Censorship and what to do about it
Last week the IETF 121 met in Dublin. You can catch all of the sessions online. Here are some highlights
- I co-chair the Human Rights Protocol Considerations research group with a cryptographer at Brave Browser, Sofia Celi. HRPC met and discussed our RG's draft on intimate partner violence. We had presentations from National Network to End Domestic Violence and MariaLab in Brazil on the same. https://www.youtube.com/watch?v=Q3W9Xmwa9Oo
- The Privacy research group met to discuss a draft on which I'm co-author, "Guidelines for Performing Safe Measurement on the Internet," and hosted two talks titled, "Understanding Routing-Induced Censorship Changes Globally" and "Call Me By My Name: Simple, Practical Private Information Retrieval for Keyword Queries." https://www.youtube.com/watch?v=TOkc8nVR4Kk
- The work on Digital Emblems, like those used by the Red Cross/Crescent/Crystal, has progressed. Here's an article about the IETF 121 session: https://www.heise.de/en/news/DIEM-Digital-emblems-for-network-resources-of-aid-organizations-10006308.html
- Relatedly, the ICRC convened a meeting of over 190 different organizations and published a statement, "deploring the disruption of medical and humanitarian relief efforts as a consequence of the use of digital means and methods of warfare and the consequences of these disruptions on the civilian population, ... and welcoming the research and consultations conducted by the International Committee of the Red Cross (ICRC), in collaboration with academic institutions, experts and other components of the Movement, on the purpose, parameters and feasibility of a 'digital emblem', ... in order to further clarify the specific purpose and technical feasibility of a digital emblem, and to consult with States on the potential processes for incorporating the digital emblem into national and international law." https://rcrcconference.org/app/uploads/2024/10/CoD24_R3-Res-Weapons-and-IHL-EN.pdf
- At the same ICRC meeting, the movement demanded international law compliance for tech used in conflict https://eng.mizzima.com/2024/11/02/15795
The links!
- This week, ICANN 81 kicked off in Istanbul. https://meetings.icann.org/en/meetings/icann81/
- The problematic cybercrime treaty was adopted at the UNGA 3rd committee meeting this week. https://cepa.org/article/us-approving-un-cybercrime-treaty-would-legitimize-authoritarian-censorship
- Check out LEAP VPN. (I'm on the LEAP board.) It is designed for mid-scale deployments to support journalists, activists, dissidents, and human rights defenders, and their affinity networks. They have an updated tutorial section https://docs.leap.se/tutorials
- Remember to register for the Green Tech Hackathon hosted by RIPE next month in Amsterdam https://ripe89.ripe.net/archives/video/1513/
- Digital Empowerment Foundation is organising the Community Network Xchange in the Asia Pacific (CNX-APAC) 2024 alongside the Digital Citizen Summit (DCS) on 15th and 16th November 2024 at T-Hub, Hyderabad. Register Here for CNX-APAC https://www.cnxapac.org
- The 2024 Global Voices Summit is December 6 - 7, 2024 in Kathmandu, Nepal https://summit2024.globalvoices.org
- Read the report: "Integrating policy, research and technical standards in gender approaches to cybersecurity" for key takeaways from a recent APC-hosted roundtable https://www.apc.org/en/news/integrating-policy-research-and-technical-standards-gender-approaches-cybersecurity-key
- Watch the webinar: "Causes and Consequences of Major Internet Outages in Africa in 2024" by ISOC (Note: The page doesn't throw a 404, it's the header image!) https://pulse.internetsociety.org/blog/webinar-causes-and-consequences-of-major-internet-outages-in-africa-in-2024-and-how-to-mitigate-them
- eIDAS is not yet dead! Please refresh your outrage with this Mozilla blog post. https://blog.mozilla.org/netpolicy/2024/11/07/behind-the-scenes-of-eidas-a-look-at-article-45-and-its-implications
- Citizen Lab analyzed the WeChat encryption protocol. https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol
- Open Tech Fund fellow Sam Ju examines how Real-Name Registration policies create an “ideological firewall” that chills dissent by eliminating user anonymity and selectively restricting transnational access to Chinese social media apps. https://www.opentech.fund/news/chinas-new-effort-to-achieve-cyber-sovereignty
- The Social Media Exchange in Lebanon has a newsletter about tech and human rights in the region. This edition is an excellent roundup of the situation in Palestine https://us14.campaign-archive.com/?u=826654fd38268e580b78623b6&id=a5c9673ca6
