 Will tell me was there any proposal to sensor porn also this year there were even I know I'm quite sure there was but I don't trust the clouds, so I'm totally fine with my porn hard disk Anyways, this talk today will be about the state of internet censorship in 2016. We got Will who reserves studies and measures the censorship across the world obviously when he's not in North Korea and And Philip Philip is a he's just Philip and he's awesome. Thanks Yeah, great. Okay, so We're gonna talk about sort of what's changed in internet censorship this year and so many people I think sort of the classic view of internet censorship is Seeing something like this. This is what one of the blockpages that you might see in Iran looks like and I think Sort of the the high-level thing around this Is that this really is the view of censorship for a very small fraction of the world When you look at the Freedom House report on on the state of the web this year We see that two-thirds of internet users Experience censorship of some form and for most of them. This is not what it looks like right for most people censorship appears as Content not loading you get a blank page. You get a server error It appears as stories that aren't in your newsfeed and content that's not in Twitter or not on Facebook anymore And this is a much more subtle form of censorship that I think we're still sort of getting our heads around That change and whether it's the same word that describes both of these things so The way we're gonna structure this talk is first Try to pull out some of the trends in sort of how Censorships evolved over 2016 we'll give you a bunch of sort of the states of countries around the world and What things look like in terms of new laws and new policies that have gone in place there? And then in the second half of the talk We'll sort of look at how we know these things the state of measurement And so the the projects that are out there trying to collect data and understand What's being taken down where and how? And then hopefully we'll end living you with things that you can do to make the world a better place so We've got this thing That's censorship. I think it's also and this is that first point again, which is The fact that we're using the word censorship is Playing into one narrative right censorship is one view into information control into Surveillance into you know The shifting of public opinion It's one technique there the fact that we're focused on censorship and it's worth being just cognitive through this This is a very Western view of a problem and And this piece of it. I think in 2016 as much as any other year is really normalized. It's really a thing that we Are not going to oppose in any real way Um One thing that I've done a couple times I think it's worth like asking you guys as well is by a show of hands. Do you think there should be no internet censorship? So that's like about half of the people and That and think about this crowd like if we're not like completely in favor of this can we really expect general society to be And so I wonder if we're really going to end up in a place where we can have this Absolicist view that we want an internet without any censorship Right. We have limits on freedom of speech in the physical world. There's limits of it in other media and The internet has been a very special place for a while But I think even now in sort of our original community. We're trying to grapple with is That something that's going to be able to continue So we can look at this from a technical side as well We can ask who sensors and and where where is this limit and it's it's limits within the network It's limits of the people we've given power The organizations that that run our local networks will often censor the ISPs They give us connection to our organization sensor and we have state actors who limit and they all have different motivations Although they overlap right so why do we censor we censor to keep content within social norms or protect things that we think are important Right. This is this is the justification for for things around pornography or lewdness we we censor because of Economic protection because we want you know our economy to be better Like this is this is or because we want our services that our ISP provides to to win over competing ones And we censor for our national security and for for reasons of protecting ourselves from from hacks hackers in other countries or in other places So what that is the backdrop Let's let's talk through a few trends So the first thing is that censorship this year. I think is pretty much all legal Right when we think about censorship as you know from 2002 when the first Harvard thing came out saying look at all these things China's blocking it was very opaque in the sense that There was this thing happening technically and there was no one talking about it at all And most of the stuff that we see now there is a legal framework behind it Where where this censorship is in line with the laws of those countries? We've seen a lot of stuff happen in terms of the US EU relations safe Harbor went away in 2015 and we now have an US EU privacy shield that's coming into place to replace it This has new copyright implications. There's the potential for a Requirement that that content being uploaded by EU users needs to go through an upload filter Where it will be scanned against copyrighted material proactively before it can appear on content We're dealing with providers being more scared about what they take down They're they're worried about additional liability and risk because that risk is shifting to them They don't have quite the same level of DMCA safe harbors and things where they can say it's user-generated and so it's not our liability and so you're seeing more Proactive takedown from the content producers We also see there there was a new Chinese cybersecurity law this year that that adds a bunch of legal framework behind Really a lot of things that Chen has already been doing but it regulates That that internet services companies the operating in China need to store logs on their users If you have user-generated content, you should be storing The real identity of users you need to collect their their national ID and know who this person is There's requirements supporting cooperation with government access to data and then I think the thing that got sort of foreign company concern more than most