2. Network Neutrality The promise of the Internet Means networks should be dumb Because for once, dumb is good: Dumb networks are necessary for open and free communication Key to innovation The promise of the Internet
3. Who wouldn’t want this? Telecom providers feel left out of the Internet economy :-( Dear Google: We’re the reason you’re successful. Shouldn’t you pay us for all the traffic we bring you? Internet Service Providers want to ration bandwidth by application Create tiered access “value-add” for the consumer BitTorrent and MMORPGs? $$$
7. How? Traffic shaping Deep Packet Inspection Telecom provider buys special box Special box peeks into your internet connections Tries to identify applications and services using known patterns Even encrypted protocols have identifiable patterns..
23. Censorship in Iran Between 5 and 10 million websites, according to government statements Dissident and reformist political content Secular viewpoints Ba’hai faith, Kurdish movements Sins: Pornography, drug, alcohol, gambling Foreign media sites Tools for circumventing filters 9% of all Farsi blogs Myspace, Orkut, Flickr, Bebo, Metacafe, Photobucket, Del.ic.io.us
25. Iran Facts 23 million Internet users in Iran (28 million in Canada) 35% of the Iranian population 60,000 active Farsi blogs 1/3 of the Iranian population is between 15 and 29 years old
28. Iran blocking ports? We needed to know if it was true that connections originating inside Iran were being blocked by port We had no friends in Iran to help us test this Then we had an idea..
29.
30. Testing Connectivity from Within Iran Follow these steps: Step 1: Google for publicly accessible FTP server Step 2: Connect with FTP client and initiate active mode data connection back to client Step 3: Wait to see if connection successfully completes or not Implemented in a program that did this automatically Link at the end of presentation
32. However.. There were credible reports from Iran of connectivity problems A pattern emerged Affected connections are slow, very slow The port does not matter Destination does not matter What matters is the protocol you’re using to communicate
33. An experiment We wanted to verify a theory that deep packet inspection technology was behind the censorship The SSH protocol was chosen Modifications were made to OpenSSH to fully encrypt the initial handshake To avoid detection by deep packet inspection technology
34. Result Significant performance differences observed between normal SSH and the modified SSH This strongly suggested that some sort of deep packet inspection technology was being used Later, sources in Iran credibly claimed that Western technology was being used to implement state censorship policy Packet shaping, deep packet inspection technology Specific products cited
35. Conclusion By definition, deep-packet inspection, packet shaping technology is censorship technology The introduction of a policy of service or application preference, an intentional bias The technology is not evil But it can be Similarly, the export of technology to Iran is not a bad thing