Review: Tor router on Raspberry Pi

TorBox running on Hoek’s hardware configuration.

Hoek wrote on his website 0ut3r Space, a very nice guide / review about the TorBox. He used a Raspberry Pi 4 Model B in combination with a 3.5inch RPi Display (TFT) with an XPT2046 touch screen controller. Of course, the touch functionality won’t work in the shell terminal. The TFT and a beautiful matching case can be found on Aliexpress. I ordered it today to write a new guide for the advanced section because the Pimoroni’s Pibow PiTFT+ case for the PiTFT 3.5″ resistive touch 320×480 from Adafruit is is not available for the Raspberry Pi 4. Possibly we will implement the driver installation in a future version of TorBox in the configuration sub-menu.

Thank you, Hoek, for your kind review!

Delay on the TorBox project due to the COVID-19 pandemic

Updated on May 6th, 2020
  • All comments and questions are now answered. Thanks for your patience.
  • The documentation for TorBox v.0.3.0 is now revised, and the rest of the website is adapted to this latest version. Also, additional entries in the FAQ have been added, based on the questions received.
  • Important: You can safely update TorBox v.0.3.0 (initially with Linux v.4.19.75 and Tor v.0.4.2.5 to Linux v.4.19.97 and Tor v.0.4.2.7) using the first entry “Update the base system” in the “Update and Reset sub-menu” (main menu entry 12). An update is recommended because Tor v.0.4.2.5 shouldn’t be used anymore. We are going to build a new image in the next weeks and TorBox v.0.3.1 is already in the making.
Original post:

Initially, it was planned to update the TorBox website according to the latest version of the TorBox by the end of April. Primarily the documentation is still focused on the older version. I also intended to add more fixes and even some newer features to the TorBox itself.

Unfortunately, due to the COVID-19 pandemic, I found myself In my professional job under enormous working pressure. So far, I haven’t even had time to answer all the comments and questions on the TorBox website and on GitHub, or the many email messages. Sorry, folks; I’m sure some users are already upset with me.

Since my holidays were canceled at the end of April, all projects related to TorBox — especially checking and fixing possible bugs, as well as updates to the operating system and core components — have been postponed to the end of July or beginning of August. However, if the work situation continues to calm down over the next few days, I’ll start answering the comments on the website and on GitHub as well as the emails addressed to me in the coming weeks.

I’m sorry for this inconvenience and hope to bring the TorBox project back up to date as soon as possible.

TorBox v.0.3.0 released — now even easier to use

Update on January 13th, 2020

In the version dated January 1st, 2020, we had a little error in one of the script-files, which activated not only the obfs4 functionality but also uncommented “BridgeRelay 1” in /etc/tor/torrc. This led to conflict and blocked Tor to function. In a revised version, dated January 12th, 2020, we fixed this (and some other minor) bugs (see changelog below)

TorBox Image: v.0.3.0 (12.01.2020)SHA-256 values
TorBox Menu only: v.0.3.0 (12.01.2020)SHA-256 values

How to update from v.0.3.0 (01.01.2020) to v.0.3.0 (12.01.2020)?

Because we also switched curl for wget, the update from the previous version to version 0.3.0 (12.01.2020) cannot be done with the update sub-menu. Please proceed as follow (all settings remain unchanged):

  1. If not already done, go into the countermeasure sub-menu and toggle bridge mode from on to off. This comments out the line “BridgeRelay 1” in /etc/torrc. With the command “less /etc/tor/torrc” in the SSH shell, /etc/tor/torrc can be checked: all lines beginning with “Bridge” must have a # in front.
  2. Type following commands in the SSH shell:
    cd
    wget https://www.torbox.ch/data/torbox030-20200112.zip
    rm -r torbox    
    unzip torbox030-20200112.zip
    mv torbox030-20200112 torbox
    rm torbox030-20200112.zip
    cd torbox
    ./menu
    
Main Menu TorBox v.0.2.5 - cleaned up!
Main Menu TorBox v.0.3.0 – cleaned up!
Changelog: v.0.3.0 (01.01.2020) –> v.0.3.0 (12.01.2020)
  • New: Added to the “install” folder script and batch files to avoid a “Tor over Tor” situation if TorBox and the Tor Browser are used together. For more information, see here.
  • Fixed: Obfs4 functionality because it was broken due to a little error in one of the script-files. The bug resulted in uncommenting the line “BridgeRelay 1” in /etc/tor/torrc, which led to conflict and blocked Tor to function.
  • Fixed: Replaced curl with wget in the update script to avoid an error if the link is redirected to another destination.
Original post:

Based on feedback, difficulties with the correct operation of cable-based clients, and the need to offer a greater variety of connection options when connecting to the internet (also for future developments), the main menu of the TorBox was rewritten entirely. We would appreciate feedback so that we can make further improvements and adjustments in the next release (planned for mid-2020).

The idea behind the new main menu is that the user only has to specify where the TorBox gets its internet from. After that, the clients are served via TorBox’s wireless network, and if connected, simultaneously via ethernet cable. Also, other smaller improvements and wishes have been taken into account, which are listed in detail below. These are the corresponding links to download and install the newest version of TorBox (typically, you need only the image file):

Since we also had to update the configuration files, we recommend using the new image rather than updating an existing system. If you need to update your old TorBox, we recommend to replace the old TorBox menu with the new one and then update the configuration files via the update and reset sub-menu entry 6, which overwrites all old configuration files. However, the old files are saved as .bak. For further information, please contact us.

We update the TorBox website over the next weeks. Until then, some information could be outdated and refer to the older version.

Changelog: v.0.2.5 (24.09.2019) –> v.0.3.0 (01.01.2020)
  • Update: The system is based on Raspbian “Buster” lite with Linux Kernel 4.19.75 and Tor version 0.4.2.5.
  • New: The main menu is completely rewritten. You only have to specify where the TorBox gets its internet from. By default, it establishes a wireless network, which can be accessed by client devices. If available and connected, client devices are served by ethernet cable.
  • New: TorBox supports now internet connectivity with the Point-to-Point Protocol (ppp0, for example, for cellular shields/HATs) and/or over USB adapters (usb0).
  • New: By default TorBox’s wireless network is established by the onboard chip (wlan0). This can be switched with a USB wireless adapter (wlan1) so that TorBox can access external hotspots on the 5 GHz band, which is probably not supported by a cheap low-powered USB wireless adapter.
  • New: The TorBox configuration sub-menu supports now the changing from 2.5 GHz (20 MHz / 40 MHz) to 5 GHz (40 MHz / 80 MHz) and back. Additionally, the WLAN channel to be used can be selected and changed.
  • New: We integrated an update sub-menu that also comprises all the reset features, which are now removed from the countermeasures sub-menu. 
  • New: Support for Sixfab Cellular Shields/HATs. The following Sixfab Shields are supported: Raspberry Pi GSM/GPRS Shield, Raspberry Pi 3G-4G/LTE Base Shield V2, Raspberry Pi 3G/4G&LTE Base HAT, Raspberry Pi Cellular IoT Application Shield,  Raspberry Pi Cellular IoT HAT, Raspberry Pi Tracker HAT.
  • New: Beginning with this release, we provide to all our files SHA-256 hashes, so that you can verify the integrity of the downloaded files.
  • Improved: Cleaned up of the code. and outsourced essential functions into a library. This will help to maintain the code in future releases properly. 
  • Improved:  Setting and changing the WLAN regulatory domain  is now more user-friendly.
  • Improved: Because we could clean up the main menu, we added an entry to show the Tor log file. Sometimes, especially if you run a bridge relay, Tor needs minutes to start up. Using this menu entry is an easy way to follow the progress on loading.
  • Fixed: The gpg key for Torproject’s Debian repository is now fetched more reliably (used in the update script), and additional post-update configurations will prevent the breaking of the bridge relay functionality.
  • Experimental: A new script to install TorBox from scratch on a Raspberry Pi with Raspbian light.
  • Removed: CABLE MODE– no longer necessary
TorBox connecting the internet via a cellular connection using a Raspberry Pi 3G-4G/LTE Base Shield V2 by Sixfab and a Quectel EC25 Mini PCle 4G/LTE Module.  
Your feedback is welcome!!

We hope that this version will please you. However, we are dependent on feedback. It’s not just about fixing bugs and improving usability, but also about supporting additional interfaces and hardware in future releases:

  • What do you like?
  • What should be improved (and how)?
  • What would you like to see next? Which features do you request?

TorBox Cellular

TorBox doesn’t support only internet access and client connections via WiFi (an additional USB WiFi adapter is necessary) or cable, it also supports internet access via a cellular network. Below, we show you how you can upgrade your Raspberry Pi.

Used Items

Support software installation and configuration

  1. Go to the Configuration & Update submenu and choose the menu entry 10 to start the installation and configuration of the support software.
    Attention: you have to have internet connectivity for that step. In other words: you have to install the support software before you need a cellular connection!
  2. Choose the correct Sixfab Shiel/Hat.
    According to our recommendation above, it would be the “3G, 4G/LTE Base Shield”.
  3. What is your carrier APN?
    You find the APN settings of most carriers here.
  4. Does your carrier need username and password?
    Again, you find this information on most carriers here.
  5. What is your device communication port?
    If you use the Sixfab Shield with the USB connector (as in our image above), you should choose ttyUSB3.
  6. Do you want to activate auto connect / reconnect service at RPi boot up?
    We recommend choosing yes.
  7. At the end of the installation script, pressing ENTER reboots the Raspberry Pi. If you want to avoid it, press CTRL-C.

How can I securely route my data stream through the cellular connection?
After assembling all the hardware, installing and configuring the support software correctly, choose entry 7 in the main menu to route all your encrypted data through the cellular connection.

TorBox v.0.2.5 released, featuring Bridge Relay support!

Almost a month ago, the Tor Project called for support:

We currently have approximately 1,000 bridges, 600 of which support the obfs4 obfuscation protocol. Unfortunately, these numbers have been stagnant for a while. It’s not enough to have many bridges: eventually, all of them could find themselves in block lists. We therefore need a constant trickle of new bridges that aren’t blocked anywhere yet. This is where we need your help. By setting up an obfs4 bridge, you can help censored users connect to the open internet through Tor.

Based on this call we put a bridge relay into the net a week ago, and – if everything works out – we will add a second one. However, that was not enough for us. Mostly during the last few weekends, we’ve implemented a TorBox feature that allows anyone with a public IP address, 24/7 internet connectivity over a long time, and a bandwidth of at least 1 Mbps to configure their bridge relay at the touch of a button and put it on the net. Besides, we have added and improved some other details, so that we can now release the resulting image as TorBox v.0.2.5. Below are the corresponding links (typically, you need only the image file):

Main Menu TorBox v.0.2.5
Main Menu TorBox v.0.2.5

Changelog v.0.2.4-rpi4 (08.08.2019) —> v.0.2.5 (24.09.2019)
New: This version introduces the support for setting up a bridge relay.
Updated : The system is based on Raspbian “Buster” lite with Linux Kernel 4.19.66 and Tor version 0.4.1.5.
New: A little message (“TOR is working“) in the right corner of the main menu shows you immediately if you are connected with the Tor network (meaning https://check.torproject.org returns a positive result). Since a missing response does not automatically mean that there is no connection to the Tor network, no error message is displayed. In other words, if this message is missing, there may or may not be a connection problem.
New: We use the same method as mentioned above for the final message box after selecting (or changing) a connection (main menu entry 6-11). In case of success, the message starts with “CONGRATULATION !!” otherwise with “HMMM… THAT DOESN’T LOOK GOOD…“. In contrast to the positive message, negative feedback does not necessarily mean that an error has occurred. Since the check does not last more than 5 seconds, Tor may not have been ready yet; the check site may have been down, etc.
New: Support for Adafruit’s PiTFT displays (PiTFT 3.5″ resistive touch 320×480, PiTFT 2.8“ capacitive touch 240×320, PiTFT 2.4″, 2.8″ or 3.2″ resistive 240×320, PiTFT 2.2″ no touch 240×320, Braincraft 1.54″ display 240×240). Note: TorBox’s menus and dialog boxes have only been adapted for the PiTFT 3.5 (320×480) or any other display, which displays in textual mode at least 25×80 characters.
Improved: Menus and dialog boxes should now work more smoothly on 25×80 textual screens as well as on smartphone and tablet clients. For that reason, we added for some message boxes scroll texts, which are visible with the “scroll down” remark in the title of the message box.
Improved: Revised version of the Tor reset functionality in the „Countermeasure & Troubleshooting“ menu.
Improved: Cleaning up in the shell scripts (used more variables, combine certain parts into functions, etc.).
Updated: Pre-configured Bridges (we also added our bridge relay)
Fixed: While adding bridges, TorBox activates/deactivates the new bridges depending on the current bridge modus.
Fixed: Some more non-critical bugs and typos in the text files.

