In the dark

PROLOGUE

Special operation and peace

On February 27, a few days after Russia invaded Ukraine, radio journalist Valerii Nechay returned to St. Petersburg from a trip to the North Caucasus to find three men in his apartment. Wearing masks to disguise their features, they told him that if he wanted his mother to be left unharmed, he should leave the country. 

They needn’t have bothered. Nechay already had a one-way ticket booked to Yerevan, the capital of Armenia. “It actually just helped me to pack my bags much quicker,” he said. From Armenia, he traveled on to Georgia and then on again. Rest of World agreed not to disclose his current location, out of concern for his safety.

For nearly two decades, Nechay has worked for the radio station Echo of Moscow, which has broadcast political talk shows and news since 1990. Soon after the invasion of Ukraine began, the station was told, like all media in Russia, to stop calling the war a war. 

“It led to some kind of jokes we used when we were on air, that Leo Tolstoy once published his novel called Special Operation and Peace,” Nechay said. “But we usually were trying to find a way to convey the real meaning of the word … so saying something like, ‘the war in Ukraine, which the Russian government calls the special operation.’”

The evasions weren’t enough. On March 1, Echo of Moscow was shut down by Roskomnadzor, the state media supervision authority. It was the first time it had been off the air since 1991. Its website was taken offline for a time, and its social media accounts soon went dark. The following week, Sputnik Radio, a government-funded radio station, announced it would now broadcast on Echo’s radio frequency. On March 4, a law was rushed through the State Duma, one of Russia’s chambers of parliament, banning “public dissemination of deliberately false information about the use of the Armed Forces of the Russian Federation.” Using anything other than the approved terminology “special military operation” is punishable by up to 15 years in prison. 

Intimidating journalists and seizing the airwaves are timeworn methods of censorship. But to more comprehensively restrict alternative voices, the Russian government had to use more-sophisticated tools. Many journalists from closed-down publications and channels switched to publishing on social media. Internet users downloaded virtual private networks (VPNs) to get around blocks on overseas news outlets. 

Just a few years ago, the wholesale blocking of social media and messaging platforms would have been almost impossible in Russia, where the internet infrastructure is sprawling and complex, with hundreds of internet service providers and many points of contact with global networks. But over the past five years, the government of Vladimir Putin has created a sophisticated infrastructure of internet control, built partly with commercially available tools, that has allowed the state to block social media, including Twitter, Instagram and Facebook, inside Russia and to disrupt circumvention tools like VPNs, Tor, and the web proxy software Psiphon.

Russia is a pioneer in the use of these tools but not an outlier. The technologies it uses are proliferating, creeping into internet infrastructure all over the world, helped by multinational companies that have turned censorship into an off-the-shelf product. Censored Planet, an internet observatory in the U.S., has tracked more than 100 countries where internet censorship has worsened in the past few years. And even as technically sophisticated methods for information control become easily available, more and more governments are turning to blunt-force tactics, shutting down the internet entirely in response to political opposition or social pressure.

Over the last six months, Rest of World spoke to more than 70 technologists, telecomms experts, activists, and journalists from around the world to track how governments’ control over the internet has grown and evolved during the past decade. Their testimony shows that the free, open, global internet is under severe threat. Telecomms blackouts and mass censorship risk fragmenting the internet and even undermining its physical integrity. These threats come in many forms, but most of the experts we spoke to trace them back to a watershed moment, 11 years ago in Cairo, when, facing a mass protest movement that was evolving and growing online, the Egyptian government turned off the internet.

PART 1

Kill switch

Few people have experienced the full arc of censorship and control in Egypt as comprehensively as Nora Younis. Younis started out as a political blogger in 2005, one of the first generation of Egyptian citizen journalists to report firsthand on protests and human rights violations and to publish online. She filmed protests and documented sexual assaults by the police and posted them to her blog and to social media, animated by a belief that she’d be able to kick-start change in her country. 

“I was sure in my naïvety [that] it’s just that nobody was brave enough to do this [before],” she told Rest of World. “Nobody has the technology. Nobody has the evidence.” She started reporting for the Washington Post, and, in August 2008, she was appointed digital managing editor of Al-Masry Al-Youm, a Cairo-based daily newspaper. She would soon help to lead the paper’s coverage of the most significant event in Egypt’s modern history, a massive popular uprising against the government that began in January 2011.

