Oct 01, 2020 09:00:00

What is the reality of Internet censorship in India and how it works?

It's easy to take it for granted that you can browse websites freely on the Internet, but few countries enjoy the free Internet, as

data shows that two-thirds of Internet users are censored by the government. The fact is that it is a faction. Software engineer Kushagra Singh reports on the reality and methods of Internet censorship in India.

Identifying Airtel middleboxes that censor HTTPS traffic
http://iamkush.me/sni-airtel/

How India Censors The Web
http://iamkush.me/how-india-censors-the-web/

How India Censors the Web --1912.08590.pdf
(PDF file) https://arxiv.org/pdf/1912.08590.pdf

In India, the government does not build a centralized censorship system like China's Golden Shield , but the government and courts order each provider to block specific websites to censor. .. This order is stipulated by law, so each provider must comply with the order.

Below is the result of Mr. Singh's investigation of censorship methods for six companies (ACT, Airtel, BSNL, Jio, MTNL, Vodafone) that account for 98% of the provider service share in India. Some providers perform censorship by DNS, while others perform censorship based on HTTP headers, and you can see that the censorship method adopted by each provider is different.

In addition, it was found that providers that adopt multiple censorship methods block different websites for each censorship method. The figure below shows a circle of websites blocked by each censorship method.

The websites you want to block also depend on your provider. Below is the ratio of 'the number of websites that are commonly blocked' to 'the number of websites that at least one of them is blocking' for the two providers. The fact that the websites to be blocked differ from provider to provider means that either 'the provider does not comply with the government's blocking order' or 'the provider is blocking other than the government's order'. It will be.

Singh also mentioned how to investigate the presence of censorship by providers. In particular,

Server Name Indication (SNI) censorship is an important censorship technique that covers three-quarters of Internet communications in India, so the details are explained.

In a name-based virtual host that operates multiple domains with one IP address, the access destination is determined based on the domain in the HTTP header, but in HTTPS, the header is encrypted, so the server is the access destination. Cannot be determined. SNI was developed to solve this problem, a technology that enables name-based virtual hosts even in HTTPS by notifying the server of the domain name in clear text. In other words, the domain name notified by SNI can also be confirmed by the provider, so censorship can be performed based on that.

For example, in India, if you notify 'fullhd720.com' by SNI when accessing the blocked website 'fullhd720.com', communication will be blocked ...

If you notify the domain 'facebook.com' that is not blocked by SNI, you can communicate. This means that it is being censored by SNI.

Normally, if the number of times a packet can pass through a router (TTL) is less than the number of routers to the destination host, the packet will not reach the destination and will be notified of ICMP Type 11, but some censorship will be done on the communication path. If so, even if the TTL is less than the number of routers to the destination host, you should get the same response as if you set the appropriate TTL. Mr. Singh said that he investigated the censorship method of each provider based on this approach.

From both government and provider perspectives, Singh addresses the inconsistency of Internet censorship in India and points out the urgent need to develop a system to monitor censorship. 'Internet censorship limits the right to freedom of expression guaranteed to all Indians,' Singh said.