CSE 592INTERNET CENSORSHIP

(FALL 2015)

LECTURE 10

PHILLIPA GILL – STONY BROOK UNIVERSITY

WHERE WE ARE

Last time:

• Case study: Iran + Pakistan

• Questions?

• Revisit hands on activity …

RIPEstat page for AS 12880:

https://stat.ripe.net/AS12880#tabId=at-a-glance

Try looking up other Iranian networks

NDT data in Google

http://www.google.com/publicdata/explore?ds=e9krd11m38onf_&ctype=l&strail=false&bcs=d&nselm=h&met_y=download_throughput&scale_y=lin&ind_y=false&rdim=country&idim=country:364&ifdim=country&ind=false

OOKLA Speed test:

http://www.google.com/publicdata/explore?ds=z8ii06k9csels2_&ctype=l&met_y=avg_download_speed

ASSIGNMENT 1 DISCUSSION

Some questions led to confusion

Part 1

• Q2 who are the source and destination (most people got this):

• Source ICSI ; Destination Baidu• (accepted anything from the destination whois since it was a

weird looking record).• Q3 Why did Wireshark flag Packet 8 as a retransmission?

• Q4 What is unusual about the response in packet 9?

• (there was a typo in this question, I reduced total by 3 for it)• Q5 (most people got this): Is it the same device responding to

packet 8 as the first GET (packet 4)?

ASSIGNMENT 1 DISCUSSION

Some questions led to confusion

Part 2

• Q2 What is missing from the TCP connection?

• Handshake!• Q3 Flow or packet level censor? (a lot of people had trouble

with this!)

• Q4 What is returned in response to the HTTP GET?

Part 3

• On path or in path censor? Why?

TEST YOUR KNOWLEDGE (IRAN)

1. How did the government assert control over the Internet in 2001?

2. What were the conflicting goals of Iran in implementing censorship?

3. What was the end result of these?

4. What is the `campaign for halal Internet’? Why did people fear this?

5. What is the purpose of IP addresses designated in RFC1918?

6. What are two techniques used by Anderson to map an internal 10.x.x.x address to an external IP?

7. What is the idea of “dimming the Internet”?

8. How can “dimming” be measured?

9. How did the pseudonymous paper identify filtering based on the host header?

10. What type of proxy did they find?

TEST YOUR KNOWLEDGE (PAKISTAN)

1. Why is censorship in Pakistan well known?

2. Which protocol allowed collateral damage when they censored YouTube?

3. What is the main form of censorship in Pakistan identified by the Web censorship paper?

4. What are the most common circumvention techniques in Pakistan?

5. What are some circumvention techniques that were found to work for Pakistan censorship?

6. Which product did CitizenLab find in Pakistan?

7. How did they find the IP of installations of the product?

8. How did they verify that the installations were used for censorship?

TODAY

Case Study: China

• Background (ONI report)

• Concept Doppler (Crandall et al.)

• http://www.csd.uoc.gr/~hy558/papers/conceptdoppler.pdf• Locating the censors (Xu et al.)

• http://pam2011.gatech.edu/papers/pam2011--Xu.pdf • Great Cannon Seminar Tuesday October 13 @ 1pm!

BACKGROUND

• China: one-party state, ruled by the Chinese Communist Party (CCP)

• Conflict between IT development and ability to contain sensitive or threatening information

Several milestones challenged gov’t control:

• Anniversary of Tibetan Uprising in 2008: Protests in Lhasa

• 2008 Beijing Olympics, pressures to lessen censorship

• Foreign reporters had unprecedented access within the country• Domestic news still highly restricted• Unfettered Internet access for foreign journalists restricted to

“games-related” Web sites• 2009 Riots in Urumqi led to Internet restrictions to “quench the riot

… and prevent violent”

• State sponsored Web site access (31 sites) slowly restored but Internet access in Xinjiang was effectively severed for 10 months

BACKGROUND 2

• 2010 Google refuses to comply with legal requirements of content filtering in China

• Attempts to hack gmail accounts of human rights activists • Google wanted to establish a truly free and open search engine

or officially close Google.cn• Google’s actions placed PRC’s censorship practices in the

international spotlight

• China’s population means that even at 28.9% Internet penetration the country has the most Internet users in the world