The beginning of the revolution was, she said, a “magical moment. I was in the right position at the right time, in the right place.” It was the kind of change that she’d imagined years before, although, as a journalist, she insisted on keeping a professional distance. “We tried to be reporting the revolution, not making the revolution,” she said.

Social media wasn’t the cause of the uprising, but it played a huge role. On Twitter, protesters posted images and eyewitness accounts; on Facebook, they set up event pages to coordinate the movement, telling their comrades to come to the squares, to dress in black, to congregate by riversides to protest. “It made people feel the sense of ‘usness,’” Younis said. “There is a togetherness: it’s not me alone; there are others. I will go alone, but I will find others.”

“There is a togetherness: it’s not me alone; there are others. I will go alone, but I will find others.”

On January 25, 2011, an estimated 50,000 protesters flooded into Tahrir Square, a circular road junction that is the focal point of the city’s downtown district. Called to action at mosques, universities and colleges, and online, the protesters represented a coalescence of interests, from supporters of political Islam to liberal pro-democracy groups, feminists, and trade unionists, each with their own grievances against the regime of then-president Hosni Mubarak. Tahrir Square — “Tahrir” means “liberation” in English — became the revolution’s epicenter, occupied day and night: at times a celebration, at others a battleground. As Egyptian security forces responded with violence and the death toll mounted, it served as a place of collective mourning.

Caught off guard by the scale of the uprising, the security forces tried to shut down the protesters’ tools of communication. Twitter was essentially blocked from the evening of January 25 onward, and Facebook was blocked the following day. The restrictions weren’t wholly successful; information kept leaking out, and people still found ways to organize online. In the early hours of January 28, the government pulled the plug. Internet service providers (ISPs) and mobile operators were ordered to suspend their services, and power was cut to the main internet exchange point — the physical meeting point of ISPs’ traffic — in Cairo. For five days, Egypt was almost completely disconnected from the global internet.

On the streets, protesters struggled to communicate with each other and with the world. Banks shut, payments bounced. The stock exchange closed. The country’s huge services sector was left reeling as it lost contact with international clients. The Organization for Economic Cooperation and Development, a think tank, estimated that the shutdown cost the Egyptian economy at least $18 million per day.

However, it wasn’t as total a blackout as the government hoped. There were still places that had managed to stay connected, via private corporate networks or satellites.

On January 28, Younis checked into the InterContinental Cairo Semiramis Hotel, a five-star resort on Cairo’s corniche. Somehow, the hotel’s business center was still connected, as were the rooms, so Al-Masry Al-Youm moved its online operation to a suite there, later occupying three other rooms so editors and reporters could sleep on site.

The western-facing suite Younis and her team occupied featured a balcony overlooking the Nile and the Kasr El-Nil Bridge, one of the main river crossings leading to Tahrir Square. 

From the balcony, Younis filmed as protesters moving across the bridge were confronted by riot police. She recorded for six hours as the clashes turned into a bloody, attritional melée. The protestors would get halfway across the bridge and be beaten back with tear gas, batons, and, sometimes, live rounds; then they’d regroup and fight their way forward again. Younis recorded people being shot, people being run down by armored cars. She cut the video together and published it on Al-Masry Al-Youm’s website, which was still accessible overseas. “Egyptians could not see it,” she said. “But while we were still in that room, we found the video all over, on the BBC and CNN newscasts. They took it from our website abroad, and they streamed it on TV on international networks … and the Egyptians were able to see it on TV.”

The protests continued. The internet was largely restored on February 2. On February 11, Mubarak left office. 

Egypt wasn’t the first large country to shut down the internet in response to protests; during the “Green Movement” uprising in 2009, Iranian authorities throttled networks. But the Egyptian uprising coincided with the global explosion in popularity of social media. The shutdown made the physical vulnerabilities of the web apparent at the moment when belief in its liberating power was at an apogee. 

“[The internet] had become already so much part of contemporary life, for many anyway, that it was kind of inconceivable that a government would turn it off, or even had the power to turn it off,” Brett Solomon, executive director and co-founder of Access Now, a human rights organization that campaigns against internet restrictions, told Rest of World. 