in here is that There's sort of this broad class of Sort of critical infrastructure and critical services and if China decides that you are one of those Then you have to have all of your data for your service related to Chinese users stored in country on Chinese servers And so companies are worried That that their data will be determined to be critical and that they'll need to move their data Within China and which which imposes additional regulation additional access to Chinese data So earlier this month We have heard from a couple of tech companies that they are starting an effort to create a shared database The purpose of this is to fight terrorist imagery. So Microsoft YouTube Facebook Came together to create this database To basically fight these images the way it works is that they hash these images They put it in the database. They have access to it read and write access and therefore it should be easier to fight terrorist imagery a Lot of this is concerning most of all the lack of Transparency so basically we're being asked to trust them to do a good job Maintaining this database. There is probably very little accountability We won't be able to see what is in the database and if it in fact is being used to fight this terrorist imagery So this is a big problem Another problem is that once you have a database like that once you have the mechanism a lot of governments are probably already Waiting there rubbing their hands and trying to get their piece of cake their piece of the cake and the vague definition at this point We're really just talking about terrorist imagery is it enables scope creep right and it starts by being about terrorist Imagery, but I'm sure that a lot of file sharing companies are already very eager to get in there So this is another thing that we have to watch out for what it will turn into in practice and And finally there are governments right this is a centralized thing and I'm sure governments have their very own idea of what a Database like this can be used for so we really have to be vigilant in the coming months to make sure that This is actually what it's supposed to be what they intended to be used for Meanwhile in Pakistan the prevention of electronics crimes bill was passed again They're recurring theme of a lack of transparency So while it was drafted critical voices weren't really hurt people proceeded more or less in isolation and The bill has a lot of very concerning parts for example There is the threat of seven years in prison for what is called the glorification of crimes related to terrorism again, the definition is probably very vague on purpose Which means that the government is going to be able to enforce it on people whose crimes might have been a little bit different from what it says now Also in 2016 on the other side of the world the citizen lab was dealing with a lawsuit of defamation so the citizen lab is a research lab part of the University of Toronto in Canada and It's working on exposing censorship surveillance and digital targeted threats online They have done a lot of really great work on exposing How companies such as NetSweeper are being used in the world so NetSweeper for those of you who don't know it is a Canadian company They are producing web filtering software and they have a Concerningly low barrier for who they do business with the citizen lab was very careful in documenting what? Governments NetSweeper is selling their technology to and as you could imagine NetSweeper wasn't overly happy about that The citizen lab has had problems with a lot of companies being unhappy about their research for a long time But what is different here is that NetSweeper for the first time went to court? Luckily they discontinued the lawsuit three months after it started in January 2016 But this is a first so that it actually went to court And there is probably more to come in the next couple of years Meanwhile Facebook is working on a censorship tool Like a lot of other Western countries Facebook is very eager to set foot in China Google has tried it in the past a lot of other companies have tried it as well It turns out to be very difficult because if you want to set foot in China as a technology company You have to comply with Chinese law and there are a lot of cultural Misunderstandings that make it make it harder to go that way Facebook Is now deciding to create a censorship tool. It is not entirely Clear what that really entails at this point In a news article someone wrote that it is supposed to be a tool that enables the Chinese governments to Moderate what is being posted on Facebook? But again, it's very vague. There is probably little accountability or transparency And we also have to be aware of how both China and Facebook is going to talk about this once it happens So we shouldn't get fooled by China presenting this as some kind of better relationship to the West And there's some kind of victory for sweet free speech. So we shouldn't let them fool us by by phrasing it like that Finally a hot trend in 2016 was fake news This is not entirely new And the connection to censorship is two-fold So remember that the ultimate goal of censorship is the suppression of information Ultimately, you want certain bits of information to disappear When you think about internet censorship that is usually done by removing block posts by dropping network packets by getting rid of information Another way by doing by conducting censorship is to add information to basically drown the signal in all the Noise we have seen that in the past where governments hired botnets to basically High-check discourse on Twitter for example, and in a way, this is a different flavor of the same problem There are Opposing voices so a lot of people are now saying this is outrageous. We have to get rid of these fake news We have to outlaw it certain countries are looking into that But a lot of people are saying this would be censorship as well, right publishing news is a way of free speech and That is true to some degree is since fake news isn't the binary thing, right a piece of information Isn't true or is not in fact, it's shades of gray language allows for ambiguity and It's a it's a degree right you can have something that is true But still presented in a way that it's purposefully misleading So it is very difficult to draw the line here, which explains why first Facebook has been very hesitant in taking action in this case and