 Will tell me, was there any proposal to censor porn also this year? There were, even. I don't know, I'm quite sure there was, but I don't trust the clouds, so I'm totally fine with my porn hard disk. Anyways, this talk today will be about the state of internet censorship in 2016. We got Will, who reserves studies and measures the censorship across the world, obviously when he's not in North Korea. And Philip, Philip is, he's just Philip. And he's also. Welcome to the translation for the lecture State of Internet Censorship 2016. We are Meo Blast. We're going to talk about sort of what's changed in internet censorship this year. And so many people, I think sort of the classic view of internet censorship is seeing something. We're going to look forward to feedback about Twitter under the hashtag C3T. And I think sort of the high level thing around this is that this really is the view of censorship for a very small fraction of the world. When you look at the freedom of the world on the state of the web this year, we see two thirds of the internet censorship in the world. And the most important thing is not what it looks like. That the internet, like we know it, for most people doesn't look like we see it. More often than not loading, you get that one page. There's a one-on-one, one-on-one, one-on-one, one-on-one, one-on-one, one-on-one, one-on-one. And suddenly things are not on Twitter or on Facebook. And that's something quite normal in the censorship of the internet. Whether it's the same word that describes both of these things. And we have to look at which words we describe exactly which parts. Try to pull out some of the trends in sort of how censorship evolves over 2016. So we're looking at how certain censorship systems have developed in 2016 around the world. We're doing that with the help of examples from several countries. And we're going to look at the policy, the laws and how we know them. In the second part, we're going to look at certain projects in which data is collected. And then hopefully what happens with things that you can do to make the world a better place. That's censorship. I think it's also, and this is that first point, again, which is the fact that everything that I do is playing into one narrative, right? Censorship is one view into all of the things that we're focusing on. So, again, I think the fifth thing of public opinion, we're taking into account the fact that we're focused on, is worth being as a cognitive through this. This is a very Western view of a problem. That is a very, very Western problem. I think in 2016, as much as any other year, is really a problem. Is really a thing that we are not going to be able to pose. One thing that I've done a couple of times, and I think it's worth asking you guys as well, is by a show of hands, do you think there should be no internet censorship? Completely in favor of this? Can we really expect general society to be? And so I wonder if we're really going to end up in a place where we can have this absolute view that we want an internet without any censorship. So, we can have an internet that has no censorship that doesn't even exist at all. Because the internet is a very special place and that's been with us for a while now. Is that something that's going to be able to continue? So, we can look at this from a technical point of view. So, we're going to take this limit in it. So, we're going to look at where the limit of the internet is. Where is the end of the internet? Who has the power of the internet? Who is the organization that uses our internet? And they all have different motivations, although they open the way that the organization or the people that use it have different views, why they represent their views. We can of course censor because of social norms, like for example pornography or something else. We can censor because of economic interests, or we can censor because we want to win the certain economic things over other things. We can of course censor for security reasons so that certain hackers or certain things can stop us. So, now let's talk about trends in censorship. If we talk about censorship, then of course there's the legal censorship. And we can call that blocking or blocking. There was a technical block that we don't talk about today, for example a micro framework that worked in many countries. We now have a US-EU privacy shield that's coming into place to replace it. So, we can sort out protected things. Many people are afraid of the responsibility to shift to the inside now. So, we shift. We also get more from the content manufacturer what they censor themselves. In China there was a new law in 2016. The internet services companies are operating in China and you just store logs on their users. Most in here is that there's sort of this broad class of sort of critical infrastructure and critical services. So, earlier this month, we have heard from a couple of tech companies that for a month we heard from some tech companies that they want to create a shared database. The purpose of this is to fight against the Telsmos image. Companies like Facebook have started this. How it works is they build a hash of the images and they do it in a database so that they can fight against Telsmos images. We have concerns about some of them, especially with the Telsmos. We can't see what's in this database and we don't know if it's actually used to fight against Telsmos images. The database like that, once you have the mechanism, a lot of governments are probably already waiting there, rubbing their hands. It enables scope creep, right? And it's used by being about terrorist images but not by fighting against Telsmos images. So, we have to be able to monitor what's going on in the practice. And then finally there are states that are intensifying this thing and I'm sure that governments have their own ideas on how to use a database like that. We definitely have to look into the coming months and see what they meant. Meanwhile, in Pakistan, there is a law on the prevention of electronic criminality. There are very few transparent. There is the threat for seven years for the glorification of something that Telsmos supports. And the danger is now, of course, that this law is also used against other people who are not or are exploited against people with other crimes. The Citizen Lab is a research lab part of the University of Toronto in Canada. In Canada, there is a research lab which deals with it, which does very, very good work for it, like companies in the world, like, for example, NetSweeper. This is a Canadian company. They have a concerningly low barrier for who they do business with. And they have a very, very low threshold for the companies they work with. And they now sell technology to everyone without a great control of what is being unhappy about their research for a long time. But what is different to this is that they are already very often unhappy about it. And now there was a court against them. And there are definitely or there will definitely be more complaints. You may be curious about it. Meanwhile, Facebook is now working next to Bayern on a censorship tour. Google has tried it in the past. A lot of other companies have tried it as well. Many other companies have already tried it. You have to comply with Chinese law. And that is mainly because you want to make your company big in China. But you also have to use the Chinese censorship. Facebook wants to develop a censorship tool and at this point it is supposed to be a tool that enables the Chinese government to raise what is going on in Facebook and how can they do the video transparency and what is going on in China and Facebook is going to talk about this once it happens. So Facebook and China are going to talk about it and talk about it. And the whole thing is going to be a tool by phrasing it like that. There are different possibilities. It can go backwards or it can lead to a Western approach and China and the West are getting closer. Another problem are the so-called fake news. So the ultimate goal of censorship is the suppression of information. The absolute goal of censorship is the absolute suppression of certain messages so that certain types of messages disappear completely. You want to let network packages disappear or all the information disappear. Every small signal of a message is supposed to be suppressed. Several countries have tried to suppress certain tweets and tweets. So a lot of people are now saying this is outrageous, we have to get rid of these fake news. After the fake news, a lot of people have said we have to let these messages disappear. People are now saying that journalism and the publication of messages are also subject to free opinions. A piece of paper cannot be true or false. It is always a gray spectrum in which we move. Of course you can have something that is true but is true but is presented in a wrong way. So it is very difficult to draw a line. And it is also very difficult to act. And of course we also have to make sure that fake news is also in the confirmation bias and that makes this a big problem. So let's move over to another topic. It is about inspection. DPI is becoming cheaper and cheaper. Companies are offering it. It is getting easy to buy. So it is a small part of technology and technology is used by people and companies. And this is reflected in what is happening in Kazakhstan. Something that is interesting is what happened in Kazakhstan. We don't know that much but what we have read is that Kazakhstan introduced a deep packet inspection. We don't believe that it was written by anyone. We believe that a company has sold it for them. There are things like standard tour is blocked and a few other protocols are also available. There is a bug tracker and a long discussion that people have found so far. We can visualize the block that we have witnessed so far. We can visualize what we have seen so far. We have seen the connected tour user over the end of the last year. And suddenly we see that there is a bug. At the same time we see that there is a rise in bridge users and they are unannounced users. Anonymous users. We believe that the obfuscation protocols are blocked as well. Beyond these individual countries using DPI we see that it is getting over the DPI. Here you see the dashboard of a special Wi-Fi setup and then you see all the types of video sharing that appear to appear. This is just something that you see in groups for specific topics with different groups. For example, N2N prioritizes your small web browsing that you want to be interactive over the bulk of transfer. There are legitimate desires for a lot of this in this form of traffic discrimination, a very common thing. The ray of hope in this picture is that we always have more and more connections. In 2016 the web had 40% of the web was getting into millions of websites and there are many millions of new sites and what is very possible is that DPI is still blocking the host-based blocking, but it cannot block individual sites as long as the traffic is closed. You can easily find many of the tools that only want to block specific services. They can simply say if they want to block videos they can only block the whole site but not the individual video stream. This is, of course, a break-up race and we will see some examples later from countries and how to fight them. We mentioned blog posts, and we believe social media and Facebook and mobile apps are becoming more and more in the focus of censorship, especially in political events. In Brazil, WhatsApp was blocked more and more times than the political climate was established and that was legally free of charge and within the right frame. They could simply block but the providers could not deliver it because everything was closed. They simply blocked the whole service and then they didn't and they threatened to arrest them if they didn't deliver the follow-up. We also see that in Gabon, the social network in September. Gabon was interesting after the election and then the internet only went on for six days and the next morning it went on again. While working hours, you could use it but not organize anything in the evening. There were general connections to the internet in the evening and the services used by the organization were blocked. Some of the very sensitive topics. And then we have a very recent example which is a new example from Egypt. This month Egypt blocked one of the end-to-end news systems and luckily, they can react. They have a new technology that can handle it. They can still use it. You can clap. These apps are more and more in the focus of the state. Distributed denial of service is still alive. There are still many of the big examples that we agree with to block people's mouths and say things that don't fit. You can use it now for a period of time and then you could use it in terms of their size. They can handle traffic but we see that it can still be effective. There are smaller things in Black Lives Matter and there are over 100 DDoS attacks on their site in the last year. DDoS is still the tool that you can use if you're not in the center. You're off on the side and two people are talking or someone is talking and you can block the communication and not attack the ISP or you have to do an anonymity and you still want to kill your mouth and the network has the power to block the communication. There were a bunch more internet connections that AccessNow is a group that is looking at the internet and tries to add it and they documented the campaign for more access to the internet and in 2015 the whole internet was shut down and in this year it was 51 and it's more and more like this is the year that other countries shut down their internet and in other countries there were 15 cases where the internet was shut down and there were no rises and there were no big consequences and in the US we see even in America we see attempts to have this to be able to turn off the internet and to be able to run the internet and to be able to to counter this depressing narrative and the thing that maybe provides us with hope in this sort of situation is that there are cases like Ecuador for example even if Ecuador had the opportunity to turn off the internet there were a lot of leaks from whistleblowers and others and to open up these structures and systems that are being put in place I think Ecuador provides us with one of these examples this year of how whistleblowing is alive and well Ecuador shows us this year how important whistleblowers are and why we need them and why we need them Thailand has had for a long time they've had a set of laws and what really they've censored is on some less misdemeanour on the royal family and with the king dying and his successor being a slave and then there was a transfer around there and then this upset them and the law gave them a new law that the government would be able to do they exploded the proposal that they needed a single internet gateway so that the traffic going out of the country that you can turn the country around but it doesn't sound like that but it sounds like they'd like to have more control and that's the current legislation and the legislation in Cuba in Cuba the internet remains very expensive and out of reach for most people in Cuba the internet is still very expensive for the normal people but what gives us hope is that Google has recently signed an agreement to be able to offer his services in Cuba within the country so maybe this is I guess we can hope an indication that Cuba is going to start sort of upgrading its infrastructure and we can hope that here is a clue that Cuba in the next time its infrastructure will be updated and that it will be more connected in Turkey there was this year a difficult year they're also blocking regular VPN protocols and anonymous protocol like Tor they were now set as partially free until not free and that in the hands of the political events that we saw in the last time finally the UK has passed a set of laws and we've seen sort of additional in Great Britain there are new laws that have been closed with restrictions on things like pornography but it sounds like it primarily is a surveillance thing it sounds like it's in the first line a surveillance thought but it's not sort of imposing major new things if it's about content and a lot has happened a lot has happened in civil society in civil society and we want to show you the most exciting things that have happened last year uni has made a lot of progress uni is the open observatory of network interference it's an open architecture for monitoring and there was a lot of fresh research new research and uni has small samples with a Raspberry Pi that are in different countries and in these countries they make measurements they send it to a uni server and there we can examine it and a lot has happened and in more than 10 countries there are more than 10 countries there are partnerships to get these little probes so we get an impression what has happened in these countries and here is a lot has happened we have an URL here among other things the waves were analyzed in Malaysia and it was a very exciting year there is also a web interface now if you have a uni probe and you want to help then you can go to this web interface and it's very easy to run it and to analyze the test results and uni just works together with an interface designer to make it as easy as possible and that's what it looks like and there are also a lot of plans for 2016 among other things uni wants to re-create the data pipeline and it's always sent to the central server and then several steps will be taken and if the data is more then it will be more difficult to go around with this information wave so the uni project wants to get more interesting data from the data and wants to make it easier to analyze a large amount another important point is also the cooperation and these things were autonomous and somewhere in a cellar or in countries and it's difficult to get the right results due to the right time because it's all autonomous so there's a trend to a model where it's easier to control the probe and to analyze what is being analyzed and that way it's much more flexible and you get much