A Quick Investigation of EdgeCast CDN Blocking in China

This morning, GreatFire.org published a story stating that EdgeCast CDN, one of the more popular content distribution networks that handles content for a number of large websites, has been blocked by the Chinese national filter. As a result, a friend emailed me asking what I thought, and pointed out that all we have are a few reports and a link to a status update from EdgeCast themselves.

As usual, my attempt to write a short email failed, and I ended up carrying out an impromptu investigation into this. With minor edits, I’ve reproduced my email detailing how I looked into this below. For reference, this was carried out from an internet connection based in Oxford, UK.

Based on prior knowledge we have evidence that China will man-in-the-middle (UDP) DNS requests for blocked sites, but ignore genuine ones. So first, let’s pick a Chinese IP address almost at random:

$ ping baidu.cn
PING baidu.cn ( 56(84) bytes of data.

Check that it’s actually in China, using the MaxMind GeoIP database:

$ geoiplookup
GeoIP Country Edition: CN, China
GeoIP City Edition, Rev 1: CN, 22, Beijing, Beijing, N/A, 39.928902,
116.388298, 0, 0

Check that it’s not a DNS server:

$ dig @ baidu.cn

; DiG 9.9.2-P2 @ baidu.cn
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Excellent.… Read full post

Chinese Internet Filtering: The Curious Case of the Florida Pet Club

Of the various ways to filter the internet, manipulating DNS is probably the simplest and cheapest in terms of resources. DNS, the Domain Name Service, is the mapping between the human-readable URLs that we use, like https://www.pseudonymity.net, and the more machine-friendly IP addresses, like

The Chinese Golden Shield Project, or Great Firewall, famously makes use of a range of techniques. These include keyword filtering, as reported by Clayton et al., as well as active blocking of services such as Tor at the IP level, and more manual censorship and takedown on services like Weibo.

In the past year or so I’ve spent some time tinkering with exactly how China’s internet is filtered. In particular, I’ve been interested in the extent to which the system is centrally-driven, with blanket country-wide decisions and implementation, against how many of its decisions are loose and locally applied by regional authorities and ISPs.

To study this it is more or less useless to fire up a VPN, or a copy of Tor, and run network tests. Filtering conditions may vary by ISP, by province, by city or by ISP. When I see a report that some site ‘is blocked in China’, my immediate response has become to ask where.… Read full post

Workshop on Free and Open Communications on the Internet (FOCI’12)

Following on from the fantastically interesting FOCI workshop last year, I am co-chairing this year’s FOCI workshop along with Roger Dingledine of the Tor Project. The workshop will again be co-located with USENIX Security, which is being held this year in Bellevue, Washington in August.

Although FOCI revolves around USENIX Security, and therefore by default falls on the more technical side of research, we are actively encouraging submissions from any field with something interesting to say on internet censorship. Social science, political science, law, economics, ethics, psychology — if you have something to say then send us your work!

The call for papers is here: https://www.usenix.org/conference/foci12

I hope to see you there!… Read full post

Presentation on Mapping Chinese Censorship

I recently presented my work on censorship mapping to my colleagues at the OII, including a couple of maps with early analysis of DNS manipulation in Chinese cities.

The analysis is very preliminary, and there are considerable caveats even for the early results, but here’s the presentation:

Fine-Grained Censorship Mapping
View more presentations from Joss Wright
Read full post

Freedom of Communication on the Internet Workshop (FOCI): Fine-Grained Censorship Mapping — Information Sources, Legality and Ethics

This year saw the first workshop on Freedom of Communications on the Internet, co-located with USENIX Security in San Francisco. My contribution, co-authored with Ian Brown and Tulio de Souza, focused both on the means for mapping censorship in greater detail as well its legal and ethical implications.

The paper was inspired by the realization that censorship at the national level need not, and clearly often is not, applied equally across a country. The riots in Ürümqi, in Xinjiang, resulted in a blanket internet ban for that region that was not extended to the rest of China. The widely-reported shutdown of Egyptian internet service for several days during the 2011 Egyption revolution was not experienced, at least at first, on the ISP that provided service for important financial services. The ability to filter selectively is clearly, in the view of a censor, very useful.

Even when censorship is intended to apply equally, practical considerations can cause localized discrepancies. In large-scale or complex censorship regimes total centralization may be infeasible, resulting in censorship being delegated to local authorities or organizations. These may, in turn, make different choices in how to implement filtering at the local level, with varying results.