The big problem here is that fake news feeds right into confirmation bias So as people we tends to be willing to seek out information that confirms what we already believe in We don't like to be challenged that much and that makes this a very big problem So let's move over to another topic to DPI democratization. So DPI stands for deep packet inspection and DPI is becoming cheaper and cheaper companies are offering it. It is getting easy to buy So it is a piece of technology that is increasingly getting into the hands of many different people and governments it is very omnipresent at this point and This is reflected in the cases of internet censorship that we have seen over the last year One thing that is particularly interesting at the moment is what is happening in Kazakhstan We know very little at this point But what we have read is that the country Kazakhstan deployed a novel type of deep packet inspection We do not yet know from what vendor we do not believe that it is home baked instead some company supplied them with it And at this point there is reason to believe that standard tour including a couple of obfuscation protocols are being blocked But again, we don't fully understand yet how it works So we have a link here to tours bug tracker where there is a very long discussion about the technical findings that a couple of people have gathered So far so any help is greatly appreciated We can visualize the block that we have witnessed so far What you can see here is the number of directly connecting tour users over parts of 2016 We have seen a couple dozen thousand users until June 2016 where there is a sudden drop And at the same time we can witness an increase of bridge users. So bridges are undocumented unpublished tour relays and Basically at the same time when the network was experienced in this block we have seen a sharp increase in users So at least that's something but still we have reason to believe that the obfuscation protocols are being blocked so far So Beyond these sort of individual countries using DPI we see that it's getting into much smaller Organizations and becoming pretty ubiquitous So this is the dashboard on a ubiquity home Wi-Fi setup and you can see that by default it's Capturing traffic and is able to identify just about all of the major services you use It's able to pull out the types of video sharing the types of peer-to-peer And this is just something that I think certainly all our large organizations and now most businesses Starting into the home are expecting this sort of behavior and the ability to discriminate classify network traffic Prioritize your small web browsing that you want to be interactive over the bulk of transfer, right? There's there's legitimate one like desires for a lot of this But we are making this form of censorship in this form of traffic discrimination a very common thing The ray of hope in this picture is that we have more and more encryption 2016 really was sort of the year of let's encrypt we're passing 50% of the web having SSL now We're getting you know tens of millions of new sites with SSL and what that's really allowing is that DPI is stuck at host-based blocking still for a lot of these things, right? We can block a service, but I can't block specific pages within it nearly as easily as long as that traffic is encrypted This is able to to defeat many of the tools that are trying to discriminate Specific services or discriminate specific types of traffic, right? They're limited to being able to say I want to block videos and so okay I'll take these sites that have videos commonly, but they can't just block the actual video stream and so This again is an arms race We have this first layer of encryption that's helping us and we'll see a couple examples later on of countries And how the the nation states are trying to fight back against that. We've mentioned blog posts a lot I think social media both in the terms of You know Facebook and these these ways that we post to each other Also the mobile apps that we use to communicate and chat it are becoming more and more at the focus of censorship Especially around political events We saw this happen in Brazil What's up got blocked a couple times in May and June as the political climate got less stable And that's again it happened within a legal framework for the company Brazil asked what's up to provide them with with logs of of chats that they believed had incriminating information and what's up was a Fortunately unable to provide those because they have end-to-end encryption. They don't have the decrypted logs themselves to provide and so Brazil judges have blocked what's up on and off and in fact have for a couple services You know threatened to jail executives of these companies for not complying and things of that nature We also see social networking in in Gabon this September Gabon was interesting just after their Election the internet went out entirely for a little bit then it came back on with a curfew Where at the routing layer it was turned off at 6 p.m. For about five days in a row and came back on the next morning So you would be able to have it while while working hours But not for organizing in the evenings and then after that happened and and sort of general internet connectivity in the evening was it restored There were still blocks on Facebook Twitter and what's that first a couple more weeks afterwards So these services that people might use to organize are being focused on right collective action is continues to be one of the most sort of sensitive topics for states And then and then we have a very recent example in Egypt which this month decided to block signal one of the one of the better end-to-end encrypted messaging systems And and luckily signal was able to reply and respond really quickly. They are using a domain fronting Sort of circumvention technique now in their latest update which gets around this and so for people who have updated They'll they'll still be able to access it But we're seeing it's these chat and these these things. Yeah, sure. It's worth a clap It's these apps that are more and more sort of in the targets of of states wanting to control the dialogue so Distributed denial of service is something that continues to be with us It's alive and well one of the big examples of DDoS being used to try in you know for retribution or to take down views that people didn't agree with was on the Krebs blog where