The pre-v.0.2.6 release is expected at the end of the year.

The functionality of Tor easily explained

If you look at the various forums about Tor, there is a lot of skepticism, misunderstandings, and questions, especially among newcomers, about how Tor works and the possibilities (or limitations) it offers. This is due in particular to the fact that many people are unfamiliar with how Tor works, and feel that it is far too complicated to understand. With an excellent video of Computerphile, Dr. Mike Pound shows that it doesn’t have to be complicated. Very simple and easy for beginners to understand, he shows how Tor works and mentions its limitations.

Sneak Peek on TorBox 0.2.5

My first Tor Bridge Relay is properly working – see here.

With TorBox v.0.2.5 (coming soon) everyone with direct internet connection will be able to set up a Tor Bridge Relay — only with a view „clicks“.

Bridges are essential for people in authoritarian countries to reach the open internet. TorBox v.0.2.4 offers such client functionality already, but soon, users with a direct internet connection can help others by setting up their relay.

More information
Run Tor Bridges to Defend the Open Internet

TorBox To Go 2.0

Due to the size of the Raspberry Pi and the necessary accessories, TorBox is very easy to use on the road. Below, we show you the recommended minimal accessories for portable use. Nevertheless, all the stuff still fits into a waterproof, compact plastic container. Below the images, you find further information about the items used with the corresponding links.

• • •

• • •

• • •

Although the Raspberry Pi takes up little space, the problem lies in the fact that the official power adapters to the Raspberry Pi are not very compact and therefore waste valuable space. There are smaller power adapters, such as the 12W USB Power Adapter by Apple shown in our example, but when directly connected to the Raspberry Pi, they can cause power problems. This also applies to power banks: the power supply is usually not sufficient for a long stable operation of the Raspberry Pi. The Raspberry Pi 3 Model B was still satisfied with 12W, but Model B+ and the Raspberry Pi 4 Model B require at least 15W (see here: Raspberry Pi 3 B+ Review and Performance Comparison and this Power Consumption Benchmarks). There is also another problem with the Raspberry Pi 4 Model B: because of a flaw in how the USB-C power input is behaving, currently, the Raspberry Pi 4 B does not work with most third-party power adapter and power banks. By contrast, the PiJuice HAT works reliably with almost all Raspberry Pi versions and models, and virtually any power adapter or power bank can be connected to it, so the somewhat weak standard battery doesn’t run out too quickly. With the PiJuice alone, TorBox can be operated for an estimated 1-2 hours, depending on the load.

Used Items

TorBox v.0.2.4-rpi4 released, featuring Raspberry Pi 4 Model B support!

I’m pleased to announce this new version of TorBox, which introduces the support for the Raspberry Pi 4 Model B. The image file was completely rebuilt based on Raspbian “Buster” lite with the Linux Kernel 4.19.58 and Tor version 0.4.0.5. This version does support not only the new Raspberry Pi 4 Model B but also the previous Raspberry Pi 3 (Model B / Model B+).

In contrast to the previous versions, the Raspberry Pi 4 Model B has a higher power consumption, which is why we also recommend the use of a Pimoroni’s chunky heatsink in combination with a Pibow Coupé 4 case (see photo above).

The TorBox pre-v.0.2.5 release is expected at the end of the year.

Updated: Useful browser add-ons to improve anonymity, security and/or usability

Along with the release of TorBox v.0.2.4, we were updating our website and added some new information in the FAQ section. We also heavily updated our recommended browser add-ons, which are mainly available for Firefox (our number one choice for web browsers alongside the Tor Browser). Here you can find a copy of the updated recommendations (the original list can be found here):

  • https-everywhere: Automatically makes websites use a more secure HTTPS connection instead of HTTP if they support it. With HTTPS, even the connection between the Tor exit node and the web server is encrypted. Tor Browser also uses this add-on. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox, Firefox for Android, Chrome, and Opera).
    https-everywhere: How it works.
    https-everywhere: How it works.
  • NoScript: Allows JavaScript, Java, Flash, and other plugins to be executed only by trusted web sites of the users choice. NoScript also provides powerful anti-XSS and anti-Clickjacking protection. Tor Browser also uses this add-on. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox and Chrome).
  • First Party Isolation: First Party Isolation, also known as Cross-Origin Identifier Unlinkability, is a concept from the Tor Browser. The idea is to key every source of browser identification with the domain in the URL bar (the first party). This makes all access to identifiers distinct between usage in the website itself and through third-party. Think of it as blocking Third-party cookies, but more exhaustively. (USED BY TOR BROWSER; ESSENTIAL for SECURITY / ANONYMITY; available for Firefox).
  • uBlock Origin: The only real working and independent ad blocker (ESSENTIAL for SECURITY / ANONYMITY / USABILITY; available for Firefox, Chrome, Safari, and Opera).
  • Smart Referer: Prevents Cross Domain Referer Leakage (ESSENTIAL for ANONYMITY; available for Firefox).
  • CanvasBlocker: Allows users to prevent websites from using the Javascript canvas API for fingerprinting them. (ESSENTIAL for ANONYMITY; available for Firefox)
  • Decentraleyes: This browser add-on emulates Content Delivery Networks (CDN) by finding supported resources locally, and injecting them into the environment. All of this happens automatically, so no prior configuration is required. Here is a testing utility to find out if you are properly protected against a CDN vulnerability (ESSENTIAL for ANONYMITY; available for Firefox, Chrome, Opera).
    Decentraleyes: How it works.
    Decentraleyes: How it works.
  • Neat URL: Cleans URLs, removing parameters such as Google Analytics’ utm parameters. (ESSENTIAL for ANONYMITY; available for Firefox)
  • Skip Redirect: Some web pages use intermediary pages before redirecting to a final page. This add-on tries to extract the final url from the intermediary url and goes there straight away if successful. (ESSENTIAL for PRIVACY / USABILITY; available for Firefox)
  • Privacy Pass: Allow users to redeem validly signed tokens instead of completing captcha solutions. Clients receive 30 signed tokens for each captcha that is initially solved. Cloudflare currently supports Privacy Pass. (ESSENTIAL for USABILITY; available for Firefox and Chrome).
  • uMatrix: Point and click matrix to filter net requests according to its source, destination, and type (available Firefox, Chrome, and Opera).
  • Privacy Badger: A balanced approach to internet privacy between consumers and content providers by blocking advertisements and tracking cookies that do not respect the Do Not Track setting in a user’s web browser (available for Firefox, Chrome, and Opera).
  • FoxyProxy: FoxyProxy is an advanced proxy management tool (see also here; available for Firefox, Chrome, Safari, Opera, and others).
  • Bypass Paywalls: Let’s say you are a researcher and one of your sources is an article in the Washington Post. Would you subscribe, only for that one article? Yes, we thought so, too 😉 (available for Firefox and Chrome).

Do you have another very useful browser add-on? Let me know in the comment section below!

TorBox v.0.2.4 released, featuring OBFS4 Bridges support!

I’m pleased to announce the release of TorBox v.0.2.4. As promised, the focus of this release was on supporting OBFS4 bridges, which help to overcome censorship measures in certain countries (for example Turkey). Below are the links for the latest TorBox v.0.24 (typically, you need only the image-file):

Main Menu TorBox v.0.2.4
Main Menu TorBox v.0.2.4

Changelog v.0.2.3 (09.02.2019) —> v.0.2.4 (25.05.2019)
Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.19.2 and Tor version 0.3.5.8.
New: Instead of the “advanced submenu”, we split old and new functionalities into two separate submenus: “countermeasures & troubleshooting” and “configuration & update”.
New: We implemented in the “countermeasures & troubleshooting” submenu a user-friendly way to activate, configure, and change the OBFS4 bridge’s functionality. There are 15 pre-configured OBFS4 bridges in the configuration, which were fully functional at the time of the release. We hope to help with this approach beginners. We urgently need your feedback to develop this functionality further.
New: Since TorBox v.0.2.3, nyx does a good job as a statistics tool (main menu entry 1). However, there are certain cases, when Tor hangs during bootstrap, that nyx doesn’t start either. Therefore we have added an alternative method in the submenu “countermeasures & troubleshooting” (entry 11) to quickly display the log file of Tor and update the display if necessary.
New: TorBox is now providing a SOCKS v5 proxy functionality on port 9050 to its connected clients. If you use that capability, applications which support SOCKS v5 proxy connectivity and “DNS over proxy” (for example Firefox or the add-on FoxyProxy) can access directly .onion sites. For more information, see here.
Improved: We again reduced the size of the image file, which is now about 865 Mbyte.
Changed: All scripts are now executed by bash instead of sh. The change was needed to enable the handling with arrays.
Fixed: Some minor bugs and cleaned up the code.
Removed: The experimental section (for now).

The pre-v.0.2.5 release is expected at the end of the year.

Press and Internet censorship in Turkey

Article 26 paragraph 2 of the Turkish constitution guarantees freedom of the press and expression. At the same time, it legitimizes a regulatory system for “publications by radio, television, cinema or similar means”. Finally, in paragraph 2, the above mentioned rights of freedom are again undermined by a large number of arbitrarily applicable exemptions. At the same time, a vague formulation about the protection of “the reputation or rights of others and their private or family life” opens the door to restrict freedom of the press and expression. Nevertheless, the government often uses the argument “support of a terrorist organization” as justification for any repression. Accordingly, many journalists find themselves behind bars: at the end of December 2018, there were 68 in jail – no other country (followed by China, Egypt, and Saudi Arabia) imprisoned so many journalists. On average, jailed Turkish journalists spend more than a year in detention awaiting trial, and after that, imposing long prison sentences is the norm. In some cases, even sentences of life without parole have been handed down (“Turkey: Massive Purge“, Reporters Without Borders, 2018).

Cartoon by Tjeerd Royaards.

While Turkey has never been a model for guaranteeing freedom and human rights, the situation has worsened in stages after 2006, 2013, and 2016. The EU has criticized Turkey from early on, and the relationship is often strained not the least because of apparent shortcomings in freedom and human rights. Despite an association agreement in 1963 and a customs union at the end of 1995, the EU renounced accession negotiations in 1997 (to the annoyance of Turkey in contrast to the Eastern European countries and Cyprus), which in the short term led to a break in talks between the EU and Turkey. Quasi for reconciliation, at the end of 1999, Turkey was categorized as an “applicant country” by the European Council. At the same time, the European Council stated that the fulfillment of the Copenhagen criteria would be a prerequisite for the opening of accession negotiations or entry to the EU. The Copenhagen criteria include “institutional stability, democratic and constitutional order, respect for human rights and respect for and protection of minorities”.

