35c3 videos

[wkrp]

No description provided.

[wkrp]

Censored Planet: a Global Censorship Observatory (56 min)
Roya Ensafi

Description of many off-path interference detection techniques: SpookyScan, Augur, Satellite/Iris, Quack. Rather technical.

Six years ago the idea behind CensoredPlanet started, that is now launched at censoredplanet.org. We had a simple (yet essential) guiding principle: measurements that may be politically sensitive should be done without volunteer participation. In this talk, besides a detailed scientific overview of the techniques and the current state of CensoredPlanet, I plan to talk about my experience in developing the project from the ground up.

Despite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Current censorship projects, including OONI, depend on participants within countries to help them collect measurements. While these projects are valuable, we have empirically seen that there are issues relating to continuity in terms of measurement, coverage of the geographical area, and ethical dilemmas when user participation is a requirement. Censored Planet use tens of thousands of remote infrastructural and organizational vantage points from over 170 countries to conduct it’s measurements, thereby removing the need for user participation. This allows us to regularly measure Internet disruptions over a longer period of time in significantly more countries in a safer way.

The research we conduct at Censored Planet provides unique insights and data points on Internet disruptions. This information is extremely valuable to researchers in diverse fields from political science to computer science as well as to activists and journalists living and operating in countries where Internet disruptions are prevalent. By making our data easily accessible to the public, we aim to encourage future research in the field. Link to our data: https://censoredplanet.org/data/raw.

https://censoredplanet.org

Fahrplan
slides

[wkrp]

Cat & Mouse: Evading the Censors in 2018 (55 min)
Keith McManamen

Keith is an analyst at Psiphon. The first half of the talk is an introductory-level overview of Internet censorship and circumvention techniques. Starting at 27:00, he shows graphs of Psiphon usage during protests in Sudan, Iraq, and Iran; and during the 19th Party Congress in China. At 36:00 he identifies trends in censorship, which include large-scale DPI (1 TBit/s) and increasing resilience against collateral damage.

The deepening of global Internet infrastructure comes accompanied with an invigorated capacity and intent by adversaries to control the information that flows across it. Inextricably, political motivations and embedded power structures underlie the networks through which we interpret and understand our societies and our world - censorship threatens the integrity of the public sphere itself. The increasing technical sophistication of information controls deployed by censors in adversarial network environments around the world can be uniquely viewed and researched by circumvention tool providers, whose work continues to preserve access to the open Internet for all communities. Through this presentation, we endeavour to share insights gained from the front lines of this technical contest.

The deepening of global Internet infrastructure comes accompanied with an invigorated capacity and intent by adversaries to control the information that flows across it. Inextricably, political motivations and embedded power structures underlie the networks through which we interpret and understand our societies and our world - censorship threatens the integrity of the public sphere itself. The increasing technical sophistication of information controls deployed by censors in adversarial network environments around the world can be uniquely viewed and researched by circumvention tool providers, whose work continues to preserve access to the open Internet for all communities. Through this presentation, we endeavour to share insights gained from the front lines of this technical contest.

The following key questions will be answered in this session:

• What are circumvention tools conceptually and how do they work?
• How have the techniques of adversaries evolved?
• What are the latest innovations in circumvention technology?
• How have emerging economies been affected, where censorship and and surveillance hardware and software are built-in to newly established ICT infrastructure?
• How do circumvention trends follow censorship events and social/political movements?
• Where do we see these technical advances leading the next generation of censorship and circumvention technology?

This is a Foundations talk. No prior understanding of circumvention technology is required to enjoy this, but the presentation will hopefully be enjoyable to all experience levels.

Fahrplan
Paper (HTML) (LibGen PDF)

[wkrp]

Russia vs. Telegram: technical notes on the battle (41 min)
Leonid Evdokimov

Starts by giving some context and history about Internet controls in Russia going back to 2007. ISPs run their own filtering system independently, but since 2016 have to install a government blackbox called "Revisor" that monitors the effectiveness of of the ISPs' filters.

Attempts to block Telegram began in April 2018 after Telegram disobeyed a court order to hand over encryption keys. On the first day, 2M IP addresses were blocked; on the next, 16M; up to a peak of 19M. There was notable collateral damage which was however denied by the government. ISPs had varying levels of compliance with the blocking order (tested using RIPE Atlas). The blocking started to subside on April 28 and finally fell to about 4M IP addresses on June 8. Telegram remained more or less working throughout.

Tests on one ISP found selective protocol throttling:

• Slow: MTProto, obfs4, nc < /dev/urandom
• Fast: SOCKS5, HTTP xor RC4

Filtering is at least partly based on packet lengths. An MTProto simulator that sends stereotyped packet lengths with random delays provokes blocking.

Active probing was documented on the free wi-fi of the Moscow metro. After making a SOCKS5 connection, the SOCKS5 server was port-scanned and had a SOCKS request sent to it. If it was verified to be a SOCKS proxy, it was then added to a blocklist. Some ISPs apparently got advance notice of changes to the blocklist.

It's time to highlight facts and epic fails that were observed on the wire during attempts to block Telegram in Russia.

Russian Federal Service for Supervision of Communications, IT and Mass Media started the process to ban Telegram on April the 16th. Roskomnadzor press-office claimed that the process will take a few hours. Telegram mostly worked in Russia during the incident beginning and still works half a year later.

Russia banned Amazon, Google, Microsoft, DigitalOcean, Hetzner and other networks covering almost 0.5% of Internet Protocol address space, presumably, to put pressure on international businesses to make Telegram persona non-grata on those networks.

Russia also banned IP addresses of major local businesses (VKontakte, Yandex and others), presumably, by mistake. A flaw in the filter was exploited to bring one of the major ISPs down for a while. Moscow Internet exchange point announced that alike flaw of the filter could be used to disrupt peering. Proxy-hunting experiments were observed sniffing live network traffic, both for obfuscated MTProto proxy and good old Socks5.

This talk will not cover legal aspects of the lawyers fighting for Telegram in court. Also, it will not show any "insider" information from Telegram team.

https://usher2.club/en/

https://darkk.net.ru/35c3/

Fahrplan
slides