The document discusses methods for remotely investigating internet censorship. It describes how censorship works using techniques like DNS poisoning, IP header filtering, and proxy filtering. It analyzes limitations of existing approaches that rely on crowdsourcing and volunteers. The document proposes directly accessing internet connections in censored regions through services like Tor nodes, VPNs, or creatively using open services to better map censorship at a fine-grained level, while acknowledging challenges to this approach.
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Through a Router Darkly - Remote Investigation of Internet Censorship
1. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Through a Router Darkly –
Remote Investigation of Internet Censorship
Joss Wright
joss.wright@oii.ox.ac.uk
@JossWright
Oxford Internet Institute
University of Oxford
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 1/47
2. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Censorship
Almost every country engages in some
form of Internet filtering.
China’s “Golden Shield” is the classic
example.
Saudi Arabia presents perhaps the
most extreme filtering regime.
(OpenNet Initiative)
Many different technologies; many
different filtering targets; many different
rationales and justifications.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 2/47
3. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Censorship Technologies
DNS Poisoning
IP Header Filtering
Address or protocol.
IP Content Filtering
Keyword or protocol.
DPI
Hybrid or Proxy Filtering
We can consider takedown, social
pressure, legislation as filtering, but will
focus on technology.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 3/47
4. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
DNS Lookup
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
Q: target.com?
A: 82.68.72.161
target.com?
target.com?
82.68.72.161
82.68.7.161
target.com →
82.68.72.161
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 4/47
5. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
DNS Hierarchy
target.com?
target.com?
target.com?
target.com?
`Authoritative'
Domain Name Server
for target.com
`Root'
Domain Name Server
User's Domain Name Server
(usually ISP-operated).
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 5/47
6. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Web Request
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 6/47
7. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
DNS Poisoning
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
Q: target.com?
A: 95.45.23.122
target.com?
target.com?
95.45.23.122
95.45.23.122
target.com →
95.45.23.122
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 7/47
8. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
IP Header Filtering
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 8/47
9. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
IP Header Filtering
...
target.com
192.168.1.25
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 9/47
10. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
IP Content Filtering (DPI)
...
target.com
192.168.1.25
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 10/47
11. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Proxy Filtering
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Censorship Authority
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 11/47
12. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Proxy Filtering
...
target.com
82.68.72.161
User
Home Router
ISP's
DNS Server
ISP Router
User ISP's
Network
Network A Network B
Target Network
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
http://82.68.72.161:80/
blog.html?q=enlightenment
Censorship Authority
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 12/47
13. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Limitations
A tradeoff between subtlety and
computational requirements.
Sophisticated methods require greater
computational resources.
At national scale, these can be severe.
Centralization can cause problems, as
seen with CleanFeed.
Central management also raises
administrative and organizational
burdens.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 13/47
14. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Localized Filtering
We can observe localized filtering in
response to local events.
We therefore see filtering differ across a
state, rather than homogeneity.
We also expect filtering to vary over
time.
We may expect organizations to have
one filtering regime, even across a
state.
This can reveal filtering tactics, methods,
reasoning, limitations.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 14/47
15. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Existing Work
HERDICT: crowdsources filtering
information from volunteer web users.
OpenNet Initiative: use volunteers and
direct means to examine filtering around
the world.
Both consider national-level filtering as
homogeneous.
Both also make judgements as to the
nature of filtering.
Political, religious, social
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 15/47
16. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Existing Approaches
HERDICT relies on users for information.
Visitors to the website report sites that
appear blocked.
The website actively presents potentially
blocked content, allowing users to verify
if it is blocked.
OpenNet Initiative’s methods vary, but
include direct investigation and liason
with volunteers in blocked regions.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 16/47
17. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Fine-Grained Sources
For fine-grained mapping we wish to
combine data gathered at various
locations with GeoIP data at the city
level.
GeoIP databases are increasingly cheap
and accurate.
The problem is to get readings from a
wide geographical distribution.
Ideally, not just blocking status but type of
blocking.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 17/47
18. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Limitations
Crowdsourcing or using
volunteers can be effective
if the tool is sufficiently
usable, but is limited:
Undirected, inconsistent
coverage.
