Alternative Explanations



As someone who tests Internet censorship for a living I receive a lot of requests such as “is my website blocked in country x” or “why is my website blocked in country x, I don’t have anything on my site that country x would want to block” and so on. Determining that a website is inaccessible is different than determining if it is being deliberately blocked. And even when it is blocked there are often mundane, alternative explanations. There is also the country’s filtering infrastructure to account for. In countries that deploy a centralized filtering system blocked content is generally uniform. But other countries delegate filtering responsibilities to individual ISPs, in those cases there can be considerable differences.

In places such as Saudi Arabia, which has centralized filtering, when you visit a blocked site you receive a “block page” that informs you that the site has been deliberately blocked. Pretty straightforward. Still, there is one additional factor to consider. Saudi Arabia, Tunisia and several other Middle eastern and North African countries, use the commercial product SmartFilter (by U.S. company SecureComputing) to filter. Some of the sites are blocked because they appear on SmartFilter’s proprietary block list while others have been added by the Saudi authorities.

To account for this one can lookup a site in SmartFilter’s database and see how it is categorized. In countries that block the category pornography, for example, sites that are classified — or incorrectly classified — as porn will be blocked. (In Saudi Arabia specifically, they have added a tag to the blockpage that differentiates between SmartFilter blocked sites and sites the Saudi’s have added — it is reasonably accurate).

Although Tunisia deploys the same filtering software as Saudi Arabia they attempt to disguise their blockpage as a generic “Internet Explorer” 404 error. In the past ONI/HRW identified,tested and confirmed that misclassified sites — categorized as porn — were blocked in Tunisia because they filter SmartFilter’s pornography category.

The website http://www.dailymotion.com/ reported to be blocked in Tunisia. Although there are political videos hosted on the site that are critical of Tunisia the site is also categorized by SmartFilter as pornography. It is very easy to add websites — including specific URLs — to SmartFilter to block. This is what countries do when they add their own content to block — usually political content — on top of SmartFilter. If Tunisia added the block (they have to unblock it first because it is blocked as part of the pornography category) they could have just added the specific URLs, however, countries often do not care about collateral blocking. (See Thailand’s blocking of YouTube.) Still, I think that the more mundane — over-blocking as a result of SmartFilter categorization — applies to the Tunisian case.

In other countries, such as China and Pakistan, they block IP addresses. This causes all other sites hosted on that IP address to be blocked. If your site is hosted on a huge server farm it is quite possible that it is sharing a single IP with tens of thousands of other sites. If one of those sites is targeted, and they block the IP, your site will be blocked too. (A corollary of this is that if the host changes the IP your hosted on you will be accessible (sometimes mistaken for unblocking).

A recent report notes that the site www.communication-sensible.com is blocked in China. It is blocked in China, the IP address it is hosted on is blocked. However, It is hosted on a massive server farm. According to domaintools.com there are 39140 domains hosted on this IP address (213.186.33.19).

This IP has been flagged as hosting phishing sites and hosts porn sites (the IP is on squidguard’s block list and the IP is also on ProtectiveParenting’s proxy host list, proxies are used to circumvention censorship.)

In addition to blocking IP addresses China also uses uses tcp reset packets to terminate connections based on keywords. (See Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson’s paper “Ignoring the Great Firewall of China“)After triggering the filtering mechanism further connections between the two hosts will also be blocked for a varying period of time. The filtering is bi-directional — it affects in-bound traffic to China as well as outbound traffic from China.

I’ve found that for sites that are of particular concern, the domain itself (sometimes even a url path!) are added as keywords. It is important to remember that the keywords in the body content of a page do not trigger filtering, keywords that appear in a url path (get request, host header) trigger the filtering. By adding the domain name itself searches that contain the domain, unencrypted/unencoded proxies, search engine cache links, mirror sites that have the domain in the url and so forth are also all blocked. The domain www.communication-sensible.com is not blocked in this way.

Here is a post from 2005 showing that a traceroute request to 213.186.33.19 does not go past the Chinese backbone/gateway (where the filtering takes place). It is possible that this IP has been blocked since 2005.

Sometimes things are a bit more complicated than they seem, but hey, other times they are not.

7 comments.

  1. […] ICE: Internet Censorship Explorer ? Alternative Explanations A straightforward and easy to understand explanation of some comparative forms of internet filtering from Nart Villeneuve. Very useful for someone trying to figure out what sites are filtered in their country (tags: filtering censorship freespeech) […]

  2. nazionali col filtro…

    Nart Villeneuve illustra alcune tecniche di filtraggio applicate in rete da diverse nazioni.
    ……

  3. Nart Villeneuve illustra alcune tecniche di filtraggio applicate in rete da diverse nazioni.
    […]

  4. […] (ICE),the blog maintained by the Citizen Lab’s technical research director, Nart Villeneuve, has published an article (Alternative Explanations) about how SmartFilter (made by U.S. company SecureComputing) is […]

  5. […] blocked in Tunisia for almost a week. Citizen Lab’s technical research director, Nart Villeneuve who has been following the case concluded that dailymotion is most likely blocked because it has been categorized by SmartFilter – […]

  6. […] blocked in Tunisia for almost a week. Citizen Lab’s technical research director, Nart Villeneuve who has been following the case concluded that dailymotion is most likely blocked because it has been categorized by SmartFilter – […]

  7. […] blocked in Tunisia for almost a week. Citizen Lab’s technical research director, Nart Villeneuve who has been following the case concluded that dailymotion is most likely blocked because it has been categorized by SmartFilter – […]

Post a comment.