SlideShare una empresa de Scribd logo

The Anatomy of Web Censorship in Pakistan

Zubair Nabi
Zubair Nabi
TecnologíaEmpresariales
1 de 23
Descargar para leer sin conexión
The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
ISP-level Warning Screens
Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
Q?

Recomendados

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud StacksZubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondZubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: VirtualizationZubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldZubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application ScriptingZubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS HybridsZubair Nabi
 

Recomendados

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud StacksZubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondZubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: VirtualizationZubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldZubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application ScriptingZubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS HybridsZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversZubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tablesZubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: SchedulingZubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System callsZubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksZubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!Zubair Nabi
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationZubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data StackZubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationZubair Nabi
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingZubair Nabi
 
Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensApril Smith
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanMichele Thomas
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateDeploy360 Programme (Internet Society)
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globallyAPNIC
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]APNIC
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatEDINA, University of Edinburgh
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_AfricaMichael Otieno
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptxstevenmsusa
 

Más contenido relacionado

Destacado

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversZubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tablesZubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: SchedulingZubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System callsZubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksZubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!Zubair Nabi
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationZubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data StackZubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationZubair Nabi
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingZubair Nabi
 

Destacado (11)

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device Drivers
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tables
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: Scheduling
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System calls
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocks
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data Stack
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and Networking
 

Similar a The Anatomy of Web Censorship in Pakistan

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensApril Smith
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanMichele Thomas
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globallyAPNIC
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]APNIC
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptxstevenmsusa
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE PresentationBob Radvanovsky
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform遵共 陳
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaAFRINIC
 
Kick starting Network Automation
Kick starting Network AutomationKick starting Network Automation
Kick starting Network AutomationWalid Shaari
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsCDNetworks
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018Rakesh S V Reddy
 

Similar a The Anatomy of Web Censorship in Pakistan (20)

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring project
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP Lens
 
Online Privacy
Online PrivacyOnline Privacy
Online Privacy
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In Pakistan
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment Update
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globally
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF Secretariat
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_Africa
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptx
 
Socialforum2011 04-02
Socialforum2011 04-02Socialforum2011 04-02
Socialforum2011 04-02
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in Africa
 
Web identity part1
Web identity part1Web identity part1
Web identity part1
 
A density based clustering approach for web robot detection
A density based clustering approach for web robot detectionA density based clustering approach for web robot detection
A density based clustering approach for web robot detection
 
Kick starting Network Automation
Kick starting Network AutomationKick starting Network Automation
Kick starting Network Automation
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud Applications
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018
 

Más de Zubair Nabi

Lab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetLab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetZubair Nabi
 
Topic 12: NoSQL in Action
Topic 12: NoSQL in ActionTopic 12: NoSQL in Action
Topic 12: NoSQL in ActionZubair Nabi
 
Lab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraLab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraZubair Nabi
 
Topic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageTopic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageZubair Nabi
 
Topic 11: Google Filesystem
Topic 11: Google FilesystemTopic 11: Google Filesystem
Topic 11: Google FilesystemZubair Nabi
 
Lab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationLab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationZubair Nabi
 
Topic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesTopic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesZubair Nabi
 
Topic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmTopic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmZubair Nabi
 
Lab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPILab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPIZubair Nabi
 
Topic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsTopic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsZubair Nabi
 

Más de Zubair Nabi (11)

Lab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetLab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using Mininet
 
Topic 12: NoSQL in Action
Topic 12: NoSQL in ActionTopic 12: NoSQL in Action
Topic 12: NoSQL in Action
 
Lab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraLab 4: Interfacing with Cassandra
Lab 4: Interfacing with Cassandra
 
Topic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageTopic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and Storage
 
Topic 11: Google Filesystem
Topic 11: Google FilesystemTopic 11: Google Filesystem
Topic 11: Google Filesystem
 
Lab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationLab 3: Writing a Naiad Application
Lab 3: Writing a Naiad Application
 
Topic 9: MR+
Topic 9: MR+Topic 9: MR+
Topic 9: MR+
 
Topic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesTopic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative Architectures
 
Topic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmTopic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce Paradigm
 
Lab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPILab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPI
 
Topic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsTopic 6: MapReduce Applications
Topic 6: MapReduce Applications
 

Último

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 

Último (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 

The Anatomy of Web Censorship in Pakistan

  • 1. The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
  • 2. This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
  • 3. Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
  • 4. Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
  • 5. History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
  • 6. History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
  • 7. History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
  • 8. History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
  • 9. Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
  • 10. Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
  • 11. Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
  • 12. Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
  • 13. Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
  • 15. Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
  • 16. IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
  • 17. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 18. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 19. Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
  • 20. Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
  • 21. Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
  • 22. Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
  • 23. Q?