availability. This method is often combined with caching to improve fault tolerance.
Content Delivery Networks (CDNs), such as Cloudflare, Fastly, or Akamai, are essentially automated mirroring systems. They place cached copies of a site on servers around the world and direct users to the nearest server. However, using commercial CDNs to bypass censorship has a significant drawback: CDN providers may comply with government demands and stop serving a blocked resource, as has happened on multiple occasions in practice.
A special category consists of mirrors hosted on anonymous networks — Tor (.onion), I2P (.i2p), and Freenet. Such mirrors ensure not only the availability of the resource but also the anonymity of both the mirror owner and its users. Creating an onion mirror involves setting up a Tor Hidden Service, which generates a unique cryptographic address. This address cannot be blocked at the DNS level because it does not use the traditional domain name system.
When creating a mirror on the I2P network, the "eepsites" mechanism is used — hidden services accessible only through an I2P router. Unlike Tor, I2P uses garlic routing and is oriented toward intra-network communications, which provides an additional level of anonymity.
DNS (Domain Name System) is the system that translates human-readable addresses (for example, example.com) into server IP addresses. The vast majority of internet blocking is implemented at the DNS level, as this is the technically simplest and cheapest method of restricting access.
When a provider receives an order to block a site, it typically configures its DNS resolver so that queries to the blocked domain return a false response — either empty or with a redirect to a stub page. Meanwhile, the server hosting the site continues to operate and remains accessible via IP address or through alternative DNS servers.
There are several effective methods of bypassing DNS blocking:
It is important to understand that DNS blocking is only one level of censorship. More advanced filtering systems, such as DPI (Deep Packet Inspection), are capable of analyzing the contents of network packets and blocking connections based on SNI (Server Name Indication) in the TLS handshake. To bypass DPI, tools such as GoodbyeDPI, zapret, PowerTunnel, and others are used, which modify network packets to deceive filtering systems.
Created and maintained by the owners of the original resource. This is the most reliable type of mirror, as their authenticity is guaranteed by the content author themselves. Addresses of official mirrors are usually published on the main site or in official communication channels (Telegram, Twitter, PGP-signed messages). Examples: Linux distribution mirrors, Tor Project mirrors, RuTracker mirrors.
Created by volunteers from the resource's user community. Such mirrors can be either completely identical to the original or contain certain modifications (for example, ad removal or adaptation to local conditions). The level of trust in such mirrors depends on the reputation of their creators and the availability of verification mechanisms.
These are snapshots of a site at a specific point in time. The most well-known example is the Wayback Machine from the Internet Archive project, which automatically saves copies of billions of web pages. Archival mirrors are especially valuable for preserving information that may be deleted or altered.
Mirrors hosted on the Tor network as Hidden Services. They are accessible only through the Tor Browser or other Tor network clients. They ensure user anonymity and resistance to blocking. Onion mirror addresses consist of 56-character strings ending in .onion (for onion v3).
Mirrors within the I2P network, accessible through an I2P router. They use the .i2p domain and provide a high level of anonymity through garlic routing. I2P mirrors are less common than onion mirrors; however, the I2P network is considered more resistant to certain types of attacks.
These function as intermediaries between the user and the blocked resource. They do not store a copy of the data but redirect requests. They are often implemented through web proxies (for example, based on PHP proxies or through services like Invidious for YouTube). The main disadvantage is dependence on the availability of the original resource and potential security issues.
One of the main threats when using mirrors is phishing. Attackers can create a fake mirror that looks identical to the original but contains modified code designed to steal credentials, inject malware, or substitute cryptocurrency addresses. Therefore, verifying a mirror's authenticity is a critically important skill for every user.
The most reliable verification method is checking the PGP signature (Pretty Good Privacy). The owner of the original resource publishes their public PGP key and then signs the list of current mirrors with this key. The user can import the public key and verify the signature using GnuPG (GPG). If the signature is valid, this guarantees that the mirror list was compiled by the key owner and was not altered by a third party. This method is used, for example, by the Tor Project to confirm the authenticity of downloaded files and mirrors.
Checking a mirror's SSL certificate can provide certain information about its legitimacy. If a mirror uses a certificate issued in the name of a well-known organization (Extended Validation), this increases the level of trust. However, it should be noted that attackers can obtain a valid DV certificate (Domain Validation) for any domain, so the mere presence of HTTPS is not sufficient to confirm authenticity.
For file mirrors (archives, distributions, images), standard practice is to publish checksums — SHA-256 or SHA-512 hashes. The user downloads a file from the mirror, computes its hash, and compares it with the reference value published on the main site. Matching hashes guarantee that the file has not been modified. In the Linux command line, this is done with the command sha256sum filename, and in Windows with certutil -hashfile filename SHA256.
Advanced users can use monitoring tools to track changes on mirrors. For example, the diff utility allows comparing the content of two pages and identifying discrepancies. There are also specialized services, such as VisualPing or ChangeTower, which automatically track changes on web pages and notify the user.
Always verify a mirror's address through several independent sources: the official Telegram channel, PGP-signed messages on forums, publications in trusted communities. If a mirror address is mentioned in only one place (especially in private messages or unverified channels), treat it with caution.
Below are video materials that will help you gain a deeper understanding of how DNS works, censorship mechanisms, and technologies for bypassing blocks.
Understanding how DNS works is the foundation for understanding how blocking and mirrors operate. This video explains in detail the domain name resolution process, the role of root servers, TLD servers, and recursive resolvers.
Tor is one of the key technologies for creating censorship-resistant mirrors. This video covers the principle of onion routing, the network architecture, and how hidden services (.onion) work.
Deep Packet Inspection (DPI) is an advanced censorship method that analyzes the content of network traffic. The video explains how DPI works and what methods exist to bypass it, including traffic obfuscation and the use of specialized protocols.
A collection of articles and research dedicated to mirroring, internet censorship, and tools for bypassing blocks:
Open-source projects on GitHub that will help with creating mirrors, bypassing blocks, and ensuring anonymity:
A utility for bypassing DPI (Deep Packet Inspection) at the packet level on Windows. It allows access to blocked resources without using a VPN or proxy by modifying network packets so that DPI systems cannot process them correctly.
A set of tools for bypassing DPI on Linux and other Unix-like systems. Includes the nfqws and tpws utilities, which work through netfilter/iptables. It is the Linux equivalent of GoodbyeDPI and is actively maintained by the community.
A mirror management system developed for the Fedora project. It automates the process of mirror registration, status monitoring, and directing users to the nearest working mirror. It can be adapted for other projects.
A flexible DNS proxy with support for encrypted DNS protocols: DNSCrypt v2, DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), and Anonymized DNSCrypt. It allows complete encryption of DNS traffic and protection against interception.
A modern web server with automatic SSL certificate acquisition and renewal. Ideally suited for quickly deploying mirrors with HTTPS. Configuring a reverse proxy in Caddy takes just a few lines.
An alternative frontend for YouTube that can be deployed as a mirror. It does not use client-side JavaScript, does not track users, and allows watching videos without ads. Numerous public instances exist around the world.
For sharing information about mirrors, blocks, and censorship circumvention methods, there are numerous communities where you can obtain up-to-date data and technical assistance:
Using mirrors requires a certain degree of caution. Below are the basic rules that should be followed to ensure security: