Deep Web and censorship

Pierluigi Paganini June 19, 2012


We clarified the use of anonymizing networks is not only related to criminal intents, they represent in fact a powerful instrument to elude censorship introduced by governments in critical areas of the planet. We have provided the examples of Syria and Iran, but the world is full of similar operations that introduce a detailed monitoring as part of a government cyber strategy.

Let’s take as example the Tor network and the censorship filtering made by governments to avoid that compromising news could be divulgated outside the country.

As descried TOR infrastructure uses SSL connection this means that in case of SSL filtering it is possible to block related traffic. It’s already happened for example early this year Iranian intelligence blocked SSL protocol on national networks, making impossible the use of TOR network and also bridged access to the network. Similar censorships have had a dramatic impact for freedom of expression and on free circulation of the information, Iran was one of the countries where the usage of tor network is more intense due fierce persecution of the regime against dissidents.

As we seen the Tor community replied to the censorship with the development of a tool to avoid filtering actions to restore the access to the TOR network.

Technically the filtering is implemented using Deep Packet Inspection (DPI) algorithms to the discrimination of Internet traffic made on the protocol.  The algorithms define the rules for traffic analysis based on the inspection both data part and header of each packet in transit for a specific control point.

Deep Packet Inspection enables advanced network management and security functions as well as internet data mining, eavesdropping, and censorship, and it is largely used by every government with purposes of crime prevention and defense for cyber attacks, but it is also used to reduce the openness of the Internet.

The most advanced filtering tools are provided by western companies that have catch the opportunity of business represented by censorship applied by countries such as China, Iran and Syria.

Very interesting are some projects related the Tor network and to its final purpose, internet freedom, the Tor developers Arturo Filasto and Jacob Appelbaum have released OONI-probe.

OONI is the Open Observatory for Network Interference and its aim is to collect high quality data using open methodologies, using Free and Open Source Software (FL/OSS) to share observations and data about the kind, methods and amount of surveillance and censorship in the world.

Similar projects have been promoted to defend human rights and the observation of the levels of surveillance, censorship, and networked discrimination.

Basically OONI project has developed an open-source software tool, installable on every PC connected to the network, to collect data to analyze network interferences.

Unlike other censorship tracking projects like HerdictWeb or the Open Net Initiative, OONI will allow anyone to run the testing application and share their results publicly.

Figura 1 – Herdict Censorship Monitoring

The most famous interferences discovered with the tool are the censorship by T-Mobile of its prepaid phones’ browser and also by the Palestinian Authority to block opposition websites. In this Palestinian case the minister responsible for the censorship was forced to resign.

Figura 2 – OONI – Palestinian Censorship


One of the main sources of information regarding the monitoring and surveillance activities on internet is represented by OpenNet Initiative project that collects global data on Internet filtering using technical and contextual tools. The project produces detailed report on internet control made in every country of the world, distinguishing the type of control and also the filtering type (e.g. Selective filtering, Substantial filtering,Pervasive filtering).


Figura 3 – OpenNet Initiative

As we have demonstrated the monitoring of internet is worldwide recognized as a primary goal for governments, internet users are seeing their freedom of expression constantly menaced by implementation of filtering mechanisms for different purposes, due this reason as we will see many organization are promoting the development of tools to elude censorship mechanism, obfsproxy is certainly one of the most important.

Obfsproxy tool

We have just introduced monitoring and filter operations to block traffic to avoid free internet access discovering also that in many cases the implementation of DPI system could interfere also with the access to Tor network.

Tor community has developed a specific tool, obfsproxy that attempts to circumvent censorship, operating a tunneling of the Tor traffic between the client and the bridge servers. The communications between user’s client and bridges are usually addressed by applications for traffic monitoring that are able to detect Tor traffic blocking it.

The traffic is suitably disguised in order to circumvent the control activities, this is possible through operation of encoding and decoding operated by the interlocutors of the communication. Obfstool tool supports multiple protocols for traffic transformation, called pluggable transports, for example, there might be a HTTP transport which transforms Tor traffic to look like regular HTTP traffic. The Tor team praises the “obfs2” module that adds an encryption wrapper around Tor’s traffic, using a handshake that has no recognizable byte patterns.


The Iranian censorship an opportunity to test the obfsproxy tool

On February 10, the Iranian Tor users were unable to access to Tor network because the government had begun blocking all SSL/TLS traffic. The regime is reportedly blocking HTTPS security protocol, and preventing the use of software residents use to bypass the state-run firewall. As result of the censorship operation all Google services such as gmail were inaccessible and also any website that replies on https.

Tor was a collateral effect because it’s network uses SSL communications between client and servers.

Following some graphs that show the evidence of censorship applied by Iranian Government confirmed also by declarations made by high officials of the government of Teheran.

Tor Community prompted responded diffusing two “Tor Obfsproxy Browser Bundle” that was pointing a couple obfsproxy bridges. A group of brave volunteers tested the solution helping the Tor developers to tune the application. On February 13th the development team released a stable version with new versions of Vidalia, Tor, and Obfsproxy, It was a success as demonstrated by the following picture.

The development of censorship avoidance tools has the primary purpose to make difficult for the censors the definition of a pattern for the traffic filtering.

Of course is a first step in the direction of freedom, the bundle in fact included 14 preconfigured bridge addresses, if censors discover them they be could filtered. To avoid similar detecting the developer have included in the new Vidalia release the possibility to manually configure the obfsproxy bridge addresses eliminating preconfigured addresses.

One of the main problems related to traffic analysis is the phenomena of false positives, the usage of monitoring system could block also legal traffic and a censorship avoidance tool could operate due to make difficult the filtering. In this optical have worked the Tor developers, they have won the battle but the war for freedom is hard and the censors continually refine weapons to intercept.

Obviously we support unconditionally the work of these organizations that are fighting against all forms of repression and censorship, waiting a day when every internet users could be free to express it thought without fears.

Pierluigi Paganini

you might also like

leave a comment