SlideShare a Scribd company logo

The Anatomy of Web Censorship in Pakistan

Zubair Nabi
Zubair Nabi

This document summarizes a study on internet censorship in Pakistan. It found that censorship mechanisms in Pakistan were upgraded in mid-2013 from ISP-level blocking to centralized blocking at the internet exchange point (IXP) level. Most websites were blocked through DNS redirection, while some used HTTP redirection. After the upgrade, blocking was done through 200 response packets injected at the IXP level. Public VPNs and web proxies were popular ways for citizens to circumvent restrictions.

TechnologyBusiness
1 of 23
Download to read offline
The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
ISP-level Warning Screens
Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
Q?

Recommended

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud StacksZubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondZubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: VirtualizationZubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldZubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application ScriptingZubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS HybridsZubair Nabi
 

Recommended

Topic 13: Cloud Stacks
Topic 13: Cloud StacksTopic 13: Cloud Stacks
Topic 13: Cloud StacksZubair Nabi
 
AOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondAOS Lab 10: File system -- Inodes and beyond
AOS Lab 10: File system -- Inodes and beyondZubair Nabi
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 11: Virtualization
AOS Lab 11: VirtualizationAOS Lab 11: Virtualization
AOS Lab 11: VirtualizationZubair Nabi
 
Raabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldRaabta: Low-cost Video Conferencing for the Developing World
Raabta: Low-cost Video Conferencing for the Developing WorldZubair Nabi
 
MapReduce Application Scripting
MapReduce Application ScriptingMapReduce Application Scripting
MapReduce Application ScriptingZubair Nabi
 
MapReduce and DBMS Hybrids
MapReduce and DBMS HybridsMapReduce and DBMS Hybrids
MapReduce and DBMS HybridsZubair Nabi
 
AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversZubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tablesZubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: SchedulingZubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System callsZubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksZubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!Zubair Nabi
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationZubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data StackZubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationZubair Nabi
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingZubair Nabi
 
Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensApril Smith
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanMichele Thomas
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateDeploy360 Programme (Internet Society)
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globallyAPNIC
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]APNIC
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatEDINA, University of Edinburgh
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_AfricaMichael Otieno
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptxstevenmsusa
 

More Related Content

Viewers also liked

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!Zubair Nabi
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversZubair Nabi
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tablesZubair Nabi
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: SchedulingZubair Nabi
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System callsZubair Nabi
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksZubair Nabi
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!Zubair Nabi
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationZubair Nabi
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data StackZubair Nabi
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationZubair Nabi
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingZubair Nabi
 

Viewers also liked (11)

AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!AOS Lab 1: Hello, Linux!
AOS Lab 1: Hello, Linux!
 
AOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device DriversAOS Lab 8: Interrupts and Device Drivers
AOS Lab 8: Interrupts and Device Drivers
 
AOS Lab 7: Page tables
AOS Lab 7: Page tablesAOS Lab 7: Page tables
AOS Lab 7: Page tables
 
AOS Lab 6: Scheduling
AOS Lab 6: SchedulingAOS Lab 6: Scheduling
AOS Lab 6: Scheduling
 
AOS Lab 5: System calls
AOS Lab 5: System callsAOS Lab 5: System calls
AOS Lab 5: System calls
 
AOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocksAOS Lab 9: File system -- Of buffers, logs, and blocks
AOS Lab 9: File system -- Of buffers, logs, and blocks
 
AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!AOS Lab 2: Hello, xv6!
AOS Lab 2: Hello, xv6!
 
Topic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and VirtualizationTopic 14: Operating Systems and Virtualization
Topic 14: Operating Systems and Virtualization
 
The Big Data Stack
The Big Data StackThe Big Data Stack
The Big Data Stack
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
 
Topic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and NetworkingTopic 15: Datacenter Design and Networking
Topic 15: Datacenter Design and Networking
 

Similar to The Anatomy of Web Censorship in Pakistan

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensApril Smith
 
Online Privacy
Online PrivacyOnline Privacy
Online PrivacyIWMW
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanMichele Thomas
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globallyAPNIC
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]APNIC
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptxstevenmsusa
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE PresentationBob Radvanovsky
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform遵共 陳
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaAFRINIC
 
Kick starting Network Automation
Kick starting Network AutomationKick starting Network Automation
Kick starting Network AutomationWalid Shaari
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsCDNetworks
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018Rakesh S V Reddy
 

Similar to The Anatomy of Web Censorship in Pakistan (20)

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring project
 
A Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP LensA Look At The Consequences Of Internet Censorship Through An ISP Lens
A Look At The Consequences Of Internet Censorship Through An ISP Lens
 
Online Privacy
Online PrivacyOnline Privacy
Online Privacy
 
Analyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In PakistanAnalyzing Internet Censorship In Pakistan
Analyzing Internet Censorship In Pakistan
 
ION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment UpdateION Toronto - IPv6 Deployment Update
ION Toronto - IPv6 Deployment Update
 