Direct investigation is
expensive.
Ideally we desire direct
access to filtered internet
connections.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 18/47
19. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Direct Action
Direct access to other connections is
possible in some limited cases.
Tor exit nodes, and similar services
such as psiphon.
VPN services or remote shells.
Creatively-used public services –
webservers, IRC, bittorrent...
Access to DNS is very simple, and
directly addresses one major type of
filtering.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 19/47
20. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Direct Action Problems
Direct services are rare, especially in
countries with interesting filtering.
No-one wants to run Tor-like services
in filtered areas!
VPN services are also rare. Remote
shells are even more so.
These services are typically offered to
get past filtering, not get in.
Creative misuse of open services seems
the most fruitful option.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 20/47
21. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Direct Action Mechanisms
DNS is simple and effective for
detecting DNS filtering, but is not
very useful beyond that.
Tor and Tor-like services are rare,
but wonderful.
Botnets.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 21/47
22. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Legality and Ethics
Is it legal to access blocked
websites?
Is it ethical to ask someone else to
access blocked websites?
Consent for automated tools.
Is it legal to creatively abuse a
service, with or without malicious
intent?
Is it ethical to open a service
operator to repercussions
based around such misuse?
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 22/47
23. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Legal Concerns
HERDICT Legal FAQ: ”Rules vary by
country, but we know of no nation
where it is illegal for you to report
information about sites you cannot
access.”
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 23/47
24. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Legal Concerns
Sites are sometimes blocked for serious
legal or societal reasons:
Pornography, homosexuality, lèse
majesté, insult to religion
Reporting sites as blocked may well be
legal, but detection attempts may cause
legal or social consequences.
When is the risk too small, and how can
we judge this against arbitrary cultural
contexts?
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 24/47
25. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Experiments in China
Internet population around 513 million
as of December 2011.
Geographic, cultural and ethnic diversity.
Extremely well-known and active
internet censorship regime.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 25/47
26. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
China DNS Scanning
278 DNS servers across China from the
APNIC WHOIS database.
Top 80 reported blocked websites
according to HERDICT.
DNS query for each site to each server.
It would be possible to scan China for
additional DNS servers, but this seems
unnecessary.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 26/47
27. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
DNS Response Types
Invalid Server
Timeout
Unknown Domain
Misdirection
Genuine Results
Redirect
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 27/47
28. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Misdirection
Domain No Domain No Answer No Nameserver Timeout True IP False IP
backchina.com 0 0 13 7 5 162
ntdtv.com 0 0 23 7 0 157
open.com.hk 0 1 20 7 3 156
torproject.org 0 2 24 7 1 153
tibet.net 0 2 22 7 3 153
peacehall.com 0 1 20 7 6 153
6park.com 0 0 26 7 2 152
hotspotshield.com 0 1 29 7 2 148
boxun.com 0 1 29 7 2 148
wezhiyong.org 0 1 33 7 2 144
Ten most misdirected domains from experiments, showing DNS error result counts for each domain.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 28/47
29. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
No Such Domain
Domain No Domain No Answer No Nameserver Timeout True IP False IP
ahrchk.net 4 17 64 40 60 2
killerjo.net 4 17 65 37 62 2
x365x.com 3 17 65 41 59 2
websitepulse.com 3 18 65 36 63 2
voanews.com 3 17 64 38 63 2
tumblr.com 3 17 64 38 37 28
steves-digicams.com 3 17 65 36 64 2
scribd.com 3 17 65 36 38 28
pinyinannotator.com 3 18 67 36 61 2
newgrounds.com 3 16 64 36 66 2
Ten domains most often claimed non-existent.
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 29/47
33. oiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioiioxford internet ins�tute university of oxfordoiioiioiioiioiioiio
Introduction Information Sources Legality and Ethics Experiments Questions
Next slide: Distribution of all cities across China, justifying location of
our results. (Note higher density in the East.)
Joss Wright Through a Router Darkly – Remote Investigation of Internet Censorship: 33/47