SlideShare uma empresa Scribd logo

The Anatomy of Web Censorship in Pakistan

Zubair Nabi
Zubair Nabi
TecnologiaNegócios
1 de 23
Baixar para ler offline
The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
ISP-level Warning Screens
Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
Q?

Recomendados

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud Stacks
Zubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyond
Zubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on it
Zubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: Virtualization
Zubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing World
Zubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application Scripting
Zubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS Hybrids
Zubair Nabi
 

Recomendados

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud Stacks
Zubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyond
Zubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on it
Zubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: Virtualization
Zubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing World
Zubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application Scripting
Zubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS Hybrids
Zubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device Drivers
Zubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tables
Zubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: Scheduling
Zubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System calls
Zubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocks
Zubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!
Zubair Nabi
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
Zubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data Stack
Zubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
Zubair Nabi
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and Networking
Zubair Nabi
 
Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring project
Richard King
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP Lens
April Smith
 
Online Privacy
Online PrivacyOnline Privacy
Online Privacy
IWMW
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In Pakistan
Michele Thomas
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment Update
Deploy360 Programme (Internet Society)
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globally
APNIC
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
APNIC
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF Secretariat
EDINA, University of Edinburgh
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_Africa
Michael Otieno
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
US-Ignite
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptx
stevenmsusa
 

Mais conteúdo relacionado

Destaque

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device Drivers
Zubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tables
Zubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: Scheduling
Zubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System calls
Zubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocks
Zubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!
Zubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data Stack
Zubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
Zubair Nabi
 

Destaque (11)

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device Drivers
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tables
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: Scheduling
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System calls
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocks
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data Stack
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and Networking
 

Semelhante a The Anatomy of Web Censorship in Pakistan

2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform
遵共 陳
 
A density based clustering approach for web robot detection
A density based clustering approach for web robot detectionA density based clustering approach for web robot detection
A density based clustering approach for web robot detection
Wright State University, Dayton, OH, USA
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud Applications
CDNetworks
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018
Rakesh S V Reddy
 

Semelhante a The Anatomy of Web Censorship in Pakistan (20)

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring project
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP Lens
 
Online Privacy
Online PrivacyOnline Privacy
Online Privacy
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In Pakistan
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment Update
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globally
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF Secretariat
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_Africa
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptx
 
Socialforum2011 04-02
Socialforum2011 04-02Socialforum2011 04-02
Socialforum2011 04-02
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in Africa
 
Web identity part1
Web identity part1Web identity part1
Web identity part1
 
A density based clustering approach for web robot detection
A density based clustering approach for web robot detectionA density based clustering approach for web robot detection
A density based clustering approach for web robot detection
 
Kick starting Network Automation
Kick starting Network AutomationKick starting Network Automation
Kick starting Network Automation
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud Applications
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018
 

Mais de Zubair Nabi

Mais de Zubair Nabi (11)

Lab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetLab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using Mininet
 
Topic 12: NoSQL in Action
Topic 12: NoSQL in ActionTopic 12: NoSQL in Action
Topic 12: NoSQL in Action
 
Lab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraLab 4: Interfacing with Cassandra
Lab 4: Interfacing with Cassandra
 
Topic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageTopic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and Storage
 
Topic 11: Google Filesystem
Topic 11: Google FilesystemTopic 11: Google Filesystem
Topic 11: Google Filesystem
 
Lab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationLab 3: Writing a Naiad Application
Lab 3: Writing a Naiad Application
 
Topic 9: MR+
Topic 9: MR+Topic 9: MR+
Topic 9: MR+
 
Topic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesTopic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative Architectures
 
Topic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmTopic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce Paradigm
 
Lab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPILab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPI
 
Topic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsTopic 6: MapReduce Applications
Topic 6: MapReduce Applications
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Último (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

The Anatomy of Web Censorship in Pakistan

  • 1. The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
  • 2. This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
  • 3. Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
  • 4. Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
  • 5. History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
  • 6. History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
  • 7. History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
  • 8. History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
  • 9. Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
  • 10. Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
  • 11. Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
  • 12. Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
  • 13. Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
  • 15. Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
  • 16. IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
  • 17. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 18. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 19. Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
  • 20. Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
  • 21. Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
  • 22. Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
  • 23. Q?