fine-grained censorship mapping
DESCRIPTION
Presentation given at the Oxford Internet Institute lunchtime seminar series on fine-grained mapping of internet censorship. Some basic information on mapping using DNS servers, and some preliminary mapping visualizations of DNS-based censorship in China. This presentation also focused on legal and ethical issues in researching internet censorship.TRANSCRIPT
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Fine-Grained Censorship Mapping -Information Sources, Legality and Ethics
Joss [email protected]
Oxford Internet InstituteUniversity of Oxford
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 1/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
1 Introduction2 Information Sources3 Legality and Ethics4 Early Results5 Questions
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 2/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
CensorshipAlmost every country engages in someform of Internet filtering.China’s “Golden Shield” is the classicexample.
Saudi Arabia presents perhaps themost extreme filtering regime.(OpenNet Initiative)
Many different technologies; manydifferent filtering targets; many differentrationales and justifications.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 3/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Censorship TechnologiesWe can classify filtering according totheir focus:
DNS PoisoningIP Header Filtering (address orprotocol)IP Content Filtering (keyword orprotocol)Proxy Filtering
We can consider takedown, socialpressure, legislation as filtering, but willfocus on technology.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 4/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
LimitationsA tradeoff between subtlety andcomputational requirements.
Sophisticated methods require greatercomputational resources.At national scale, these can be severe.
Centralization can cause problems, asseen with CleanFeed.
Central management also raisesadministrative and organizationalburdens.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 5/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Localized FilteringWe can observe localized filtering inresponse to local events.We therefore see filtering differ across astate, rather than homogeneity.
We also expect filtering to vary overtime.We may expect organizations to haveone filtering regime, even across astate.
This can reveal filtering tactics, methods,reasoning, limitations.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 6/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Existing WorkHERDICT: crowdsources filteringinformation from volunteer web users.
OpenNet Initiative: use volunteers anddirect means to examine filtering aroundthe world.
Both consider national-level filtering ashomogeneous.Both also make judgements as to thenature of filtering.
Political, religious, social
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 7/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Existing ApproachesHERDICT relies on users for information.
Visitors to the website report sites thatappear blocked.
The website actively presents potentiallyblocked content, allowing users to verifyif it is blocked.
OpenNet Initiative’s methods vary, butinclude direct investigation and liasonwith volunteers in blocked regions.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 8/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Fine-Grained SourcesFor fine-grained mapping we wish tocombine data gathered at variouslocations with GeoIP data at the citylevel.
GeoIP databases are increasingly cheapand accurate.
The problem is to get readings from awide geographical distribution.
Ideally, not just blocking status but type ofblocking.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 9/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
LimitationsCrowdsourcing or usingvolunteers can be effectiveif the tool is sufficientlyusable, but is limited:
Undirected, inconsistentcoverage.
Direct investigation isexpensive.
Ideally we desire directaccess to filtered internetconnections.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 10/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Direct ActionDirect access to other connections ispossible in some limited cases.
Tor exit nodes, and similar servicessuch as psiphon.VPN services or remote shells.Creatively-used public services –webservers, IRC, bittorrent...
Access to DNS is very simple, anddirectly addresses one major type offiltering.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 11/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Direct Action ProblemsDirect services are rare, especially incountries with interesting filteringregimes.
No-one wants to run Tor-like servicesin filtered areas!
VPN services are also rare. Remoteshells are even more so.
These services are typically offered toget past filtering, not get in.
Creative misuse of open services seemsthe most fruitful option.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 12/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Direct Action MechanismsDNS is simple and effective fordetecting DNS filtering, but is notvery useful beyond that.
Tor and Tor-like services are rare,but wonderful.
BitTorrent seems a likelycandidate, and we have beeninvestigating it, but consent is aserious issue.
If only we could... botnets.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 13/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Legality and EthicsIs it legal to access blockedwebsites?Is it ethical to ask someone else toaccess blocked websites?
Consent for automated tools.
Is it legal to creatively abuse aservice, with or without maliciousintent?
Is it ethical to open a serviceoperator to repercussionsbased around such misuse?
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 14/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Legal Concerns
HERDICT Legal FAQ: ”Rules vary bycountry, but we know of no nation where itis illegal for you to report information aboutsites you cannot access.”
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 15/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Legal ConcernsSites are sometimes blocked for seriouslegal or societal reasons:
Pornography, homosexuality, lèsemajesté, insult to religion
Reporting sites as blocked may well belegal, but detection attempts may causelegal or social consequences.
When is the risk too small, and how canwe judge this against arbitrary culturalcontexts?
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 16/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Current WorkRetrieved a list of 278 DNS serversacross China from the APNIC WHOISdatabase.
Selected the top 80 reported blockedwebsites according to HERDICT.
Performed a DNS query for each site toeach server.