Doug Madory, now director of internet analysis at internet monitoring company Kentik, was one of the first people to raise the alarm on Egypt’s sudden loss of connectivity in 2011. He has since become a kind of herald of impending disaster on the internet, identifying sudden outages and disruptions. Before Egypt, the idea of blackouts “wasn’t part of the public narrative,” he told Rest of World. But the sudden shutdown crystallized in the minds of people watching that the internet wasn’t invulnerable, that it could blink off.

“The Arab Spring was the top story of the day, globally. … You already had everyone’s attention,” Madory said. “It captured the imaginations for a lot of people, to have a country of that size just completely go lights out for days, in response to massive civil unrest.”

For the protesters themselves, it was a sobering moment. “We were very hopeful that now we had the tools to change the world. We were telling ourselves… that you cannot really suppress people [who have the] internet,” Abdelrahman Ayyash, an activist who was part of the movement — and spent the first three days of the January protest in police cells, emerging into the blackout — told Rest of World. “I think we were a bit naïve.”

---

The internet was designed to have no single point of failure. It’s a decentralized network of networks that is hosted on hundreds of thousands of machines spread around the world, connected at a software level by shared protocols that allow it to heal around a breach. That resilience was coded in as part of the U.S. government’s Cold War planning — many of the core mechanisms of the internet having been designed by that country’s military. If part of the network went out due to sabotage or a nuclear strike, the rest would continue to function. This supposed invulnerability is embedded in the internet’s mythology, later meshing with the freedoms felt by pioneers on the World Wide Web, who found they could build and organize out of the shadow of the old gatekeepers in business, politics, and media: The internet would be empowering, democratizing, and self-organizing; information wanted to be free. 

But the internet isn’t just software. It’s a physical thing with its own geography: massive data centers on the Eastern Seaboard of the U.S., each consuming as much power as a town; roughly 1.3 million kilometers of inch-thick, fiber-optic cabling laid on seabeds; exchange points crammed into tower blocks in city suburbs; cell towers; and copper wiring. It’s not coherent or homogenous but an agglomeration of each generation of technology, often jury-rigged together — “a reliable system built of unreliable parts,” according to Andrew Sullivan, CEO of the Internet Society, a nonprofit organization that advocates for an open web. It’s a public good, run in large part on private systems and through private companies, and a global infrastructure that is subject to local laws and local norms. 

It’s often in its IRL manifestations, where the digital pokes through into meatspace, that the internet is vulnerable to accident or attack. 

These are more common than the average Western user, whose networks are relatively robust, might think. Egypt’s first internet blackout — this one unintentional — took place in 2008, when several undersea cables were damaged, one reportedly by a discarded anchor, knocking out services across the Middle East and North Africa. This year, in the month of January alone, Gambia lost access to the internet for eight hours, after a fault on the submarine cable that serves West Africa; Tonga, which is served by a single undersea cable, was almost entirely offline for weeks after an undersea earthquake severed its physical link; and Yemen’s connection was cut by an airstrike. 

But while these blackouts were the result of accidents or collateral damage, deliberate shutdowns have become increasingly frequent. The Mubarak regime’s shutdown seemed to open a valve. 

Access Now has recorded at least 935 total or partial internet shutdowns in more than 60 countries since 2016. It’s an escalating pattern: the vast majority of the blackouts have happened in the last five years. Whole countries, including Sudan, Uganda, and Myanmar, have gone offline for days on end, as leaders try to cripple their opponents’ ability to organize or disseminate information during moments of political tension.

“The era we’re in now started with Egypt. And it’s not stopped,” Kentik’s Madory said. He’s witnessed near-constant attacks on internet access, a pattern that isn’t likely to reverse course — and a remarkable complacency about the threats they pose to the internet. “We’re like the coyote that just ran off the cliff,” Madory said. “And then, like that, we’re falling.”

“The era we’re in now started with Egypt. And it’s not stopped.”

Experts who track risks to the internet measure its fragility at a local level by looking at the number of physical entry points, the number of service providers, who owns the infrastructure, and, critically, the intent of the government. A country like the U.S. has more than 1,400 internet service providers and more than 120 internet exchange points, which are almost all privately owned. It has a government that is constitutionally bound to protect freedom of expression and a robust court system that can hold the state to account. It would be almost impossible for the government to legally order a shutdown of the internet in peacetime and difficult to do it illegally by force. That isn’t true for countries with far more concentrated infrastructure, where blackouts can be startlingly easy to execute.

