If you ask two web security experts how to block content on the Internet, you will get three opinions: One of them will recommend Whitelisting, another Blacklisting. The best practice is generally a combination of both, but does it actually work?
First Published 20th April 2018
Knowledge is power.
4 min read | Reflare Research Team
Before we take a closer look at Russia’s actions and the resulting consequences, it is important to understand the two main methods for filtering content: Whitelisting and Blacklisting.
Whitelisting refers to disallowing all contents by default and then allowing specific contents to be accessed. High-security corporate content filters and the North Korean internet operate in this manner.
Blacklisting refers to allowing all contents by default and then disallowing specific contents from being accessed. The Chinese and Russians, but also, increasingly some European government approaches to internet censorship operate in this manner.
The next challenge is how to enforce the filtering. The easiest (and most commonly used) approach is to force the country’s ISPs (Internet Service Providers) to redirect certain domains (e.g. “facebook.com”) to government-owned IP addresses through custom DNS entries. The DNS system is what resolves a domain name like “facebook.com” to a machine-usable IP address like 31.13.82.36. However, many alternative DNS service providers exist and setting custom DNS servers is a trivial task even for non-technical users if advised correctly. As a historical example, this application of filtering during Turkey’s 2014 civil unrest led protesters to spray paint the IP address 8.8.8.8 (belonging to Google’s DNS service) on public walls to inform the public how to circumvent filtering.
The more difficult, but also more effective approach is to assume control of central routing points connecting national network connections to those of neighbouring countries and prohibit transmission of data to certain IPs. Russia appears to have used this approach.
What prevented the block from working?
According to various sources, Telegram was either already running parts of its infrastructure within Amazon’s AWS cloud infrastructure or moved parts of its infrastructure into it after the ban was publicized.
AWS is the market leader in cloud computing. Its services are used by a vast variety of small to large companies and organizations all around the world. It is so massive that a significant portion of the entire internet runs on its servers. Its short-lived “cloud” nature also means that resources such as servers, IPs and storage space are constantly reassigned between different customers on demand.
By moving Telegram into AWS, the Telegram developers presented Russia with a problem: They could either block access to all of AWS or give up. Blocking all of AWS would lead to a significant portion of the internet - including many Russian businesses and organizations - becoming inaccessible from within Russia. As far as public information at the time of writing allows us to deduce, Russian officials went ahead and blocked Telegram services anyway, resulting in millions of blocked IP addresses and countless inaccessible websites.
Among those affected was Russia Today’s video network Ruptly, which coincidentally went down while RT was broadcasting an interview with Russian official Alexander Zharov claiming that no “socially relevant resources” had been affected.
What happens next?
Whether or not the Russian government is going to keep up or enforce the ban is beyond the scope and expertise of this briefing. Social and policing mechanisms could effectively push Telegram off the Russian market. The current events have however shown that blocking a single web service without affecting the remaining internet has become virtually impossible in this day and age.
Subsequently, we predict autocratic governments will attempt to move towards whitelisted internet access over time. The effort would be tremendous, is sure to spark massive resistance from populations and is unlikely to be successful in any country with a currently open internet. If implemented however, it would allow for actual censorship of disapproved resources.
We expect these power struggles to play out over the coming 10 to 15 years.