rfc9505v3.txt   rfc9505.txt 
skipping to change at line 14 skipping to change at line 14
Category: Informational M. D. Aaron Category: Informational M. D. Aaron
ISSN: 2070-1721 CU Boulder ISSN: 2070-1721 CU Boulder
A. Andersdotter A. Andersdotter
B. Jones B. Jones
N. Feamster N. Feamster
U Chicago U Chicago
M. Knodel M. Knodel
Center for Democracy & Technology Center for Democracy & Technology
October 2023 November 2023
A Survey of Worldwide Censorship Techniques A Survey of Worldwide Censorship Techniques
Abstract Abstract
This document describes technical mechanisms employed in network This document describes technical mechanisms employed in network
censorship that regimes around the world use for blocking or censorship that regimes around the world use for blocking or
impairing Internet traffic. It aims to make designers, implementers, impairing Internet traffic. It aims to make designers, implementers,
and users of Internet protocols aware of the properties exploited and and users of Internet protocols aware of the properties exploited and
mechanisms used for censoring end-user access to information. This mechanisms used for censoring end-user access to information. This
skipping to change at line 101 skipping to change at line 101
6. Non-technical Interference 6. Non-technical Interference
6.1. Manual Filtering 6.1. Manual Filtering
6.2. Self-Censorship 6.2. Self-Censorship
6.3. Server Takedown 6.3. Server Takedown
6.4. Notice and Takedown 6.4. Notice and Takedown
6.5. Domain Name Seizures 6.5. Domain Name Seizures
7. Future Work 7. Future Work
8. IANA Considerations 8. IANA Considerations
9. Security Considerations 9. Security Considerations
10. Informative References 10. Informative References
Contributors Acknowledgments
Authors' Addresses Authors' Addresses
1. Introduction 1. Introduction
Censorship is where an entity in a position of power -- such as a Censorship is where an entity in a position of power -- such as a
government, organization, or individual -- suppresses communication government, organization, or individual -- suppresses communication
that it considers objectionable, harmful, sensitive, or inconvenient that it considers objectionable, harmful, sensitive, or inconvenient
[WP-Def-2020]. Although censors that engage in censorship must do so [WP-Def-2020]. Although censors that engage in censorship must do so
through legal, military, or other means, this document focuses through legal, martial, or other means, this document focuses largely
largely on technical mechanisms used to achieve network censorship. on technical mechanisms used to achieve network censorship.
This document describes technical mechanisms that censorship regimes This document describes technical mechanisms that censorship regimes
around the world use for blocking or impairing Internet traffic. See around the world use for blocking or impairing Internet traffic. See
[RFC7754] for a discussion of Internet blocking and filtering in [RFC7754] for a discussion of Internet blocking and filtering in
terms of implications for Internet architecture rather than end-user terms of implications for Internet architecture rather than end-user
access to content and services. There is also a growing field of access to content and services. There is also a growing field of
academic study of censorship circumvention (see the review article of academic study of censorship circumvention (see the review article of
[Tschantz-2016]), results from which we seek to make relevant here [Tschantz-2016]), results from which we seek to make relevant here
for protocol designers and implementers. for protocol designers and implementers.
skipping to change at line 186 skipping to change at line 186
cases, these private services attempt to categorize every semi- cases, these private services attempt to categorize every semi-
questionable website to allow for meta-tag blocking. Similarly, they questionable website to allow for meta-tag blocking. Similarly, they
tune real-time content heuristic systems to map their assessments tune real-time content heuristic systems to map their assessments
onto categories of objectionable content. onto categories of objectionable content.
Countries that are more interested in retaining specific political Countries that are more interested in retaining specific political
control typically have ministries or organizations that maintain control typically have ministries or organizations that maintain
blocklists. Examples include the Ministry of Industry and blocklists. Examples include the Ministry of Industry and
Information Technology in China, the Ministry of Culture and Islamic Information Technology in China, the Ministry of Culture and Islamic
Guidance in Iran, and the organizations specific to copyright law in Guidance in Iran, and the organizations specific to copyright law in
France [HADOPI] and consumer protection laaw across the EU France [HADOPI] and consumer protection law across the EU
[Reda-2017]. [Reda-2017].