Media coverage of blackouts often references “kill switches,” suggesting that ministries have access to a red plunger that turns off the internet. Sometimes, those kill switches are really just fax machines.

When the Myanmar military seized power in a coup d’état in February 2021, it had just four telecomms operators to contend with, one of which, Mytel, it co-owned with another company linked to the Vietnamese Ministry of Defence. Another, MPT, is a public-private partnership and had strong ties to the military establishment even before the coup. The other two were owned by foreign companies. Once it had taken control of the machinery of government, the military junta issued orders — by fax — to the telecomms operators whenever it wanted them to shut off the networks or to block specific websites, such as social media platforms or news websites. 

Within the digital rights community, there are ongoing arguments over whether telecomms operators should comply with shutdown orders. If an order is legal, a company risks losing its license if it fails to comply. If it’s issued illegally, by an authoritarian regime or a military staging a coup, the stakes are higher.

When the Myanmar military wanted the internet turned off in February 2021, soldiers were dispatched to data centers, where they enforced the demand at gunpoint. Sources with knowledge of events at one of the ISPs later confirmed to Rest of World that staff had been physically threatened and equipment had been damaged. Several telecomms companies told Rest of World that while they might raise protests, they don’t really have the power to defy an order given at the barrel of a gun and that they have an obligation to protect their local staff from reprisals.

Access Now’s Solomon said he felt that operators overplay that argument. “I’m not saying it’s not a calculation,” he said. “But … are you willing to sacrifice the rights of [millions of] subscribers on the basis of a potential risk to your staff?”

These calculations are complicated by the fact that most blackouts happen at moments of acute political distress. The majority of internet shutdowns that Access Now has tracked over the past few years have been triggered by political turmoil, elections, and protests. In August 2020, as people took to the streets of Belarus to demonstrate against alleged voter fraud in the re-election of the president, Alexander Lukashenko, the government’s information ministry shut down mobile telecomms. In January 2021, the Ugandan government turned off the internet for more than four days on the eve of presidential elections. That same month, as Indian farmers staged sit-ins and hunger strikes around Delhi, mobile internet services were cut for several days around the capital. 

In Eswatini, the government turned off all internet services in June 2021, as pro-democracy protests spiraled into civic violence. The blackout added to the chaos. “No one knew what was happening. But one thing for sure is that the police were killing people and the military were killing people. And the citizens were retaliating,” Melusi Simelane, who is the chairperson of an LGBTQIA+ NGO, Eswatini Sexual and Gender Minorities, in the country, told Rest of World.

Simelane, who also consults for the Southern African Litigation Centre, a legal activist group based in Johannesburg, is a rare figure in the digital rights space: he challenged an illegal blackout order and won. With support from colleagues in Johannesburg, he sued the government of Eswatini, naming the telecomms companies that had enacted the shutdown as co-respondents. The activists laid an emergency case in front of the High Court, where the judge decided that if freedom of information was a constitutional right, then interfering with the means of communication must be a constitutional issue. She escalated the case to the defacto constitutional court. “When the government realized that actually they were not going to win this thing, they turned back on the internet,” Simelane said. The whole process took less than three days.

The activists ended up dropping the case on the basis that they’d achieved what they set out to do — the internet was back on. The government hasn’t shut down the internet entirely since last June, but it has imposed more targeted blocks on social media in response to fresh protests.

The reason that blackouts persist, and proliferate, is that they work. There are few more effective tactics for crippling an opponent’s ability to organize or disseminate information during moments of political tension.

In Kazakhstan, where the authorities shut down the internet for five days in January 2022, Aina Shormanbayeva, president of the NGO International Legal Initiative, told Rest of World that the blackout had created an “information vacuum,” in which state media said calm had been restored, as gunfire crackled outside her window. 

Months later, activists and investigators are still trying to piece together events. “[The blackout] is an effective tactic to hide the real situation that was on the streets and just wash our hands, our heads, our brains with propaganda through TV and radio,” Dana Zhanay, a medical doctor and director of the Qaharman Human Rights Protection Foundation, told Rest of World.