IPv6 readiness globally
IPv6 readiness globallyIPv6 readiness globally
IPv6 readiness globally
 
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
Vietnam IPv6 Readiness Measurement, by Nguyen Tien Dzung [APRICOT 2015]
 
COBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF SecretariatCOBWEB: Brief Introduction, GBIF Secretariat
COBWEB: Brief Introduction, GBIF Secretariat
 
OC_Offline_Africa
OC_Offline_AfricaOC_Offline_Africa
OC_Offline_Africa
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
Final Project Presentation.pptx
Final Project Presentation.pptxFinal Project Presentation.pptx
Final Project Presentation.pptx
 
Socialforum2011 04-02
Socialforum2011 04-02Socialforum2011 04-02
Socialforum2011 04-02
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation
 
2 ning so cso and open network platform
2 ning so cso and open network platform2 ning so cso and open network platform
2 ning so cso and open network platform
 
State of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in AfricaState of Internet measurement Infrastructure/tools in Africa
State of Internet measurement Infrastructure/tools in Africa
 
Web identity part1
Web identity part1Web identity part1
Web identity part1
 
A density based clustering approach for web robot detection
A density based clustering approach for web robot detectionA density based clustering approach for web robot detection
A density based clustering approach for web robot detection
 
Kick starting Network Automation
Kick starting Network AutomationKick starting Network Automation
Kick starting Network Automation
 
Reaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud ApplicationsReaching China with Your Website & Cloud Applications
Reaching China with Your Website & Cloud Applications
 
Web tracking summer symposium 2018
Web tracking summer symposium 2018Web tracking summer symposium 2018
Web tracking summer symposium 2018
 

More from Zubair Nabi

Lab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetLab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetZubair Nabi
 
Topic 12: NoSQL in Action
Topic 12: NoSQL in ActionTopic 12: NoSQL in Action
Topic 12: NoSQL in ActionZubair Nabi
 
Lab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraLab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraZubair Nabi
 
Topic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageTopic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageZubair Nabi
 
Topic 11: Google Filesystem
Topic 11: Google FilesystemTopic 11: Google Filesystem
Topic 11: Google FilesystemZubair Nabi
 
Lab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationLab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationZubair Nabi
 
Topic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesTopic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesZubair Nabi
 
Topic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmTopic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmZubair Nabi
 
Lab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPILab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPIZubair Nabi
 
Topic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsTopic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsZubair Nabi
 

More from Zubair Nabi (11)

Lab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using MininetLab 5: Interconnecting a Datacenter using Mininet
Lab 5: Interconnecting a Datacenter using Mininet
 
Topic 12: NoSQL in Action
Topic 12: NoSQL in ActionTopic 12: NoSQL in Action
Topic 12: NoSQL in Action
 
Lab 4: Interfacing with Cassandra
Lab 4: Interfacing with CassandraLab 4: Interfacing with Cassandra
Lab 4: Interfacing with Cassandra
 
Topic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and StorageTopic 10: Taxonomy of Data and Storage
Topic 10: Taxonomy of Data and Storage
 
Topic 11: Google Filesystem
Topic 11: Google FilesystemTopic 11: Google Filesystem
Topic 11: Google Filesystem
 
Lab 3: Writing a Naiad Application
Lab 3: Writing a Naiad ApplicationLab 3: Writing a Naiad Application
Lab 3: Writing a Naiad Application
 
Topic 9: MR+
Topic 9: MR+Topic 9: MR+
Topic 9: MR+
 
Topic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative ArchitecturesTopic 8: Enhancements and Alternative Architectures
Topic 8: Enhancements and Alternative Architectures
 
Topic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce ParadigmTopic 7: Shortcomings in the MapReduce Paradigm
Topic 7: Shortcomings in the MapReduce Paradigm
 
Lab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPILab 1: Introduction to Amazon EC2 and MPI
Lab 1: Introduction to Amazon EC2 and MPI
 
Topic 6: MapReduce Applications
Topic 6: MapReduce ApplicationsTopic 6: MapReduce Applications
Topic 6: MapReduce Applications
 