Content-layer filtering of images and video requires institutions or Content-layer filtering of images and video requires institutions or
organizations to store hashes of images or videos to be blocked in organizations to store hashes of images or videos to be blocked in
databases, which can then be compared, with some degree of tolerance, databases, which can then be compared, with some degree of tolerance,
to content that is sent, received, or stored using centralized to content that is sent, received, or stored using centralized
content applications and services [ekr-2021]. content applications and services [ekr-2021].
4. Technical Identification 4. Technical Identification
skipping to change at line 1101 skipping to change at line 1101
unrest in a country. unrest in a country.
Empirical Examples: Network disconnections tend to only happen in Empirical Examples: Network disconnections tend to only happen in
times of substantial unrest, largely due to the huge social, times of substantial unrest, largely due to the huge social,
political, and economic impact such a move has. One of the first, political, and economic impact such a move has. One of the first,
highly covered occurrences was when the junta in Myanmar employed highly covered occurrences was when the junta in Myanmar employed
network disconnection to help junta forces quash a rebellion in 2007 network disconnection to help junta forces quash a rebellion in 2007
[Dobie-2007]. China disconnected the network in the Xinjiang region [Dobie-2007]. China disconnected the network in the Xinjiang region
during unrest in 2009 in an effort to prevent the protests from during unrest in 2009 in an effort to prevent the protests from
spreading to other regions [Heacock-2009]. The Arab Spring saw the spreading to other regions [Heacock-2009]. The Arab Spring saw the
the most frequent usage of network disconnection, with events in most frequent usage of network disconnection, with events in Egypt
Egypt and Libya in 2011 [Cowie-2011] and Syria in 2012 and Libya in 2011 [Cowie-2011] and Syria in 2012 [Thomson-2012].
[Thomson-2012]. Russia indicated that it would attempt to disconnect Russia indicated that it would attempt to disconnect all Russian
all Russian networks from the global Internet in April 2019 as part networks from the global Internet in April 2019 as part of a test of
of a test of the nation's network independence. Reports also the nation's network independence. Reports also indicate that, as
indicate that, as part of the test disconnect, Russian part of the test disconnect, Russian telecommunications firms must
telecommunications firms must now route all traffic to state-operated now route all traffic to state-operated monitoring points
monitoring points [Cimpanu-2019]. India saw the largest number of [Cimpanu-2019]. India saw the largest number of Internet shutdowns
Internet shutdowns per year in 2016 and 2017 [Dada-2017]. per year in 2016 and 2017 [Dada-2017].
5.3.2. Adversarial Route Announcement 5.3.2. Adversarial Route Announcement
More fine-grained and potentially wide-spread censorship can be More fine-grained and potentially wide-spread censorship can be
achieved with BGP hijacking, which adversarially re-routes BGP IP achieved with BGP hijacking, which adversarially re-routes BGP IP
prefixes incorrectly within a region and beyond. This restricts and prefixes incorrectly within a region and beyond. This restricts and
effectively censors the correctly known location of information that effectively censors the correctly known location of information that
flows into or out of a jurisdiction and will similarly prevent people flows into or out of a jurisdiction and will similarly prevent people
from outside your jurisdiction from viewing content generated outside from outside your jurisdiction from viewing content generated outside
that jurisdiction as the adversarial route announcement propagates. that jurisdiction as the adversarial route announcement propagates.
skipping to change at line 1143 skipping to change at line 1143
website. The new routes were announced to the ISP's upstream website. The new routes were announced to the ISP's upstream
providers and beyond. The entire Internet began directing YouTube providers and beyond. The entire Internet began directing YouTube
routes to Pakistan Telecom and continued doing so for many hours. In routes to Pakistan Telecom and continued doing so for many hours. In
2018, nearly all Google services and Google Cloud customers, like 2018, nearly all Google services and Google Cloud customers, like
Spotify, all lost more than one hour of service after Google lost Spotify, all lost more than one hour of service after Google lost
control of several million of its IP addresses. Those IP prefixes control of several million of its IP addresses. Those IP prefixes
were being misdirected to China Telecom, a Chinese government-owned were being misdirected to China Telecom, a Chinese government-owned
ISP [Google-2018], in a manner similar to the BGP hijacking of US ISP [Google-2018], in a manner similar to the BGP hijacking of US
government and military websites by China Telecom in 2010. ISPs in government and military websites by China Telecom in 2010. ISPs in
both Russia (2022) and Myanmar (2021) have tried to hijack the same both Russia (2022) and Myanmar (2021) have tried to hijack the same
Twitter prefix more than once [MANRS]. Twitter prefix more than once [Siddiqui-2022].
