I’ve made some experiments on mobile Turkcell, here’s what I found:
- Connections are being slowed down, not blocked completely
- Slow down happens by SNI — so using “allowed” SNI and connecting to Facebook balancers works fine
- When connecting without SNI, connection is only slowed down if there were connections to that IP with slowed down SNIs, for example:
# 1.1.1.1 is not associated with Facebook, so it’s not slowed down yet
# time curl -qs https://1.1.1.1 >/dev/null
real 0m 0.91s
# now connect to 1.1.1.1 with a slowed down SNI
# time curl -qs https://facebook.com --resolve facebook.com:443:1.1.1.1 >/dev/null
Command exited with non-zero status 60
real 0m 7.75s
# try connecting to 1.1.1.1 without SNI again, and now it’s slowed down
# time curl -qs https://1.1.1.1 >/dev/null
Command exited with non-zero status 92
real 0m 17.77s
After reconnecting to network, this association is reset (so 1.1.1.1 is not slowed down after toggling airplane mode on and off).
I don’t know if it’s because I go to a different instance of filters, or they’re simply always start from clean state.
EDIT: most likely it always starts with a clean state, since same happens for facebook.com’s IP:
# time curl -k https://157.240.238.35
real 0m 0.87s
# time curl https://facebook.com
real 0m 11.05s
# time curl -k https://157.240.238.35
curl: (92) HTTP/2 stream 1 was not closed cleanly before end of the underlying stream
Command exited with non-zero status 92
real 1m 1.32s
- it’s a different mechanism from one used for blocked websites — when doing the same as in step 3 with pornhub.com, 1.1.1.1 doesn’t become blocked or slowed down
- HTTP seems to work fine, and only HTTPS seems to be slowed down — but I’m not sure since I don’t know how to test this one properly