Presentation given at the Oxford Internet Institute lunchtime seminar series on fine-grained mapping of internet censorship. Some basic information on mapping using DNS servers, and some preliminary mapping visualizations of DNS-based censorship in China.
This presentation also focused on legal and ethical issues in researching internet censorship.
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Fine-Grained Censorship Mapping
1. Introduction Information Sources Legality and Ethics Early Results Questions
Fine-Grained Censorship Mapping -
Information Sources, Legality and Ethics
Joss Wright
joss.wright@oii.ox.ac.uk
Oxford Internet Institute
University of Oxford
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 1/32
2. Introduction Information Sources Legality and Ethics Early Results Questions
1 Introduction
2 Information Sources
3 Legality and Ethics
4 Early Results
5 Questions
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 2/32
3. Introduction Information Sources Legality and Ethics Early Results Questions
Censorship
Almost every country engages in some
form of Internet filtering.
China’s “Golden Shield” is the classic
example.
Saudi Arabia presents perhaps the
most extreme filtering regime.
(OpenNet Initiative)
Many different technologies; many
different filtering targets; many different
rationales and justifications.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 3/32
4. Introduction Information Sources Legality and Ethics Early Results Questions
Censorship Technologies
We can classify filtering according to
their focus:
DNS Poisoning
IP Header Filtering (address or
protocol)
IP Content Filtering (keyword or
protocol)
Proxy Filtering
We can consider takedown, social
pressure, legislation as filtering, but will
focus on technology.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 4/32
5. Introduction Information Sources Legality and Ethics Early Results Questions
Limitations
A tradeoff between subtlety and
computational requirements.
Sophisticated methods require greater
computational resources.
At national scale, these can be severe.
Centralization can cause problems, as
seen with CleanFeed.
Central management also raises
administrative and organizational
burdens.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 5/32
6. Introduction Information Sources Legality and Ethics Early Results Questions
Localized Filtering
We can observe localized filtering in
response to local events.
We therefore see filtering differ across a
state, rather than homogeneity.
We also expect filtering to vary over
time.
We may expect organizations to have
one filtering regime, even across a
state.
This can reveal filtering tactics, methods,
reasoning, limitations.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 6/32
7. Introduction Information Sources Legality and Ethics Early Results Questions
Existing Work
HERDICT: crowdsources filtering
information from volunteer web users.
OpenNet Initiative: use volunteers and
direct means to examine filtering around
the world.
Both consider national-level filtering as
homogeneous.
Both also make judgements as to the
nature of filtering.
Political, religious, social
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 7/32
8. Introduction Information Sources Legality and Ethics Early Results Questions
Existing Approaches
HERDICT relies on users for information.
Visitors to the website report sites that
appear blocked.
The website actively presents potentially
blocked content, allowing users to verify
if it is blocked.
OpenNet Initiative’s methods vary, but
include direct investigation and liason
with volunteers in blocked regions.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 8/32
9. Introduction Information Sources Legality and Ethics Early Results Questions
Fine-Grained Sources
For fine-grained mapping we wish to
combine data gathered at various
locations with GeoIP data at the city
level.
GeoIP databases are increasingly cheap
and accurate.
The problem is to get readings from a
wide geographical distribution.
Ideally, not just blocking status but type of
blocking.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 9/32
10. Introduction Information Sources Legality and Ethics Early Results Questions
Limitations
Crowdsourcing or using
volunteers can be effective
if the tool is sufficiently
usable, but is limited:
Undirected, inconsistent
coverage.
Direct investigation is
expensive.
Ideally we desire direct
access to filtered internet
connections.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 10/32
11. Introduction Information Sources Legality and Ethics Early Results Questions
Direct Action
Direct access to other connections is
possible in some limited cases.
Tor exit nodes, and similar services
such as psiphon.
VPN services or remote shells.
Creatively-used public services –
webservers, IRC, bittorrent...
Access to DNS is very simple, and
directly addresses one major type of
filtering.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 11/32
12. Introduction Information Sources Legality and Ethics Early Results Questions
Direct Action Problems
Direct services are rare, especially in
countries with interesting filtering
regimes.
No-one wants to run Tor-like services
in filtered areas!
VPN services are also rare. Remote
shells are even more so.
These services are typically offered to
get past filtering, not get in.
