wiki:doc/OONI/censorshipwiki

Version 12 (modified by phw, 7 years ago) (diff)

Extended section about kazakhstan.

Censorship Wiki

The purpose of this wiki is to collect information on the status of censorship detection and circumvention research.

If you wish to do anonymous editing of this page you may login with the username cypherpunks and password writecode.

How to Use this wiki

Create pages under the doc/OONI/censorshipwiki/PAGE_NAME path. Group similar pages into macro categories like so doc/OONI/censorshipwiki/CATEGORY/PAGE_NAME.

Add the root of the page to the index here.

If you have a random link and don't want to bother to categorise it, but believe it's relevant, just dump it in the randomness section here.

Table of contents

Randomness

This is a place for randomly dumping content that needs to be organised.

If you have spare time categorise stuff in here.

DUMP UNDER HERE


Template

Summary of the current situation

Short summary about current situation.

First witnessed

When was the block first witnessed?

Last witnessed

When was it witnessed the last time?

Types of Tor censorship

What kind of censorship technology is used? IP block? DPI? Web site block?

Types of non-Tor censorship

What else is blocked except from Tor?

Ways to bypass censorship

Which documented ways are there to evade the block?

Type of firewall

Is anything known about the censor's boxes?


China (#4744, #4185)

Summary of the current situation

Most of the time, the directory authorities as well as the public relays are blocked. Besides, the Great Firewall of China is blocking most bridges. This is done by looking for new Tor connection and if a connection is found by the firewall, it tries to scan to the connection destination. It then tries to establish a Tor connection with the destination and if it succeeds, it is blocked. An analysis can be found at: http://www.cs.kau.se/philwint/static/gfc/ and at https://gist.github.com/da3c7a9af01d74cd7de7 .

First witnessed

The follow-up scanning strategy to block Tor bridges became known in October 2011 (#4185). According to other reports, this type of follow-up scanning might even date back to 2010: http://www.nsc.liu.se/~nixon/sshprobes.html .

Last witnessed

The block is still ongoing despite blocking outages occurring every now and then.

Types of Tor censorship

  • Deep packet inspection: #4744
  • IP blocking:
    • All 8 directory authorities seem to be blocked on the IP layer. They respond neither to TCP, nor to ICMP requests.
  • IP:port blocking:
    • Public relays as well as bridges are usually blocked by IP:port. Presumably, to limit collateral damage. The block is done by dropping the SYN/ACK segment which is sent by the bridge to the Tor client.
  • Spoofed RST segments:
    • Spoofed RST segments to terminate TCP connections to bridges have been observed. However, the IP:port blocking seems to be more common.
  • Active probing:
    • After DPI boxes detected the Tor cipher list, seemingly random machines connect to the suspected bridge and try to start a Tor connection. If this probing succeeds, the bridge is blocked. There is reason to believe, that the IP addresses of these machines is spoofed.

Types of non-Tor censorship

Ways to bypass censorship

Type of firewall

  • The Great Firewall Of China
  • Manufacturer: China. There are probably no off-the-shelf products.

Ethiopia (#6045)

Summary of the current situation

DPI boxes look for Tor TLS server hellos sent by relays or bridges to Tor clients. If such a packet is found, it is dropped. The DPI boxes seem to operate in-band and stateless.

First witnessed

The block became known at May 22, 2012. According to the metrics page, the block might have started several days earlier. A blog post was published at May 31st.

Last witnessed

The block is still ongoing.

Type of Tor censorship

  • Deep packet inspection: #6045
    • Fingerprint: Multiple strings in the Tor TLS server hello record are matched (#6045). If a packet matches, it is dropped.

Types of non-Tor censorship

Ways to bypass censorship

  • Bridges were patched to pick the cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA instead of TLS_DHE_RSA_WITH_AES_256_CBC_SHA. This was sufficient to evade the DPI boxes. Three patched bridges were published in a blog post.
  • Obfsproxy probably evades the DPI boxes too.

Type of firewall

  • Manufactorer: Not sure yet. ZTE?

Kazakhstan (#6140)

Summary of the current situation

Short summary about current situation.

First witnessed

The block started between February and March 2012 and is mentioned in a blog post. Another blog post was published two weeks afterwards.

Last witnessed

The block is still ongoing.

Types of Tor censorship

  • Deep packet inspection: #6140
    • Fingerprint: The Tor TLS client hello cipher list and parts of the Tor TLS server hello record (#6140)

Types of non-Tor censorship

  • Unknown.

Ways to bypass censorship

Type of firewall

  • Unknown.