a large Internet of Things mirage batnet got sort of weaponized to Manage to take this down for a period of time despite being hosted on Akamai, which we would hope that these large CDNs are sort of above In terms of their size they can handle traffic, but but we see that by nets can still be effective and Certainly for smaller things so so the black knives matter movement we can see that there's Over a hundred DDoS incidents that occurred to their sites over the last year and so DDoS is sort of this tool that gets used when you aren't in the center, right? It's this it's this maybe You're off on the side and two people are talking or someone is talking to an audience where you can't block their communication I'm in another country or I'm not the ISP itself or I need more anonymity and I still want to remove that viewpoint and DDoS is remains sort of an effective weapon for that attempt at censorship where You have resources and money or in computers or bandwidth But you don't necessarily have the position of power where you can block an in-network Communication or dissemination of information There were a bunch more internet shutdowns this year access now is a an advocacy group that monitors the internet and situation and access around the world and tries to Help advocate for for access. They documented 15 shutdowns Last year and in 2016 it's up to 51 at this point This is concerning because it again is talking about sort of this normalization of countries saying well You know there have been 50 examples this year of of other countries that have shut down their internet for periods of time often around politically sensitive events and And very few of them have revolted or had any major consequences. So this this again sort of as these Continue to happen. They they empower additional countries to say oh, this maybe is a solution to this sort of problem Even in the US we see sort of continued Attempts to to have this sort of control we want do we want our government to be able to you know turn off the internet in situations of national emergency This was a debate under Obama and will continue to be one I guess the again to counter this sort of depressing narrative The the thing that maybe provides us with hope in this sort of situation is is cases like Ecuador Which despite having the ability to do these shutdowns of services This April there was a large set of leaks around The ISPs and their their cooperation with the government And so it continues to be through the whistleblowers and through the leaks of this sort of information that we learn about what's really happening And we're able to get accountability back, right? So one of the major problems here is do we have accountability and do we understand these structures and systems that are being put in place? I think Ecuador provides us with one of these examples this year of how whistle-blowing is alive and well And helps to to provide public and set in conversation So we'll finish sort of what's going on out there with just a few specific countries that don't necessarily fall into these categories Thailand has had for a long time a Set of fairly narrow well, they've they've had you know their set of laws and what really they've censored is Sort of based on less majesty attacks on the royal family and defamation there With the the king dying and the and his successor being appointed there's been tension there And so there's been additional sort of concern around there and then this December They've passed an additional law giving the government quite a bit more power Over the spring they floated proposals that they needed a single internet gateway Where they would have the ability to man in the middle with a government certificate all of the traffic going out of the country That isn't in the current bill as I've read it But it sounds like that push for having that additional control Continues and is something that that they're moving towards the the current legislation that passed in December seems to be moving towards that Though it doesn't get fully there in Cuba The Cuban internet remains very expensive and out of reach for most people one sign of good news there is that Recently Google signed agreements to be able to put servers in Cuba So we're starting to see the ability of Western and and external companies to locate servers inside and help invest in infrastructure within the country So maybe this is I guess we can hope Any indication that Cuba is going to start sort of upgrading its infrastructure and getting more connected Turkey also had a tough year this year They're regularly blocking VPN protocols. They're also blocking Tor and some of these anonymity software And and Turkey is the one country that got downgraded in the Freedom House report from partially free to not free in terms of Their connectivity this correlates to the political events that we've seen there and increasing pressure on on sort of civil society more generally Finally The UK has passed a set of laws and we've seen sort of additional Restriction especially in pornography there There's a whole session on this on day four about sort of what this new set of laws entail But it sounds like it Primarily is a surveillance thing So so your data has to be retained there's certainly Chilling effects of free speech around that of people trying to second-guess what they're going to say But but it's not sort of imposing major new things of Automatic takedown of content or or removing hosts beyond what's already there a lot has happened in the measurement space Both in academia and civil society. So we want to give you a quick overview of the most exciting things that have happened over the last year Ooni has made a lot of progress. So uni is the open observatory for network interference. It's a free software project under the larger tour umbrella and Among the more exciting things that happened is a lot of outreach and research So uni is based on having probes small pieces of software often on a raspberry pi that are being deployed in different countries and in these countries the probes conduct Measurements and sent them back to uni servers where we can analyze them and visualize the results A lot has happened in outreach. So in more than 10 countries there are now partnerships to deploy these probes and also work on specific reports about what's happening in these countries and Uni was also very active on their blog. So a lot has