Creative misuse of open services seems
the most fruitful option.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 12/32
13. Introduction Information Sources Legality and Ethics Early Results Questions
Direct Action Mechanisms
DNS is simple and effective for
detecting DNS filtering, but is not
very useful beyond that.
Tor and Tor-like services are rare,
but wonderful.
BitTorrent seems a likely
candidate, and we have been
investigating it, but consent is a
serious issue.
If only we could... botnets.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 13/32
14. Introduction Information Sources Legality and Ethics Early Results Questions
Legality and Ethics
Is it legal to access blocked
websites?
Is it ethical to ask someone else to
access blocked websites?
Consent for automated tools.
Is it legal to creatively abuse a
service, with or without malicious
intent?
Is it ethical to open a service
operator to repercussions
based around such misuse?
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 14/32
15. Introduction Information Sources Legality and Ethics Early Results Questions
Legal Concerns
HERDICT Legal FAQ: ”Rules vary by
country, but we know of no nation where it
is illegal for you to report information about
sites you cannot access.”
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 15/32
16. Introduction Information Sources Legality and Ethics Early Results Questions
Legal Concerns
Sites are sometimes blocked for serious
legal or societal reasons:
Pornography, homosexuality, lèse
majesté, insult to religion
Reporting sites as blocked may well be
legal, but detection attempts may cause
legal or social consequences.
When is the risk too small, and how can
we judge this against arbitrary cultural
contexts?
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 16/32
17. Introduction Information Sources Legality and Ethics Early Results Questions
Current Work
Retrieved a list of 278 DNS servers
across China from the APNIC WHOIS
database.
Selected the top 80 reported blocked
websites according to HERDICT.
Performed a DNS query for each site to
each server.
We have code to scan China for DNS
servers, but have not deemed it
necessary at this point.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 17/32
18. Introduction Information Sources Legality and Ethics Early Results Questions
Early Observations
Initial observations:
Many blocked sites are listed as
non-existent in the majority of DNS
servers tested.
Several servers return no result for most
blocked sites, but occasionally redirect
requests to other DNS servers before
doing so.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 18/32
19. Introduction Information Sources Legality and Ethics Early Results Questions
Early Observations
DNS poisoning is rife:
wujie.net 161 servers returned a
response to wujie.net directed to
only 9 separate IPs – none of which
offer services, and are unrelated to
wujie.net.
Many blocked sites do get genuine DNS
responses.
In many cases we simply get no result, or
a timeout.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 19/32
20. Next slide: map of China showing cities for which we have data.
. . . . . .
24. Next slide: Relative likelihood that the DNS server will return ‘no
result’ when asked for a censored website. Larger and redder dots are
more likely not to return a result.
Note that if a result is given, it is not necessarily correct. (See next
map.)
. . . . . .
26. Next slide: Relative likelihood that, if a DNS result is returned for a
given site, that it is a ‘lie’. Specifically, that the returned IP address does
not point to the requested domain or a related domain. Typically, these
false results point to a small number of IP addresses in Beijing.
. . . . . .
28. Introduction Information Sources Legality and Ethics Early Results Questions
Results of Visualization
We can clearly verify that filtering is
heterogeneous across China.
Some cities show little DNS filtering,
some return no results, some return
poisoned results, some do both!
Chengdu, Shenzhen, Shanghai are
notable “tech” cities, and have little
filtering.
Beijing is, perhaps surprisingly, relatively
permissive.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 28/32
29. Introduction Information Sources Legality and Ethics Early Results Questions
Caveats
Restricted list of DNS servers. I can get
more, but will have to portscan China
for them.
DNS server in a city does not represent
where the users originate.
These maps do not show how many
DNS servers were in each city, or give
any distinction between them.
78 DNS servers in Beijing, only 1 in
Xiamen.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 29/32
30. Introduction Information Sources Legality and Ethics Early Results Questions
Questions
What are the legal and, importantly,
ethical limits to what we can do in this
area?
What good services exist from which to
“bounce” connections?
Specifically, public services rather than
individual services.
Can we intelligently split on
organizational as well as geographical
lines.
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 30/32
31. Introduction Information Sources Legality and Ethics Early Results Questions
Questions
How can we best represent this
information?
What will we learn when we repeat
experiments over time looking for
patterns?
What questions would anyone like to
ask?
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 31/32
32. Introduction Information Sources Legality and Ethics Early Results Questions
The End
. . . . . .
Joss Wright Fine-Grained Censorship Mapping - Information Sources, Legality and Ethics: 32/32