Russia Ramps Up Censorship Beef With Twitter Using Deep Packet Inspection Tech
from the not-helping dept
Over the last decade Russia has accelerated the government’s quest to censor the internet. That was most conspicuous with the passage of a 2016 surveillance bill that not only mandated encryption backdoors, but effectively banned VPN providers from operating in the country unless they were willing to spy and censor at Putin’s behest. Many VPN providers weren’t keen on that, so they simply stopped doing business in the country.
More recently, Russia has been engaged in a bit of a hissy fit over Twitter’s unwillingness to censor things the Russian government doesn’t like. And while Twitter has been trying to filter more illegal behavior and pornography at the government’s behest, the company hasn’t been censoring broader content at the rate Putin and pals prefer. So as punishment, Russia has taken to throttling user access to Twitter to a rather 1997-esque 128 kbps, or about the speed of an old IDSN line. Granted the ham-fisted gamesmanship Russia has been engaged in has already resulted in some notable collateral damage:
Russia's attempt to slow internet access to @twitter backfired today, knocking out mobile internet for many Russians. #KeepitOn @kentikinc netflow data shows two periods when traffic dropped by as much as 24% to RU state telecom Rostelecom starting 07:00UTC (10:00am local). pic.twitter.com/JHvpzWEu6E
— Doug Madory (@DougMadory) March 10, 2021
New data suggests (you can find the technical specifics here) that Russia is engaging in the throttling via the use of “middleboxes” that Russian ISPs have installed as close to the customer as possible. Russian authorities then feed data on which domain should be throttled and punished to the devices, which utilize deep packet inspection to identify targeted traffic. Ars Technica notes that the deep packet inspection technology (which US ISPs also use, though most frequently for targeted advertising) opens the door to a much more sophisticated tracking and censoring regime less prone to collateral damage:
“The middleboxes inspect both requests sent by Russian end users as well as responses that Twitter returns. That means that the new technique may have capabilities not found in older Internet censorship regimens, such as filtering of connections using VPNs, Tor, and censorship-circumvention apps. Ars previously wrote about the servers here.
The middleboxes use deep packet inspection to extract information, including the SNI. Short for ?server name identification,? the SNI is the domain name of the HTTPS website that is sent in plaintext during a normal Internet transaction. Russian censors use the plaintext for more granular blocking and throttling of websites. Blocking by IP address, by contrast, can have unintended consequences because it often blocks content the censor wants to keep in place.
New reports suggest there are around seven countermeasures Russian companies and citizens can use to thwart these efforts, including ECH, or Encrypted ClientHello, an update for the Transport Layer Security protocol that prevents domain blocking and throttling. That forces government censors to rely on the more collateral damage-prone IP-level blocklists, which (might) act as a deterrent for censorship obsessed governments that don’t want a whole lot of attention focused on the fact they’re massive cowards afraid of the free exchange of information that might challenge their hegemony.