5.4. Multi-layer and Non-layer 5.4. Multi-layer and Non-layer
5.4.1. Distributed Denial of Service (DDoS) 5.4.1. Distributed Denial of Service (DDoS)
Distributed Denial of Service attacks are a common attack mechanism Distributed Denial of Service attacks are a common attack mechanism
used by "hacktivists" and malicious hackers. Censors have also used used by "hacktivists" and malicious hackers. Censors have also used
DDoS in the past for a variety of reasons. There is a wide variety DDoS in the past for a variety of reasons. There is a wide variety
of DDoS attacks [Wikip-DoS]. However, at a high level, two possible of DDoS attacks [Wikip-DoS]. However, at a high level, two possible
impacts from the attack tend to occur: a flood attack results in the impacts from the attack tend to occur: a flood attack results in the
skipping to change at line 1723 skipping to change at line 1723
Kravtsova, Y., "Cyberattacks Disrupt Opposition's Kravtsova, Y., "Cyberattacks Disrupt Opposition's
Election", The Moscow Times, October 2012, Election", The Moscow Times, October 2012,
<http://www.themoscowtimes.com/news/article/cyberattacks- <http://www.themoscowtimes.com/news/article/cyberattacks-
disrupt-oppositions-election/470119.html>. disrupt-oppositions-election/470119.html>.
[Leyba-2019] [Leyba-2019]
Leyba, K., Edwards, B., Freeman, C., Crandall, J., and S. Leyba, K., Edwards, B., Freeman, C., Crandall, J., and S.
Forrest, "Borders and gateways: measuring and analyzing Forrest, "Borders and gateways: measuring and analyzing
national as chokepoints", COMPASS '19: Proceedings of the national as chokepoints", COMPASS '19: Proceedings of the
2nd ACM SIGCAS Conference on Computing and Sustainable 2nd ACM SIGCAS Conference on Computing and Sustainable
Societies, pages 184194, DOI 10.1145/3314344.3332502, Societies, pages 184-194, DOI 10.1145/3314344.3332502,
July 2019, <https://doi.org/10.1145/3314344.3332502>. July 2019, <https://doi.org/10.1145/3314344.3332502>.
[Li-2017] Li, F., Razaghpanah, A., Molavi Kakhki, A., Akhavan Niaki, [Li-2017] Li, F., Razaghpanah, A., Molavi Kakhki, A., Akhavan Niaki,
A., Choffnes, D., Gill, P., and A. Mislove, "lib•erate, A., Choffnes, D., Gill, P., and A. Mislove, "lib•erate,
(n): a library for exposing (traffic-classification) rules (n): a library for exposing (traffic-classification) rules
and avoiding them efficiently", and avoiding them efficiently",
DOI 10.1145/3131365.3131376, November 2017, DOI 10.1145/3131365.3131376, November 2017,
<https://david.choffnes.com/pubs/liberate-imc17.pdf>. <https://david.choffnes.com/pubs/liberate-imc17.pdf>.
[Lomas-2019] [Lomas-2019]
Lomas, N., "Github removes Tsunami Democràtic's APK after Lomas, N., "Github removes Tsunami Democràtic's APK after
a takedown order from Spain", October 2019, a takedown order from Spain", October 2019,
<https://techcrunch.com/2019/10/30/github-removes-tsunami- <https://techcrunch.com/2019/10/30/github-removes-tsunami-
democratics-apk-after-a-takedown-order-from-spain/>. democratics-apk-after-a-takedown-order-from-spain/>.
[MANRS] Siddiqui, A., "Lesson Learned: Twitter Shored Up Its
Routing Security", March 2022,
<https://www.manrs.org/2022/03/lesson-learned-twitter-
shored-up-its-routing-security/>.
[Marczak-2015] [Marczak-2015]
Marczak, B., Weaver, N., Dalek, J., Ensafi, R., Fifield, Marczak, B., Weaver, N., Dalek, J., Ensafi, R., Fifield,
D., McKune, S., Rey, A., Scott-Railton, J., Deibert, R., D., McKune, S., Rey, A., Scott-Railton, J., Deibert, R.,
and V. Paxson, "An Analysis of China's "Great Cannon"", and V. Paxson, "An Analysis of China's "Great Cannon"",
August 2015, August 2015,
<https://www.usenix.org/system/files/conference/foci15/ <https://www.usenix.org/system/files/conference/foci15/
foci15-paper-marczak.pdf>. foci15-paper-marczak.pdf>.