- Apple claims that because you might choose bad software, you shouldn’t be able to choose software, period. https://www.eff.org/deeplinks/2024/10/eu-apple-let-users-choose-their-software-apple-nah
- An analysis of Myanmar’s firewall https://humanrightsmyanmar.org/wp-content/uploads/2024/10/HRM-the-great-firewall-of-myanmar.pdf; read more about digital repression in Myanmar https://www.apc.org/en/node/40396
- Digital Public Infrastructure woes: Two undergraduate students found bugs and fraud in the South African government's grant application system. https://www.citizen.co.za/news/sassa-social-grant-breach-parliament
- Global Encryption Day reflections from Tech Radar https://www.techradar.com/computing/computing-security/i-attended-the-2024-encryption-summit-here-are-my-5-takeaways
- You must read Afsaneh Rigot: "The Weaponization of Things: Israel’s Techno-Violence, A Litmus Test for Technologists" https://www.techpolicy.press/the-weaponization-of-things-israels-technoviolence-a-litmus-test-for-technologists/
- 7amleh releases a report on the state of Gaza's telecoms infrastructure https://7amleh.org/2024/10/29/impact-of-war-on-gaza-s-telecommunications-infrastructure-en
Last month I attended the Decrypting Digital Authoritarianism conference in Florence. Below is the work-in-progress I presented.
Censorship and what to do about it
Keeping people connected in repressive regimes around the world is work that never ends. There are technical solutions from satellites to VPNs, but censorship and circumvention is a cat and mouse game. Policy solutions aside, any durable solve requires a conceptual shift from “breaking out” to “breaking through”. In other words, we can design circumvention into services to break through censorship, in addition to the ways status quo circumvention techniques support individuals to “break out” of censored environments. We start with the state of the art in censorship techniques and end with practical advice on how the technology being designed today can consider censorship and circumvent it with fit-for-purpose techniques.
Introduction
The internet is an open and decentralized technology, meaning that its architecture can support the full spectrum of network interoperability from fully free to heavily censored. For example both the US– a largely unregulated jurisdiction– and China– heavily controlled and isolated– both use the same technology that we think of as “the internet.”
However we consider the mutual benefits to networks and human rights in environments with minimal information controls, such as mass surveillance and blocking and filtering. We also consider both the internet and human rights frameworks to be global: All countries of the world have signed the Universal Declaration of Human Rights, just as all networks are ultimately connected to the singular global internet.
Differences across legal jurisdictions often lead to human rights gaps, and the same is true for network policies. In the latter case, bridging human rights gaps online are often efforts to combat information controls that range from privacy respecting protocols, software and applications to censorship circumvention. These tools give agency to end users. We also consider how the same techniques can protect and extend the communication needs of institutions.
This has required concerted efforts over more than a decade to properly measure the problem of censorship and develop fit-for-purpose solutions to circumvention, both of which continue to evolve. The following introduction provides a technical accounting of censorship as a practice and provides a brief overview of preventive/corrective circumvention tools. The discussion that follows suggests an architectural reframe in circumvention to better counter digital authoritarianism trends.
Technical explanations
Censorship – An entity in a position of power suppresses communication, including information and expression, through legal, martial, or other means.
Internet shutdown – Widespread censorship is achieved by disrupting access to the internet.
Circumvention – Technical approaches are used to overcome censorship at the network level to gain access to online resources, services, information and other material.
Service – Networked services use the internet to deliver content and facilitate communications. A service could refer to an internet connection itself, as well as to what can be done with the internet: web, email, messaging, cloud computing, sensing, etc.
Application, user agent, client – Used interchangeably, a person installs an application on a device to interact with a networked service, such as a browser for web services and “apps” for social media and messaging.