All previous major studies of internet censorship have considered filtering at the national level, without investigating the potential for local variation.… Read full post

Experiences of Chinese Internet Censorship

I was recently invited to speak at Dalian Technical University, in Liaoning Province in Northern China, and took the opportunity afterwards to spend three weeks travelling around China with my family. (Finally putting several years of studying Mandarin into practice, with a reasonable level of success, and having a fantastic time.)

Being in China, I couldn’t help but poke a little at the limitations imposed on my connection. Travelling with 14-month old twins is a full-time job, albeit one that I can highly recommend, which did not leave me a great deal of time to analyse connections. I will therefore only report on my personal experiences and impressions, although the data that I did gather will hopefully be useful for a future paper based on work that I presented at FOCI’11. As such, anyone who knows a little about Chinese state-level internet censorship is unlikely to find anything new here.

In my time in China, I ran simple filtering tests on all the Internet connections to which I had access, covering locations in Beijing, Dalian, Shanghai and Hangzhou. I also took the chance to run code to test local nameservers for DNS manipulation when requesting known blocked sites.

The most notable observations from my own experiences were:

  • Secondary effects of blocking
  • Twitter and Facebook are some of the more well-known blocked sites in China.… Read full post

    Freedom of Communications on the Internet (FOCI) Workshop

    I’m on my way back from the Workshop on Free and Open Communication on the Internet (FOCI) that was held in the last few days at Georgia Tech in Atlanta. Hosted by Nick Feamster, FOCI brought together a number of computer scientists, activists, lawyers and policy makers to discuss the impact of anti-censorship technologies and to think about future directions from a number of angles.

    It’s always interesting to see experts on the same topic from different fields together, and FOCI was no exception. Despite occasional diversions into policy-speak or tech-talk that left half the room baffled, I came away more impressed with how often we had managed to cross that barrier.

    The technical side of the crowd seemed to have the benefit of more time to present, and so there were thorough discussions on the nature of filtering mechanisms and their technical capabilities as well as details of anti-censorship technologies, particularly Tor. Roger Dingledine gave some interesting, if slightly statistically questionable, numbers regarding Tor usage in various countries during the recent events in the Middle East.

    An estimate from Hal Roberts, based on surveys of activist bloggers, was that 3% of worldwide internet users employed some form of anti-censorship tool, including web-based proxies.… Read full post

    Wikileaks Lessons for Privacy-Enhancing Technologies

    I had been studiously avoiding writing about Wikileaks. I’ve been interviewed a couple of times in the last few days on various aspects of the ongoing saga, though, and it has highlighted some points that I think are worth mentioning. (Slightly misquoted in BBC News online here, and brief comments about digital activism on BBC Radio 4’s World at One, about 25 minutes in, here.)

    One of the most interesting aspects of the Wikileaks saga, from the point of view of research into privacy-enhancing technologies, is how totally uninteresting it is. Given that we have spent years researching means for sender- and recipient-anonymous communications and censorship resistant access to content, a hugely subversive and risky site like Wikileaks is nothing more than a website with an encrypted submission form. Use of Tor is advised, but for the highest levels of security postal submission is still considered the gold standard.

    In a similar vein, both the attempts to block Wikileaks and Wikileaks’ response to those attempts have been brutally practical and theoretically unexciting. Rather than firewalls and DNS or IP blacklists, we see political and economic pressure on hosting companies and DNS registrars. Rather than untraceable distribution of content and proxying of blocked connections we see Wikileaks’ hosting hopping between countries and companies, and appeals to the community to mirror content widely.… Read full post

    Amazon’s Kindle and Anti-Censorship in China

    There’s been quite a media buzz in the last few days regarding the ability of Amazon’s new 3G Kindle to bypass China’s Great Firewall[1]. I was recently interviewed on BBC World News about how the Kindle does this, and what some of the implications are. As I had about two minutes to put that across in the interview, I’ll expand slightly on the story here.

    In brief, the latest generation of Amazon’s Kindle has a web browser along with its free integrated 3G connection. The Kindle isn’t officially available in China, but is easy to find on the grey market and is apparently quite popular. One user recently noticed that browsing to blocked websites, such as Twitter and Facebook, appears to bypass the firewall.

    Why does this work? When I heard the story I had an immediate suspicion, and a quick play with my own Kindle confirmed the answer. Amazon have, apparently unintentionally, implemented a common anti-censorship technology in the way that the Kindle handles web requests: it bounces its connection through a proxy server located outside of the censorship zone.

    The Kindle is mainly designed to download books from Amazon via their Whispernet service. It appears that when you browse the web, the same connection is used; rather than connecting directly to website, you connect to Amazon’s servers first, which then forward the request to the website.… Read full post