• Mobile networking is important for bridging the rural/urban divide

• 10% of users access the Internet only on a mobile device• Widespread use of Internet has led to a change in the public

discourse and exposing corruption of government officials and even dismissal of senior officials

INTERNET FILTERING IN CHINA

• Initial project: Green Dam Youth Escort project

• Filtering at the level of the user’s computer• Analysis by ONI + StopBadware showed that it wasn’t effective

in blocking all pornography and would unpredictably block political and religious content

• Follow on project: “Blue Dam” with more features mandated to be installed by ISPs

• Server side/ISP-level blocking of content deemed to be inappropriate

• Blog services are also responsible for policing content on their sites

• Must install keyword filters + delete accounts of violating users• More on this in the online social networking lecture …

TODAY’S READINGS

ConceptDoppler: A Weather Tracker for Internet Censorship. Crandall et al. 2006

Internet Censorship in China: Where Does the Filtering Occur?

Xu et al. 2011

CONCEPTDOPPLER

• Goals: Develop the capability to monitor both the technical censorship mechanism and how it is used

• E.g., to answer questions such as why was “keyword blocked” in a given place and time

• Focus on keyword blocking: less collateral damage, less negative fall out than blunt censorship techniques

• Specific aim to monitor the set of blocked keywords over time and monitor for variations between regions

• Useful for circumvention (e.g., encoding keywords to make them unidentifiable to DPI boxes).

• The need for continuous monitoring of censored keywords requires efficient probing:

• Latent semantic analysis + techniques from Web search to minimize the set of keywords that must be probed.

EXPERIMENT 1 TEST GFC

72 hours of HTTP GETs to www.yahoo.cn

1. Send FALUN (blocked keyword) until a RST is received

2. Switch to send TEST (benign word) until a valid HTTP response is received

Observation: hosts are blocked from communicating for 90 seconds after sending the bad keyword.

RESULTS: BLOCKING IS NOT 100% RELIABLE

White = not blocked; grey = blockedX = 0 is 15:00 in BeijingY = # of probes

Diurnal trends in filtering effectiveness

EXPERIMENT 2: FIND GFC FIREWALLS

Target URLs probed = top 100 URLs returned by Google for the queries: site:x where X= .cn, .com.cn, .edu.cn, .org.cn, and .net.cnNo RSTs observed if the connection was not open -> GFC is stateful

WHERE ARE THE CENSORS?

FINDING KEYWORDS EFFICIENTLY

• Latent semantic analysis (LSA) to find keywords related to concepts the government might filter

• Details of LSA in the paper. • Experimental set up:

• Gather all the pages of Chinese language Wikipedia• 12 term lists based on 12 general concepts (terms are selected

to be most related to the concept via LSA)• Probed 2,500 terms from each of the 12 lists

NUMBER OF KEYWORDS FOUND

X axis = bins of 250 keywordsY axis = # of blocked keywords foundKey takeaway: 2,500 tested terms selected via LSA contains many moreBlocked keywords than randomly chosen terms

LIMITATIONS

• Scale: Querying each 2,500 word list takes 1.2 - 6.7 hours; heavy use of network resources

• False positives + false negatives

• No way to claim these lists are exhaustive …

Potentials for evation:

• If we know what keywords are filtered when we observe them we can be clever and hide them

• E.g., fragment IP packets on the keyword, • HTML comments in the word: fa<!- comment ->lun• Use different encodings for keywords: F%61lun Gong• Put keywords in Captchas or insert other characters: f@lun

g0ng

READING 2: MAPPING THE GFC

• Presentation

HANDS ON ACTIVITY

Online reports of Chinese censorship:

https://en.greatfire.org/

http://www.herdict.org/explore/indepth?fc=CN

http://www.google.com/transparencyreport/traffic/explorer/?r=CN&l=EVERYTHING

China Chats data: https://china-chats.net/

Video chat censorship:

https://www.usenix.org/sites/default/files/conference/protected-files/foci15_slides_knockel.pdf