In fact, at the beginning of the 2000s, Turkey was trying to meet these criteria. For example, a comprehensive reform of Turkish civil law was undertaken, the death penalty was abolished even in times of war, torture was forbidden, the freedom of assembly and demonstration expanded, and the rights of the Kurds were strengthened. Ironically, today’s Turkish President Recep Tayyip Erdoğan and his Justice and Development Party (Adalet ve Kalkınma Partisi, AKP) were behind many of these reforms. Nevertheless, the new standards were often paper tigers, because, in practice, it proved lacking. For instance, in its report last year, Amnesty International stated that torture is still occurring among people in police custody and that public authorities do not effectively prevent it (“Turkey 2017/2018“, Amnesty International).

Amnesty International activists ride a boat on the Spree, Berlin. They demand the release of Taner Kılıç, founder and president of the Turkish section of Amnesty International. Kılıç was detained by Turkish authorities on 6 June 2017 and charged with use of the smartphone program ByLock and membership of a terrorist organization. One of Turkey’s supreme courts declared in September 2017 that having ByLock installed on the phone of an accused person was sufficient to establish that person’s membership of the Gülen movement. He remained in detention until 15 August 2018.
Amnesty International activists ride a boat on the Spree, Berlin. They demand the release of Taner Kılıç, founder and president of the Turkish section of Amnesty International. Kılıç was detained by Turkish authorities on 6 June 2017 and charged with use of the smartphone program ByLock and membership of a terrorist organization. One of Turkey’s supreme courts declared in September 2017 that having ByLock installed on the phone of an accused person was sufficient to establish that person’s membership of the Gülen movement. He remained in detention until 15 August 2018.
The limited successes of the reform efforts were short-lived. As early as 2006, an intensification of the anti-terrorist legislation led to an increase in journalist arrests. There were also restrictions on the use of the Internet. In May 2007, Law No. 5651 on the regulation and the fight against crime on the Internet came into force. This law was initially promoted to combat sexual exploitation and abuse of children, prostitution, and gambling, but over the years it has increasingly been used as a basis to block all kinds of content the government finds disagreeable. Based on this law, in addition to blocking websites, access to Facebook, Twitter, YouTube, Instagram, WhatsApp, and Skype is repeatedly temporarily blocked, the connection speed is throttled, or access to the Internet is completely blocked (Burcu Selin Yılmaz, Hümeyra Doğru, and Volkan Bahçeci, “What If You Cannot Access the Internet in the Surveillance Society? Individuals’ Perceptions Related to The Internet Censorship and Surveillance in Turkey“, Journal of Media Critiques, vol. 3, no. 11, 10 September 2017, p. 74f). This law has been used as the basis for completely blocking all content on Wikipedia since the end of April 2017. However, the Internet is not only partially blocked: since November 2011, there is also a nationwide filter system. Finally, for the first time, in September 2012, an Internet user was sentenced to one year in prison for insulting the Turkish President Abdullah Gül on Facebook. The increasing censorship of Internet content is also reflected in the evaluation by Freedom House: since 2009, this rating has steadily worsened and has been rated as “not free” since 2016.

A further sustained restriction of freedom of the press and expression – both in the classical sense as well as on social media – took place in 2013. This was due to several events, which, together with social media and conventional reporting had a negative impact on the then-Prime Minister Erdoğan, his political environment, and the AKP. Starting in 2012 and particularly in 2013, several hundred Turkish officers were jailed for past or suspected coups or attempted coups. Overlapping, the conflict with the Kurdistan Workers’ Party (PKK) flared up from October 2011 to March 2013 (and later again from 2015). However, the most influential were the demonstrations starting in late May 2013 in Istanbul against a planned construction project on the grounds of Gezi Park. These demonstrations increasingly became a nationwide, anti-government protest and culminated in December 2013 with the publication of massive allegations of corruption against the AKP government.

The Turkish media have embarrassed themselves. While the whole world was broadcasting from Taksim Square, Turkish television stations were showing cooking shows. It is now very clear that we do not have press freedom in Turkey. — Koray Çalışkan, a political scientist at Istanbul’s Boğaziçi University, cited in Constanze Letsch, “Social Media and Opposition to Blame for Protests, Says Turkish PM“, The Guardian, 3 June 2013.

Because of the lack of coverage by pro-government media, social media played a decisive role in organizing the demonstrations and protests for the Occupy Gezi movement (Erkan Saka, “Social Media in Turkey as a Space for Political Battles: AKTrolls and Other Politically Motivated Trolling“, Middle East Critique, vol. 27, no. 2, 3 April 2018, p. 161). As a result, access to social media and anti-government content on the Internet has been severely restricted. When incriminating recordings of the corruption scandal were published on YouTube and Twitter, the government reacted by temporarily blocking these services entirely. Erdoğan described social media as “the worst menace to society” and the government arrested Turkish Twitter users for the first time. Despite Erdoğan’s negative attitude towards social media, in the fall of 2013 the AKP announced that it wanted to build a 6,000-strong team of young, tech-savvy party members, which would silence government-critical voices on social media (like a Troll army; Erkan Saka, “The AK Party’s Social Media Strategy: Controlling the Uncontrollable“, Turkish Review, vol. 4, no. 4, 7 August 2014, p. 418–23).

2011 protests against internet censorship in Turkey.
2011 protests against internet censorship in Turkey.
The press in Turkey can hardly be called free. Almost all media companies are owned by large holding companies that have connections to political parties. Around a dozen journalists, who had reported positively about the demonstrators during the protests in 2013, were fired. After facing massive amounts of pressure in their media companies in 2014, hundreds of journalists who had previously investigated corruption cases quit their jobs. Law No. 5651, which was strengthened by the AKP in February 2014, expanded state monitoring capabilities. Internet service providers (including Internet cafés and free Wi-Fi providers) were required to keep their users’ activity data up to two years instead of the original one year. This data had to be provided at the request of the authorities without requiring any judicial order (Bilge Yesil and Efe Kerem Sozeri, “Online Surveillance in Turkey: Legislation, Technology and Citizen Involvement“, Surveillance & Society, vol. 15, no. 3/4, 9 August 2017, p. 545). However, parts of the strengthening, such as the two-year retention period, were reversed in December 2016 by a Turkish Constitutional Court ruling.

Starting in 2014, charges against journalists and students for insulting government officials increased. From the beginning of Erdoğan’s presidency at the end of August 2014 until the failed coup attempt in mid-July 2016, 1,845 people were charged with insulting the Turkish president – a criminal offense punishable by up to four years in jail under Turkish law. As a gesture of national solidarity Erdoğan dropped almost all the charges after the failed coup attempt (except for pro-Kurdish parliament members and the German satirist Jan Böhmermann). Since then, however, there have been new charges.

A Turkish soldier who took part in the attempted coup is kicked and beaten by the crowd (Photo: Selcuk Samiloglu).
A Turkish soldier who took part in the attempted coup is kicked and beaten by the crowd (Photo: Selcuk Samiloglu).

After the failed coup attempt in mid-July 2016, repression has once again noticeably increased. To date, more than 96,000 people (including 319 journalists) have been arrested, and around half a million have been investigated (including more than 2,000 young people under the age of 18), more than 150,000 people have been fired (including more than 6,000 academics and nearly 4,500 judges). In addition, 189 media outlets were closed during this period (“Monitoring Human Rights Abuses in Turkey’s Post-Coup Crackdown“, Turkey Purge, 19 April 2019). As of November 2016, 114,000 websites were blocked for political or social reasons. These include news agencies as well as online forums reporting on LGBTI issues, ethnic minorities (especially pro-Kurdish content), and social unrest or show anti-Muslim content.

Page views of the Turkish Wikipedia https://tr.wikipedia.org/ in 2017.
Page views of the Turkish Wikipedia https://tr.wikipedia.org/ in 2017.
Since December 2016, a large number of VPN providers and Tor entry nodes have been blocked. Public censorship can be bypassed with a reasonably stable connection if the Tor client uses OBFS4 bridges. However, this approach only works if web pages are blocked; there is no solution if the overall connection to the Internet is throttled or the connection is blocked entirely (Yılmaz, Doğru, and Bahçeci, p. 78f). Offiziere.ch is aware of a case in which a relatively reliable, permanent connection was made with 15 bridges. In TorBox version 0.2.3, the possibility to use bridges is experimentally implemented, but not yet in a user-friendly way (there is a well-documented configuration file for savvy users). A more user-friendly implementation will be provided with the pre-version 0.2.4 – planned for the middle of this year. Currently, the following VPN providers are available in Turkey: ExpressVPN, NordVPN, AstrillVPN, PrivateVPN, and CyberGhost. Like Tor with OBFS4, they also rely on obfuscated protocols. In any case, the VPN user is well advised to additionally use Tor over VPN so that the VPN provider can only recognize an encrypted, target-anonymized data stream.

Also, in mid-March 2018 ProtonMail was blocked. ProtonMail is an email provider located in Switzerland, which specializes in the free or cost-effective offering of user-friendly encrypted email communication. According to information from ProtonMail customer service the service was accessible again after a few days for users located in Turkey, but based on the information available to offiziere.ch there were at least repeated temporary restrictions. Particularly piquant is that the blocking was carried out by Vodafone Turkey, which is part of the British Vodafone Group. Once again there are companies in democratic states supporting censorship in authoritarian states.

TorBox on GitHub / Updated TorBox v.0.2.3 GitHub release

TorBox has now its own GitHub page, which gives you an easy way to contribute to the TorBox project. Especially for that occasion, TorBox v.0.2.3 has been updated. Here are the links for the latest TorBox v.0.23 (usually, you need only the image-file):

Changelog v.0.2.3 (09.01.2019) —> v.0.2.3 (09.02.2019)

  • Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.14.79 and Tor version 0.3.5.7.
  • Updated: nyx (the Tor statistics program) from version 2.0.4 to 2.1.0.
  • Updated: Reduced logging is now enabled by default. Corresponding menu entry in the advanced menu let you change the amount of logging.
  • Updated: “Erase all log files” (entry in the advanced menu) deletes all log files (previous behavior was to reduce them to 0 bytes).
  • Minor fix: Fixed some minor bugs, cleaned up the code and especially the configuration files in “/etc“.
  • Removed: The Screen Saver (entry in the main menu) and slurm.

The pre-v.0.2.4 release is expected at the end of May 2019 and will focus on improved usability of bridges.

TorBox v.0.2.3 released !