easier results, for example with waves you don't want to wait long until everything is done but you have a good idea of where you're looking in certain areas and then you can make the probe these measurements at the right time and there was also academic progress we have a censorship library and we have more than 20 research papers both in circumvention and censorship analysis as well as in the analysis of censorship among other things we have new insights about the Great Firewall for example there are other knowledge about the Great Firewall in China but not so much about what is happening to other poisons we also learned more about how the maintainers of the Great Firewall deal with the hard-coded tour bridges and it's exciting because you know how the Great Firewall works in addition to research there is another discussion about ethical questions about the network measurements and at the beginning you said you can do everything with the measurements but two to three years ago some of the papers that the community asked to think about what is acceptable because some of these works can endanger people and it's not entirely ignored but people don't fully ignore that but maybe people should think more about it than they do and among other things you try to inform consent to get informed about the mood and it's important to get informed so it's very hard to get informed before they maybe ask a question so they understand what they're getting into and another trend is the risks against the advantages and of course you get something from an academic research project but there are certain risks and of course it's easy you can't just quantify it but you have to understand how it works and this is similar to threat modeling but first of all you also can get a sense of what you get but the way laws are very different that you realize that some of the laws are very different so you have to find someone who knows the country and how the laws are used and the consensus is that in the case of doubt it's more like on the side of the view to go wrong and an interesting project in the academic field is Spooky Scan and this is a network measurement technology that allows you to test the connection between two computers for example in China and in the USA and you control WDA-B and that's the exciting part you can connect to these two machines even though you don't control them even though you don't control them and how that works it uses a side channel in the network stacks some of you might have already heard of the IP ID that is used for fragmentation here is a random number but older implementations such as Windows and FreeBSD have a global inclemented number and that means that it leaves information that others could read and that is the basic condition for Spooky Scan in the moment according to the researchers there is that about one percent of IP traffic It doesn't sound like a lot, but if you are interested in a certain land, one percent is already quite a lot, then you still have a lot of thousands of machines that you can test with SpookScan. All of this is done by Princeton University. There is another paper that will be prepared and we will look at that in detail. In this picture you can see two different types, and the way it works is we have, in all three pictures, we have a reflector on the left side, and we have a reflector on the left side, and we have no control over it, and we have a side on the right side that is not under our control. Then we have a measurement machine at the bottom that is under our control, and also under our control, and it has to have the possibility to spoof an IP packet. That is normally no problem in an academic network, and that's why it works relatively well. You send a SYNAC TCP segment from the measurement machine to the reflector, and that will be learned the current state of the IPID counter, and you send a SpookScan packet from the measurement machine to the side, but the return address from the packet is the reflector and not the actual machine. That means when the side gets the packet, then it sends the answer to the reflector instead of the measurement machine because it was damaged. And now some magic happens, and we don't know what is exactly what we are trying to learn. We don't know how to reach from side to the reflector, or they are being dropped, or they are starting to climb from the side to the reflector. But what we know, is that we send a SYNAC to the reflector and again measuring the IPID counter. So we have two states of the SYNAC, and we can basically measure the difference between before and after, which in turn allows us to infer what is happening between the side to the reflector, and it will be complicated to give me a wild wrap my head around it, but it's a really powerful understanding of what is happening in all cases. But when it works, you can really find out what is happening between two distant computers. And not only is this possible in this isolated scenario, but it escalates very well. In a different research project, some people deep down have a big scale, and this is a big scale, so in China and some of the Torrelays were selected as targets, and the people measured the connections between these computers and the green lines means unblocked red lines. Green is not blocked, and red is blocked. And the point of this is just to show that it escalates. So if it's really implemented, then you can really make the planetary bigger. Like many other academic research, there are ethical challenges here. You don't really want a laptop from a normal internet user to do that, because it could be that the local government watches the internet connection and interprets what's happening, and maybe it's something that the user is doing, but this problem is just going through, and you hope it's back in the trace route, and instead of selecting actual end users or slackers, it's less routers. And you can model an waterproof load of routers to get rid of the noise, and that way you can basically get rid of the electrical charge, and still get rid of the loss. A