session 3 text finished

intarchboard · Jan 26, 2024 · 1378fae · 1378fae
1 parent e206112
commit 1378fae
Showing 1 changed file with 49 additions and 3 deletions.
diff --git a/draft-iab-bias-workshop-report.md b/draft-iab-bias-workshop-report.md
@@ -90,6 +90,42 @@ informative:
         ins:  G. Grover
         name: Gurshabad Grover
     date: January 2024
+  BASSO:
+    target: https://datatracker.ietf.org/meeting/interim-2024-biasws-03/materials/slides-interim-2024-biasws-03-sessa-online-censorship-in-india-pakistan-and-indonesia-00
+    title: How Internet censorship changed in Russia during the 1st year of military conflict in Ukraine
+    author:
+      -
+        ins:  S. Basso
+        name: Simone Basso
+    date: January 2024
+  WANG:
+    target: https://datatracker.ietf.org/meeting/interim-2024-biasws-03/materials/slides-interim-2024-biasws-03-sessa-online-censorship-in-india-pakistan-and-indonesia-00
+    title: Network Measurement Methods for Locating and Examining Censorship Devices
+    author:
+      -
+        ins:  R. S. Raman
+        name: Ram Sundara Raman
+      -
+        ins:  M. Wang
+        name: Mona Wang
+      -
+        ins:  J. Dalek
+        name: Jakub Dalek
+      -
+        ins:  J. Mayer
+        name: Jonathan Mayer
+      -
+        ins:  R. Ensafi
+        name: Roya Ensafi
+    date: November 2023
+  RAMESH:
+    target: https://datatracker.ietf.org/meeting/interim-2024-biasws-03/materials/slides-interim-2024-biasws-03-sessa-investigating-the-vpn-ecosystem-through-the-lens-of-security-privacy-and-usability-00
+    title: Investigating the VPN Ecosystem through the lens of Security, Privacy, and Usability
+    author:
+      -
+        ins:  R. Ramesh
+        name: Reethika Ramesh
+    date: January 2024
 
 
 --- abstract
@@ -158,13 +194,23 @@ This session focused on reports of censorship as observed during recent years in
 
 The censorship reports, with a focus on Asia, and specifically India, as well as Russia, as an example where censorship changes significantly recently, discussed the legal frameworks and court acts that put legal obligation on regional network providers to block traffic. Further, measurements to validate the blocking as well as analyses how blocking is implemented was discussed, i.e. which protocols are used but also which kind of devices are used to configure the blocking rules and where are they deployed.
 