Finally! I’m happy to announce the release of TorBox v.0.23. During the last half-year, I tested the functionality under real-life conditions, and I’m pleased with the overall stability of the system (if the power supply is reliable enough). Currently, I receive only a few feedback from the community. Therefore, one of my goals for 2019 is to find more contributors who are motivated to give feedback and to help to improve the functionality and security of the system, but more about that later…

Main Menu TorBox v.0.23
Main Menu TorBox v.0.23

Changelog pre-v.0.2.3 (02.12.2018) —> v.0.2.3 (09.01.2019)

  • New: The first noticeable improvement is the size of the image file: it is only a little bit more than 900 Mbyte (compared to 1.4 Gbyte of the last version). This reduction of size was made possible by shrinking the image. At the first start, the image automatically expands over the entire free partition. After an automatic reboot, the system is available for use – user interaction, screen, and peripherals are not required. After 2-3 minutes, when the green LED stops to flicker, connect your client to the new WiFi “TorBox023”. Then use an SSH-client to access 192.168.42.1 (username: pi / password: CHANGE-IT). Now, you should see the TorBox menu. Choose the preferred connection setup and change the default passwords as soon as possible (the associated entries are placed in the advanced menu). TorBox needs at least a 4 Gbyte SD Card, but 8 Gbyte is recommended.
  • New: The ability to configure TorBox with bridges that use obfs4 pluggable transport capability to overcome censorship. It is still in experimental status, but with detailed feedback, I will be able to improve and extend this feature for the next version. It works like that: after selecting the connection in the main menu and if Tor Statistics doesn’t show any link to the Tor Network, then additionally the user can try the bridge function in the Advanced Menu. To be honest: the whole thing took a lot of nerves out of me, not so much because of the configuration, but because there seem to be quite a few bridges that don’t work (or don’t work with my network environment). So my advice is, if necessary, to enter 3-6 bridges and to wait at least 5 minutes even though error messages can be seen (someone in a country with state censorship told me that he needs up to 15 bridges). Probably, I will change the implementation of that feature in the future; actually, the improvement of this very important feature will be the main focus for the development of the next pre-v.0.24. That’s why I need your feedback and ideas on these. However, one thing in advance: currently, I don’t see any way to get the bridges automatically (at least as long as we deal with shell scripts :-/).
  • New: I noticed that some free Internet provider at airports, hotels, coffees, etc. just cut the connection after a particular time without network load. A “normal” device would probably reconnect, but this doesn’t work with TorBox. That’s why there is now an entry in the Advanced Menu that provides a constant ping for a minimal data stream. At least with Starbucks, this worked :-).
  • New: The localization is now in English by default, the time should remain set to UTC, and ntpdate fetches the correct time at startup … from this point of view there is no urgent need for an additional configuration. However, I added to the Advanced Menu the possibility to set a “Wifi Regulatory Domain”. The current setting is “unset” or “world”, which is quite broad, but if someone has problems with it, he can change it now. Currently, the two-letter country code has to be chosen from https://wikipedia.org/wiki/ISO_3166-1_alpha-2. At this point, I need your feedback, if you need that feature at all and if I should improve its usability.
  • New: I also added a runtime file where TorBox stores certain global variables. There isn’t much in it yet, but it might become a kind of configuration file in the future.

Advanced Menu TorBox v.0.23
Advanced Menu TorBox v.0.23

  • Updated: The system is based on Raspbian “Stretch” lite with Linux Kernel 4.14.79 and Tor version 0.3.4.9.
  • Updated: For security reasons, the Bluetooth capabilities are disabled on the provided image.
  • Updated: The feature to overcome captive portals has been so stable since last summer that I was able to remove all alternative strategies and test scripts. Now, the captive portal solution works for all connection types – and if someone is mistaken, it doesn’t matter — he can click through the procedure. For security reasons, the user has, however, the possibility to abort before establishing an insecure connection.
  • Updated: Experimentally, I had already integrated the possibility of cable-TorBox-cable connections before, but I wasn’t that happy about it. I have entirely reworked this first approach. Now the user can choose between WiFi- or cable-client in the main menu. The user can also switch back and forth, but he has to make sure that he can log in with the chosen client.
  • Updated: The update function is now more reliable (now with the latest stable Tor release).
  • Updated: All menus and display screens should be viewable on a 3.5“ screen, on a mobile phone or tablet. Besides, the menus are better structured, and I have tried to make the information screens more understandable. Let me know, your thoughts about it.
  • Updated: As for DNS leaks, I’m a bit paranoid, so dnsmasq is turned off on TorBox by default, and any DNS queries made locally on the device (that is, by the user logged in via ssh in the shell) are recorded in the log file.
  • Minor fix: The menu entry to flush all log files, flushes now “~/.bash_history” too.
  • Minor fix: Some minor bugs in the configuration part in the advanced menu.
  • Removed: The ability to reset the entire network settings (was located in the Advanced Menu). This feature isn’t necessary anymore, and it wasn’t very useful.
  • Tested: With Raspberry Pi 3 Model B and Raspberry Pi 3 Model B+ (max achieved throughput: 2.3 Mb/s). I continue to test the integration of the PiJuice, a portable power platform for the Raspberry Pi, but it seems that the permanent power supply is not reliable enough to enable stable WiFi-TorBox-WiFi connectivity. For portable use, my best experience is made with the RS Pro PB-10400 Power Bank, 5V / 10,4Ah.

A test with the PiJuice HAT. Below in black is the very reliable RS Pro PB-10400 Power Bank, 5V / 10,4Ah.
A test with the PiJuice HAT. Below in black is the very reliable RS Pro PB-10400 Power Bank, 5V / 10,4Ah.

Last but not least, I’m coming back to my desire to expand the number of contributors. I have about 4 Raspberry Pi 3 Model B to give away for free (SD Card with pre-installed TorBox v.0.23 included). If you want one of these Raspberry Pis than send me an email explaining why I should send you one and what you are willing to contribute to the project.

China: The Emergence of Probably the World’s Largest Data-Mining Giant

by Ypsilons 378

The Chinese government plans to monitor its people with a comprehensive social credit system.” The goal is to promote honesty and sincerity in order to promote economic and social progress. In the process, those who betray trust are to be severely punished.

China is currently busy creating a digital data monster with tentacles extending into every aspect of life. This is causing concerns about the rampant frenzy to collect data and how it will be handled. The Chinese social credit system is officially scheduled to go into operation in 2020. From then on, not one of the country’s approx. 1.5 billion inhabitants will be able to escape the state’s rating system.

Education in “goodness”
Zhang Zheng, director of the China Credit Research Center at Peking University, is an important thought leader and theoretician of the Chinese social credit system. His mindset is rooted in his socialization because the economics professor had initially studied mathematics and natural sciences, which requires a rational and analytical way of thinking. However, dealing with human beings and the problems of society requires a broader, more differentiated approach, which is often difficult for dedicated natural scientists. Social sciences are more than just ones and zeros, black and white, right and wrong, good and evil, but the Chinese social credit system is based precisely on this simplified dualistic way of thinking.

There are two kinds of people in this world: good people and bad people. Now imagine a world where the good ones are rewarded and the bad ones are punished — Zhang Zheng zitiert in Martin Maurtvedt, “The Chinese Social Credit System: Surveillance and Social Manipulation: A Solution to ‘Moral Decay’?“, Department of Culture Studies and Oriental Languages, University of Oslo, 2017, p. 1.

Zheng is convinced that the Chinese social credit system, i.e., socialization as a “good” person with the help of digital tools, will become a sustainable cornerstone for the moral order of Chinese society. This system is intended to improve the morals of society. Whether the everyday morals of the people or the business ethics of companies, the system is supposed to that the rules are followed. This has particularly obvious consequences on individuals: good citizens would be rewarded and favored, while bad ones would be sanctioned with severe restrictions in daily life.

Structure and function
The Chinese social credit system is based on centralized databases containing such records as medical and court files, online shopping, posts on social networks, internet search queries, travel plans, and purchases with credit cards or payment apps. These records are then analyzed and weigh this cluster of data to come up with a single score. Companies and institutions will have no choice but to make their data available to the system. However, there won’t be much need to put pressure on Chinese companies, since there are already voluntary systems in place such as Alibaba’s Sesame Credit (with over 450 million active users), Tencent (operator of the successful Chinese messaging, social media and mobile payment app WeChat), and Baidu. China’s private internet companies have indicated that the Communist Party may use their compiled data and cutting-edge technologies because, in return, they will gain access to previously inaccessible government databases.

Looking at Sesame Credit, not only payment behavior but also “habits or preferences” and “personal networks” can influence creditworthiness. According to Li Yingyun, head of development at Sesame Credit, someone who plays video games ten hours a day is classified as a sluggish person, but those who buy diapers frequently are likely to be a parent and are therefore willing to accept a higher degree of responsibility. Ambitious gamers risk a lower score, while those who are responsible get a higher one. It’s also worthwhile to pick friends with high scores because these can help increase your score. However, if your friends have low scores, you risk losing points. If you are looking for a partner, you can advertise with a high score, because Sesame Credit cooperates with Baihe, China’s largest online dating agency. This means, however, that people with low scores will inevitably remain single.

Moral role models: Roncheng's "civilized families" can be admired on such public display boards. (Foto: Simina Mistreanu).
Moral role models: Roncheng’s “civilized families” can be admired on such public display boards. (Foto: Simina Mistreanu).

Pilot operation already running
Companies are not the only ones that are already heavily collecting, processing, and evaluating data. Some three dozen Chinese cities are already experimenting with different social credit systems. For example, Rongcheng, a city of about 670,000 inhabitants on the east coast, has been operating a social credit system since 2014 regarded as a showcase project for a China-wide system. With their Honest Shanghai App, Shanghai operates another popular system, which has also implemented facial recognition. To register, the individual’s is captured with the mobile camera and compared and verified with the electronic identity card. A short time later, users get their first score. This score is updated at the end of each month. The criteria and factors used for a high or low rating are confidential. However, the system takes into account about 3,000 pieces of data per person from almost a hundred government data sources (Rob Schmitz, “What’s Your ‘Public Credit Score’? The Shanghai Government Can Tell You“, NPR.org, 03.01.2017).

Even if individual factors evaluated in the pilot projects are confidential, the Chinese social credit system generally concentrates on the evaluation of four key parameters:

  • Commercial activities: commercial activities form the basis of the system, because one of the goals of the Chinese government is to use the system to improve the trust in the commercial sector among citizens, but also between citizens and business. So if you pay your bills on time, you will have a clear advantage. Incidentally, such credit rating systems are also common in the West (for example, Schufa in Germany and FICO in the US). The Chinese, however, go one step further: those who travel without a ticket or who get into debt with spending are, in many cases, no longer allowed to travel by express train or plane. Last year alone, this penalty was imposed about 6.7 million times, according to the official figures of the Supreme Court.
  • We have had the social credit system in our village for several years now. No matter what we do, we think about our credit points. We support the village where we can. We clean a lot and sweep the public areas. Putting garbage or even grass in front of your own door is not allowed. If someone doesn’t follow these rules, they’re considered dishonest. If the village head asks for anything, we do it. Those who keep everything clean and in order are regarded as role models. — cited in Axel Dorloff, “Sozialkredit-System: China auf dem Weg in die IT-Diktatur“, Deutschlandfunk, 09.09.2017.

  • Social behavior: whether online or off, social behavior plays an important role in the assessment. With a reward and punishment mechanism, the system aims to train residents to behave positively, at least as the government sees it. In Rongcheng, whoever helps others or gets involved in city projects will, for example, get 5-10 additional points. A similar system is in place in Shanghai: those who help older inhabitants or the poor can earn additional points, too, but whether this represents moral progress remains questionable.
  • Administrative activities: the system will also simplify administrative procedures, as unauthorized requests for public assistance will result in a deduction of points. This applies in particular to the submission of petitions critical of the government. Those who criticize the Communist Party in the social media should not be surprised if they end up on the blacklist. Requests from people below a certain score will be postponed or even ignored. On the other hand, people with above-average scores already enjoy preferential treatment.
  • Criminal prosecution: law enforcement is already integrated in Rongcheng. If you run a red light, you will immediately lose 5 points; if you drive drunk or are involved in a brawl, you will immediately be blacklisted. The score serves as a kind of criminal record: the inhabitants of Rongcheng have to regularly present their score for job promotions, for membership in the Communist Party, when applying for a bank loan. Nothing happens anymore without a good score.

