ACM Digital Library home
ACM home
Advanced Search
10.1145/3487552.3487858acmconferencesArticle/Chapter ViewAbstractPublication PagesimcConference Proceedingsconference-collections
research-article
Open Access

Throttling Twitter: an emerging censorship technique in Russia

IMC '21: Proceedings of the 21st ACM Internet Measurement ConferenceNovember 2021Pages 435–443https://doi.org/10.1145/3487552.3487858
Published:02 November 2021Publication History
  • 4citation
  • 1,098
  • Downloads
Metrics
Total Citations4
Total Downloads1,098
Last 12 Months564
Last 6 weeks170

IMC '21: Proceedings of the 21st ACM Internet Measurement Conference

Throttling Twitter: an emerging censorship technique in Russia
Pages 435–443
PreviousChapterNextChapter

ABSTRACT

In March 2021, the Russian government started to throttle Twitter on a national level, marking the first ever use of large-scale, targeted throttling for censorship purposes. The slowdown was intended to pressure Twitter to comply with content removal requests from the Russian government.

In this paper, we take a first look at this emerging censorship technique. We work with local activists in Russia to detect and measure the throttling and reverse engineer the throttler from in-country vantage points. We find that the throttling is triggered by Twitter domains in the TLS SNI extension, and the throttling limits both upstream and downstream traffic to a value between 130 kbps and 150 kbps by dropping packets that exceed this rate. We also find that the throttling devices appear to be located close to end-users, and that the throttling behaviors are consistent across different ISPs suggesting that they are centrally coordinated. Notably, this deployment marks a departure from Russia's previously decentralized model to a more centralized one that gives significant power to the authority to impose desired restrictions unilaterally. Russia's throttling of Twitter serves as a wake-up call to censorship researchers, and we hope to encourage future work in detecting and circumventing this emerging censorship technique.

