Characterizing Web Censorship Worldwide

Abstract: In this study, we take another look at 5 years of web censorship data gathered by the OpenNet Initiative in 77 countries using user-based testing with locally relevant content. Prior to our work, this data had been analyzed with little automation, focusing on what content had been blocked, rather than how blocking was carried out. In this study, we use more rigorous automation to obtain a longitudinal, global view of the technical means used for web censorship. We also identify blocking that had been missed in… Show more

“…Variants on this method are adopted by Dornseif [48], Gill et al [63], Nabi [114] and in non-censorship-specific analyses: [6,38,152,153]. The most notable ones are described hereafter.…”

“…In [63] a method is proposed to infer DNS tampering (there named "DNS redirection") by considering all the hostnames resolved to one same IP address in the test results, and count the number of different ASes the same hostnames are resolved to by a trusted DNS server: if the AS count is greater than an empirically set threshold then the response of DNS tampering is given. 13 A method to detect DNS injection is implicitly suggested in [119] where the authors notice that for DNS replies injected by the GFC the (UDP) checksum is wrong.…”

“…Often the detection techniques adopted in research papers or in the provided platforms and tools just leverage the application level log files and error reporting functionality to detect the disruption of TCP connection (Gill et al [63], Aryan et al [13], Nabi [114], Polverini and Pottenger [119]) e.g., triggering the system directly by sending a-possibly innocuous-HTTP GET request (see following section). At the other end of the spectrum of possibilities there is the highly specific technique adopted in [86], where different combinations of initial packets (with different flags set) are generated in order to test the statefulness of a censoring device and investigate the layers that it inspects to find the triggers.…”

“…The main source of variation is the specific tool adopted to generate an HTTP GET request, comprising Python scripting (Gill et al [63], Filastò and Appelbaum [57], Nabi [114]), the command line common unix utility wget (used by Polverini and Pottenger [119]), or more exotic tools such as fragroute [58,123] (used by Park and Crandall [116]) and scapy [134] (adopted by Crandall et al [33], Khattak et al [86]). …”

“…The data backing the analyses performed by The OpenNet Initiative [79] has been collected by means of an undisclosed client, but a detailed analysis of the dataset has been published in [63]. In this paper an algorithm for the detection of censorship based on collected data is reported (see Fig.…”

Internet Censorship detection: A survey

“…Variants on this method are adopted by Dornseif [48], Gill et al [63], Nabi [114] and in non-censorship-specific analyses: [6,38,152,153]. The most notable ones are described hereafter.…”

“…In [63] a method is proposed to infer DNS tampering (there named "DNS redirection") by considering all the hostnames resolved to one same IP address in the test results, and count the number of different ASes the same hostnames are resolved to by a trusted DNS server: if the AS count is greater than an empirically set threshold then the response of DNS tampering is given. 13 A method to detect DNS injection is implicitly suggested in [119] where the authors notice that for DNS replies injected by the GFC the (UDP) checksum is wrong.…”

“…Often the detection techniques adopted in research papers or in the provided platforms and tools just leverage the application level log files and error reporting functionality to detect the disruption of TCP connection (Gill et al [63], Aryan et al [13], Nabi [114], Polverini and Pottenger [119]) e.g., triggering the system directly by sending a-possibly innocuous-HTTP GET request (see following section). At the other end of the spectrum of possibilities there is the highly specific technique adopted in [86], where different combinations of initial packets (with different flags set) are generated in order to test the statefulness of a censoring device and investigate the layers that it inspects to find the triggers.…”

“…The main source of variation is the specific tool adopted to generate an HTTP GET request, comprising Python scripting (Gill et al [63], Filastò and Appelbaum [57], Nabi [114]), the command line common unix utility wget (used by Polverini and Pottenger [119]), or more exotic tools such as fragroute [58,123] (used by Park and Crandall [116]) and scapy [134] (adopted by Crandall et al [33], Khattak et al [86]). …”

“…The data backing the analyses performed by The OpenNet Initiative [79] has been collected by means of an undisclosed client, but a detailed analysis of the dataset has been published in [63]. In this paper an algorithm for the detection of censorship based on collected data is reported (see Fig.…”

Internet Censorship detection: A survey

The Proliferation of Technical Internet Filtering Practices: Tracking Policy and Its Implementation Through a Systemic Perspective

Intercept and Inject: DNS Response Manipulation in the Wild