A Quick Investigation of EdgeCast CDN Blocking in China

This morning, GreatFire.org published a story stating that EdgeCast CDN, one of the more popular content distribution networks that handles content for a number of large websites, has been blocked by the Chinese national filter. As a result, a friend emailed me asking what I thought, and pointed out that all we have are a few reports and a link to a status update from EdgeCast themselves.

As usual, my attempt to write a short email failed, and I ended up carrying out an impromptu investigation into this. With minor edits, I’ve reproduced my email detailing how I looked into this below. For reference, this was carried out from an internet connection based in Oxford, UK.

Based on prior knowledge we have evidence that China will man-in-the-middle (UDP) DNS requests for blocked sites, but ignore genuine ones. So first, let’s pick a Chinese IP address almost at random:

$ ping baidu.cn
PING baidu.cn (220.181.111.86) 56(84) bytes of data.

Check that it’s actually in China, using the MaxMind GeoIP database:

$ geoiplookup 220.181.111.86
GeoIP Country Edition: CN, China
GeoIP City Edition, Rev 1: CN, 22, Beijing, Beijing, N/A, 39.928902,
116.388298, 0, 0

Check that it’s not a DNS server:

$ dig @220.181.111.86 baidu.cn

; DiG 9.9.2-P2 @220.181.111.86 baidu.cn
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Excellent.… Read full post

Chinese Internet Filtering: The Curious Case of the Florida Pet Club

Of the various ways to filter the internet, manipulating DNS is probably the simplest and cheapest in terms of resources. DNS, the Domain Name Service, is the mapping between the human-readable URLs that we use, like https://www.pseudonymity.net, and the more machine-friendly IP addresses, like 87.106.104.43.

The Chinese Golden Shield Project, or Great Firewall, famously makes use of a range of techniques. These include keyword filtering, as reported by Clayton et al., as well as active blocking of services such as Tor at the IP level, and more manual censorship and takedown on services like Weibo.

In the past year or so I’ve spent some time tinkering with exactly how China’s internet is filtered. In particular, I’ve been interested in the extent to which the system is centrally-driven, with blanket country-wide decisions and implementation, against how many of its decisions are loose and locally applied by regional authorities and ISPs.

To study this it is more or less useless to fire up a VPN, or a copy of Tor, and run network tests. Filtering conditions may vary by ISP, by province, by city or by ISP. When I see a report that some site ‘is blocked in China’, my immediate response has become to ask where.… Read full post

Presentation on Mapping Chinese Censorship

I recently presented my work on censorship mapping to my colleagues at the OII, including a couple of maps with early analysis of DNS manipulation in Chinese cities.

The analysis is very preliminary, and there are considerable caveats even for the early results, but here’s the presentation:

Fine-Grained Censorship Mapping
View more presentations from Joss Wright
Read full post

Freedom of Communication on the Internet Workshop (FOCI): Fine-Grained Censorship Mapping — Information Sources, Legality and Ethics

This year saw the first workshop on Freedom of Communications on the Internet, co-located with USENIX Security in San Francisco. My contribution, co-authored with Ian Brown and Tulio de Souza, focused both on the means for mapping censorship in greater detail as well its legal and ethical implications.

The paper was inspired by the realization that censorship at the national level need not, and clearly often is not, applied equally across a country. The riots in Ürümqi, in Xinjiang, resulted in a blanket internet ban for that region that was not extended to the rest of China. The widely-reported shutdown of Egyptian internet service for several days during the 2011 Egyption revolution was not experienced, at least at first, on the ISP that provided service for important financial services. The ability to filter selectively is clearly, in the view of a censor, very useful.

Even when censorship is intended to apply equally, practical considerations can cause localized discrepancies. In large-scale or complex censorship regimes total centralization may be infeasible, resulting in censorship being delegated to local authorities or organizations. These may, in turn, make different choices in how to implement filtering at the local level, with varying results.

All previous major studies of internet censorship have considered filtering at the national level, without investigating the potential for local variation.… Read full post

Experiences of Chinese Internet Censorship

I was recently invited to speak at Dalian Technical University, in Liaoning Province in Northern China, and took the opportunity afterwards to spend three weeks travelling around China with my family. (Finally putting several years of studying Mandarin into practice, with a reasonable level of success, and having a fantastic time.)

Being in China, I couldn’t help but poke a little at the limitations imposed on my connection. Travelling with 14-month old twins is a full-time job, albeit one that I can highly recommend, which did not leave me a great deal of time to analyse connections. I will therefore only report on my personal experiences and impressions, although the data that I did gather will hopefully be useful for a future paper based on work that I presented at FOCI’11. As such, anyone who knows a little about Chinese state-level internet censorship is unlikely to find anything new here.

In my time in China, I ran simple filtering tests on all the Internet connections to which I had access, covering locations in Beijing, Dalian, Shanghai and Hangzhou. I also took the chance to run code to test local nameservers for DNS manipulation when requesting known blocked sites.

The most notable observations from my own experiences were:

  • Secondary effects of blocking
  • Twitter and Facebook are some of the more well-known blocked sites in China.… Read full post

    Media reports on Chinese Internet ‘hijacking’

    Another media story on China and the Internet has been widely reported today, although with a somewhat depressing lack of detail and excess of hysteria. I was interviewed today on the BBC about the story (my comments start around 01:34) and so spent a while digging into the particulars. I’ll attempt here to present a slightly more balanced and fact-based version of the story as I understand it. A good technical analysis of this incident can be found at BGPmon here, and probably the best I’ve seen so far is at Renesys here.

    A recent report to the US government by the US-China Economic and Security Review Commission contains, amongst other reports of potential national security threats to the US from China, mention of an incident in April 2010 in which a significant minority of Internet traffic was briefly and erroneously routed through China. The incident lasted approximately 18 minutes, and affected 15% of Internet destinations.

    The headlines report that “China hijack 15% of the Internet”, whilst somewhat breathlessly informing us that US military and government traffic was affected. The original report[1] points out that there is no evidence that this occurred intentionally, but the term “hijack” leaves the interpretation of malicious intent which, of course, makes for a more exciting story.… Read full post

    Amazon’s Kindle and Anti-Censorship in China

    There’s been quite a media buzz in the last few days regarding the ability of Amazon’s new 3G Kindle to bypass China’s Great Firewall[1]. I was recently interviewed on BBC World News about how the Kindle does this, and what some of the implications are. As I had about two minutes to put that across in the interview, I’ll expand slightly on the story here.

    In brief, the latest generation of Amazon’s Kindle has a web browser along with its free integrated 3G connection. The Kindle isn’t officially available in China, but is easy to find on the grey market and is apparently quite popular. One user recently noticed that browsing to blocked websites, such as Twitter and Facebook, appears to bypass the firewall.

    Why does this work? When I heard the story I had an immediate suspicion, and a quick play with my own Kindle confirmed the answer. Amazon have, apparently unintentionally, implemented a common anti-censorship technology in the way that the Kindle handles web requests: it bounces its connection through a proxy server located outside of the censorship zone.

    The Kindle is mainly designed to download books from Amazon via their Whispernet service. It appears that when you browse the web, the same connection is used; rather than connecting directly to website, you connect to Amazon’s servers first, which then forward the request to the website.… Read full post