happened. We have a URL here Among other things in Malaysia the elections have been analyzed So in that regard It was a very exciting year There is also a web interface now So if you have an uni probe and want to help the project you're not able to Go to this web interface and both it's easier to run and also to analyze the test results The uni project really went out of their way they even worked with a UI designer to make it as easy to use as possible and This is what it looks now And there are also a lot of plans for 2017 among other things The uni project is thinking about re-engineering the data pipeline so a lot of data is constantly being produced and sent to the central servers and there is a series of subsequent steps of Processing that is happening to the data and as the amount of data increases it's getting harder and harder to deal with this wealth of information and Both the uni project wants to extract more interesting information out of these reports But also make it easier to process them at scale Another important point is orchestration So at this so far these pros have been mostly autonomous They are sitting somewhere in someone's basement or at some university in different countries And it used to be really difficult or to get the right results at the right time Due to the nature of the autonomous distribution So there is a trend towards moving towards a model where it's easier to control these probes and Have control over what is being analyzed and what it's coming in there And that makes it way more flexible and easy to get high quality results Think about elections for example You don't really want to wait for data to flow in eventually You have probably a very specific idea of what you're looking for and that makes it easier to find probes in a given Region and make them do the measurements for you in time There has also been progress in academia. We were make maintaining a censorship bibliography and so far in 2016 we counted more than 20 research papers There are among other things so both in circumvention and censorship analysis Among other things we learned about a couple new insights about the great firewall for example How the DNS poisoning works on the server side since people mostly looked at injected results But not so much about what is happening to the Poisoned DNS resolver. We also learned more about How the maintainers of the great firewall deal with hard-coded tour bridges So a research group looked into the blocking delay Which is really exciting because it gives you some kind of insight into the Operational business that is going on behind the great firewall In addition to research there has been an ongoing discussion about the ethics of network measurement So a couple years ago in academia almost everything was fair game when it comes to network measurement But two three years ago a couple of controversial research papers came out that prompted the community to think deeper about what is acceptable In particular because a lot of this work can actually put people at risk and this is something that has been Not entirely ignored, but people don't think about this as much as they should be One trend is to try and seek informed consent if you work with people on the ground It tends to be easy to get consent It tends to be a little bit harder to have the consent be actually informed. So there are Approaches to make people solve a quiz before they engage in the measurement to make sure that they really really understand what they're getting into Another trend is of course to weigh the risk versus the benefits Of course, we always get something out of an academic research project But often there is some risk to it Of course, it's difficult because you cannot just quantify this and come up with two numbers and and put them on a scale So this really requires an effort to get an understanding of on the ground knowledge And this is similar to threat modeling Of course, we can look at laws in countries and try to get a feeling for what could get people into trouble But the way laws are enforced are very different So for that you really need someone who has a good understanding of the country and how it interprets its laws And this is really difficult so the current consensus is that in case of doubt Academic researchers tend to err on the side of caution and ideally just not do something even though it might teach us an Interesting new bit of information One exciting project that is happening in the academic space is the spooky scan So this is a type of network measurement technique that allows you to test the connectivity between two computers a and b say in China and in the United States and you don't control a or b So this is the really exciting part that it allows you to infer the connection state between these two machines Even though you don't control them The way it works is it leverages a type of site channel in network stacks So some of you might have heard of the IP ID. It's a field in the IP header that is used for fragmentation Most modern network stacks tend to randomize this field but a couple of legacy network stacks Most notably some flavors of Windows and free BSD have a globally incrementing counter. This means that it leaks information to unrelated network connections and it turns out that you can use that for the spooky scan and At the moment according to the researchers behind this project Approximately 1% of the IPv4 address space is affected by this. This might not seem like a lot But if you're interested in a certain country 1% is a lot so you're guaranteed to find probably a couple thousand Machines that can be conscripted to be part of the spooky scan So all of this is run by Roya at Princeton University There is a research paper another one is in the making and we can now have a quick look at how it works in detail So in this picture you can see three types of cases the three types of cases that the spookies can can inform you And the way it works is we have in all three pictures. We have a reflector on the left side It's not under our control. We have a site on the right side also not under our control But both of these systems have the globally incrementing IP ID counter Then we have a measurement machine at the bottom that is under our control and also it must be able to spoof IP packets That doesn't tend to be a big problem in academic networks where you can bribe your network operator into Not