Censors pose an even greater threat to the Internet than previously understood. We demonstrate an off-path attack that exploits residual censorship, a feature by which a censor continues blocking traffic between two end-hosts for some time after a censorship event. Our attack sends spoofed packets with censored content, keeping two victim end-hosts separated by a censor from being able to communicate with one another. This attack allows anyone to weaponize censorship infrastructure to perform their own blocking.

We discover it is possible for an attacker to weaponize a censor to prevent any pair of hosts from communicating across its borders by abusing a little known feature of many censorship systems: residual censorship.

In July of 2020, the Open Observatory of Network Interference (OONI) team discovered that Indian ISPs (Airtel and Reliance Jio) had started filtering HTTPS websites using the Server Name Indication (SNI) field in TLS. A year later, we revisit Airtel’s HTTPS censorship system, show how we trained Geneva against the new censorship system to discover evasion strategies, and learn more about how the censorship systems operate.

Using our tool Geneva, we have discovered how to circumvent censorship from the server-side: with no client participation whatsoever. This opens up new avenues for helping people evade censorship, even if they didn’t realize they were being censored in the first place.

The Great Firewall (GFW) of China has recently begun blocking ESNI—one of the foundational features of TLS 1.3 and HTTPS. We empirically demonstrate what triggers this censorship and how long residual censorship lasts. We also present several evasion strategies discovered by Geneva that can be run either client-side or server-side to evade blocking.

We’re excited to announce the full code base of Geneva is now public! Click to read more about the code, how to use it, and why we are releasing it.

Tune in to our talk with the OONI Internet Measurement Village!

Ahead of its February 21st elections and amidst the chaos of COVID-19, Iran quietly deployed a second censorship system: a protocol whitelister. Click read more to learn about how the protocol whitelister works and how we can circumvent it.

Kevin and George spoke at BlueHat IL in Tel Aviv. Click read more to see their talk and slides.

Kevin spoke at CCS in London. Click read more to see their talk and slides.