We have code to scan China for DNSservers, but have not deemed itnecessary at this point.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 17/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Early Observations
Initial observations:
Many blocked sites are listed asnon-existent in the majority of DNSservers tested.
Several servers return no result for mostblocked sites, but occasionally redirectrequests to other DNS servers beforedoing so.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 18/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Early ObservationsDNS poisoning is rife:
wujie.net 161 servers returned aresponse to wujie.net directed toonly 9 separate IPs – none of whichoffer services, and are unrelated towujie.net.
Many blocked sites do get genuine DNSresponses.
In many cases we simply get no result, ora timeout.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 19/32
Next slide: map of China showing cities for which we have data.
. . . . . .
BaotouBeijing
Changchun
Changsha
Chaoyang
Chengdu
Chongqing
Dongguan
Fuzhou
Guangzhou
Guiyang
Harbin
Hebei
Hefei
Jinan
Nanjing
Nanning
Ningbo
Qingdao
Shanghai
Shenyang
Shenzhen
Tianjin
Wuhan
Xiamen
Xian
Xining
Zhengzhou
Zhongshan
Heyuan
. . . . . .
Next slide: zoomed map of China showing cities for which we havedata.
. . . . . .
Baotou
Beijing
Changchun
Changsha
Chaoyang
Chengdu
Chongqing
Dongguan
Fuzhou
Guangzhou
Guiyang
Harbin
Hebei
Hefei
Jinan
Nanjing
Nanning
Ningbo
Qingdao
Shanghai
Shenyang
Shenzhen
Tianjin
Wuhan
Xiamen
Xian
Xining
Zhengzhou
Zhongshan
Heyuan
. . . . . .
Next slide: Relative likelihood that the DNS server will return ‘noresult’ when asked for a censored website. Larger and redder dots aremore likely not to return a result.Note that if a result is given, it is not necessarily correct. (See nextmap.)
. . . . . .
BaotouBaotou
BeijingBeijing
ChangchunChangchun
ChangshaChangsha
ChaoyangChaoyang
ChengduChengdu
ChongqingChongqing
DongguanDongguan
FuzhouFuzhou
GuangzhouGuangzhou
GuiyangGuiyang
HarbinHarbin
HebeiHebei
HefeiHefei
JinanJinan
NanjingNanjing
NanningNanning
NingboNingbo
QingdaoQingdao
ShanghaiShanghai
ShenyangShenyang
ShenzhenShenzhen
TianjinTianjin
WuhanWuhan
XiamenXiamen
XianXian
XiningXining
ZhengzhouZhengzhou
ZhongshanZhongshan
HeyuanHeyuan
. . . . . .
Next slide: Relative likelihood that, if a DNS result is returned for agiven site, that it is a ‘lie’. Specifically, that the returned IP address doesnot point to the requested domain or a related domain. Typically, thesefalse results point to a small number of IP addresses in Beijing.
. . . . . .
BaotouBaotou
BeijingBeijing
ChangchunChangchun
ChangshaChangsha
ChaoyangChaoyang
ChengduChengdu
ChongqingChongqing
DongguanDongguan
FuzhouFuzhou
GuangzhouGuangzhou
GuiyangGuiyang
HarbinHarbin
HebeiHebei
HefeiHefei
JinanJinan
NanjingNanjing
NanningNanning
NingboNingbo
QingdaoQingdao
ShanghaiShanghai
ShenyangShenyang
ShenzhenShenzhen
TianjinTianjin
WuhanWuhan
XiamenXiamen
XianXian
XiningXining
ZhengzhouZhengzhou
ZhongshanZhongshan
HeyuanHeyuan
. . . . . .
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Results of VisualizationWe can clearly verify that filtering isheterogeneous across China.Some cities show little DNS filtering,some return no results, some returnpoisoned results, some do both!
Chengdu, Shenzhen, Shanghai arenotable “tech” cities, and have littlefiltering.Beijing is, perhaps surprisingly, relativelypermissive.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 28/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
CaveatsRestricted list of DNS servers. I can getmore, but will have to portscan Chinafor them.
DNS server in a city does not representwhere the users originate.These maps do not show how manyDNS servers were in each city, or giveany distinction between them.
78 DNS servers in Beijing, only 1 inXiamen.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 29/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
QuestionsWhat are the legal and, importantly,ethical limits to what we can do in thisarea?What good services exist from which to“bounce” connections?
Specifically, public services rather thanindividual services.
Can we intelligently split onorganizational as well as geographicallines.
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 30/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
Questions
How can we best represent thisinformation?
What will we learn when we repeatexperiments over time looking forpatterns?
What questions would anyone like toask?
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 31/32
. . . . . .
Introduction Information Sources Legality and Ethics Early Results Questions
The End
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 32/32