References

  1. Alexander Khinshtein: Verification of users on the Internet is a matter of time, 2021. https://tass.ru/interviews/11032409.Google ScholarGoogle Scholar
  2. Alexa top 1,000,000 sites, 2019. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.Google ScholarGoogle Scholar
  3. Alice, Bob, Carol, J. Beznazwy, and A. Houmansadr. How china detects and blocks shadowsocks. In Proceedings of the ACM Internet Measurement Conference. Association for Computing Machinery.Google ScholarGoogle Scholar
  4. C. Anderson. Dimming the internet: Detecting throttling as a mechanism of censorship in iran, 2013.Google ScholarGoogle Scholar
  5. L. E. Andrey Viktorov. Russia twitter throttle dataset, 03 2021. https://github.com/4ndv/russia-twitter-throttle.Google ScholarGoogle Scholar
  6. Anonymous. The collateral damage of internet censorship by dns injection. SIGCOMM Comput. Commun. Rev., 2012.Google ScholarGoogle Scholar
  7. K. Bock, Y. Fax, K. Reese, J. Singh, and D. Levin. Detecting and evading censorship-in-depth: A case study of iran's protocol whitelister. In Workshop on Free and Open Communications on the Internet. USENIX Association.Google ScholarGoogle Scholar
  8. A. Chaabane, T. Chen, M. Cunche, E. De Cristofaro, A. Friedman, and M. A. Kaafar. Censorship in the wild: Analyzing internet filtering in syria. In Proceedings of the 2014 Conference on Internet Measurement Conference. Association for Computing Machinery, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Comparing traffic policing and traffic shaping for bandwidth limiting, 2019. https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html.Google ScholarGoogle Scholar
  10. M. Dischinger, M. Marcon, S. Guha, K. P. Gummadi, R. Mahajan, and S. Saroiu. Glasnost: Enabling end users to detect traffic differentiation. In USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Apr. 2010.Google ScholarGoogle Scholar
  11. R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, and V. Paxson. Examining how the great firewall discovers hidden circumvention servers. In Proceedings of the ACM Internet Measurement Conference. Association for Computing Machinery, 2015.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. R. Ensafi, J. Knockel, G. Alexander, and J. R. Crandall. Detecting intentional packet drops on the internet via tcp/ip side channels. In International Conference on Passive and Active Network Measurement. Springer, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. Ensafi, P. Winter, A. Mueen, and J. Crandall. Analyzing the great firewall of china over space and time. Proceedings on Privacy Enhancing Technologies, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  14. G. Esfandiari. Iran admits throttling internet to 'preserve calm' during election, 2013. https://www.rferl.org/a/iran-internet-disruptions-election/25028696.html.Google ScholarGoogle Scholar
  15. L. Evdokimov. Iran protests: Dpi blocking of instagram, 2018. https://ooni.org/post/2018-iran-protests-pt2/.Google ScholarGoogle Scholar
  16. O. Farnan, A. Darer, and J. Wright. Poisoning the well: Exploring the great firewall's poisoned dns responses. In Proceedings of the ACM on Workshop on Privacy in the Electronic Society. Association for Computing Machinery, 2016.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. T. Flach, P. Papageorge, A. Terzis, L. Pedrosa, Y. Cheng, T. Karim, E. Katz-Bassett, and R. Govindan. An internet-wide analysis of traffic policing. In Proceedings of the SIGCOMM Conference. Association for Computing Machinery, 2016.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Gavrilyuk. Failures for independence - traffic got lost in the equipment of "sovereign runet", 04 2021. https://www.kommersant.ru/doc/4763212.Google ScholarGoogle Scholar
  19. GoodbyeDPI GitHub Repository, 2021. https://github.com/ValdikSS/GoodbyeDPI.Google ScholarGoogle Scholar
  20. hsto.org, 2019. https://hsto.org/webt/wk/tk/ud/wktkudgaf5uslgn-gzuj58p-xae.png.Google ScholarGoogle Scholar
  21. A. International. Iran: Internet deliberately shut down during november 2019 killings - new investigation, 2020. https://www.amnesty.org/en/latest/news/2020/11/iran-internet-deliberately-shut-down-during-november-2019-killings-new-investigation/.Google ScholarGoogle Scholar
  22. A. Januta and M. Funakoshi. Myanmar's internet suppression, 2021. https://graphics.reuters.com/MYANMAR-POLITICS/INTERNET-RESTRICTION/rlgpdbreepo/.Google ScholarGoogle Scholar
  23. A. Kakhki, A. Razaghpanah, A. Li, H. Koo, R. Golani, D. Choffnes, P. Gill, and A. Mislove. Identifying traffic differentiation in mobile networks. In Proceedings of the 2015 Internet Measurement Conference. Association for Computing Machinery, 2015.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. S. Khattak, M. Javed, P. D. Anderson, and V. Paxson. Towards illuminating a censorship monitor's model to facilitate evasion. In Workshop on Free and Open Communications on the Internet. USENIX Association, 2013.Google ScholarGoogle Scholar
  25. A. Langley. A Transport Layer Security (TLS) ClientHello Padding Extension. RFC 7685.Google ScholarGoogle Scholar
  26. F. Li, A. M. Kakhki, D. Choffnes, P. Gill, and A. Mislove. Classifiers unclassified: An efficient approach to revealing ip traffic classification rules. In Proceedings of the 2016 Internet Measurement Conference, IMC '16, page 239--245, New York, NY, USA, 2016. Association for Computing Machinery.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. F. Li, A. A. Niaki, D. Choffnes, P. Gill, and A. Mislove. A large-scale analysis of deployed traffic differentiation practices. In Proceedings of the ACM Special Interest Group on Data Communication. Association for Computing Machinery, 2019.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. F. Li, A. Razaghpanah, A. M. Kakhki, A. A. Niaki, D. Choffnes, P. Gill, and A. Mislove. Lib•erate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently. In Proceedings of the 2017 Internet Measurement Conference, IMC '17, page 128--141, New York, NY, USA, 2017. Association for Computing Machinery.Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. libnetfilter queue documentation, 2000. https://netfilter.org/projects/libnetfilter_queue/doxygen/html.Google ScholarGoogle Scholar
  30. G. Lowe, P. Winters, and M. L. Marcus. The great DNS wall of china. In Technical Report. New York University, 2007.Google ScholarGoogle Scholar