Rewards and punishments
The rewards and punishments for high or low scores currently vary from system to system. In Rongcheng, everyone starts with 1,000 points, which then increases or decreases depending on the behavior of the person concerned. The highest rating is AAA, which is at least 1,050 points; at the other end of the scale is D, which is fewer than 600 points. Persons with at least an A rating are on a red list, while those below are on a blacklist. Those on the red list are given preferential treatment for admissions to schools, for social benefits, or even when purchasing insurance. Those in the C Group are checked regularly and are subject to certain restrictions. This could, for example, result in the reduction of welfare payments. Those who appear in the lowest D Group no longer qualify for management positions, lose certain benefits and lose their creditworthiness. Another important aspect is the public emphasis on ethical role models or the condemnation of those who “betray trust”. Usually, names, photos, identity numbers, and in some cases even private addresses are published. The majority will hardly be bothered by this at the moment because about 90% of the inhabitants in Rongcheng have an A (Simina Mistreanu, “China Is Implementing a Massive Plan to Rank Its Citizens, and Many of Them Want In“, Foreign Policy, 03.04.2018).

At Alibaba, a score of over 600 leads to the possibility of taking out a small loan of around 5,000 yuan (around $700) when making purchases in its online shop. For scores 650 and higher, one no longer needs a deposit to rent a car, and you might enjoy the benefits of VIP treatment at certain hotels and airports. From 700 points, additional documents can be dispensed with on a trip to Shanghai, and for a person with at least 750 points, the procedure for applying for a Schengen visa is faster on the Chinese side. Currently, Sesame Credit does not yet seem to be imposing penalties (Rachel Botsman, “Big Data Meets Big Brother as China Moves to Rate Its Citizens“, Wired, 21.10.2017).

I’m being punished for issuing a credit guarantee for someone else. The loan wasn’t repaid and I was punished. When I wanted to buy a plane ticket, I couldn’t get one. As a result, I found out that I can no longer buy tickets. That was in November 2016. I can’t buy plane tickets or express train tickets. — cited in Axel Dorloff, “Sozialkredit-System: China auf dem Weg in die IT-Diktatur“, Deutschlandfunk, 09.09.2017.

Conclusion
The wide range of rewards should not deceive readers about the immense risks of this system. A totalitarian surveillance system is currently being established in China, which, depending on political needs, could quickly turn China into a huge prison. People on blacklists and with travel restrictions report that it is very difficult to be removed from these lists (also read Simina Mistreanu, “China Is Implementing a Massive Plan to Rank Its Citizens, and Many of Them Want In“).

However, the impact may not be limited to China. Even if a politically flavored social credit system is rather unlikely in democratic states, this does not mean that companies operating in democratic states do not want to adopt such a business model. Although China is the salient example of such a system, similar approaches can be seen elsewhere in the world. Companies have been assessing individual creditworthiness for a long time. For example: are you wondering why you can no longer get an Uber? Well, chances are you have a dismal passenger rating. By the way, Uber knows who among their customers has had a one-night-stand (Bradley Voytek, “Rides of Glory“, Uber Blog, 12.03.2012). The Danish company Deemly demonstrates how a “light” social credit system could also be marketed in Western countries. It evaluates the trustworthiness of individuals based on the evaluation of their activities on social platforms. In this context, the “Nosedive” episode in the “Black Mirror” series, a popular critique of technology and its social impact, seems to be right on the money. Besides, it should not be forgotten that internationally active Chinese companies such as Alibaba collect data not only from Chinese citizens but from all their customers (including geodata). With the rewards offered, customers are even voluntarily submitting their data.

The State of Internet Censorship in Venezuela

This post has been published by OONI, a censorship measurement project under the Tor Project, IPYS Venezuela, and Venezuela Inteligente.

Background

Political environment
Democratic freedoms have deteriorated in Venezuela. The government has been characterized as an authoritarian regime, closing spaces for public discussions and free expression, while systematic violations of human rights have intensified. According to IPYS Venezuela, the elections held in Venezuela in recent years have suffered from a lack of fair conditions. The institutionality and the State of Rights have been broken, given the lack of autonomy and independence of the public powers, all dominated by the strength of the United Socialist Party of Venezuela, which has accompanied Hugo Chávez and currently maintains Nicolás Maduro.

Venezuela is experiencing a complex humanitarian emergency, intensified by hyperinflation, the absence of transparency in public management, and the weakness of democratic institutions. These conditions have negatively impacted the quality of life of citizens, as well as the conditions for the protection of human rights. Within this context, Venezuelans have been deprived of the right to decent housing and have very limited access to public services.

Between January to July 2018, reporting on the transportation crisis, power outages, water and gas shortages has increased. According to data provided by the Venezuelan Observatory of Social Conflict (OVCS) and the Venezuelan Program of Education-Action in Human Rights (Provea), these issues affect the quality of life of Venezuelans and their ability to exercise their basic rights.

A manager weighs banknotes on a scale at a bakery in Venezuela.
A manager weighs banknotes on a scale at a bakery in Venezuela.

Internet blackouts in Venezuela have been documented by IPYS Venezuela, which have left citizens in rural, suburban and urban areas of the country without internet connectivity. According to IPYS Venezuela, these internet blackouts have harmed citizens’ rights to access information and freedom of expression. Freedom House scores Venezuela 20⁄25 in obstacles to access the internet (where a larger ranking is worse).

Research conducted by Mariengracia Chirinos in terms of public policies on internet access reveals that, between 2007 to 2017, a vision of political and social control prevailed in Venezuela, in favor of the defense of national sovereignty and the “defense of the country”. This however, she notes, contradicts the principles of inclusion, diversity, openness, competitiveness and freedom that should guide the process of formulating internet access policies.

Public policies around internet access have been limited by regulatory processes (which follow the model of a closed society), affecting market competitiveness and incentives for investment. This has had a negative impact on technological advancements in the telecommunications sector, which are far from the standards of ECLAC (2016) and the OECD (2016). Between 2017 to 2018, this contributed towards connectivity issues across Venezuela.

IPYS Venezuela reports that digital rights were at risk throughout 2017 in light of several restrictive regulations. Police persecution manifested through arbitrary arrests of citizens based on their opinions expressed online through social networks, various portals of digital media and civil society organizations were attacked, and web portals were selectively blocked. Threats have been made against journalists, while official structures for online surveillance and police monitoring have been proposed.

Legal environment
A restrictive framework for expression on the internet was consolidated in 2017 and internet censorship was legalized. Following a wave of street protests, Maduro signed a decree to extend the State of Emergency Exception and Economic Emergency, which further expands internet censorship powers to avoid “destabilization campaigns”.

The turning point came with the approval of the Anti-Hate law. Last November, the National Constituent Assembly (ANC) – a body created outside of the national constitution and which functions as a “superpower” with all of the ruling parliamentarians – approved the “Law against Hatred, for Peaceful Co-existence and Tolerance”. This regulation empowers authorities to block websites that are deemed to spread hate or incite violence. If messages that are considered to “incite hatred” are not removed by website owners within 6 hours, they may be subjected to a fine. The law also includes prison sentences, ranging from 10 to 20 years, for those who do not comply with censorship requests by authorities. Similarly, Article 27 of the Law on Social Responsibility in Radio, Television and Electronic Media sets conditions for the prohibition of content that does not acknowledge the legitimacy of authorities or which fosters citizen anxiety.

Reported cases of internet censorship
Pervasive levels of internet censorship have been carried out in Venezuela since 2014, largely monitored and documented by local civil society groups IPYS Venezuela and Venezuela Inteligente. Their study (between 2015 and 2016) showed that 43 websites were systematically blocked by one or more Venezuelan ISPs. The types of websites that appeared to be blocked the most include: sites related to the parallel market of the dollar (44%), media (19%), blogs criticizing Chavez (12%), games of chance and online bets (9%), collaboration tools or shorteners (5%), personal communication tools (5%), gore (2%), anonymization and circumvention sites (2%), and hosting services (2%). Movistar was found to block sites the most, with 41 blocked domains, corresponding to 35 different websites. The types of sites blocked by Movistar – but which weren’t blocked by CANTV – include: parallel dollar market, chavismo criticism blogs, hosting services, collaboration tools or shorteners, and digital media.

Data presented in August 2017 by Venezuela Inteligente, as follow-up to their previous study with IPYS Venezuela, shows that of the blocked sites, 36% of them were related to currency exchange rates, 32% were media, 16% games of chance and online bets, 12% social networking or communications tools, and 4% of them were blogs critical of the government. 24% of all blocked sites were international with international audiences, while 76% of them had (mostly) local audiences.

Between 2017 to 2018, IPYS Venezuela documented seven cases of internet censorship, involving news websites, currency exchange websites and other sites discussing corruption and economic information. Today, these seven news portals remain blocked by CANTV, Movistar and Digitel, according to OONI Probe network measurement data collected by IPYS Venezuela and Venezuela Inteligente.

Last year, Venezuela Inteligente reported, through the VEsinFiltro project, how three private online streaming broadcasters – Vivoplay, VPI, and Capitolio TV (site now defunct) – were blocked simultaneously by all major ISPs (primarily by means of DNS) as a result of broadcasting live street protests. VPI and Capitolio TV resorted to livestreaming on YouTube, instead of on their own sites, to circumvent the block. The Maduradas portal was also blocked by means of DNS.

Media websites blocked in 2018 include El Pitazo, La Patilla and El Nacional. These censorship events were (temporarily) implemented by both private and state providers, who blocked the sites at their own discretion without a court order, violating due process. These media outlets were blocked by means of DNS tampering and HTTP blocking, primarily by CANTV, Movistar, Movilnet, and Digitel.

Authorities of the National Telecommunications Commission have previously ordered the blocking of websites that disseminate “destabilizing” information or form a “media war” against the government. However, no court order or other legal justification was provided for the censorship events that occurred over the last year. Furthermore, the National Telecommunications Commission has repeatedly ignored public information requests regarding recent internet censorship events.

Demonstrators protest outside the National Telecommunications Commission after the government took the channel CNN en Espanol off the air in Caracas, Venezuela, 16 February 2017.
Demonstrators protest outside the National Telecommunications Commission after the government took the channel CNN en Espanol off the air in Caracas, Venezuela, 16 February 2017.

Measuring internet censorship

To measure internet censorship in Venezuela, the researchers ran OONI’s network measurement software (OONI Probe) on a daily basis across multiple local vantage points. OONI Probe is free and open source software designed to measure various forms of network interference.

The main OONI Probe tests that were ran as part of this study include:

OONI’s Web Connectivity test is designed to measure whether websites are blocked by means of DNS tampering, TCP/IP blocking, or by an HTTP transparent proxy. This test is automatically performed both over the vantage point of the user and from a non-censored control vantage point. If the results from both vantage points match, then the tested website is most likely accessible. If the results however differ, then the measurement is flagged as anomalous. OONI’s current methodology only confirms the blocking of a website if a blockpage is served. In cases where ISPs do not serve blockpages, the relevant network measurements are analyzed over time, examining whether the specific types of failures persist and what causes these failures (i.e. ruling out false positives).

The testing was mostly limited to the URLs included in the Citizen Lab’s global and Venezuelan test lists. These lists consist of a variety of different types of URLs that fall under 30 categories and that are tested for censorship by network measurement projects like OONI. Throughout the course of this research, the researchers updated the Venezuelan test list to ensure that reportedly blocked sites were being tested. Overall, around 1,410 URLs, included in both the Citizen Lab’s global and Venezuelan test lists, were measured as part of this study.

