This document discusses methods for analyzing global internet censorship. It describes common techniques used by countries to censor content, such as DNS poisoning, IP header filtering, deep packet inspection, and proxy filtering. It acknowledges limitations to existing approaches like crowdsourcing and automated testing. The document also raises legal and ethical concerns regarding experiments to detect censorship, as sites may be blocked for legitimate reasons.
2. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Censorship
Most countries engage in some form of
Internet filtering.
China’s ‘Golden Shield’ is the most
well-known.
Saudi Arabia presents perhaps the
most extreme filtering regime.
(OpenNet Initiative)
Different technologies; different targets;
different rationales and justifications.
Joss Wright Global Censorship Analysis: 2/43
3. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Censorship Technologies
Technical classification of filtering:
DNS Poisoning
IP Header Filtering (address or
protocol)
IP Content Filtering (keyword or
protocol)
Proxy Filtering
Legal and social pressure.
Joss Wright Global Censorship Analysis: 3/43
4. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
DNS Lookup
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
Q: target.com?
A: 82.68.72.161
target.com?
target.com?
82.68.72.161
82.68.7.161
target.com →
82.68.72.161
Joss Wright Global Censorship Analysis: 4/43
5. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
DNS Hierarchy
target.com?
target.com?
target.com?
target.com?
`Authoritative'
Domain Name Server
for target.com
`Root'
Domain Name Server
User's Domain Name Server
(usually ISP-operated).
Joss Wright Global Censorship Analysis: 5/43
6. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Web Request
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Global Censorship Analysis: 6/43
7. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
DNS Poisoning
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
Q: target.com?
A: 95.45.23.122
target.com?
target.com?
95.45.23.122
95.45.23.122
target.com →
95.45.23.122
Joss Wright Global Censorship Analysis: 7/43
8. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
IP Header Filtering
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Global Censorship Analysis: 8/43
9. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
IP Header Filtering
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Global Censorship Analysis: 9/43
10. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
IP Content Filtering (DPI)
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Global Censorship Analysis: 10/43
11. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Proxy Filtering
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Censorship Authority
Joss Wright Global Censorship Analysis: 11/43
12. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Proxy Filtering
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Censorship Authority
Joss Wright Global Censorship Analysis: 12/43
13. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Limitations
Flexibility against logistics.
Sophisticated methods require greater
computational resources.
Maintaining a censorship scheme
requires continual update.
Centralization raises technical,
administrative, and organizational
burdens.
Joss Wright Global Censorship Analysis: 13/43
14. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Localized Filtering
Localized filtering in response to local
events.
Filtering differs across a state or region.
Filtering varies over time.
Organizations engage in filtering, in
addition to state mandated schemes.
Reveal filtering tactics, methods,
reasoning, limitations.
Joss Wright Global Censorship Analysis: 14/43
15. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Existing Work
HERDICT: crowdsources filtering
information from volunteer web users.
OpenNet Initiative: use volunteers and
direct means to examine filtering around
the world.
OONI: volunteer-run censorship probing
tools.
Joss Wright Global Censorship Analysis: 15/43
16. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Existing Approaches
User reports – HERDICT, and many
ad-hoc approaches.
Direct investigation – OpenNet Initiative.
Automated testing – OONI, OpenNet
Initiative, M-Lab.
Remote analysis.
Joss Wright Global Censorship Analysis: 16/43
17. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Limitations
Crowdsourcing or using
volunteers can be effective
if the tool is sufficiently
usable, but is limited:
Undirected, inconsistent
coverage.
Direct investigation is
expensive.
Automated testing requires
deployment, and may face
ethical issues.
Joss Wright Global Censorship Analysis: 17/43
18. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Direct Action
Direct access to other connections is
possible in some limited cases.
Tor exit nodes, and similar services
such as psiphon.
VPN services or remote shells.
Creatively-used public services –
webservers, FTP, IRC, bittorrent...
Joss Wright Global Censorship Analysis: 18/43
19. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Direct Action Problems
Direct services are rare, especially in
countries with interesting filtering.
No-one wants to run Tor-like services
in filtered areas!
VPN services are also rare. Remote
shells are even more so.