Operating system – A networked device runs some core software components that enable other applications to be downloaded, installed and used.
Protocol – Defining and implementing communications protocols allows for the distributed interoperation between services, devices and applications.
Documenting censorship
The recent publication of “RFC 9505: A Survey of Worldwide Censorship Techniques” describes “technical mechanisms employed in network censorship that regimes around the world use for blocking or impairing Internet traffic. It aims to make designers, implementers, and users of Internet protocols aware of the properties exploited and mechanisms used for censoring end-user access to information.” In parsing the key points from RFC 9505, a meticulous analysis unfolds, detailing the technical underpinnings of censorship and their implications for end-user access to content and services.
RFC 9505 describes and documents the technical mechanisms that censorship regimes around the world use for blocking or impairing Internet traffic in terms of the implications for end-user access to content and services. It identifies a range of possible techniques, and real world examples from censorship regimes around the world, for each intervention:
- prescription (technical articulation of what to block);
- identification (locating what to block at the application, transport, or network layer) by
- IP address,
- DNS, domain or URL,
- keyword use in deep-packet inspection, and
- traffic fingerprint or protocol used; and
- interference (the blocking).
While censorship techniques may continue to evolve, RFC 9505 defines the chokepoints of the internet’s architecture. If the internet is to remain the foundation of our global communications systems, then it must remain resilient and mitigate censorship. This requires both improving internet protocols to be resistant to censorship and developing better, more durable and “baked-in” mechanisms to circumvent blockages imposed by censorship and other forces.
Many other institutions measure and report on specific techniques, real-time status of blockages and other crucial data to understand censorship in the field of measurement studies.
Measuring circumvention
Internet censorship is better understood thanks to many measurement initiatives from reporting outages in real time to building a data lake over time. The breadth and depth of measurement techniques continue to grow as censorship techniques proliferate. There are key research findings that have fundamentally changed the approach to censorship circumvention away from closed-source solutions, to be aware of traffic fingerprinting, and that the market is unlikely to support circumvention.
The most notable circumvention and privacy tools are Psiphon, Tor, Signal, and Telegram, considered somewhat of a “movement” against digital authoritarianism. Despite being in use for more than a decade, they persist in information controlled environments and remain popular. Each have innovated over the years: Tor’s latest innovation in resilience “comes from the use of numerous, ultralight, temporary proxies (“snowflakes”), which accept and forward traffic from censored clients.” Signal remains available despite regional blocks due to its implementation of in-app circumvention proxying achieved with a technique called domain fronting. WhatsApp leverages configurable proxies as measurement findings indicate that proxy servers also situated within the information controlled environment are more effective because they do not stick out.
The heavy overreliance on VPNs to circumvent blockages persists. VPNs are easily identified or fingerprinted and either their traffic is blocked or the apps are blocked or de-listed from download. And while high-privacy, end-to-end encrypted messaging apps like Signal have certainly considered in-app censorship circumvention because they have faced filtering and blocking in various jurisdictions, there are potentially many more end user applications on the market that have not yet taken steps to ensure their services can be accessed in the case of an intentional or unintentional outage.
Most circumvention efforts are rightly focussed on implementations in tools used by at-risk users like protestors, journalists, human rights defenders, especially in authoritarian jurisdictions. However we look at a more widely implementable architecture of circumvention that could be supported by both network and market effects to thereby normalize the practice of circumvention. We aim to enlist the private sector in provisioning backend proxying and traffic shaping as a service and a feature for “normal” applications. For an example of implementing circumvention in a service, we turn to a notable case study in the news website Meduza.
Case study: Meduza
Meduza is a prominent news outlet known for its coverage of Russia's invasion of Ukraine. Meduza offers a mobile app available on both iOS and Android. This app provides users with credible news and magazine content while implementing features designed to circumvent censorship.
Censors may impede users from downloading the Meduza app by blocking app downloads based on IP addresses or domains. Additionally, Deep Packet Inspection (DPI) can be employed to restrict access. Censors may also pressure search engines and app stores to de-list or ban the app, further hindering users' ability to locate it.
