Censorship Incidents

We list real censorship incidents of censorship circumvention tools. Many other types of censorship exist and are not listed in this table.

Censorship of Circumvention Tools
EventTargetSteps
China 2008a [ref]Tor
  1. Check requests for Tor (`.torproject.org') then Send TCP reset
China 2008b [ref]Tor
  1. Check whether server IP is in blacklist then Timeout
China 2009a [ref, ref]Tor
  1. Get Tor relays' IP addresses from public list then Blacklist server IP address
  2. Check whether server IP-port pair is in blacklist then Block
China 2009b [ref, ref]Tor
  1. Get Tor bridges' IP addresses from webpage then Blacklist server IP address
  2. Check whether server IP is in blacklist then Block
China 2010 [ref, ref]Tor
  1. Get Tor bridges' IP addresses from email then Blacklist server IP address
  2. Check whether server IP is in blacklist then Block
China 2011/10 [ref, ref, ref, ref, ref, ref]Tor
  1. DPI for Tor's TLS `Client Hello' for cipherlist then Graylist server IP-port pair
  2. Probe server for circumvention handshake looking for version cell then Blacklist server IP-port pair
  3. Check whether server IP-port pair is in blacklist then Block
China 2013/01 [ref, ref]Tor+obfs2
  1. Observe suspected circumvention flow (method unknown) then Graylist server IP-port pair
  2. Probe server for circumvention handshake (looking for what?) then Blacklist server IP-port pair
  3. Check whether server IP-port pair is in blacklist then Block
China 2013/07 [ref]Tor+obfs3
  1. Observe suspected circumvention flow (method unknown) then Graylist server IP-port pair
  2. Probe server for circumvention handshake (looking for what?) then Blacklist server IP-port pair
  3. Check whether server IP-port pair is in blacklist then Block
Ethiopia 2012/06 [ref]Tor
  1. DPI for TLS `Server Hello' for cipher 0x0039 sent by the Tor relay or bridge then Drop packet
Iran 2007 [ref, ref]Tor
  1. Check GET requests for Tor (`/tor/') then Cut connection
Iran 2009 [ref, ref]SSL
  1. Identify SSL (method unknown) then Throttle
Iran 2011/01 [ref, ref]Tor
  1. DPI for Tor's DH parameter in SSL then Block
  2. Check whether server IP is in blacklist then TCP FIN
Iran 2011/10 [ref, ref]SSL?
  1. Identify SSL for Tor (method unknown) then Throttle
Iran 2011/09 [ref, ref]Tor
  1. DPI for Tor's SSL and TLS certificate lifetime then Block
Iran 2012/10 [ref]Tor
  1. DPI for TLS `Client Hello' for SNI that resolves to Tor relay/bridge then Block
Iran 2012/11 [ref]Tor etc?
  1. DPI on TLS for client key exchange then Send a TCP reset and drop packet
Iran 2012/02a [ref, ref]SSL
  1. Identify SSL handshake then Block
Iran 2012/02b [ref]Tor etc.
  1. Check whether server IP-port pair is in blacklist then Block
Iran 2012/02c [ref]Tor etc.
  1. Search for `Tor' as a keyword, e.g., as a search term then Block
Iran 2013/03 [ref]Tor
  1. DPI for Tor's SSL and TLS certificate lifetime then Block
Iran 2013/04a [ref]non-HTTP
  1. Check for port 80 and whether protocol is non-HTTP (method unknown) then Send a TCP reset
Iran 2013/04b [ref]encryption
  1. Check for encryption (method unknown) then Throttle
Iran 2014 [ref]Tor
  1. Find IP addresses of Tor directory authorities then Blacklist server IP-port pair
  2. Check whether server IP-port pair is in blacklist then Block
Kazakhstan 2012a [ref]Tor
  1. DPI for TLS `Server Hello' for cipher 0x0039 sent by the Tor relay or bridge then Drop packet
Kazakhstan 2012b [ref]Tor
  1. DPI for Tor's TLS `Client Hello' for cipherlist then Block
Philippines 2012 [ref, ref]Tor
  1. DPI for TLS `Server Hello' for cipher 0x0039 sent by the Tor relay or bridge then Block
Saudi Arabia 2007 [ref]Tor
  1. Check GET requests for Tor (`/tor/') then Cut connection
Syria 2011 [ref]Tor
  1. DPI for Tor's TLS renegotiation then Blacklist server IP address
  2. Check whether server IP is in blacklist then Block
Syria 2012/12 [ref]Tor
  1. DPI for Tor's TLS renegotiation then Blacklist server IP address
  2. Check whether server IP is in blacklist then Block
Thailand 2006 [ref]Tor
  1. Check DNS requests for whether they are for Tor's website then Redirect to a block page
Tunisia 2009a [ref]non-web
  1. Check whether port is not 80 or 443 then Block
Tunisia 2009b [ref]SSL+
  1. Check whether port is not 80 (and client IP is on a graylist?) then Block
Turkey 2014 [ref]Tor etc.
  1. Check DNS requests for whether they are for Tor's website then Block
UAE 2012 [ref]Tor
  1. DPI for TLS `Server Hello' for cipher 0x0039 sent by the Tor relay or bridge then Drop packet