  31. Z. Media. In st. petersburg, participants of the torchlight procession were detained, who carried flags with the roskomnadzor logo, 2021. https://zona.media/news/2021/03/30/unleash-twitter.Google ScholarGoogle Scholar
  32. menlo. The menlo report, 2012. https://www.dhs.gov/sites/default/files/publications/CSD-MenloPrinciplesCORE-20120803_1.pdf.Google ScholarGoogle Scholar
  33. A. A. Niaki, S. Cho, Z. Weinberg, N. P. Hoang, A. Razaghpanah, N. Christin, and P. Gill. ICLab: A global, longitudinal internet censorship measurement platform. In Symposium on Security & Privacy. IEEE, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  34. Slowdown of twitter in russia, 2021. https://ntc.party/t/twitter/907.Google ScholarGoogle Scholar
  35. Open Observatory of Network Interference (OONI). OONI Website. https://ooni.org/, 2021.Google ScholarGoogle Scholar
  36. J. Park and J. Crandall. Empirical study of a national-scale distributed intrusion detection system: Backbone-level filtering of html responses in china. IEEE, 2010.Google ScholarGoogle Scholar
  37. P. Pearce, B. Jones, F. Li, R. Ensafi, N. Feamster, N. Weaver, and V. Paxson. Global measurement of DNS manipulation. In USENIX Security Symposium. USENIX Association, 2017.Google ScholarGoogle Scholar
  38. P. Pearce, B. Jones, F. Li, R. Ensafi, N. Feamster, N. Weaver, and V. Paxson. Global measurement of DNS manipulation. In USENIX Security Symposium. USENIX Association, 2017.Google ScholarGoogle Scholar
  39. R. Ramesh, R. S. Raman, M. Bernhard, V. Ongkowijaya, L. Evdokimov, A. Edmundson, S. Sprecher, M. Ikram, and R. Ensafi. Decentralized control: A case study of Russia. In Network and Distributed System Security. The Internet Society, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  40. Reuters. Russia gives google 24 hours to delete banned content, 2021. https://www.reuters.com/technology/russia-gives-google-one-day-delete-banned-content-threatens-slowdown-2021-05-24/.Google ScholarGoogle Scholar
  41. Report about Roskomnadzor's letter to ISPs, 2019. https://habr.com/ru/post/459894/.Google ScholarGoogle Scholar
  42. Roskomnadzor takes measures to protect russian citizens from the influence of illegal content, 2021. https://rkn.gov.ru/news/rsoc/news73464.htm.Google ScholarGoogle Scholar
  43. Twitter is slowed down normally, 2021. https://rkn.gov.ru/news/rsoc/news73480.htm.Google ScholarGoogle Scholar
  44. Roskomnadzor announces its decision to extend measures to slow down Twitter traffic until May 15 this year, 2021. https://rkn.gov.ru/news/rsoc/news73536.htm.Google ScholarGoogle Scholar
  45. Twitter informed Roskomnadzor of the progress in removing prohibited materials, 2021. https://rkn.gov.ru/news/rsoc/news73620.htm.Google ScholarGoogle Scholar
  46. On the partial removal of measures to slow down twitter traffic, 2021. https://rkn.gov.ru/news/rsoc/news73632.htm.Google ScholarGoogle Scholar
  47. Russia says Twitter complying with demand to remove 'banned content', 2021. https://www.reuters.com/technology/russia-says-twitter-is-complying-with-demand-remove-banned-content-2021-04-30/.Google ScholarGoogle Scholar
  48. W. Scott, T. Anderson, T. Kohno, and A. Krishnamurthy. Satellite: Joint analysis of CDNs and network-level interference. In USENIX Annual Technical Conference. USENIX Association, 2016.Google ScholarGoogle Scholar
  49. J. Sherman. Kashmir internet shutdown continues, despite supreme court ruling, 2020. https://thediplomat.com/2020/08/kashmir-internet-shutdown-continues-despite-supreme-court-ruling/.Google ScholarGoogle Scholar
  50. R. Sundara Raman, P. Shenoy, K. Kohls, and R. Ensafi. Censored Planet: An Internet-wide, Longitudinal Censorship Observatory. In ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2020.Google ScholarGoogle Scholar
  51. Telegram, 2021. https://t.me/roskomsvoboda/6619.Google ScholarGoogle Scholar
  52. B. VanderSloot, A. McDonald, W. Scott, J. A. Halderman, and R. Ensafi. Quack: Scalable remote measurement of application-layer censorship. In USENIX Security Symposium. USENIX Association, 2018.Google ScholarGoogle Scholar
  53. A. Viktorov. Is my Twitter slow or what?, 2021. https://lynx.pink/is-my-twitter-slow-or-what/.Google ScholarGoogle Scholar
  54. Z. Wang, S. Zhu, Y. Cao, Z. Qian, C. Song, S. V. Krishnamurthy, K. S. Chan, and T. D. Braun. SymTCP: Eluding stateful deep packet inspection with automated discrepancy discovery. In Network and Distributed System Security. The Internet Society, 2020.Google ScholarGoogle ScholarCross RefCross Ref
  55. A. Wilhelm. The internet in iran is crawling, conveniently, right before planned protests, 2010. https://thenextweb.com/news/internet-iran-crawling-conveniently-planned-protests.Google ScholarGoogle Scholar
  56. P. Winter and S. Lindskog. How the great firewall of china is blocking tor. In Workshop on Free and Open Communications on the Internet. USENIX Association, 2012.Google ScholarGoogle Scholar
  57. X. Xu, Z. M. Mao, and J. A. Halderman. Internet censorship in china: Where does the filtering occur? In N. Spring and G. F. Riley, editors, Passive and Active Measurement. Springer Berlin Heidelberg, 2011.Google ScholarGoogle Scholar
  58. zapret v.39, 2021. https://github.com/bol-van/zapret.Google ScholarGoogle Scholar
  59. Y. Zhang, Z. Mao, and M. Zhang. Detecting traffic differentiation in backbone isps with netpolice. In Proceedings of the SIGCOMM Conference on Internet Measurement. Association for Computing Machinery, 2009.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Throttling Twitter: an emerging censorship technique in Russia

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          Get this Publication

          • Published in

            cover image ACM Conferences
            IMC '21: Proceedings of the 21st ACM Internet Measurement Conference
            November 2021
            768 pages
            ISBN:9781450391290
            DOI:10.1145/3487552

            Copyright © 2021 Owner/Author

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 2 November 2021

            Check for updates

            Author Tags

            Qualifiers

            • research-article

            Acceptance Rates

            Overall Acceptance Rate 277 of 1,083 submissions, 26%

            Upcoming Conference

            IMC '23
            IMC '23: ACM Internet Measurement Conference
            October 24 - 26, 2023
            Montreal , QC , Canada

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          View Table of Contents
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!