project that I've continued to work on in the last year, is doing a similar thing to Spooky Scan. I've been looking at Open DNS Resolvers, how consistent DNS is, and the DNS resolution. There's a paper on this now, and we have now a couple years of data. A lot of this is sort of implemented, so it's been blocked in Iran over the last couple years. This is since 2014, and 2015 was a little bit before the election, and then there was a big rise, and in 2016 it just became more and more. And the more recent work that we've done in that area is trying to explain what we think is blocking or why something appeared. We want to be able to say that this site is blocked because we found something wrong, or because almost all of our friends had a reverse pointer, or the idea was, was name-tracking that looks because it wasn't named in the right way, or the thing had the wrong server header, so we actually asked them about like addresses, and we were able to start having these other applications for why we think something is anomalous, that data is happening in different ways, as we process the backlog of all the data and we're going to look through the data. There continues to be a bunch of stuff that's not coming from universities that's great fire, and a project that's great fire, for example, that's in China, which basically is the testing of VPNs in China. They try a bunch of popular VPNs, and they have the speed and the stability of those things that they see and it's really meant to be functional, and that's really a resource for users, which tools they maybe should be using. We also see from Google here, that Google got a head of many of those things, which is something out of what news are more and less reported in different places. Those news stories are red and are viewed much more in the US, and are seen much less from other places, whereas if you were to get something in Syria, you see a very different picture of who's seen it, and you can start to pull out where are the missing dots in China. There's like in China, in China just didn't see that news at all, and so we're trying to be able to tackle this problem of okay, there's news that's missing in places, what are these views that are not being seen, right? So this is the part of the news that's getting a lot more at the end of the day. Content and social networks are happening. It's not just hosting more than an exciting project that helps us get access to host-based stuff. Another example of a company that continues to do great research is Dine, which monitors the transition in network infrastructure, so when there are BGP interruptions, this is at a level that really you need to be a core infrastructure provider to know that there's a problem. You can do the measurement, but these routing tables are not a fairly complicated problem, and so if these guys really get to see okay, the connections within the system are getting down at a routing level, sometimes they die, examples of other routing levels and other networks. So in addition to technology, there is a lot of technology that can be improved, which is actually a cultural understanding. I have had a lot of really interesting things to say about the Great Firewall and how it's been perceived. In the Great Firewall in China, we saw what the world looks like through the eyes of a foreign government. This tends to be difficult because of cultural understanding and other things that are very natural to people. For example, when it comes to political worst scenarios, the West has to be terrified of totalitarian governments. West has to be afraid of totalitarian governments, for example, the Third Reich. In China, we have the problem or the problem that comes up, that the absence of authority as a problem is reflected or the complete absence. And if we only make ourselves aware, what we are afraid of, then we also recognize the issue of the Great Firewall. And if only we could provide the people in China with circumvention technology all these problems, which is a little bit simplistic and personal medicine. For example, 90% of the country in China is domestic. That's the same in many other countries. And it's not so much a constant access denied. It's mostly access isn't really wanted in the first place. In addition to that, the United States, for example, has a history of destabilizing foreign governments. This is another reason why a lot of countries are a little bit careful of the way they're handling Western social media, especially after what happened with the Arab Spring. We're going to talk a little bit about what's driving the face and the instrument and how we're working. A lot of how we learn about censorship remains through word of mouth through conversations that we have at venues like this one. People go out to countries, they do it up, they come back to the action that never wants to be held. A lot of this remains through these conversations that the United States but what we don't really know is a need to do that as a liberation tool potentially and are funding it as such or have. And also you see reactions from companies that experience in their ship from companies that push forward and push forward. In that case, that potentially, a lot of that money has come through an entity called the Broadcasting Board of Governors and that to be able to go beyond that money where they're 800 million dollars, which has gone to things that are a lot of these sort of pro-democracy things, is potentially getting reshuffled and sort of moving in terms of who's controlling it. How that changes and reshapes the measurement and the circumvention spaces. Here's an example of a news site in Qatar. A news site where other people who provide platforms and experience in their ship will be willing to speak out. We see that also for people who experience in different places now and when they notice anomalous traffic to their services. And this really is a supply that are out of the coin where we can send them to you. But we don't necessarily know from many of these providers. And so I think one of the things that