Internet Censorship in Russia – File Under ‘Epic Fail’

What’s interesting about Russia’s new censorship system is the lack of stuff to post about. It’s actually nowhere near as advanced as BT Cleanfeed or the Golden Shield, being essentially a load of independent TCP filters working from a backlist called the ‘Single Register’. If Russia really is a hotbed of underground crime and political activism, the reaction to this would be unpredictable. And yes, ‘political extremists’ are already on the naughty list.

But this particular system has a few weaknesses, in addition to censorship itself being morally questionable (or just plain wrong). Essentially the Russian government has missed the boat, now trying to silence an already huge political opposition that will inextricably include many working for the ISPs.
The first weakness is the Single Register is ripe for hacking, if it doesn’t get leaked within the next six months: ‘The host providers must also ensure they are not in breach of current law by checking their content against the database of outlawed sites and URLs published in a special password-protected online version of the Register open only to webhosters and ISPs.’ (Wired.com)

And there’s the adverse effects this could ultimately have on the ability of ISPs to manage large volumes of traffic, which I’ve covered before: ‘The first bell rang in Russia when we got torrents. Because the torrents occupy all available bandwidth[...] When it began, operators came to think how to solve it. And it turned out that there is no other option except DPI. No switch, no router, not even Cisco, can solve the problem. This is the level of applications, and in any case it’s necessary to open the packets and see what’s inside.’
The engineer I’ve just quoted (Vasya Naumenko of RGRcom) seems unaware that standard packet inspection, not DPI, was used for traffic management, and that DPI simply doesn’t work against encrypted payloads (to my knowledge). But the salient point is there are ways to cripple the Internet, and making VPNs and tunnel mode IPsec a necessity for millions of political dissidents is one of them. The ISPs would no longer be able to differentiate between traffic types, and would therefore be unable to prioritise this.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s