Censorship of media has existed since time immemorial. In recent times, the face of the world has changed to become more social online. In response to this, Governments across the world have stepped up their online censorship and surveillance mechanisms. As of today, there are at least twenty world governments who censor their Internet traffic. To worsen things, quite a few of these governments take this monitoring a step further by deploying DPI (Deep Packet Inspection).
What is Deep Packet Inspection?
A packet is any chunk of data sent over the Internet from your computer to the server of a website. When you browse over an insecure open network or even connect to your ISP, your ISP can capture and read these packets. To bypass this privacy and security loophole, you can use VPN services. VPN creates a secure tunnel between our computer and a VPN server, making it difficult to capture our Internet traffic. However, using VPNs does not always give absolute privacy. DPI (Deep Packet Inspection) beats VPNs and can sniff and identify VPN packets.
How Deep Packet Inspection Works
DPI works in two parts:
- Reads Internet packet metadata (packet headers) to identify usage patterns like torrent connections, video streams and VPN connections.
- Reads Internet packet content (packet body) to determine the data contents.
As you can see, DPI is capable of going deep into network packets to look for data and identifiable patterns. This is done by mass examination of incoming and outgoing traffic at the firewall, where DPI operates as an added security measure. If you want a technical overview of the inner implementations of DPI, here is a discussion from Symantec blog on the usage of DPI techniques in firewalls.
What Are the Uses of Deep Packet Inspection?
Before we go on to mention how Governments around the world use DPI wickedly, it is worth mentioning that DPI has legitimate uses too.
- DPI is useful in implementations of enterprise firewall, where local laws block some content for data security and compliance. Internet companies in China have to block specific political content to operate in China.
- DPI can help protect enterprise networks from hacking attacks by identifying network intrusions well in advance. With DPI, it becomes easy to identify and stop DDoS attacks by checking incoming and outgoing packet contents at the firewall.
- Using DPI, network providers can maintain a certain level of QOS (Quality of Service) over a network for all users and prevent network congestion. For example, there is a particular group of users who like watching YouTube videos at work. They cannot slow down the network for everyone else and hence get YouTube streams capped at 480p. This is implemented using DPI.
In the greater scheme of things, there is always a cat and mouse game over the Internet called online privacy. Ultimately, this highly competitive game is played between those who want to carry out surveillance and those who strive for privacy. This is where Governments use DPI against your interests.
Even if you follow all traditional steps to secure your Internet data from ISPs and hackers (including using HTTPS and a VPN service) DPI can still read your Internet traffic, looks for patterns and identify your content based on those patterns. Sometimes, this beats VPN usage entirely, since VPN traffic has a header that identifies the packet as coming from a VPN client machine. In some countries, that alone is a reason to block your Internet traffic completely. Sometimes, you can also be charged as a criminal for using VPN, like in Iran. So, your first priority is to know whether Using VPN is legal in your country.
Which Countries Use Deep Packet Inspection?
DPI is intended for legitimate use in network traffic management. But the truth is, we do not live in an ideal world. Ironically, this is a list of countries where the Government uses Deep Packet Inspection to analyze Internet traffic for surveillance and censorship of their citizen, and not always in the public interest.
How it uses Deep Packet Inspection
Intelligently sorts internet traffic from AT&T Inc. for surveillance
Censors its Internet and VPN usage for broadly classified sensitive content
Censors a broad category of content and blocks VPN, causes slow Internet in Iran
Blocks content based on a centrally maintained IP blacklist
Blocks access to pornography, information on drugs and pirated content
Blocks access to politically sensitive content and occasionally block the Internet entirely
Blocked access social networking websites before the 2013 elections
Blocks TOR network and VPN after a nationwide emergency situation in 2016
Blocks social media and YouTube, also blocks Tor network and VPN connections
Blocks Tor network and VPN connections following political unrest in 2012
The countries marked in red use DPI to block VPN and Tor access.
The Great Firewall Of China (GFW) has been trained to detect TLS handshakes to servers that have a high level of encrypted traffic flowing through them. These servers are known to be VPN servers and the GFW makes various attempts to block VPN connections by blocking the TLS handshake from the client to the VPN server. Without this handshake, you cannot use a VPN service.
Many, if not all of these countries have constitutions that protect their citizen against this kind of blanket surveillance. Some of these countries even have laws (like FISA) that explicitly mention the terms under which the Government can monitor their citizen and it requires a court warrant in most cases. Needless to say, those countries violate their own laws when performing a Deep Packet Inspection.
So, is Privacy a Lost Battle?
No, the battle for Privacy is not lost as long as we have better technology available to common people. Now you know what Deep Packet Inspection is and whether you are susceptible to being targeted by it. Next, it is time to find solutions against DPI, and there are many. We will talk about ways to get around Deep Packet Inspection and VPN blocking in a different article.