In an attempt to identify which equipment was used to implement internet censorship in Venezuela, the researchers ran OONI’s HTTP Invalid Request Line and HTTP Header Field Manipulation tests. Both tests are designed to measure networks with the aim of identifying the presence of middleboxes. OONI’s HTTP Invalid Request Line test does this by sending an invalid HTTP request line to an echo server listening on the standard HTTP port. If a middlebox is present, the invalid HTTP request line will be intercepted by the middlebox, potentially triggering an error that will be sent back to OONI servers. In the past, this has enabled the identification of censorship equipment in various countries around the world. OONI’s HTTP Header Field Manipulation test, on the other hand, attempts to identify middleboxes by sending HTTP requests with non-canonical HTTP headers. If a middlebox is present, it will likely normalize the headers or add extra headers, enabling the identification of its presence in the network. In addition to OONI Probe tests, the researchers also performed additional network measurement tests via Raspberry Pi deployments in Venezuela.

To monitor the accessibility of popular instant messaging platforms over time, the researchers ran OONI’s WhatsApp, Facebook Messenger, and Telegram tests. These tests are designed to measure the reachability of the WhatsApp, Facebook Messenger, and Telegram apps and web interfaces through DNS lookups and by attempting to establish TCP connections to their endpoints.

In light of increased censorship events over the last years, the researchers decided to monitor the accessibility of censorship circumvention tools as well. Many circumvention tool sites were included in the Citizen Lab’s global test list, which the researchers measured via OONI’s Web Connectivity test. But we also ran OONI’s Vanilla Tor and Tor Bridge Reachability tests, which are designed to measure the blocking of the Tor network and Tor bridges.

Once network measurement data was collected from all of these tests, OONI data was subsequently processed and analyzed based on a standardized set of heuristics for detecting internet censorship and traffic manipulation. The researchers analyzed all OONI Probe network measurements collected from Venezuela between 20th February 2014 to 10th August 2018.

The main findings though that the researchers present in this study are based on:

  • Networks from which most of the recent measurements were collected from, namely: Digitel (AS264731), CANTV (AS8048), Movistar (AS6306) and Movilnet (AS27889).
  • Recent censorship findings that are currently more relevant.
  • Censorship findings that have been persistent over time (i.e. sites that remained blocked over time and which presented the highest ratio of anomalies).

Acknowledgement of limitations
The first limitation of this study is associated with the testing period. This study includes an analysis of thousands of network measurements collected from Venezuela over the last four years, between 20th February 2014 to 10th August 2018. Censorship events that may have occurred before and/or after the analysis period are not examined as part of this study.

Another limitation to this study is associated to the amount and types of URLs that were tested for censorship. OONI’s Web Connectivity test was run to measure the accessibility of 287 URLs that are more relevant to the Venezuelan context and 1,123 internationally relevant sites. All of these URLs were selected in collaboration with community members over the last years. The researchers acknowledge the URL selection bias and that the testing sample of URLs might exclude many other sites that are blocked in Venezuela. The researchers therefore encourage researchers and community members to continue reviewing and contributing to these test lists to help improve future research and analysis.

Since block pages weren’t detected in Venezuela (at least for none of the tested URLs), censorship findings are presented with caution, acknowledging that false positives may be present. This is the primary reason why the researchers mainly present findings that (a) presented consistent anomalies over time (suggesting blocking) and (b) IPYS Venezuela and Venezuela Inteligente were able to verify locally in terms of (in)accessibility.

Finally, while network measurements were collected from multiple ASNs in Venezuela, OONI’s software tests were not run consistently across all networks. To share more recent and relevant findings, the researchers mainly focus on ASNs from which measurements were collected the most over the last months: Digitel (AS264731), CANTV (AS8048), Movistar (AS6306) and Movilnet (AS27889).

Findings

Following Venezuela’s 2015 elections, civil society groups IPYS Venezuela and Venezuela Inteligente reported (through the use of OONI Probe) on the blocking of a number of websites, including currency exchange websites, blogs expressing political criticism and media-related sites.

The researcher’s latest OONI findings show that such websites are currently blocked by multiple Venezuelan ISPs and have remained blocked all along. Measurements collected from Venezuela also suggest that a number of other sites (such as el-nacional.com, lapatilla.com, elpitazo.com and armando.info) have more recently been blocked as well.

As part of the following sections, the researchers share OONI data pertaining to the blocking of news outlets, sites expressing political criticism, currency exchange sites and zello.com. The following data is based on recent measurements collected from four Venezuelan networks: Digitel (AS264731), CANTV (AS8048), Movistar (AS6306) and Movilnet (AS27889). The researchers also confirm the blocking of the Tor network by state-owned CANTV.

Media
Independent media websites are blocked in Venezuela (primarily by means of DNS tampering), as illustrated in the following table (based on recent OONI measurements).

El Pitazo is an independent news outlet run by Venezuelans that started off as a YouTube channel in 2014, expanded to a radio program, and eventually created a media website. They aim to share information with the most economically disadvantaged populations of Venezuela and to shed light on issues that are otherwise censored by state-owned media. El Pitazo is one of the few media outlets that has a presence in all states in Venezuela, and whose news agenda is focused on issues of community complaints, conflicts, and acts of corruption that affect citizens and are of public interest.

A few months ago (in April 2018), Venezuela Inteligente and IPYS Venezuela reported that two of El Pitazo’s domains (elpitazo.com and elpitazo.info) were blocked by CANTV, Digitel, Movistar, Movilnet and Intercable by means of DNS. Recent OONI data not only shows that these domains remain blocked across ISPs, but that a third domain of El Pitazo (elpitazo.ml) has been blocked as well.

CANTV, Digitel and Movistar primarily appeared to block El Pitazo domains by means of DNS, while most measurements collected from Movilnet presented HTTP failures, suggesting potential HTTP blocking. The presence of both DNS lookup errors and HTTP failures may suggest that ISPs employ both DNS and HTTP blocking techniques, or that HTTP failures are caused as a result of DNS blocking techniques not being implemented properly. Alternatively, they could be caused by a congested network, server-side blocking, or if the site in question went down during testing due to a DDoS attack. But these possibilities is ƒrather unlikely, as El Pitazo domains run behind Cloudflare, so they should be quite resistant to failures.

Two months after El Pitazo domains were blocked, IPYS Venezuela reported that independent news outlets La Patilla and El Nacional were blocked as well.

La Patilla was founded in 2010 by the former CEO of Globovision (private Venezuelan TV channel) and is ranked as one of the most visited websites in Venezuela (ahead of other major news websites). Currently, lapatilla.com is accessible, but was temporarily blocked between 6th to 10th June 2018. OONI data collected on 6th June 2018 shows that the site was accessible on Movistar (AS6306), but blocked by state-owned CANTV (AS8048). Lapatilla.com was tested multiple times on CANTV and all measurements presented the same HTTP failures and “generic timeout errors”, suggesting HTTP blocking. CANTV though appears to have unblocked the site by 11th June 2018, as corroborated by all subsequent measurements.

Diosdado Cabello, a senior government official, has filed a defamation lawsuit against the newspaper El Nacional.
Diosdado Cabello, a senior government official, has filed a defamation lawsuit against the newspaper El Nacional.

El Nacional is Venezuela’s largest independent newspaper. Having run stories on corruption, official brutality, electoral fraud, protests and other stories critical of the government, the newspaper has received significant government pressure over the last months. Similarly to La Patilla, el-nacional.com primarily appears to be censored by means of HTTP blocking, as suggested by HTTP failures (and “generic timeout errors”) presented in recent OONI measurements. OONI data suggests that the site’s blocked by CANTV and Movilnet, but accessible on Digitel and Movistar.

HTTP failures indicative of blocking have been inconsistent or even intermittent at times. This may suggest that internet censorship is not implemented in a centralized way (i.e. by the same people) or in a way that doesn’t affect all traffic. Venezuela Inteligente and IPYS Venezuela reported that investigative journalism site armando.info was inaccessible as well. This site is known for its critical and extensive reporting on corruption and has been tested fairly regularly across ISPs over the last two years. Most OONI measurements collected up until 12th August 2018 suggested that the site was accessible. But on 13th August 2018, OONI Probe testing revealed that the site was suddenly inaccessible on CANTV, presenting HTTP failures.

To investigate further, IPYS Venezuela and Venezuela Inteligente coordinated a measurement campaign, engaging locals across Venezuela to test armando.info with OONI Probe in various networks and regions of the country. In the evening of 13th August 2018, armando.info was tested on CANTV, Movistar, CIX and Intercable in the following regions: Caracas, Carabobo, Táchira, Aragua, Bolívar, Lara, Portuguesa and Monagas (the table on the right summarizes the results of their testing).

What’s clear from recent OONI Probe measurements (collected on 13th August 2018) is that the potential blocking of armando.info is certainly inconsistent. We can see from the table, for example, that measurements collected from CANTV alternated between being accessible and presenting HTTP failures. And these failures weren’t triggered consistently over time and across regions.

The first CANTV measurements (presenting HTTP failures) in the early evening of 13th August 2018 were collected from Caracas, while the last CANTV measurements presented in the table (showing accessibility) were collected from Táchira. The other accessible CANTV measurement at 6:16 pm was collected from Carabobo. This is particularly interesting, as it may suggest that CANTV doesn’t roll out the same censorship across its network, or that network or configuration issues impacted the accessibility of armando.info.

Venezuela Inteligente and IPYS Venezuela (who are based in Caracas) report that their experience in attempting to access armando.info (on CANTV, Movistar and Digitel) is also inconsistent. As of 13th August 2018, there are moments when they can access the site and there are moments when they can’t. While the armando.info site was inaccessible, as documented by OONI Web Connectivity tests, the server was reachable and accepted TCP connections even as the HTTP exchange failed.

It therefore remains unclear whether armando.info is (or was) intentionally blocked. However, it’s worth highlighting that armando.info uses Google’s “Project Shield“, so server-side issues are unlikely a reason for the observed network anomalies. Further monitoring and testing is required.

Political criticism
Back in 2016, IPYS Venezuela and Venezuela Inteligente reported that a number of blogs critical of the government were blocked. Recent testing shows that the following two sites are currently blocked across ISPs, primarily by means of DNS tampering:

  • vdebate.blogpost.com (site now defunct) is the blog of an organization whose mission is to “work for the recovery of democracy in Venezuela”. In collaboration with other organizations and volunteers, they defend the human, political and civil rights of Venezuelans.
  • ovario2.com is a blog that covers Venezuelan issues, expressing political criticism.

Previous measurements collected from CANTV show that alekboyd.blogspot.co.uk (a blog covering corruption and other political issues) was blocked by CANTV by means of DNS tampering, up until (at least) 5th April 2018. The blog though has since been unblocked and is currently accessible.

Propaganda in Venezuela: A political painting saying, "For the love of Chávez. President Maduro." with the popular "Chávez eyes" visible.
Propaganda in Venezuela: A political painting saying, “For the love of Chávez. President Maduro.” with the popular “Chávez eyes” visible.

Currency exchange
Venezuela is experiencing the worst economic crisis in its history. The country heavily depends on its oil (it has the largest oil reserves in the world), the revenue of which supported its social programmes and food subsidies. But when the price of oil fell, these programmes became unsustainable and the country plummeted into a food crisis.

Venezuela has established different exchange rate systems for its national currency (the bolivar), with government control on the price of basic goods, which is very high. In light of hyperinflation, coupled with the devaluation of the bolivar in the black market, many Venezuelans are opting for dollars rather than bolivares. But according to the Venezuelan government, this deepens the country’s economic crisis.