These services are typically offered to
get past filtering, not get in.
Creative misuse of open services seems
the most fruitful option.
Joss Wright Global Censorship Analysis: 19/43
20. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Legality and Ethics
Is it legal to access blocked
websites?
Is it ethical to ask someone else to
access blocked websites?
Consent for automated tools.
Is it legal to ‘abuse’ a service, with
or without malicious intent?
Is it legal to scan for services to
abuse?
Is it ethical to open a service
operator to repercussions
based around such misuse?
Joss Wright Global Censorship Analysis: 20/43
21. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Legal Concerns
Sites are sometimes blocked for serious
legal or societal reasons:
Pornography, homosexuality, lèse
majesté, insult to religion
Reporting sites as blocked may well be
legal, but detection attempts may cause
legal or social consequences.
When is the risk too small, and how can
we judge this against arbitrary cultural
contexts?
Joss Wright Global Censorship Analysis: 21/43
22. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Experiments in China
Internet population around 513 million
as of December 2011.
Geographic, cultural and ethnic diversity.
Extremely well-known and active
internet censorship regime.
Joss Wright Global Censorship Analysis: 22/43
23. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
China DNS Scanning
278 DNS servers across China.
Testing for known banned websites,
initially from HERDICT.
DNS query for each site to each server.
Joss Wright Global Censorship Analysis: 23/43
24. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Observations
Many blocked sites are listed as
non-existent in the majority of DNS
servers tested.
Several servers return no result for most
blocked sites, but occasionally redirect
requests to other DNS servers before
doing so.
DNS poisoning is widespread.
Joss Wright Global Censorship Analysis: 24/43
30. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Observations
DNS filtering is heterogeneous across
China.
Some cities show little DNS filtering,
some return no results, some return
poisoned results, some both.
Beijing is, perhaps surprisingly, relatively
permissive on average.
Joss Wright Global Censorship Analysis: 30/43
31. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
The Mystery of The Pet Club
Server Location Domain of Returned IP Address
121.52.209.12 China, Chaoyang thepetclubfl.net
162.105.129.27 China, Beijing thepetclubfl.net
202.102.224.94 China, Henan thepetclubfl.net
202.115.32.39 China, Chengdu thepetclubfl.net
202.127.12.8 China, Nanjing thepetclubfl.net
202.38.193.33 China, Guangzhou thepetclubfl.net
202.38.64.9 China, Hefei thepetclubfl.net
202.96.104.18 China, Ningbo thepetclubfl.net
202.96.174.66 China, Shenzhen thepetclubfl.net
202.96.197.1 China, Shanghai thepetclubfl.net
202.98.0.68 China, Changchun thepetclubfl.net
202.99.216.75 China, Xian thepetclubfl.net
202.99.224.203 China, Baotou thepetclubfl.net
202.99.96.126 China, Tianjin thepetclubfl.net
219.141.253.1 China, Beijing thepetclubfl.net
221.13.28.234 China, Guiyang thepetclubfl.net
221.7.92.99 China, Chongqing thepetclubfl.net
59.63.158.124 China, Beijing thepetclubfl.net
Figure: Example torproject.org
requests resolving to alternative domain.
Joss Wright Global Censorship Analysis: 31/43
32. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Problems
The analysis is mainly wrong.
Ongoing data reveals clear evidence of
man-in-the-middle interception.
Any Chinese IP address will respond to
‘blocked’ DNS requests.
UDP intercepted; TCP not.
Tool discovery.
Identification of patterns in intercept
behaviour is now of interest.
Location and authority.
Joss Wright Global Censorship Analysis: 32/43
33. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Updated Experiments
ChokePoint Project conducted
experiments twice daily for eight months.
Allows analysis of behaviour over time.
Allows detection of trends not available
in snapshot data.
Richer data set; expanded list of 1187
servers.
Joss Wright Global Censorship Analysis: 33/43
34. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Geography or Structure?
Geographical information is
not that useful for analysis.
Helpful for intuitions, but
ultimately misleading.
GeoIP is also a very
limited tool.
Logical network structure is
key.
Joss Wright Global Censorship Analysis: 34/43