-{{SAMSUDIN}} reported on confirmed blocking form 10 countries (Cambodia, Hong Kong (China), India, Indonesia, Malaysia, Myanmar, Philippines, Thailand, Timor-Leste, Vietnam) in the period from 1 July 2022 to 30 June 2023. The blocking was either confirmed by OONI measurements for existing blocking fingerprints, heuristics i.e. for new blocking fingerprints as well as news reports of blocking orders or user experiences. Most of these countries block specific contents such as porn, gambling, or certain news pages. Interesting the block in Hong Kong and Myanmar is focused on mililtary and governmental page from forgein countries. Blocking often realized by either DNS tampering or HTTP tampering. For DNS, either a decided IP address, a Bogon IP address (127.0.0.1) or an empty domain (nxdomain) is used. In case DNS tampering using a decided IP address or HTTP tamoering some countries provide block page that exposed the blocking, however, more transparency about blocking applied to requested by civil society organisations and the iMAP project.
+{{SAMSUDIN}} reported on confirmed blocking form 10 countries (Cambodia, Hong Kong (China), India, Indonesia, Malaysia, Myanmar, Philippines, Thailand, Timor-Leste, Vietnam) in the period from 1 July 2022 to 30 June 2023. The blocking was either confirmed by OONI measurements for existing blocking fingerprints, heuristics i.e. for new blocking fingerprints as well as news reports of blocking orders or user experiences. Most of these countries block specific contents such as porn, gambling, or certain news pages. Interesting the block in Hong Kong and Myanmar is focused on military and governmental page of foreign countries. Blocking often realized by either DNS tampering or HTTP tampering. For DNS, either a decided IP address, a Bogon IP address (127.0.0.1) or an empty domain (nxdomain) is used. In case DNS tampering using a decided IP address or HTTP tampering some countries provide block page that exposed the blocking, however, more transparency about blocking applied to requested by civil society organisations and the iMAP project.
+
+{{GROVER}} further focused the discussion on online censorship in India, Pakistan and Indonesia. In India, where providers are responsible to implement the blocking but no method is mandated, the six mayor ISPs (covering 98.82% of all subscribers) were tested on 4379 blocked websites (based on courts orders, user reports, and publicly available or leaked government orders) on DNS poisoning/injection or HTTP/SNI-based censorship. Used censorship techniques and websites blocked were different between ISPs. Only one ISP used SNI-based blocking. Multiple ISPs used two different technqiues (depending on the website), and all but one provide censorship notices. Providers blocked between 1892 to 3721 (of 4379) pages with only 1115 (27.64%) of pages blocked by all ISPs. In constract, e.g. in Parkistan the government can also order the IPSs to perform blocking, and blocking as even been observed in the past on IXP level, however, since 2020 there is also a central Web Monitoring System deployed. In Indonesia initially the government provided guidance to ISP, however, the regulation was updated in 2020 and now allows Indonesian ISPs to block websites on their own discretion. But there was also in 2022 a proposal to centralise DNS. In Indonesia the block is is publicly available but without any indication why something is blocked.
+
+{{BASSO}} reported that for Russia a high increase in additions to the Roskomnadzor’s block list was observed in March 2022 as well as in December 2022, formost covering news pages but also cover human rights organisation and social media, where more than 3500 blocking order are added to a list by an "Unknown body". Further blocking of domain that are not in the official Roskomnadzor’s list have been observed as well.
+
+An invited talk presented the work in {{WANG}} on locating censorship devices by using HTTP and TLS traceroutes, identifying device vendors through fingerprinting, and reverse-engineering censorship triggers by use of fuzzing.
+E.g. for the case of Azerbaijan and Kazakhstan they showed that a significant portion of measurements from remote countries are blocked at the endpoint, indicating local policies but connection resets are also happening in Belarus and Russia. Further they could identify a set of commercial network devices (firewalls) that are used in these countries for censorship and show how fuzzing can be used to fingerprint and cluster behaviors as well as potentially circumvents the deployed methods.
+
+All speakers called for more transparency by requiring blocking messages as well as publication and auditing of blocklists. Potentially even standardization could help.
 
-{{GROVER}} further fosuced the discussion on online censorship in India, Pakistan and Indonesia. In India, where providers are resonsible to implement the blocking but no method is mandated, the six mayor ISPs (covering 98.82% of all subscribers) were tested on 4379 blocked websites (based on courts orders, user reports, and publicably available or leaked governement orders) on DNS poisoing/injection or HTTP/SNI-based censorship. Used censorship techniques and websites blocked were different between ISPs. Only one ISP used SNI-based blocking. Multiple ISPs used two different technqiues (depending on the website), and all but one provide censorship notices. Providers blocked between 1892 to 3721 (of 4379) pages with only 1115 (27.64%) of pages blocked by all ISPs. In constract, e.g. in Parkistan the government can also order the IPSs to perform blocking, and blocking as even been observed in the past on IXP leven, however, since 2020 there is also a central Web Monitoring System deployed. In Indonesia initially the governement provided guidance to ISP, however, the regulation was updated in 2020 and now allows Indonesian ISPs to block websites on their own discretion. But there was also in 2022 a proposal to centralise DNS. In Indonesia the block is is publicly available but without any indication why something is blocked.
+Further on in the session, the possibility and prevalence for using VPNs for circumvention has been discussed including user expectation and an analysis of security short-comings of commercial VPN services. The analysis presented in {{RAMESH}} has shown various problems that lead to data leaks such leakage of IPv6 traffic, non-browser traffic or at tunnel failure, not upholding user expectations especially when used in authoritarian regimes for censorship circumvention or private communication. 
 
+The question how common the use of VPNs for circumvention is and its legal implications, as VPNs are illegal in a few countries, as been discussed. E.g. VPNs not officially banded in India but VPN providers need to store log data and those who haven’t complied stopped serving India. However, more data on VPN use might be needed.
 
+After all, there is a cat and mouse game between censors and circumvents, however continued work on protocol enhancements that protect user privacy is essential.
 
-Further, the possibility and prevalence for using VPNs for circumvention has been discussed including user expectation and an analysis of security short-comings of commercial VPN services. This analysis has shown various problems that lead to data leaks, not upholding user expectations especially when used in authoritarian regimes for censorship circumvention or private communication. 
 ## Conclusions