Accessing Meduza’s website directly poses additional challenges for users within jurisdictions that block content through IP or domain restrictions, DPI, or de-listing. De-listing prevents users from discovering the website via web searches or social media, and external technical interventions cannot rectify this limitation.
When users wish to access an IP-, DNS-, or DPI-blocked site such as Meduza, they can utilize browser extensions like Runet Blockage Bypass, which is based on Russia’s unified register of prohibited information. Another option is Censor Tracker, which not only assists in bypassing restrictions but also alerts users if a visited site is likely to track them or comply with information requests from Russian authorities. To further combat censorship, browsers could implement allowlisting mechanisms similar to Safe Browsing, which identifies and blocks malware.
To identify blocked sites, browsers may utilize lists such as Rosco’s. Organizations like NetBlocks or other trusted entities could assist browsers in disseminating allowlists to users in affected jurisdictions.
Given the heavy censorship that Meduza faces the organization has proactively integrated circumvention strategies into its service. Once users are able to get the application installed on their devices, the Meduza app detects when it is blocked and circumvents the block, potentially using any number of techniques, most likely including the use of third-party hosts to proxy its traffic. This approach not only facilitates access to information but also supports the broader ideals of free expression and privacy at the service level rather than requiring action on the part of end users.
Discussion
In an era where the internet is not just a conduit for information but a geopolitical battleground, the architecture of the internet holds immense sway over the contours of our global landscape. The economic fragmentation in a post-neoliberal era finds resonance in internet fragmentation, whereby states are increasing the sovereign control of their digital borders. Herein lies a delicate balance between sovereignty with interoperability: the means by which jurisdictions take control of internet traffic while communications and commerce remain open is a deeply technical matter.
Most market solutions to this problem are found in the device-side installation of Virtual Private Network (VPN) apps. However the basic premise that all of one’s device traffic is routed through a VPN service provider exposes users to privacy and security risks. The trust ecosystem for VPNs is dire. Furthermore users are often uninformed about proper use and configuration of VPNs. Essentially a good VPN is a VPN that chooses not to be a bad VPN.
Moving circumvention into the service creates a more direct trust relationship. The user already trusts the service– Meduza, WhatsApp and Signal are all known examples of service circumvention– and therefore the user does not need to place additional trust in another provider. Focussing on the low-privacy or mass market applications, this shifts the wider best practice towards circumvention in services, thereby protecting the more targeted applications from signaling their unique value to at-risk populations.
Circumvention as a service
Most VPNs provide multiple products that use the same infrastructure– it could be an app, a browser extension, or a set of configuration settings for the device operating system or wifi router. Like a browser extension, those same VPNs could support other applications to activate circumvention for users facing filtering, blocking and internet shutdowns. The next step would be to help service developers use VPN infrastructure in their applications. One example is Outline, a VPN framework that is protocol agnostic and also allows configurable proxying. They’ve released a software development kit (Outline SDK) that democratizes and extends circumvention infrastructure to any technology project.
Furthermore cloud providers could offer domain fronting, proxying and other circumvention techniques as a service, on top of the managed hosting and other products that underlie the web’s most popular end user services. For example, using Google.com as a domain front leveraged the “too big to block” nature of the many services Google offers, thereby allowing users to reach the service being fronted.
Websites that are “too benign to block” can also front domain traffic perhaps in solidarity with social causes, for example the censorship faced in Ukraine. This can be done in a safe manner for the fronting website by cooperating with the censored service, say, and not allowing any and all websites to be fronted.
On the other hand, having users send their traffic with domain fronting means that the transport encryption security is disrupted– a third-party has access to the metadata of an https header including server name indicator (SNI) and the IP address of the user. WhatsApp and Outline SDK proxy configuration handles this insecurity with a technique called triangular routing. A new extension to the transport encryption protocol TLS, called Encrypted Client Hello (ECH), would hide the SNI, though adoption is not yet widespread for it to be effective. Encrypted DNS lookup is another innovation that helps the user to hide the metadata of their connections to censored services.
