Search Mailing List Archives
[liberationtech] Images of Blocking in Different Countries?
joss-liberationtech at pseudonymity.net
Wed Aug 15 14:34:19 PDT 2012
On Thu, Aug 16, 2012 at 05:15:49AM +0800, Eric S Johnson wrote:
> I'm not saying China doesn't do DPI. I'm just saying that, from my
> own experience living in China for the past three years, DPI doesn’t
> appear to be used to inspect the contents of web pages and dynamically
> block undesirable content.
> I.e. it's easy to register a new domain (call it
> TestChinaCyberFiltering.org) and put up onto it a handful of pages
> which include every possible word and phrase which we know are
> problematic to the Chinese censors. Start with the list of words which
> trigger censorship and surveillance in TOM Skype (the wordlist's been
> repeatedly cracked by researchers at, I think, Arizona). Add all the
> content which the good folks at UC-Berkeley’s China Digital Times have
> detected cause immediate censorship on Weibo (China’s Twitter-like
> service). This should be a total of about 400 words and phrases
> (almost all only in Chinese).
> Then access those pages from within China.
> As far as I can tell, access will be unimpeded.
Two possibilities, not necessarily mutually exclusive, spring to mind.
The first is that DPI could be occurring at border routers, so that
traffic within China is not undergoing DPI scanning by default. If your
hypothetical TestChinaCyberFiltering.org is hosted in China you might
see different behaviour to if it were hosted in, say, the US.
You might also expect to see hybrid filtering similar to what we have in
the UK with BT's Cleanfeed. In that case, certain domains are added to a
watch list, and only those domains are subjected to more sophisticated
forms of filtering. This means that the filter doesn't have to expend
the resources on DPI for all web traffic, only those that have been
marked up on the list of problematic domains.
This also gives the option to use cheap and easy DNS, or simple IP,
filtering for some sites, and more subtle and costly filtering for other
domains. That allows the filter to avoid unnecessary overblocking,
whilst still retaining the ability to filter in a relatively
Of course, these two could be combined: it could be that all
cross-border traffic is inspected, whereas internal traffic is only
inspected if it's on the blacklist. Or vice versa, of course.
There are other possibilities, but these are the ones that occur to me
immediately from your description.
More information about the liberationtech