How Syria controls its users
In October 2011, the hacker group Telecomix published 600 gigabytes of data from Syrian servers that controlled and partially blocked the Internet traffic of its own citizens. French researchers have now evaluated this sea of data and are drawing a detailed, realistic picture of censorship in times of instant messaging and social media.
And this image is not black and white, but also contains many grayscales – or as the researchers around Abdelberi Chaabane from the computer science research centre INRIA in Grenoble write: “Censorship in Syria takes place relatively secretly – compared to China or Iran – but is therefore no less targeted.
“Censorship in the Wild: Analyzing Web Filtering in Syria” was published on 26 February 2014 on the preprint server arXiv.
The data published by Telecomix comes from seven Syrian Blue Coat servers which, according to the network activists, were responsible for controlling Syrian Internet traffic in 2011 – the US-based producer Blue Coat confirmed that it had provided Syria with the necessary infrastructure without officially knowing the purpose.
For nine days in July and August 2011, the 600 gigabyte server protocols document in detail which Internet connections were established and which were blocked or which were not established for technical reasons. Because of the huge amount of data, Abdelberi Chaabane and his colleagues created a partial sample of 32 million connection requests – that’s about four percent of the total.
“Only” one percent censored
The most surprising result of their evaluation – also for the researchers themselves – was that 93 percent of all connection requests were implemented immediately, and one percent were not implemented due to political censorship. The rest was due to technical errors. The researchers themselves write that one percent seems relatively low, but one has to be careful when interpreting the number: “If a user can reach a website, he will probably visit it again and again in the coming days and weeks. A blocked page, on the other hand, is usually only tried once.”
From the number of permitted and censored connections, the IT specialists created a ranking of the ten most affected domains. At the top of the list of permitted accesses with 15 percent is the search engine Google including the tracking site gstatic.com, followed by the porn platform xvideos.com and Facebook in 4th place. Interestingly, facebook.com is also at the top of the list for censored content, followed by skype.com and metacafe.com (a video exchange platform) in second and third place respectively.
No communication between users
The fact that Facebook is high on both lists only seems illogical at first glance. A closer analysis shows that Facebook content is censored when a keyword indicates politically unwanted content. The top 10 censored websites also make it clear what the goal of Internet monitoring is: primarily to prevent communication between users – that’s how much the Syrian authorities learned from the Arab Spring and the flexible organization of Facebook & Co demonstrations.
Accordingly, the researchers also found that on days of unrest, the proportion of censored websites doubled, with Skype and Facebook leading the ranking. Websites with instant messaging programs were also disproportionately blocked on such days.
Five “bad” keywords
In total, the researchers found five keywords that – regardless of whether they appeared in the domain name, in phrases behind it or IP addresses – made the censorship machine active: “proxy”, “hotspotshield”, “ultra-reach”, “israel” and “ultrasurf”. “Proxy” sounded the alarm bells because in the eyes of the Syrian authorities a search for it would have provided users with links to servers that would have enabled them to circumvent censorship.
“Hotspot Shield” is a technology that protects user identities, “Ultrareach” is a company that has developed a platform with free software for anonymous surfing – originally for Chinese dissidents. Websites were always blocked with these keywords, indications of politically disagreeable activities also led to a ban on certain occasions.
Tor, BitTorrent & Co
“The Syrian authorities apparently did not want to generally block platforms like Facebook because they feared the resulting displeasure. They opted for keyword indexed blocking, which makes censorship more difficult to understand,” the researchers conclude. They also analyzed to what extent attempts by users to protect themselves from surveillance and censorship were successful.
The results were positive: In 2011, only 1.38 percent of all attempts to access Tor, a network that anonymizes network data, were blocked. Virtual private networks and peer-to-peer networks such as BitTorrent, which can be used to set up networks for the rapid distribution of documents, have also enabled users to circumvent censorship. Censorship could even be bypassed via Google’s cache function and content blocked later could be accessed.
The analysis is a snapshot of the year 2011. The researchers cannot say how censorship is exercised in Syria today – after two years of civil war. At the end of 2011, the Syrian authorities invested another 500,000 US dollars in additional surveillance equipment, suggesting that censorship had become even more accurate.
Abdelberi Chaabane and his colleagues admit that their study could also provide clues as to how censorship could work more accurately. At the same time, it could also provide ideas for the development of further anti-censorship tools. They could have escaped this dilemma only if they hadn’t published their study – and that, they write on arXiv, “would have been another form of censorship in itself”.