[Muncaster-2013] [Muncaster-2013]
Muncaster, P., "Malaysian election sparks web blocking/ Muncaster, P., "Malaysian election sparks web blocking/
skipping to change at line 1922 skipping to change at line 1917
Applications", November 2013, Applications", November 2013,
<https://citizenlab.org/2013/11/asia-chats-analyzing- <https://citizenlab.org/2013/11/asia-chats-analyzing-
information-controls-privacy-asian-messaging- information-controls-privacy-asian-messaging-
applications/>. applications/>.
[Shbair-2015] [Shbair-2015]
Shbair, W. M., Cholez, T., Goichot, A., and I. Chrisment, Shbair, W. M., Cholez, T., Goichot, A., and I. Chrisment,
"Efficiently Bypassing SNI-based HTTPS Filtering", May "Efficiently Bypassing SNI-based HTTPS Filtering", May
2015, <https://hal.inria.fr/hal-01202712/document>. 2015, <https://hal.inria.fr/hal-01202712/document>.
[Siddiqui-2022]
Siddiqui, A., "Lesson Learned: Twitter Shored Up Its
Routing Security", March 2022,
<https://www.manrs.org/2022/03/lesson-learned-twitter-
shored-up-its-routing-security/>.
[SIDN-2020] [SIDN-2020]
Moura, G., "Detecting and Taking Down Fraudulent Webshops Moura, G., "Detecting and Taking Down Fraudulent Webshops
at the .nl ccTLD", February 2020, at the .nl ccTLD", February 2020,
<https://labs.ripe.net/Members/giovane_moura/detecting- <https://labs.ripe.net/Members/giovane_moura/detecting-
and-taking-down-fraudulent-webshops-at-a-cctld>. and-taking-down-fraudulent-webshops-at-a-cctld>.
[Singh-2019] [Singh-2019]
Singh, K., Grover, G., and V. Bansal, "How India Censors Singh, K., Grover, G., and V. Bansal, "How India Censors
the Web", DOI 10.48550/arXiv.1912.08590, December 2019, the Web", DOI 10.48550/arXiv.1912.08590, December 2019,
<https://arxiv.org/abs/1912.08590>. <https://arxiv.org/abs/1912.08590>.
skipping to change at line 2091 skipping to change at line 2092
DOI 10.48550/arXiv.1107.3794, July 2011, DOI 10.48550/arXiv.1107.3794, July 2011,
<http://arxiv.org/ftp/arxiv/papers/1107/1107.3794.pdf>. <http://arxiv.org/ftp/arxiv/papers/1107/1107.3794.pdf>.
[Zmijewski-2014] [Zmijewski-2014]
Zmijewski, E., "Turkish Internet Censorship Takes a New Zmijewski, E., "Turkish Internet Censorship Takes a New
Turn", Wayback Machine archive, March 2014, Turn", Wayback Machine archive, March 2014,
<http://web.archive.org/web/20200726222723/ <http://web.archive.org/web/20200726222723/
https://blogs.oracle.com/internetintelligence/turkish- https://blogs.oracle.com/internetintelligence/turkish-
internet-censorship-takes-a-new-turn>. internet-censorship-takes-a-new-turn>.
Contributors Acknowledgments
This document benefited from discussions with and input from David This document benefited from discussions with and input from David
Belson, Stéphane Bortzmeyer, Vinicius Fortuna, Gurshabad Grover, Belson, Stéphane Bortzmeyer, Vinicius Fortuna, Gurshabad Grover,
Andrew McConachie, Martin Nilsson, Michael Richardson, Patrick Vacek, Andrew McConachie, Martin Nilsson, Michael Richardson, Patrick Vacek,
and Chris Wood. and Chris Wood.
Coauthor Hall performed work on this document before employment at
the Internet Society, and his affiliation listed in this document is
for identification purposes only.
Authors' Addresses Authors' Addresses
Joseph Lorenzo Hall Joseph Lorenzo Hall
Internet Society Internet Society
Email: hall@isoc.org Email: hall@isoc.org
Michael D. Aaron Michael D. Aaron
CU Boulder CU Boulder
Email: michael.drew.aaron@gmail.com Email: michael.drew.aaron@gmail.com
 End of changes. 11 change blocks. 
22 lines changed or deleted 27 lines changed or added

This html diff was produced by rfcdiff 1.48.