August 25 2022, VPN Community Gathering

From TCU Wiki
Revision as of 09:39, 8 September 2022 by Iffadmin (talk | contribs) (Adding remaining notes from meeting)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Resources

Censorship in Turkmenistan Slides
"All of them claim to be the best”: A multi-perspective study of VPN users and VPN providers
VPNs Are Not A-OK: Turkmen Internet Users Forced To Swear On Koran They Won't Use Them

Notes

Presentation

In August, a VPN Community Initiative member presented on censorship in Turkmenistan and alternative approaches to circumventing it.


General State of Censorship in Turkmenistan

  • There are only three internet providers in Turkmenistan.
    • One cellular provider, and two wired providers.
    • Data costs are prohibitively high, leading to low internet penetration.
    • Speeds are also prohibitively slow: 2 mb/s
  • A majority of popular messengers are blocked.
  • Most foreign websites are unreachable.
    • Russian sites are also highly censored.
  • VPN protocols are blocked (IPSec, OpenVPN, Wireguard…)
  • There is strong censorship of content that puts Turkmen government/political figures in a negative light.


Censorship Methods

  • Deep packet inspection
  • DNS Hijacking
  • Manual inspection by traffic amount to host


What Works?

  • Psiphon, until recently
    • Meeks was working and was employed by Psiphon.
      • As of a few days ago, it is no longer working.
  • Some shady/less-known VPN services
  • Some less-known protocols/utilities


What doesn't work?

  • Tor
    • Tor was working up through a month or so ago, using additional circumvention methods.
      • DNS fingerprinting block.
  • Commercial VPN providers
  • All regular VPN protocols (Wireguard, IPSec, L2TP, PPTP, OpenVPN)
  • Software that relies on 3rd party DNS (Google, CloudFlare...)
  • Outgoing TCP/UDP connections are blocked, incoming are not.
  • You cannot use public DNS resolvers, you must use the ISP's resolvers.
  • DNS protocol is also blocked.
  • VPN protocols are blocked (IPSec, OpenVPN, Wireguard…)


Experimental Alternative Circumvention Method

  • Establish VPN session from the blocked server to the client to circumvent the filter.
    • Setup knocking server on non-blocked IP range
    • Knocking server delivers connecting event to the blocked server
    • Blocked server sends UDP packet towards client’s IP/port, with random data
    • The packet circumvents IP filter, random data circumvents OpenVPN filter


Additional User Hurdles

  • Language: Many do not speak English or Russian.
    • Turkmen is a Turkic language
  • No regular documentation of censorship

Presentation Q&A and Additional Notes

Q: What is the data cap for users in Turkmenistan? A: Celular: 4 GB per month at an approximate cost of 14 USD for 2 GB/mo; Wired Connections: No limits Q: With super low speeds, what will the performance impacts be for users of a VPN that is actually accessible? A: Any solution that works to some degree is worthwhile.

Retrieved from "https://wiki.digitalrights.community/index.php?title=August_25_2022,_VPN_Community_Gathering&oldid=46239"