These events, which have profound local consequences, are also a threat to the internet as a whole, experts said. “The analogy that a lot of people have developed in their heads is sort of like a light switch: you know, you turn the lights off and then you can turn them back on, and it just goes back the way it was. And that’s not actually true about the internet,” Sullivan, from the Internet Society, said. 

The internet runs because of common protocols, common technologies, and global connections. To shut bits of it off means to deliberately engineer vulnerabilities into parts of the network. “It’s designed to be connected,” Sullivan said. “It’s not designed to be shut down. And, so, what you have to do is undermine the network resilience itself, in order to even get the feature where you can turn it off.”

Although blackouts are likely to remain part of governments’ arsenal for the foreseeable future, they are economically and politically damaging — NetBlocks, which tracks internet outages, estimates the cost to the economy of a single day offline to be more than $80 million in Kazakhstan, for example. On top of the direct costs, they create uncertainty that can stop businesses from investing in the digital economy. They cause disaffection among young, connected populations and can drive them to seek opportunities overseas, and they can cause long-term damage to confidence among foreign tourists and investors. Where they can, authoritarian governments want to avoid turning off the internet — which is why many have invested in more targeted ways to impose control more constantly and more consistently.

PART 2

Digital sovereignty

For a short while after Mubarak stepped down, there was a sense of victory among Egypt’s protesters. Tech workers, bloggers, and Facebook page admins became resistance leaders, fêted around the world. Journalists felt they could operate freely, and activists felt the future opening up ahead of them. 

Several years after quitting Al-Masry Al-Youm, Younis launched her own digital publication, Al-Manassa, in 2016.

During the uprising, Younis had struggled to figure out where the line was between covering the movement and participating in it; the simple act of journalism felt revolutionary, and many young journalists were buoyed by the collective spirit — the “usness” that Younis referenced — and the promise of a future out of the shadow of censorship and oppression. Younis wanted Al-Manassa to reflect that. The site combines traditional journalism with a citizen-led, collaborative authoring platform similar to Medium. It publishes op-eds critical of the government and reports on crises and social issues that the mainstream press tend to ignore.

But in June 2017, Egyptian readers began reporting that they couldn’t access the site. The domain almanassa.com had been blocked inside the country.

The Egyptian government has powers to order sites blocked, a practice which had been ramping up since 2010. There was no legal process; Al Manassa had just been added to a secret blacklist. Around the same time, Mada Masr, another independent Egyptian publication, was also blocked. Mada Masr took the government’s telecomm authority to court to challenge the block, but because it wasn’t clear who had ordered it or how it had been executed, the court said it couldn’t proceed with the case, and essentially shelved it for technical review. The Egyptian Ministry of Communications and Information Technology did not respond to a request for comment.

Younis’ team moved Al-Manassa wholesale to another domain, almanassa.net. “And then we published a story that they didn’t like, and they blocked Al-Manassa dot net,” she said. The site’s administrators have ended up in a game of whack-a-mole with their censors — it’s not clear exactly who they are — mirroring the site to a new domain, having it blocked, then moving again. When the cost of moving domains started to mount, Al-Manassa began using subdomains. “Today, we’re using four Ws, and then almanasa dot run,” Younis said. They’ve migrated 13 times. Each time they do so, they lose half their audience and have to rebuild, and while traffic from search engines, which still often index the .com domain, isn’t always impacted, traffic from shared content on social media takes a 50% hit, she said.

After nearly three years of moving from domain to domain, Younis reached out to Qurium, a Swedish organization that helps news outlets and civil society defend themselves against cyber attacks and censorship, to try to understand what was happening.

Qurium’s analysis showed that the blocks were being achieved using a technology called deep packet inspection, or DPI.

Information moves around the internet in packets, which are made up of a payload — the content — and a header, which contains basic routing information: where the information is going from and to. Earlier network monitoring and control tools just looked at the header, but deep packet inspection allows operators and administrators to automatically look into the payload of a packet and route it based on its content.

This has legitimate uses. A network might want, for example, to prioritize video content that needs large bandwidth, imperceptibly slowing the loading of text-and-image pages for everyone but making sure their Netflix never stutters, or to give priority access to users of certain services. Network operators have also deployed it to try to identify and prevent the spread of illegal material, such as child sexual abuse material and pirated content.