we really need to both be concerned about and see as an opportunity is engaging with these companies and these major services. Here we see how much traffic this website gets and how many people sign up there at certain times. And compared to when a certain website is available. First is the service side measurement. How do we understand what's being taken down? And we need to understand what really needs their participation. And I think we are following the client. We're covering a lot of data. We're collecting a lot of data. We're collecting more data with projects like WikiScan. We're also getting data about is it the right data and is it meaningful. We're seeing if the blocking of the host is proof of the sensor. And finally all of this is within this framework of the encryption battle and whether we have the ability to... And everything here is in the framework about the fight against the sensor. What we tell people. We speak out, find the local networks and again, it's sort of the same final message that we left you with last year arguing for a complete lack of censorship is going to be a very uphill battle. Arguing for more transparency and censorship and arguing for accountability is something that many more people can get behind. It's about being able to check the powers the government are taking and being able to say that's an overview and having the tool to make it complete. If it's legal where you are, join in in measuring run-nooni probe. If you're a coder, develop a new tool. There's lots of things you're not going to have. Both looking for news and for... Look after net neutrality. Look after net neutrality and other things. And with that I'll leave you with all these tips and I'm ready for questions. Here's the first question of the internet. How the gentle graceful degradation of the use of torbridges in Kazakhstan can be explained by the packet inspection and how the exact censorship in Pakistan can be explained by the package description and bridge traffic. In the second part of the question I can't answer the second part of the question. Another question from the internet. Since it looks like it probably... Do you have any idea how... Have you seen... Have you already seen... What they do for blocking? So Roskoms, I believe the Russian... Federal Telecommunications Authority, something. I know that there need to be geoblocking and other blocking. But I haven't looked specifically at what those are. Hi there. You mentioned it and I really appreciate the effort only takes for measuring censorship. How about other approaches? Like RIPE Atlas, IPv4 wide scanning which you can do with other projects like IPv4 scanning. Yes, IPv4 scanning is exactly that for certain services in the web services we use. Which you can do with open proxies or other things. That stuff, the major challenge is jumping up to IPv6 and that's still sort of the next area of development that we're looking at. So with respect to Atlas, you have to be a little bit careful because if you run Atlas probes they do not allow you to conduct very comprehensive measurements. But still, most people probably don't know that there are others out there who might use their probes for censorship. There have been some people using Atlas probes that you can definitely learn stuff through pinging and trace routing and that sort of thing. The RIPE Atlas, sort of, you can do it with other projects but the RIPE Atlas, sort of, Entity RIPE has definitely had, I think, struggled with where their line is of what they're comfortable with and realized that that is a huge entity with a lot of different interests and some of those interests are not excited about the structure being used for, if you ever potentially reduce the number and process ability to be used for reliability and for understanding network failure. So if you have to understand the network, you have to deal with it. You can look into PIP commercial gain and commercial advance and into other specific technical things, sort of, by looking at it and trying to understand what's going on. Technically or specifically when we look directly into it and see what's exactly happening. Of course, it's technically technical but there are other interests like, for example, the automatic filtering. There have been examples of companies called out for hijacking the way people feel it wasn't appropriate. There was one around botnets where security and botnets had managed to control botnets in a way that the rest of the team could not accept. So that's not necessarily a monetary gain but rather to either take control or limit other things going on on the Internet. I think specifically that hijacking is generally a bad thing. Hopefully we eventually get rid of all the security where that becomes a burden. I've got a question. In the beginning you mentioned deep packet inspection and afterwards you said, luckily there's lead syncrypt. But how will that benefit censorship? You said, luckily there's lead syncrypt. But what brings us to censorship? Of course you can't really see what you're doing but you can still see what you're connecting with this side. That's really often what you see being the blacklist that's provided by governments. Normally it's this blacklist that are trying to block a specific content. They give a list of specific videos, for example, that people make when they want to block a full site. That's what the Internet offers to block the entire website. And has deep packet inspection not evolved by time? Has deep packet injection not developed so that HTTPS traffic can also be looked at? Although that's harder for videos or that sort of thing, you have to wait until the end. But I think in government acting out badly in that way they're using their government and so, I mean, that's something to watch out for. It's something that the companies that are closing logs where they're saying they're going to have a single gateway that there are governments that want to do something like that. They want to monitor the inland traffic but we haven't seen anything like that yet. Thanks everyone.