To limit currency exchange, the Venezuelan government restricted access to dollars and banned currency exchange websites in 2013, more than 100 of which have reportedly been blocked.

Miami-based DolarToday is run by the Venezuelan diaspora and is widely used to track the plummeting black market value of the bolivar. It was first reportedly blocked in 2013. In late 2015, Venezuela’s central bank filed suit in the US against dolartoday.com, alleging that the site’s managers “committed cyberterrorism” and “sowed economic chaos” in Venezuela. According to recent OONI measurements, dollartoday.com remains blocked on CANTV.

Zello is a mobile app that serves as a walkie-talkie over cell phone networks.
Zello is a mobile app that serves as a walkie-talkie over cell phone networks.
Zello
Zello is a mobile app that serves as a walkie-talkie over cell phone networks. Over the last years, it has been popular among protesters in Venezuela, Ukraine and Russia. During Venezuela’s 2014 protests, the app was reportedly blocked for enabling “terrorist acts“. Recent testing suggests that the service remains blocked by (at least) three ISPs (CANTV, Movistar, Digitel).

Blocking of Tor

The Tor network offers online anonymity, privacy, and censorship circumvention. By bouncing communications across a distributed network of relays, Tor hides its users’ IP addresses. In doing so, Tor users not only have online anonymity, but they can also bypass the blocking of sites and services (since they access them from IP addresses allocated to different countries).

As a result, the Tor network has become a target of censorship in several countries around the world (such as Egypt and Iran), where governments attempt to make circumvention harder and improve their online surveillance capabilities. To bypass Tor censorship, Tor bridges have been built to enable users to connect to the Tor network in censored environments. Tor Browser offers built-in (public) bridges that users can enable. If such bridges are blocked, users can request for (private) custom bridges.

According to recent testing and analysis, Venezuela now also blocks access to the major part of the Tor network and to many public obfs3 and obfs4 Tor bridges. State-owned CANTV (AS8048) appears to have started blocking the anonymity network around 20th June 2018, following months of increased censorship, particularly targeting media websites.

Testing
OONI’s Vanilla Tor test is designed to measure the reachability of the Tor network from the local vantage point of the user. If the test does not manage to bootstrap a connection within 300 seconds, access to the Tor network is likely blocked. Similarly, OONI’s Bridge Reachability test measures the reachability of (public) Tor bridges by attempting to successfully bootstrap a connection to them. To confirm the potential blocking with more confidence (and rule out false positives), it’s useful to examine measurements collected from the same network over time.

All measurements collected up until 6th June 2018 were successful, showing that the Tor network was accessible in Venezuela. On 20th June 2018, however, Tor testing started to fail and civil society group Venezuela Inteligente reported the blocking of the Tor network and Tor bridges by CANTV.

Most other measurements collected from 20th June 2018 onwards (from the same network on an almost daily basis) have failed as well, strongly suggesting that state-owned CANTV (AS8048) has been blocking access to the Tor network over the last two months. According to recent mid-August scans from CANTV, around 75% of the Tor network appears to be blocked.

The lack of measurements between 6th to 20th June 2018 prevents from determining the exact date when Tor first got blocked. It’s worth noting though that the blocking probably started on 20th June 2018, since that’s when local civil society group, Venezuela Inteligente (who’s been monitoring internet censorship in Venezuela over the last years), first reported on it.

To investigate further, OONI ran tests from a Raspberry Pi connected to CANTV (AS8048) and performed some experiments examining the blocking of Tor relays. Based on the following, OONI was able to successfully confirm that connections to 74% of well-known IP:Port entities of the Tor network were blocked. The blocking was implemented on the reverse path, so it was hard for the client to distinguish it from server-side blocking:

  • The client could perform a TCP traceroute to all of the hops except for the last one; the client therefore got ICMP TTL Exceeded responses all the way long, but did not receive SYN-ACK.
  • The server sees SYN and sends SYN-ACK.
  • If the server rejects SYN with ICMP Port Unreachable – instead of RST – then the client gets the packet and the Linux TCP stack returns the “connection refused” error.
  • The server can perform a reverse TCP traceroute back to the client’s IP without anomalies.
  • Anomalous packet loss is observed on “parasitic” reverse TCP traceroutes, when the traceroute is executed using 5-tuple of existing connection. The anomaly seems to be located within the GlobeNet network, a US-based company that provides one of the backbone internet links to Venezuela’s state-owned CANTV.
  • The “parasitic reverse traceroute” experiment was designed in the following way: a) the client tried to establish 1000+ connections to the TCP port of Tor relay, b) both “blocked” and “non-blocked” relays were tested, c) the relay was replying with a batch of marked SYN-ACKs with varying TTL fields.
  • The following chart summarizes the percentage of replies from specific routers and latency to them. It highlights that the network anomaly occurs between two GlobeNet routers.

In addition to Tor blocking, Venezuela Inteligente also reported that access to a large amount of obfs3 and obfs4 bridges (i.e. Tor bridges enabling Tor censorship circumvention) was blocked as well, making it practically impossible to circumvent Tor blocking with built-in bridges. OONI’s bridge reachability measurements corroborate these reports, showing the blocking of many Tor endpoints.

Bridge reachability tests run from CANTV (AS8048) in late June 2018 show a failure rate of around 94% to known Tor bridges. Not all of these failures are necessarily caused by blocking, as some bridges might be offline or unreachable at any given moment. The high percentage of connection failures though is highly indicative of blocking targeted to well-known bridges. Repeated testing in mid-August 2018 showed a similar percentage: 88% of running bridges were unreachable from a CANTV vantage point.

Venezuela Inteligente tested a random sample of unlisted, publicly available bridges from BridgeDB, revealing that the failure rate is around 26% and that all testing to private Tor bridges resulted in successful connections, regardless of the type of bridge (including vanilla, obfs3 and obfs4 bridges). Forward TCP traceroutes towards various accessible Tor relays go via GlobeNet, Level3, Telia and Seabone. This also refutes the hypothesis that Tor blocking depends on uplink (assuming that forward and reverse paths match).

It’s worth highlighting that Tor’s website (torproject.org) has remained accessible in CANTV (and other networks), even though access to the Tor network and obfs4 is blocked.

Tor unblocking
Further testing on 2nd October 2018 revealed that around 97% of public Tor nodes were reachable with TLS handshake from the vantage point of CANTV. This corroborates local reports on Tor being accessible again. While the precise date of unblocking is quite unclear, Tor Metrics suggest that Tor may have been unblocked on 30th August 2018, since we observe a spike in Tor usage, as illustrated below.

This graph shows the estimated number of directly-connecting clients between May and November 2018. Clients connecting via bridges are not included.
This graph shows the estimated number of directly-connecting clients between May and November 2018. Clients connecting via bridges are not included.

Conclusion

Censorship in Venezuela appears to be a symptom of its deep economic and political crisis, which is considered the most severe crisis in the country’s history. This is strongly suggested by the blocking of numerous currency exchange websites, as well as by the blocking of independent news outlets and blogs that discuss corruption and express political criticism.

The recent blocking of the Tor network (which followed the blocking of news websites El Pitazo and El Nacional) may signify that internet censorship is becoming more dynamic in Venezuela, as ISPs are taking extra steps to reinforce censorship and make circumvention harder. The blocking of the Tor network – which offers online anonymity, in addition to circumvention – might also suggest that the government is attempting to improve its online surveillance capabilities.

While Venezuelan ISPs primarily block sites by means of DNS tampering, they also appear to be implementing HTTP filtering, suggesting a variance in the filtering rules adopted by ISPs. And the variance, both in terms of censorship techniques and censored platforms, across regions and ISPs also indicates that internet censorship is not implemented in a centralized way.

The censorship events identified as part of this study (particularly the blocking of news websites and blogs) contradict the rights outlined by the Inter-American Commission on Human Rights (IACHR) in its report on Standards for a Free, Open and Inclusive Internet. Media censorship and the blocking of blogs limit press freedom and the right to freedom of thought and expression. In examining each right outlined by IACHR, questions around the necessity and proportionality of these censorship events are inevitably raised, particularly in terms of how they relate to human rights.

Venezuela’s political and economic environment is fragile and as events unfold, its internet censorship apparatus may evolve. Continuing to monitor censorship events in Venezuela is therefore essential. This study can be reproduced and expanded upon through the use of OONI Probe and OONI data.

The State of Internet Censorship in South Sudan

This post has been published by OONI, a censorship measurement project under the Tor Project, and South Sudan’s “The Advocates for Human Rights and Democracy” (TAHURID)

South Sudan Map Triangle Pattern Blue

Background

South Sudan has been plagued by civil wars over the last century. The First Sudanese Civil War was a conflict from 1955 to 1972 between the northern part of Sudan and the southern Sudan region that demanded more autonomy. Following the first civil war, the Southern Sudan Autonomous Region was temporarily formed, but a second civil war erupted in 1983 and lasted until the end of 2004. After the second civil war, the Autonomous Government of Southern Sudan was created. South Sudan became an independent state on 9th July 2011, following a referendum.

The country though remains in turmoil. Two years after independence, a civil war erupted within South Sudan between the government and opposition forces. In 2015, an agreement to end South Sudan’s civil war was threatened by ceasefire violations and the war restarted by July 2016. South Sudan’s ongoing civil war has resulted in the displacement of millions (who have seeked refuge in neighbouring Uganda, Sudan, and Kenya) and in tens of thousands of deaths (though aid workers reported in 2016 that the true figure might be as high as 300,000 deaths, which is comparable to the number killed in Syria during five years of war).

At the end of May 2018, the Security Council of the United Nations renewed sanctions (previously imposed in 2015) on South Sudan for 45 days, setting a deadline for the civil war to end by 30th June 2018. Even though South Sudan’s main belligerents came to a peace agreement in late June 2018, experts worry that it fails to solve issues that have been at the heart of the civil war.

Amid conflict and political turbulence, South Sudan has one of the least developed telecommunications and internet systems in the world. Fifteen Internet Service Providers (ISPs) operate in South Sudan, but the lack of fibre-optic cables and the limited availability of public power hinder connectivity. MTN enjoys the greatest share within the mobile phone market, followed by Vivacell and Zain. Earlier this year however, Vivacell’s license was suspended for not paying USD 60 million in fees.

Internet penetration levels have increased since independence in 2011, but remain quite low. According to the National Communication Authority, around 20.5% of South Sudan’s population is estimated to have access to the internet, mostly concentrated in Juba and largely based on mobile internet subscriptions.

South Sudan’s Transitional Constitution of 2011 guarantees freedom of expression and press freedom under Article 24, with possible exceptions for public order, safety, or morality. The Article also calls on media to abide by professional ethics. Article 32 of the Transitional Constitution guarantees the right to access official information, with exemptions for public security and personal privacy. The regime though regularly violates media freedom protections in practice, and government officials have engaged in rhetoric that contributes to a hostile environment for the press.

Two media websites and two independent blogs were reportedly blocked in South Sudan in July 2017. The censored sites include Paris-backed Sudan Tribune and Dutch-backed Radio Tamazuj, as well as the Nyamilepedia and Paanluel Wel blogs of the Nuer and Dinka tribes, South Sudan’s two largest ethnic groups.

South Sudanese people cheer as they await the arrival back in the country of South Sudan’s President Salva Kiir, at the airport in Juba, South Sudan Friday, June 22, 2018. (Photo: Bullen Chol).
South Sudanese people cheer as they await the arrival back in the country of South Sudan’s President Salva Kiir, at the airport in Juba, South Sudan Friday, June 22, 2018. (Photo: Bullen Chol).