But DPI can also be co-opted as a tool for censorship, redirecting traffic away from a specific website or service and into a dead end. This is what was happening in Egypt. Requests sent from users trying to access Al-Manassa were bouncing back too fast, suggesting that there was some device between the user and the website blocking access. The device returned different kinds of errors for different types of requests, giving Qurium’s researchers a digital fingerprint that they could use to identify it as hardware sold by Sandvine, an Ontario-based technology supplier of network management technology. Sandvine didn’t respond to multiple requests for comment.

“It’s worth noting that DPI, in general, is a neutral technology,” Ramy Raoof, an Egyptian privacy and security technologist, told Rest of World. “It’s a police officer in the street, organizing the traffic … but it has the potential to abuse this traffic.” In Egypt, he said, “Sandvine has been used in ways that manipulate the internet.”

Deep packet inspection: a network management tool co-opted for censorship

DPI was designed to help telecomms operators route traffic more efficiently, but it can be used for subtle and targeted control.

1. Information is sent over the internet in packets, made up of a header, with information about the packet’s origin and destination, and the payload, the content of the message.
2. Network equipment usually routes packets using the information in the header. But with DPI, an operator can scan the payload and route it based on its content.
3. Using DPI, a network operator can prioritize some traffic, for example streaming services that need a lot of bandwidth, or filter out illegal content, like the sharing of pirated movies.
4. DPI means operators can identify and manage traffic coming from internet-based messaging services, voice-over-internet-protocol platforms, and censorship circumvention tools like virtual private networks.
5. As the internet becomes more complex, and less based on websites and users with static internet protocol (IP) addresses, censors need more sophisticated tools to maintain control — like DPI.
6. Countries, including China, Iran, Russia, Malaysia, Syria, Egypt, Vietnam, and Belarus have all reportedly deployed the technology.
7. DPI systems costing a few thousand dollars can be used to block virtual private networks and social media services, monitor and intercept communications, and install spyware onto users’ devices.

---

When people think about online censorship, they tend to think about China’s “Great Firewall,” which essentially puts choke points on the internet where it enters and leaves the country, allowing the government total oversight over content. That’s relatively easy in China, because there are only three main internet service providers, and they, and the infrastructure, are effectively state owned. The model has its drawbacks — it’s expensive, because it means processing a vast amount of data at those choke points, and it’s not particularly subtle — but it’s effective.

China’s model, however, is hard to replicate. The government has long been committed to controlling what people see and has been willing to throw enormous resources into censorship and propaganda. These were built into the Chinese internet from the very beginning and have been maintained at great cost ever since.

A more likely blueprint for the shape of information control worldwide is Russia, according to Roya Ensafi, a computer scientist at the University of Michigan who founded and helps to runs the Censored Planet observatory, which uses 95,000 vantage points — ways to observe traffic — to measure blockages and detect major censorship events as they happen worldwide.

The topography of the Russian internet is far more complex than that of China. There are thousands of ISPs, most of which are privately owned, and the Russian government didn’t invest early in the infrastructure for large-scale internet censorship. But DPI tools make it possible for it to have the same effect.

In 2016, Ensafi and her colleagues were alerted to a list on the GitHub repository by a contact in Russia. The list was a backup of a Roskomnadzor blocklist for web addresses. It was being updated on an eight-hour cycle, giving them a live look at how Roskomnadzor was shutting down information on the Russian internet. It started out with a few hundred entries but grew and grew, reaching more than 170,000 domains and 1,681,000 internet protocols (IPs) by 2019, when Censored Planet published a paper on the leak, and the live list was taken down. Many of the entries were gambling and pornography sites, but the list included Russian- and English-language news and politics sites and circumvention tools like VPNs.

The task of blocking these domains was mainly left to the ISPs, who had to block banks of IPs or interfere with the Border Gateway Protocol — the mechanism that’s used to route internet traffic — to shut off access to international sites. “That … was very good at censoring or blocking specific websites. But not everything on the internet is a website,” Vadim Losev, a technical specialist at Roskomsvoboda, a Russian digital rights organization, told Rest of World.

The turning point came in 2018, when the Russian government tried to block the encrypted messaging service Telegram, which had refused to give the security services access to user data. “[Telegram] is not connected to a specific IP address, and it doesn’t have a domain name,” Losev said. “So [the block] didn’t work very well.” 

The government demanded that the ISPs put in place better controls. Many of them acquired cheap DPI tools, which allowed them to do more than just block individual sites.