doing ingress filtering. So that tends to work fairly well So in the first step you send a SIN Act TCP segment from the measurement machine to the reflector and That way you learn the current state of the IP ID counter In the next step you send a spoofed packet from the measurement machine to the site But the return address of that packet is the reflector and not the measurement machine so when the site gets the packet it sends the Response to the reflector instead of the measurement machine because it has been spoofed and Now some magic happens in step 3. We don't know what this is exactly what we were trying to learn Either the packets reach from sites to the reflector or they are being dropped either server to client or client to server We don't really know But we can know by in the final step sending another SIN Act segment to the reflector and again measuring the IP ID counter so we have Two states of the counter now and we can basically determine the difference and the difference between before and after basically allows us to infer what is happening between the site and the reflector and It's a little bit complicated. It took me a while to wrap my head around it But it's a really powerful technique. It doesn't work in all cases But when it does work it really allows you to infer reliably what is happening between two remote computers and Not only is this possible in this isolated scenario. It turns out that this is quite scalable even so in another research project the some people deployed the spooky scan at scale and This is a visualization of it So a couple of clients in China were selected as source a couple of tour relays and web servers were selected as destinations and Then the people behind this effort measured the connectivity between all these computers and Plotted it on the map. So green lines means Unblocked and red lines means blocked and their entire point of this is really just to show you that this is scalable So if it's implemented in the correct way, it allows you to really deploy the spooky scan at planet scale Like all the other or many other academic efforts the researchers had to struggle with ethical challenges Because you don't really want to conscript a Normal internet user's laptop for this measurement Because it could be that the local government maybe monitors the internet connection and might misinterpret what is happening and perhaps Believe that this user is doing something that she's actually not doing So as a result this problem was solved But just going two three hops back in the trace route and instead of selecting actual end users laptops It selects routers and you can model the network load of routers to get rid of the noise and that way you can basically Get rid of the ethical challenges entirely and still get meaningful results Cool A project that I've continued to work on in the last year is something called satellite Which is doing a similar thing to spooky scan at the DNS level and looking at open DNS resolvers to understand DNS consistency and issues in DNS resolution There's a paper on this now, and we've we've got now a couple years of data a Lot of this is sort of incremental So this is how many sites we see blocked in Iran in the top 10,000 over the last couple years since late 2014 in In sort of 2015 was a bit before their election We saw a major spike, but it's sort of doubled over the course of 2016 so there's been a slow incremental uptick in how much is blocked there and The sort of more recent work that we've done in that area is trying to explain What we think constitutes blocking or why something is weird so we want to be able to say we think this site is blocked Because we found 59 out of 74 resolutions We're going to an IP that clearly looks wrong or because almost all resolutions Had a reverse pointer the IP address was named something that looks fishy or wasn't named in the right way Or most of the things had the wrong server header when we actually ask about those IP addresses Rather than having the expected server that that we see globally and so we're able to start having these Justifications for why we think something is anomalous That data is now getting posted on the website and backfilled as we process the backlog of all the data There continues to be a bunch of stuff. That's not coming out of universities as well That's really interesting great fire is a project that focuses on China They released a new thing called circumvention central this year which basically provides up-to-date Testing of VPNs in China so they have a set of nodes in the country They they try a bunch of popular VPNs and keep tabs on the speed and the stability of those things that they see And it's really meant as a resource for users in the country to see which tools they should be using We also see from from Google this year that Google got a step ahead of many of the others and released a thing called Unfiltered news which is looking at what news stories are more and less reported in different places So as you search for something like Trump you see that it's really those news stories are read and are Viewed much more in the US and are seen much less from publications in other places Whereas if you look at something like Syria You see a very different picture of who's seeing it and you can start to pull out. Where are the missing dots in this picture? There's like no China in this picture, so China just didn't see that news at all And so we're starting to to be able to tackle This problem of okay There's there's news that's missing in places. What are these views that are that are not being seen right? And so this is the sort of thing that we're going to need to be thinking about a lot more as we get into okay So there's content and social networks being taken down and there's there's individual conversations that aren't happening It's not just hosts anymore, and this is I think an exciting Project that helps us sort of get past just host-based stuff Another another example of a company that continues to do great research is is dine which monitors from its position in network infrastructure Interruptions in routing so when when there are BGP interruptions This is at a level that really you need to be a core infrastructure provider To know that there's been a problem you can you can do some measurements But these routing tables are not necessarily propagated fully and so it's these guys who really get to see