Recently uploaded

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 

The Anatomy of Web Censorship in Pakistan

  • 1. The Anatomy of Web Censorship in Pakistan Zubair Nabi zubair.nabi@cantab.net Information Technology University, Pakistan* Presented by: Mobin Javed UC Berkeley * Now at IBM Research, Dublin
  • 2. This website is not accessible in Pakistan! ● ● ● ● First study of the cause, effect, and mechanism of Internet censorship in Pakistan Upgrade to centralized system in the middle of the study (May 2013) Censorship mechanism varies across websites: some blocked at the DNS level; others at the HTTP level Public VPN services and web proxies popular tools to bypass restrictions
  • 3. Outline ● Background: Pakistan and related work ● Methodology ● Results ● Alternative circumvention methods ● Summary ● Future work ● Qs
  • 4. Internet in Pakistan ● ● ● ● 16 million users or 9% of total population (World Bank, 2012) Out of the total Internet users, 64% access news websites (YouGov, 2011) Largest IXP (AS17557) owned by the state Internet, fixed-line telephony, cable TV, and cellular services regulation by the Pakistan Telecommunication Authority (PTA) – Also in charge of censorship
  • 5. History of Censorship ● ● 2006: 12 websites blocked for blasphemous content 2008: A number of YouTube videos blocked – IP-wide block via BGP misconfiguration – YouTube rendered inaccessible for the rest of the world for 2 hours
  • 6. History of Censorship (2) ● 2010: Facebook, YouTube, Flickr, and Wikipedia blocked in reaction to “Everybody Draw Muhammad Day” – PTA sanctioned to terminate any telecom service
  • 7. History of Censorship (3) ● 2012 (March): Government requests proposals for gatewaylevel blocking system – Filtering from domain level to sub-folder level – Blocking individual IPs and/or entire range – Plug-and-play hardware units, capable of blocking 50 million URLs ● Latency < 1ms
  • 8. History of Censorship (4) ● 2012 (September): Infinite ban on YouTube in retaliation to “Innocence of Muslims” – Disruption of other Google services due to IP sharing
  • 9. Related Work ● Verkamp and Gupta – – ● PlanetLab nodes and volunteer machines, 11 countries Key insight: censorship mechanisms vary across countries Mathrani and Alipour – – ● Private VPNs and volunteer nodes, 10 countries Key insight: restrictions applicable to all categories of websites: political, social, etc. Dainotti et al. – Internet blockage during the Arab Spring
  • 10. Methodology: Dataset ● Publicly available list with 597 websites ● Compiled in 2010 ● ● Not exhaustive but a fairly rich of complete domains and subdomains Dataset after cleaning: 307 websites – ● Redundant, broken, and duplicates removed Checked with a public VPN beforehand to ensure connectivity
  • 11. Methodology: Script ● Modified version of the CensMon system (FOCI '11) 1) DNS lookup ● Local and public (Google, Comodo, OpenDNS, Level3, and Norton) 2) IP blacklisting: TCP connection to port 80 3) URL keyword filtering: http://www.google.com/fooURL ● 404 Not Found under normal operation 4) HTTP filtering: HTTP request, log response packet ● Also, logs transient connectivity errors, such as timeouts
  • 12. Methodology: Networks ID Nature Location Network1 University Lahore Network2 University Lahore Network3 Home Lahore Network4 Home Islamabad Network5 Cellular (EDGE) Islamabad ● ● ● ● Network1 and 2: gigabit connectivity Network5 only used for post-April testing Tests performed at night time to minimize interaction with normal traffic Performed on multiple occasions for precision
  • 13. Results: Pre-April ● Most websites blocked at DNS-level – Local DNS: “Non-Existent Domain” (NXDOMAIN) – Public DNS: NXDOMAIN for Google DNS and Level3 NXDOMAIN redirector in case of Norton DNS, Comodo, and OpenDNS No evidence of IP or URL-keyword filtering ● ● ● Some websites filtered through HTTP 302 redirection – Triggered by hostname and object URI – Done at the ISP level
  • 15. Results: Post-April ● HTTP 302 redirection replaced with IXP-level 200 packet injection – Triggered by hostname and URI – Because of the 200 code, the browser believes it's a normal response ● ● ● Stops it from fetching content from the intended destination Original TCP connection times out Same response packet and screen across ISPs – Except Network4 (still under the influence of preApril censoring)
  • 16. IXP-level Warning Screen ● ● Same results reported by “The Citizen Lab” in parallel in June, 2013 System attributed to the Canadian firm Netsweeper Inc. – Also applicable to Qatar, UAE, Kuwait, and Yemen
  • 17. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 18. Results: Survey ● 67 respondents – ● ● Results biased towards individuals with above-average computer skills Public VPN services, such as Hotspot Shield, most popular Web proxies also popular
  • 19. Alternative Circumvention: Web-based DNS ● ● ● Generally, web-based service can also be used for lookup Results show that same websites also blocked at HTTP-level Similar to South Korea – DNS filtering used for websites that resolve to a single site – HTTP-level mechanism exclusively used for websites with IPs shared across hostnames and filtering needs to be selective ● YouTube, Wikipedia, etc.
  • 20. Alternative Circumvention: CDNs and Search Engine Caches ● No URL-keyword filtering ● Blocked websites accessible via CoralCDN ● Cached pages of blocked content also accessible on Google, Bing, and Internet Archive
  • 21. Summary ● ● ● ● Pakistan has undergone an upgrade from ISPlevel to centralized IXP-level censorship Most websites blocked at the DNS level, while a small number at the HTTP level Websites blocked at the DNS level also blocked at HTTP-level Most citizens use public VPNs and web proxies to circumvent restrictions
  • 22. Future Work ● ● Expansion in the number of websites and networks Deeper analysis of DNS blockage – ● ● For instance, not clear if censoring module maintains a list of all resolvers and their redirectors or it queries the actual resolver each time Examination of side-effects of DNS injection (similar to China) Analysis of “Streisand Effect” in Pakistan – Early results look promising!
  • 23. Q?