Then, in 2019, the Russian government increased the pressure, passing a new “digital sovereignty” law, which mandated that ISPs install a deep packet inspection device called the “technical solution for threat countermeasures,” or TSPU, made by the Russian network equipment company RDP and controlled directly by the government. This has created two layers of censorship architecture: one owned and operated by the ISPs themselves, the other by the government.

The investment in censorship technology reflected a general shift by the Putin government toward ever-greater control of the public sphere, according to Nechay, the radio journalist — who also taught a class on censorship at the Higher School of Economics in St. Petersburg. The government still conducted overt attacks on the press and political opponents, but it needed more subtle mechanisms. “[Modern] dictators prefer to look like civilian leaders,” Nechay said. “So for this, [they] need to spend some time creating this kind of machine of censorship.”

The TSPU boxes were activated in March 2021 to throttle Twitter across the country, after the government accused the social media site of allowing the spread of child sexual abuse material, drug content, and images of suicide, and saying that the platform hadn’t complied with takedown requests. The throttling was mostly lifted in May.

Censored Planet’s analysis showed that the DPI boxes filtered for messages heading to and from Twitter-related domains, including twitter.com, t.co and twimg.com, and dropped any packets that exceeded 150 kilobytes per second — allowing traffic to move through at only a snail’s pace, rendering the service all but unusable. The throttling was a potent demonstration of the technical capacity of DPI for mass censorship and how it could be used to more subtly control what people see online. Throttling of individual services and sites is harder to detect than outright blocking and bans and can be used to disguise censorship as a technical error or localized outage. 

The Russian DPI architecture has been used on several other occasions for short-term or targeted blocks, including to restrict access to VPNs around elections in autumn 2021 and to the Tor private browser. Because it inspects the content of a package, rather than just its routing information, DPI can often identify traffic coming via VPNs and filter it out, rendering such circumvention tools ineffective.

Most recently, in March 2022, the TSPU boxes were activated to block Twitter, Facebook, and Instagram in Russia and to try to block circumvention tools. The scale and speed of the blocking, combined with the propaganda machine that ramped up to fill the void left, has been a demonstration of the commitment of the Putin government to shutting down the information landscape in Russia. 

Packet

A network packet is a unit of data: the basic component of the internet.

Packets consist of two elements: the payload, or content of the message, and control information, which is often in the packet’s header, and says where the message came from and where it’s being routed to.

Internet Protocol

The internet protocol is the set of rules that governs how packets move around the internet.

Internet protocol (IP) defines how data is sent and received across the internet. Each device is assigned a unique IP address, and data moves between devices and networks using a unified set of rules.

Internet Exchange Point

An internet exchange point is a physical location where networks connect together.

The internet is a network of networks. Internet exchange points are where those networks physically meet. Switches route data between different internet service providers or private networks, connecting the global internet.

Internet Service Provider

Internet service providers are companies that give individuals and businesses access to the internet.

Accessing the internet requires a lot of hardware like switches, routers, and cables. Internet service providers bundle this hardware into a service — internet access — which they sell to users.

Virtual Private Network

Virtual private networks (VPNs) allow a user to disguise their location on the internet.

A VPN redirects internet traffic through a remote server. That server becomes the “source” of all of a user’s data, meaning that their real IP address is hidden, and their internet service provider cannot track their activities online.

End-to-End Encryption

End-to-end encryption is a method of sending data which stops a third party from intercepting it.

Secure messaging services use end-to-end encryption. A message is encrypted — turned into a code — by the sender’s device, and decoded at the recipient’s. Even the operator of the network over which the message is sent cannot decipher its content.

TOR

The Onion Router (TOR) is open-source software that allows anonymous use of the internet.

The TOR network is a volunteer project that helps users stay anonymous online, by sending their traffic through a global network of thousands of relays.

Psiphon

Psiphon is an open-source tool designed to help internet users circumvent censorship.

Originally developed by The Citizen Lab in Canada, Psiphon is a free tool that connects users to the internet in countries facing censorship via proxies in countries with more open access to information.

“For the past five years, the Russian government has been pursuing their model, this so-called cyber sovereignty, trying to erect digital borders over the internet so that the state can control what is or isn’t online,” Allie Funk, senior research analyst for technology and democracy at Freedom House said. “And to watch how that has all come to fruition … has been something really astonishing to bear witness to.”