okay The connections within this country got taken down at a routing level So they've got examples of there was another one of of as sort of final exams happen Countries like to take down their networks to prevent cheating In addition to technology there is a lot that can be improved when it comes to cultural understanding So a couple of weeks ago I was listening to a lecture of a Chinese American activist that had a lot of really interesting things to say About the great firewall and how it's being perceived by people in the West One of the things that stuck with me is he said that people in the West need informed empathy so the ability to look What the world looks like through the eyes of a foreign government this tends to be difficult because of cultural misunderstandings and Things that are not very natural to people in the West but also vice versa for example when it comes to political worst case scenarios in the West we tend to be terrified of Totalitarian governments for example the Third Reich This is the one thing that we're ultimately trying to prevent from happening while in China Almost the opposite is the case people tend to be terrified of the complete absence of authority and control which would completely destabilize the country and This is also reflected in the way both spheres handle their internet and the ability to understand what we are all afraid of would really help in moving forward There is also the popular opinion among circumvention people that the truth is outside the great firewall And if only we could provide the people in China with circumvention technology all these problems would just Disappear needless to say that is a little bit simplistic and patronizing For example 98% of network traffic in China is domestic And that is the same in many other countries most people simply have no interest in what foreign news is is saying and So it's not so much a constant access denied It's mostly access isn't really wanted in the first place and in addition to that the United States for example Has a history of destabilizing foreign governments and this is another reason why a lot of countries are a little bit careful of The way they're handling Western social media, especially after what happened with the Arab Spring So to finish off we're going to talk a little bit about what's driving the space of measurement and our work here a Lot of how we learn about censorship remains through word of mouth through conversations that we have of venues like this one People go out to countries. They experience stuff They come back to the activist networks that they know and that propagates up to measurement research a lot of this remains Through through these conversations that we have at venues like this There's also been a lot that's happened from from government funding particularly the US But but Western governments see the internet as a liberation tool potentially and are funding it as such or have And also you see reactions from companies that experience censorship from an economic view of trying to push forward their products So in that space, there's potentially Uncertainty in the US going forward a lot of that money has come through an entity called the Broadcasting Board of Governors Which is a congressional mandate and that seems to be a little bit up in the air in the next funding year Where they're 800 million dollars, which has gone to things like Radio Free Asia a lot of these sort of pro-democracy things is potentially getting reshuffled and sort of moving in terms of who's controlling it And so we'll see how that goes and how that changes and reshapes the measurement and the circumvention spaces We also, you know, here's an example of a news site in Qatar that got blocked You see this sort of service side measurement where we're news Where we're other people who provide platforms and experience censorship will be willing to speak out We see that also from, you know, Google who's experienced censorship in places and now keeps up-to-date Measurements of the traffic that they see and when they notice anomalous traffic to their services And so this really is able to provide that other half of the coin where we can see can we reach you But we don't necessarily know from many of these providers. Well, who can reach them? And so I think one of the things that we really need to, you know Both be concerned about and see as an opportunity is engaging with these companies and these major services and you know Saying that we expect additional accountability and transparency from them to help us understand what's happening Right, so so I guess the the concerns that I want to leave you with First is the service side measurement. How do we understand what's being taken down by companies and platforms? How do we understand what is not getting to them? We can do some of this from the client But we really need their participation and I think we are falling behind in our engagement with the services and with the platforms We're collecting a lot of data We're going to be collecting more data the measurement community through things like Spooky scan and and these other Measurement projects is now getting longitudinal data that we can use to find evidence of censorship at a host level And the thing we need to be concerned about is is it the right data and is it meaningful? Is this blocking of hosts of individual protocols? Really evidence of censorship or do we need to somehow get one level up to user experience and to the conversations that aren't happening And are we able to capture that as well? And finally all of this is within this framework of the encryption battle and whether we have the ability to have Communication and the ability to freely say what we want to say to people so to leave you with Something to do the first is advocacy find champions in government speak out find find the local networks and Again, it's sort of that same final message that that we left you with last year Arguing for complete lack of censorship is going to be a very uphill battle arguing for more transparency and censorship and arguing for accountability is something that many more people can get behind Right. It's it's about being able to check These powers the governments are taking or taking more blatantly and being able to say that's an overreach and having the tools To do that effectively that we need to make sure we have If it's legal where you are Join in