SlideShare une entreprise Scribd logo

The Anatomy of Web Censorship in Pakistan

Zubair Nabi
Zubair Nabi
TechnologieBusiness
1  sur  23
Télécharger pour lire hors ligne
The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
ISP-level Warning Screens
Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
Q?

Recommandé

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud StacksZubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondZubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: VirtualizationZubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldZubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application ScriptingZubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS HybridsZubair Nabi
 

Recommandé

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud StacksZubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondZubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: VirtualizationZubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldZubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application ScriptingZubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS HybridsZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversZubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tablesZubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: SchedulingZubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System callsZubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksZubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!Zubair Nabi
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationZubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data StackZubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationZubair Nabi
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingZubair Nabi
 
Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensApril Smith
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanMichele Thomas
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateDeploy360 Programme (Internet Society)
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globallyAPNIC
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]APNIC
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatEDINA, University of Edinburgh
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_AfricaMichael Otieno
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptxstevenmsusa
 

Contenu connexe

En vedette

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversZubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tablesZubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: SchedulingZubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System callsZubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksZubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!Zubair Nabi
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationZubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data StackZubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationZubair Nabi
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingZubair Nabi
 

En vedette (11)

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device Drivers
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tables
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: Scheduling
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System calls
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocks
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data Stack
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and Networking
 

Similaire à The Anatomy of Web Censorship in Pakistan

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensApril Smith
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanMichele Thomas
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globallyAPNIC
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]APNIC
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptxstevenmsusa
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE PresentationBob Radvanovsky
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform遵共 陳
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaAFRINIC
 
Kick starting Network Automation
Kick starting Network AutomationKick starting Network Automation
Kick starting Network AutomationWalid Shaari
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsCDNetworks
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018Rakesh S V Reddy
 

Similaire à The Anatomy of Web Censorship in Pakistan (20)

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring project
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP Lens
 
Online Privacy
Online PrivacyOnline Privacy
Online Privacy
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In Pakistan
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment Update
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globally
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF Secretariat
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_Africa
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptx
 
Socialforum2011 04-02
Socialforum2011 04-02Socialforum2011 04-02
Socialforum2011 04-02
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in Africa
 
Web identity part1
Web identity part1Web identity part1
Web identity part1
 
A density based clustering approach for web robot detection
A density based clustering approach for web robot detectionA density based clustering approach for web robot detection
A density based clustering approach for web robot detection
 
Kick starting Network Automation
Kick starting Network AutomationKick starting Network Automation
Kick starting Network Automation
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud Applications
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018
 

Plus de Zubair Nabi

Lab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetLab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetZubair Nabi
 
Topic 12: NoSQL in Action
Topic 12: NoSQL in ActionTopic 12: NoSQL in Action
Topic 12: NoSQL in ActionZubair Nabi
 
Lab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraLab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraZubair Nabi
 
Topic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageTopic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageZubair Nabi
 
Topic 11: Google Filesystem
Topic 11: Google FilesystemTopic 11: Google Filesystem
Topic 11: Google FilesystemZubair Nabi
 
Lab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationLab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationZubair Nabi
 
Topic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesTopic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesZubair Nabi
 
Topic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmTopic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmZubair Nabi
 
Lab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPILab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPIZubair Nabi
 
Topic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsTopic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsZubair Nabi
 

Plus de Zubair Nabi (11)

Lab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetLab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using Mininet
 
Topic 12: NoSQL in Action
Topic 12: NoSQL in ActionTopic 12: NoSQL in Action
Topic 12: NoSQL in Action
 
Lab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraLab 4: Interfacing with Cassandra
Lab 4: Interfacing with Cassandra
 
Topic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageTopic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and Storage
 
Topic 11: Google Filesystem
Topic 11: Google FilesystemTopic 11: Google Filesystem
Topic 11: Google Filesystem
 
Lab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationLab 3: Writing a Naiad Application
Lab 3: Writing a Naiad Application
 
Topic 9: MR+
Topic 9: MR+Topic 9: MR+
Topic 9: MR+
 
Topic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesTopic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative Architectures
 
Topic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmTopic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce Paradigm
 
Lab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPILab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPI
 
Topic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsTopic 6: MapReduce Applications
Topic 6: MapReduce Applications
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

The Anatomy of Web Censorship in Pakistan

  • 1. The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
  • 2. This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
  • 3. Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
  • 4. Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
  • 5. History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
  • 6. History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
  • 7. History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
  • 8. History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
  • 9. Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
  • 10. Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
  • 11. Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
  • 12. Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
  • 13. Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
  • 15. Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
  • 16. IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
  • 17. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 18. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 19. Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
  • 20. Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
  • 21. Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
  • 22. Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
  • 23. Q?