Measuring internet censorship

In an attempt to verify reports on the blocking of websites and to examine South Sudan’s internet landscape more broadly, OONI did some network measurement tests in South Sudan.

OONI Probe consists of a number of software tests that scan TCP, DNS, HTTP and TLS connections for signs of network tampering. Some tests request data over an unencrypted connection and compare against a known good value. Others check for HTTP transparent proxies, DNS spoofing, and network speed and performance.

To measure the blocking of websites, OONI started off by carrying out some research to identify South Sudanese URLs to test. They subsequently added these URLs to the Citizen Lab’s test list repository on GitHub, since OONI Probe is designed to measure the blocking of URLs included in these test lists. Over the last few months, OONI primarily ran OONI Probe’s Web Connectivity test (among other OONI Probe tests) in two networks: MTN South Sudan (AS37594) and IPTEC Limited (AS36892).

As part of their testing, they measured the blocking of URLs included in the global (including internationally relevant sites) and South Sudanese (including sites relevant to South Sudan) test lists. Once they collected OONI Probe network measurements from South Sudan,they analyzed them with the aim of identifying network anomalies that could serve as signs of internet censorship.

Blocked websites
Last year, media outlets Sudan Tribune and Radio Tamazuj, and independent blogs Nyamilepedia and Paanluel Wel, were reportedly blocked in July 2017. OONI recent testing not only corroborates these reports, but also suggests that these sites remain blocked one year later.

The following table links to network measurements pertaining to the recent testing of each of these sites across two ISPs:

OONI findings suggest that MTN (AS37594) blocks TCP/IP connections to these sites, while IPTEC (AS36892) blocks access by means of DNS tampering. It’s worth noting that both MTN and IPTEC block access to both http://sudantribune.com and http://www.sudantribune.com.

South Sudanese authorities blocked these sites for publishing “subversive content” and stated that the bans would not be lifted until those institutions “behaved well”. Sudan Tribune and Radio Tamazuj are foreign-based media outlets accused of hostile reporting against the government.

Paanluel Wel is a leading blog for the Dinka tribe, known for spearheading tribal political interests for the Dinka people and inciting hatred and violence against the Nuer people and other tribes. Nyamilepedia, on the other hand, is a leading blog for the Nuer tribe, known for promoting Nuer political interests and spearheading hatred against the Dinka and other Nuer who left the rebellion to join the Dinka-led government.

TAHURID reports that Almshaheer and South Africa’s Centre for Conflict Resolution are inaccessible on IPTEC, but accessible on MTN (the accessibility of which is also confirmed by OONI data testing almshaheer.com and ccr.org.za).

Many other URLs presented network anomalies (such as HTTP failures) as part of our testing, but such anomalies were most likely caused due to poor network performance and transient network failures. This suggests that South Sudanese internet users may encounter challenges in accessing sites in various points in time, even if they’re not intentionally being blocked.

It’s worth highlighting, however, that many of the URLs that OONI tested (including internationally popular and local sites) were found to be accessible in South Sudan during this study. These include sites related to conflict resolution and peacekeeping, such as the United Nations Mission in South Sudan (UNMISS) site.

HTTP proxy
Measurements previously collected in 2017 highlight the presence of an HTTP transparent proxy (Mikrotik).

This proxy is revealed in the HTTP response body in OONI Probe measurements (linked below) pertaining to the testing of the following sites:

http://deoxy.org
http://dextroverse.org
http://warc.jalb.de
http://www.bloglines.com
http://www.foreignword.com
http://www.gamenode.com
http://www.interactworldwide.org
http://www.iwantim.com
http://www.kazaa.com
http://www.kcna.kp
http://www.law-lib.utoronto.ca/Diana/
http://www.pornhub.com
http://www.proxyweb.net
http://www.wzo.org.il

These measurements clearly show that the Mikrotik HTTP transparent proxy was present last year in the network path to the above sites through South Sudan’s 4G Telecom (AS327786) network. It remains unclear though if this proxy is still in use, since measurements haven’t been collected from this network in recent months.

It’s worth noting that this equipment may potentially be used for implementing internet censorship and/or for caching (the Mikrotik HTTP proxy has this feature) to improve connectivity. Given though that most of these sites were accessible (and the ones that weren’t presented different errors, sometimes triggered as part of anti-DDoS protection), it may be the case that this proxy was primarily deployed for improving connectivity and network performance.

Conclusion

South Sudan is a young nation in politically turbulent times. Within the context of conflict, local experts discuss the challenges of drawing a line between freedom of expression and hate speech, which spurs violence.

Internet censorship does not appear to be pervasive, but limited to sites that authorities deem to publish “subversive content” and incite violence. This is evident through the blocking of Nyamilepedia and Paanluel Wel, the leading blogs of the Nuer and Dinka tribes who are known to incite violence. OONI data also corroborates the blocking of media outlets Sudan Tribune and Radio Tamazuj, both of which are hosted outside of South Sudan. Local journalists and media organizations though face different (non-digital) forms of censorship.

Juba Monitor, for example, is an independent South Sudanese newspaper critical of the government. Their website was found to be accessible, but their editor was jailed in 2016 as a result of his reporting and the newspaper has been ordered to cease its publishing over reports that the government considered “against the system”. Security personnel has been deployed at the printing press, forcing journalists to remove or edit articles critical of the government and its officials prior to publication.

Self-censorship might be one of the most effective forms of censorship in South Sudan, as suggested by the reported intimidation and killing of journalists. Local experts argue that the media in South Sudan operate in a state of fear. Earlier this year, even UN-backed Radio Miraya was suspended on the grounds of not having acquired a broadcasting license.

Nonetheless, the fact that South Sudan has already started implementing internet censorship raises questions as to whether its internet censorship apparatus will expand as internet penetration levels increase and political events unfold. Further research and testing is therefore required to better understand the country’s internet landscape and monitor any new censorship events.

The State of Internet Censorship in Egypt

This post and the full report have been published by OONI, a censorship measurement project under the Tor Project, and Egypt’s Association for Freedom of Thought and Expression (AFTE).

Throughout the testing period, between January 2017 to May 2018, more than 1,000 URLs presented network anomalies. 178 of which consistently presented a high ratio of HTTP failures, strongly suggesting that they were blocked. Rather than serving block pages (which would have provided a notification of the blocking), Egyptian Internet Service Providers (ISP) appear to primarily block sites through the use of Deep Packet Inspection (DPI) technology that resets connections.

In some cases, instead of RST injection, ISPs drop packets, suggesting a variance in filtering rules. In other cases, ISPs interfere with the SSL encrypted traffic between Cloudflare’s Point-of-Presence in Cairo and the backend servers of sites (psiphon.ca, purevpn.com and ultrasawt.com) hosted outside of Egypt. Latency measurements over the last year and a half also suggest that Egyptian ISPs may have changed their filtering equipment and/or techniques, since the latency-based detection of middleboxes has become more challenging.

The chart at the right illustrates the types of sites that presented the highest amount of network anomalies and are therefore considered to more likely have been blocked.

More than 100 URLs that belong to media organizations appear to have been blocked, even though Egyptian authorities only ordered the blocking of 21 news websites last year. These include Egyptian news outlets (such as Mada Masr, Almesryoon, Masr Al Arabia and Daily News Egypt), as well as international media sites (such as Al Jazeera and Huffington Post Arabic). Various Turkish and Iranian news websites were blocked (such as turkpress.co and alalam.ir), suggesting that politics and security concerns may have influenced censorship decisions. In an attempt to circumvent censorship, some Egyptian media organizations set up alternative domains, but (in a few cases) they got blocked as well.

To examine the impact of these censorship events, AFTE interviewed staff members working with some of the Egyptian media organizations whose websites got blocked. They reported that the censorship has had a severe impact on their work. In addition to not being able to publish and losing part of their audience, the censorship has also had a financial impact on their operations and deterred sources from reaching out to their journalists. A number of Egyptian media organizations have suspended their work entirely, as a result of persisting internet censorship.

Many other websites, beyond media, appear to have been blocked as well. These include human rights websites (such as Human Rights Watch, Reporters without Borders, the Arabic Network for Human Rights Information, the Egyptian Commission for Rights and Freedoms, and the Journalists Observatory against Torture) and sites expressing political criticism (such as the April 6 Youth Movement), raising the question of whether censorship decisions were politically motivated.

 
“Defense in depth” tactics for network filtering
Security experts are probably familiar with the “defense in depth” concept in which multiple layers of security controls (defense) are placed throughout an IT system, providing redundancy in the event that a security control fails. In Egypt, ISPs seem to apply “defense in depth” tactics for network filtering by creating multiple layers of censorship that make circumvention harder.

This is particularly evident when looking at the blocking of Egypt’s Freedom and Justice Party (FJP) site. Our testing shows that different versions of this site (http://www.fj-p.com and http://fj-p.com) were blocked by two different middleboxes. In doing so, Egyptian ISPs added extra layers of censorship, ensuring that circumvention requires extra effort.

Not only were numerous circumvention tool sites (including torproject.org and psiphon.ca) blocked, but access to the Tor network appears to be blocked as well. Measurements collected from Link Egypt (AS24863) and Telecom Egypt (AS8452) suggest that the Tor network is inaccessible, since the tests weren’t able to bootstrap connections to the Tor network within 300 seconds. In recent months, more than 460 measurements show connections to the Tor network failing consistently. Similarly, measurements collected from Etisalat Misr (AS36992), Mobinil (AS37069) and Vodafone (AS36935) indicate that access to the Tor network is blocked. The Tor bootstrap process is likely being disrupted via the blocking of requests to directory authorities.

“Defense in depth” tactics also seem to be applied in relation to the blocking of Tor bridges, which enable Tor censorship circumvention. Vodafone appears to be blocking obfs4 (shipped as part of Tor Browser), since all attempted connections were unsuccessful (though it remains unclear if private bridges work). All measurements collected from Telecom Egypt show that obfs4 works. Given that bridges.torproject.org is blocked, users can alternatively get Tor bridges by sending an email to [email protected] (from a Riseup, Gmail, or Yahoo account).

Ad campaign
Back in 2016, OONI uncovered that state-owned Telecom Egypt was using DPI (or similar networking equipment) to hijack users’ unencrypted HTTP connections and inject redirects to revenue-generating content, such as affiliate ads. The Citizen Lab expanded upon this research, identifying the use of Sandvine PacketLogic devices (Sandvine is a company based in Waterloo, Ontario, Canada) and redirects being injected by (at least) 17 Egyptian ISPs.

Over the last year, hundreds of OONI Probe network measurements (collected from multiple ASNs) show the hijacking of unencrypted HTTP connections and the injection of redirects to affiliate ads and cryptocurrency mining scripts. A wide range of different types of URLs were affected, including the sites of the Palestinian Prisoner Society and the Women’s Initiatives for Gender Justice, as well as LGBTQI, VPN and Israeli sites. Even the sites of the United Nations, such as un.org and ohchr.org, were among those affected by redirects to ads.

To learn more about this study, read the full report here.

The Onion Report from the latest HOPE conference

A handful of Tor contributors reported about the state of the Onion (all activity in the community, which is related to the Tor network and its community) at the latest HOP conference, occurred 20–22 July 2018. They talked about adding new security features, improving Tor Browser on Android, deploying the next generation of onion services, making Tor more usable, lowering the network overhead, making Tor more maintainable, and growing the Tor community with new outreach initiatives. They also shared some of what you can expect from Tor in the coming year, and answered questions from the community.

For more videos from the latest HOPE conference, see here.