and measuring run uni probe run other tools that that are able to measure if you're a coder develop these new tools There's lots of things. We're not good at yet Both both looking for news and for messages that aren't being seen in an open source way That's that's a huge effort Additionally being able to even detect things like net neutrality violations and throttling of specific services is a thing That we see happen a lot the current tools aren't reliably able to detect So we'll leave you there and take some questions So we got the ready a question from the internet. Yeah the internet wants to know if you can elaborate on how the gentle graceful degradation of the use of tour bridges in Kazakhstan can be explained by the packet inspection and if the packet inspection triggered filters wouldn't result in a Sharp fall off of bridge traffic So I think in the very beginning we did have a sharp follow-up as for the second part of the question We don't know so this is part of the problem. Any help is appreciated Okay, and the internet has another question Since it looks like it probably asked if it wasn't most likely it wasn't covered. So do you have any idea how? Of I'll have you seen much change in the patterns of side blocks by Roscoe Nador or What they do for blocking So Roscoe's I believe the Russian It's the federal telecommunications authority something. I haven't looked into that one specifically I know that there continue to be Again degradation and and additional controls occurring in Russia that have progressed over the year But I haven't looked specifically at what those are in 2016 Hi there you mentioned only and I really appreciate the effort only takes for measuring Censorship, how about other approaches like ripe Atlas IPv4 wide scanning all those things that scale to to gigabit Can you elaborate on that? So so both both spooky scan and satellite that we mentioned are using on an IPv4 scanning Component to look for available services across the web and check on You know what services we can find that run things like DNS infrastructure or open proxies Or these sorts of things that you can then reflect and get sort of a full view That stuff the major challenge is jumping up to IPv6 I think there's been a talk recently about trying to find active host in IPv6 that was earlier today or yesterday And and that's still sort of the next area of development there is can we can we make that leap and keep these techniques working as we move to a more IPv6 internet So with respect to Atlas you have to be a little bit careful because the people who run Atlas probes They didn't really sign up for censorship measurement Atlas doesn't allow you to conduct very comprehensive measurements. I think you're limited to four or five different types of measurements, but still Most people probably don't know that there are others out there who might use their probes for censorship measurements So I would be a little bit careful. There have been some There have been some papers and some research that's been done using Atlas probes Yeah, and you can definitely learn stuff through pinging and trace routing and that sort of thing the the ripe Atlas sort of Entity ripe has definitely had I think Struggled with where their line is of what they're comfortable with And and realize that that is a huge entity with a lot of different interests and some of those interests are not Excited about that infrastructure being used for advocacy if that potentially Reduces the number and prevents its ability to be used for reliability and for for understanding network failure Do you have insight into BGP hijacking and can you differentiate between hijackers? Operating for commercial gain and some stuff ship attempts Technically or sort of by looking at it and trying to understand what's going on Yes Can you mostly technically but does it take human intervention? Do you have some kind of automatic filtering? based on heuristics, so I mean I mean there's there've been Examples of companies called out for for hijacking in ways that people feel is inappropriate. There was one around botnets where a Security firm sort of took over a space that they believed had command and control of botnets in a way that the rest of the community felt was Inappropriate so that's not necessarily a monetary gain, but rather to you know, either take control or limit Other things going on on the internet. I think you know that that's generally considered bad behavior in any case and and hijacking is one of these things that Hopefully we eventually get to a world with BGP security where that becomes harder I Got a question in beginning you mentioned deep packet inspection and then afterwards you said luckily There's let's encrypt but how will that benefit censorship because you can still see to which websites people go, right? Let's encrypt. It's maybe good for privacy Yes, so if you're blocking a full site you can do that Deep packet inspection previously has allowed for things like keyword blocking and for blocking of specific content, right? That's that's really often what you see being The blacklist that's provided by governments or by you know advocacy groups that are trying to block a specific kind of content It's specific YouTube videos or specific, you know news stories that they want blocked Let's encrypt forces the ISPs or the people making that decision to block a full site There's much more collateral damage when you're blocking the entire Domain or service rather than being able to target specific content And has a deep packet inspection not evolved by time that they can now also inspect ACSBS traffic by now only if they control a root certificate and So far that I think there's very the length of the content also, but the length of the content potentially Although that's a that's harder for videos or that sort of thing. You have to wait till the end But but I feel like we haven't seen any governments acting out badly in that way where they're they're misusing their government issued cert to do sort of interest looking within SSL and so I Mean that's definitely something to watch out for it's the thing that you see as a threat in several countries that are proposing laws Where they're saying they're going to have a single gateway and they want to be able to man the middle SSL traffic But we don't see that actually happening in practice yet at a wide scale. I guess we're done. Great. Thanks everyone