The success of Russia’s approach shows how it is now possible to impose control over a complex, robust network without spending huge amounts of money. The model is increasingly easy to replicate, due to the number of companies selling DPI technology. It has become cheap and accessible, with devices costing as little as $6,000 each from commercial suppliers like Sandvine and Allot, an Israel-based company that offers DPI technology.

Citizen Lab alleges that in Egypt, Sandvine’s PacketLogic DPI devices were used to redirect users away from political news sites and toward affiliate advertising or crypto mining. Citizen Lab said that in Turkey and Syria, it was deployed to send users to malicious sites, exposing them to spyware, and showing how the technology can straddle the divide between censorship and surveillance. In September 2021, Sandvine was used to throttle access to the internet in Belarus during street protests — the company eventually canceled its contract there, following public outcry.

In January 2022, Bloomberg reported that the company for a time had deals in Algeria, Djibouti, Eritrea, Iraq, Kenya, Kuwait, Pakistan, the Philippines, Qatar, Singapore, the United Arab Emirates, and Uzbekistan. The newswire also reported that former employees felt the company had essentially abandoned a policy of not selling its technology into situations where it could be used to violate human rights in 2017, after its acquisition by Francisco Partners Management, a private equity firm whose investments at one point included a majority stake in NSO Group, the Israeli company behind the highly controversial Pegasus spyware. Francisco Partners didn’t respond to a request for comment.

Meanwhile, Allot has been accused of enabling censorship in Azerbaijan. Its technology was allegedly used in Kazakhstan to throttle Telegram and other social media and communications platforms, ahead of the main blackout on January 5, 2021. Allot did not respond to requests for comment. 

Experts in the regulation and export of technology told Rest of World that the unchecked proliferation of censorship technology, like that offered by Sandvine and Allott, has seriously undermined the stability and openness of the global internet.

“I think we’re in a significantly worse position today than we were back [in 2011]. Governments, with their corporate co-conspirators, have invested in the infrastructure of control,” Access Now’s Solomon said. “We’re trying as hard as we can to keep the internet open and keep the channels of communication secure … but we’re up against very significant forces.”

EPILOGUE

We’re still here

Al-Manassa occupies half a dozen rooms and a pair of balconies on the second floor of an apartment building on a quiet backstreet in the southern Cairo suburb of Maadi, surrounded by fruit trees and spindly palms. Younis chose the location, 10 kilometers from Tahrir Square and the frantic traffic of downtown Cairo, for its tranquility.

Younis is currently out on bail, after being arrested and briefly jailed in 2020 for allegedly using pirated software, which she denies. If the charge ever goes to court, she faces a fine of 300,000 Egyptian pounds ($19,100) or up to two years in prison. 

The oppression she faces isn’t just digital. Younis feels a broader tightening of control by the Egyptian government. She has seen friends and colleagues jailed or forced to flee the country. The authorities demand the publication gets more and more licenses to operate — right now, Al-Manassa doesn’t have licenses to use its own computers. Its journalists are unable to get certified by the national media syndicate, so they risk arrest if they report in the field. The government sets red lines around subjects that media can’t report on freely, including the Covid-19 outbreak or the conflict in Sinai. It’s like being a rat in a maze, she said. But what’s really strangling Al-Manassa is the block on its website. 

Younis said she has little hope of getting the government to loosen its grip, but at the very least, she wants to hold the companies that supply it accountable. She has reached out to Sandvine repeatedly, without response. She is now trying to figure out if there’s a way to sue the company in Canada or the U.S. She compared the sale of censorship technology to that of arms. “You can’t sell … weapons to countries if they are using it against civilians, right? Why is this not not happening in technology?” she said. 

Most of her generation of blogs and independent media are scattered or shut down. She counts just three publications still standing. In her words, “The censors won.” Al-Manassa limps on. “Our minimum is to survive. What I tell myself is that at least we survive, we document. So one day when something changes, and anybody wants to look back, what happened in Egypt in those years, people don’t [think] that it was completely black, that there was something happening.” 

This is often what’s holding the free internet together: Individuals, NGOs scraping together their funding, embattled independent media clinging on. It is, Younis said, what keeps her going. “We’re still here.”