Future research
There are potentially additional avenues for research and optimisation for privacy measures in domain fronting. More research is needed to determine if there are vulnerabilities or attacks enabled by this architectural shift either to the service, or the cloud provider fronting traffic.
One worry is that the proliferation of censorship circumvention techniques in major network services might trigger law enforcement pushing back against the extra layer of encryption.
Another issue is optimisation and efficiency such that circumvention features are only available when the service is blocked and at that time the user has the opportunity to switch to “circumvention mode”. In browser circumvention requires some cooperation with measurement or pre-loaded blocklists as in the case of Meduza.
Lastly circumvention for services that are not end-to-end encrypted as in the case of secure messaging, does pose risks to user data, which is one important consideration for privacy advocates when services go into partnership. However it is important to note that when services are already hosted on a cloud platform, that platform is ostensibly receiving this data anyway and so for the host to offer domain fronting is unlikely to introduce additional security and privacy issues.
Conclusions
The consolidated nature of today’s internet means that almost nothing can be done about censorship without the help of powerful platforms. From large content delivery networks (CDNs) to cloud hosting, the sheer volume of traffic and resources like IP addresses and autonomous system interconnections mean that if not directly part of the solution, big tech companies have a role to play. Cloud and networking service providers can consider supporting internet freedom circumvention tools in the following ways:
- Resist de-listing and takedowns of Wordpress, service hosting, DNS filtering as well as requests for information about customers.
- Domain fronting as a service on a case-by-base basis, in cooperation with censored services for example offering “magic links”.
- Proxying as a service, especially for managed hosts with a presence in information controlled areas where in-country traffic avoids suspicion.
- Whitelist tools, exit nodes and proxies by IP address and domain, for example allowing unthrottled Tor traffic across networks.
- Build circumvention tools into CDN and cloud products to easily plug into applications and services that help their users circumvent potential blocks in as many countries as possible.
- Provide third-party marketplaces so that internet freedom tools can provide these services, too, and drive innovation in the space.
- Facilitate and encourage widespread adoption of ECH and encrypted DNS lookup.
- Cushion surges in use with cloud-provider insurance to provide financial protection against losses due to adverse internet freedom events, if those companies demonstrate they have donated compute credits to censorship circumvention tools.
Cloud providers are reluctant to promote their services as being anti-censorship, even though many of their pro-privacy products achieve these effects, such as encrypted client hello. The more widespread the practice of supporting circumvention in the internet infrastructure industry, the easier it will be for the “too big to block” providers to go public and even brag about their support for free expression and right to information without risk. This is the highest-order ask: Cover internet freedom projects in networked multinationals. The same techniques could also be employed by “too benign to block,” say commercial or otherwise innocuous websites could cooperate within a pool to help hide traffic to and from sources that risk being blocked and filtered.
Further reading
Fifield, David, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. “Blocking-Resistant Communication through Domain Fronting.” Proceedings on Privacy Enhancing Technologies 2015, no. 2 (June 1, 2015): 46–64. https://doi.org/10.1515/popets-2015-0009.
Hall, Joseph Lorenzo, Michael D. Aaron, Amelia Andersdotter, Ben Jones, Nick Feamster, and Mallory Knodel. “A Survey of Worldwide Censorship Techniques.” Request for Comments. Internet Engineering Task Force, November 2023. https://doi.org/10.17487/RFC9505.
Internet Society. “An Overview of Internet Content Blocking.” Accessed October 20, 2024. https://www.internetsociety.org/resources/doc/2017/internet-content-blocking/.
Ramesh, Reethika, Anjali Vyas, and Roya Ensafi. “‘All of Them Claim to Be the Best’: Multi-Perspective Study of VPN Users and VPN Providers.” arXiv, September 28, 2022. http://arxiv.org/abs/2208.03505.
Tschantz, Michael Carl, Sadia Afroz, Name Withheld On Request, and Vern Paxson. “SoK: Towards Grounding Censorship Circumvention in Empiricism.” In 2016 IEEE Symposium on Security and Privacy (SP), 914–33. San Jose, CA, USA: IEEE, 2016. https://doi.org/10.1109/SP.2016.59.