Skip to main content

Amid major network disruptions, 1.76M Psiphon users in Belarus

The Psiphon network supported a peak 1.76 million daily active users during significant network interference that started August 9th, a figure that represents nearly 1 in every 3 internet users.


A large-scale disruption to international internet access was observed in Belarus, beginning during the contested presidential election on August 9th. Widespread filtering was reported across all Belarusian networks, affecting popular messaging apps including Telegram, Viber, and WhatsApp; social media platforms Facebook, Twitter, Instagram, and Youtube; major app markets including Google Play and the App Store; email providers Gmail, Mail.ru, and Yandex; maps, banking, online media, and many other services. Rolling blackouts of the mobile networks also occurred nightly between 6PM and 6AM. The majority of VPNs were reportedly blocked as a result of generalized SSL/TLS filtering. Tor direct connections were disrupted by the increased network change, while Tor bridge users reached a peak 8,000 per day during the shutdown period. Network outages were tracked by RIPE Labs, Oracle Internet Intelligence, IODA, and other network monitors.

 Traceroute completions on main mobile operator MTS Belarus (AS25106) showed clear outages through 60280 and 6697 (source: Oracle)
 
As a backdrop to the network disruptions, Belarus had entered its largest mass demonstrations in history.


Journalists reported difficulty freely accessing and reporting information from the country, and  recommended Psiphon. Internet users noted Psiphon was one of the few tools able to bypass . Even with the attempted blocking of the app stores and Psiphon sites, users acquired the software via alternate distribution channels, such as email responder and  proxy. Additionally, Belarusian users distributed Psiphon binaries via Telegram channels, hosted URLs, and even on USB. Use of the Psiphon network surged to a peak 1.76 million daily active users; given a population of 9.5 million and internet penetration rate of 60%, a figure that represents 30% of internet users in Belarus. Total bandwidth transferred from Belarus via Psiphon between Aug 9-17 exceeded 2 Petabytes. Circumvention tools proved a vital infrastructure to freely access information, as well as basic communications and services.


Internet users, researchers, and international observers were able to utilize the Psiphon Data Engine metrics portal (available at psix.ca) to monitor blocking, network performance, and corresponding circumvention usage. Some sources noted during the shutdown period, the volume of Psiphon use in Belarus had surpassed even that of Iran.


From the Psiphon Data Engine (PDE) public dashboard (https://psix.ca/)

 

Network observers such as the Internet Protection Society and others detected that deep packet inspection (DPI) technology was being used to block SSL causing significant traffic issues. NetBlocks also noted keyword filtering appeared to target at least 10,000 URLs. Prague-based Qrator Labs saw the concurrent outage of 80% of IPv6 prefixes within Belarus, and inferred that filtering of downstream autonomous systems (AS) was taking place at the level of two upstream ASes that dominate international transit, AS6697 and AS60280. Official releases by the National Center for Response to Computer Incidents, the National Traffic Exchange Center, and Beltelecom all stated the disruptions were the result of external cyberattacks and equipment failures.

Psiphon network performance and session quality remained at or above the regional average over the days of the shutdown. While the generalized disruption of SSL at the transport layer disrupted the core functionality of many VPNs, the traffic obfuscation and multiprotocol structure used by Psiphon provides greater resilience to protocol-based blocking, with network traffic able to adapt dynamically to the very restrictive new filtering scheme.


Bytes per hour, Belarus. A peak 55 Terabytes / h were transferred via the Psiphon network.

A key observation by Qrator Labs is the high level of centralization of control over Belarusian networks. DPI equipment installed at the point of international gateways allows the upstream operators to disconnect or pass filtering rules to downstream ISPs. Researchers documented a similar network topology in Iranian ASes last year. In November 2019, Iran executed an extensive disconnection of international internet connectivity that lasted for 10 days.

Indeed, the current generation of DPI filtering technologies can be leveraged at various forms of encrypted internet traffic, increasingly deployed at national scale and at capacities approaching 1TBit/s. In these circumstances access to resilient circumvention infrastructures such as Psiphon remains crucial to the free exchange of information.

 
 

Labels:

Popular posts from this blog

Why You Don't Need Google's Domain Fronting

Google’s removal of domain fronting emphasizes the need for solutions like Psiphon. Google has confirmed that they will block domain fronting across Google domains and App Engine. For many apps and publishers, this represents a step backwards in the fight for internet freedom. While Psiphon has never relied on this Google service, many app developers continued to depend on the practice as a convenient and straightforward means of circumventing state-level censorship, despite the long-running speculation that Google would close this loophole (eg. Will Scott’s blog post in 2017). While the announcement has been met with criticism from internet activists and service providers alike, Google has defended their decision, saying “ domain fronting has never been a supported feature ”. Domain fronting has been a popular means of censorship circumvention for several years, being embraced by popular apps like Signal, who publicly adopted the practice in 2016 . While using Google domain
Read more

Social Media and Internet Ban in Turkey

Following the detainment of 12 pro-Kurdish lawmakers from the Peoples’ Democratic Party (HDP) in the early hours of November 4 th , Facebook, Twitter, Instagram, YouTube, WhatsApp and Skype were blocked in Turkey . There were reports that Turk Telekom internet provider completely disabled access to the internet or throttled the connection to the point that it was impossible to connect. Despite lack of official decision about the restrictions, and BTK’s explanation that there was a technical problem throughout Turkey, Prime Minister Binali Yildirim made a statement later in the day and said “For security reasons, these kinds of measures can be taken time to time. These are temporary measures. Everything goes back to normal after the danger is eliminated.” Social media and internet bans ended the following evening in most of the country, but there were still some short-term connection problems during the weekend in some regions, and it was reported that some Turk Telekom users
Read more

Cybernews Interview, Psiphon: “the world is becoming more and more privacy-conscious”

Most of us are aware of the necessity of having strong VPN protection in place. But what are the inherent issues with standard VPN applications, and how can they be solved? While choosing the best VPN often comes down to its features, the problem with many of the modern VPN applications concerns easily recognizable traffic in certain Internet environments despite the implemented end-to-end encryption. But what can be done about it? To discuss this matter, we’ve reached out to Alexis Gantous, a member of the Business Development and Operations team at Psiphon Inc, a company that works on providing uncensored Internet access for Windows and mobile devices. How did the idea of creating Psiphon originate? Psiphon was founded out of a research project at the University of Toronto’s Citizen Lab, founder and CEO Michael Hull saw the opportunity to take the original peer-to-peer system and further develop it to fill the needs of millions around the world who face restrictions to their access t
Read more