Частичные и полные блокировки сервисов Twitter, Tik-Tok, ВКонтакте, Skype в Узбекистане

throwaway · 2021-07-04T16:33:39.885Z

Для тех, кто возможно попытается обойти блокировки при помощи GoodByeDPI - в данный момент это не помогает ни в одном из режимов.

I’m surprised that GoodbyeDPI doesn’t work, since it’s supposed to help with SNI-based blocking. It would be nice to collect evidence on whether GoodByeDPI works. Perhaps you need to combine it with a third party DNS resolver to make it work.

GoodbyeDPI with -4 mode and --set-ttl setting somewhat works for Twitter and VK.
By default Twitter is slow/very slow and images won’t load at all (if page loads in the end), VK is very slow, page starts to load after several minutes (with images).
With GoodbyeDPI and --set-ttl VK is fast as before, Twitter is a little slow, but everything loads.
Without --set-ttl it doesn’t helps even with -1 mode.

TheRambotnik · 2021-07-04T17:22:05.671Z

At first day GoodbyeDPI wasn’t works. Seems like something was changed in blocking settings from Uzbektelecom’s side, because now measures to t.co and other Twitter’s subdomains show not the same info.
About ttl - from the evening of yesterday it works with ttl = 7 and ttl = 8.

critical_error · 2021-07-06T18:19:47.997Z

This time it is a massive middlebox-induced packet lost being triggered by a ‘bad’ Server Name extension of the Client Hello message. I managed to find a node in Twitter’s web server farm that supports both TLS 1.0 SNI-less connections, and TLS 1.3 ones. The difference is amazing. When downloading the same image a TLS 1.0 SNI-less connection lasts for 0.5-0.6 seconds, while a TLS 1.3 one continues for 200-300 seconds! (FINing the later takes the most of the time.) I can confirm that packets are being lost in both directions.

tango · 2021-07-30T01:19:50.916Z

fortuna:

The HTTP injection seems to be real. Even though those Twitter domains normally return a 404 without a path, they don’t return any content. The HTML you got is likely a block page, and can be used as a fingerprint to detect other blocked websites.

Actually, the “404 - Not Found” XHTML reported in post 4 may not be an injected block page—I get the same for abs.twimg.com (but I get no content for pbs.twimg.com and video.twimg.com).

curl output for {abs,pbs,video}.twimg.com

$ curl http://abs.twimg.com/ -D -
HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Fri, 30 Jul 2021 01:06:37 GMT
Server: ECAcc (dna/62BC)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
        <head>
                <title>404 - Not Found</title>
        </head>
        <body>
                <h1>404 - Not Found</h1>
        </body>
</html>

$ curl http://pbs.twimg.com/ -D -
HTTP/1.1 400 Bad Request
Accept-Ranges: bytes
Age: 52
cache-control: no-cache, no-store, max-age=0
Date: Fri, 30 Jul 2021 01:06:40 GMT
Last-Modified: Fri, 30 Jul 2021 01:05:48 GMT
Server: ECS (dna/63AA)
strict-transport-security: max-age=631138519
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
X-Cache: MISS
x-connection-hash: edf3e6110f73a1c7d9af9ff94e0d40cf3da324da449abf11c06e154d12b1e495
X-Content-Type-Options: nosniff
x-tw-cdn: VZ
x-tw-cdn: VZ
Content-Length: 0

$ curl http://video.twimg.com/ -D -
HTTP/1.1 400 Bad Request
cache-control: no-cache, no-store, max-age=0
date: Fri, 30 Jul 2021 01:06:52 UTC
server: tsa_a
x-connection-hash: 438e11344cdde2769e30d2bc13be8d41a8dace4f96233ee63324b4ae5365afe4
X-Content-Type-Options: nosniff
x-tw-cdn: VZ
x-tw-cdn: VZ
Content-Length: 0

With this, it’s not clear to me whether plain HTTP blocking is happening for the newly domains. (It’s clear that they are blocked by TLS SNI, and for the historically blocked domains found in post 11 it’s clear that both HTTP and HTTPS get the Object not found\r\n\r\n injection.) vk.com and twitter.com had the expected HTTP response, skype.com had a timeout, and *.twimg.com had a 404 that is possibly not anomalous. With the ISP’s own DNS, skype.com also had the expected HTTP response.

post	domain	DNS	HTTP analysis
post 3	vk.com	Verisign	OK - Got expected response
post 3	twitter.com	Verisign	OK - Got expected response
post 3	skype.com	Verisign	LIKELY_INTERFERENCE - Unexpected time out
post 4	abs.twimg.com	Verisign	XHTML 404 - Not Found (possibly expected)
post 4	pbs.twimg.com	Verisign	XHTML 404 - Not Found (possibly expected)
post 4	video.twimg.com	Verisign	XHTML 404 - Not Found (possibly expected)
post 8	skype.com	ISP	OK - Got expected response
post 8	skype.com	Verisign	LIKELY_INTERFERENCE - Unexpected time out

ValdikSS · 2021-07-30T07:37:30.253Z

Блокировки всё ещё сохраняются, или это было временное явление?

TheRambotnik · 2021-07-30T08:02:30.671Z

Блокировки skype и части voip, протоколов openvpn и замедление работы сервисов, вроде twitter и tiktok - всё ещё в силе. Недавно к этому списку добавилась блокировка wechat, но он здесь не особо популярен.

ValdikSS · 2021-11-03T16:22:58.554Z

Газета.uz – 3 Nov 21

«Узкомназорат» ограничил доступ к Telegram, Facebook, Instagram и другим...

В реестр нарушителей законодательства о персональных данных в Узбекистане, помимо TikTok, Twitter, «ВКонтакте» и Skype, включены Telegram, Facebook, «Одноклассники», YouTube и другие. Работа этих социальных сетей ограничена.

ValdikSS · 2021-11-03T16:29:44.146Z

Government registry for personal databases
Interesting that after vk, the list items are empty, and closer to the end the items are there again. Looks like these items were for Facebook, Instagram etc, and got delisted.

TheRambotnik · 2021-11-03T17:23:17.015Z

20-минутная война закончилась тем, что нашли “главного виновника” блокировок и оперативно всё разблокировали. Из того, что успел зафиксировать находясь в дороге:
1- Блокировки носили частичный характер. Ресурсы не были полностью недоступны, просто был невероятно большой отклик, напоминающий ситуацию с “замедлением” Twitter на территории РФ;
2- Замедление проводилось не на уровне DNS-серверов. Решения, предотвращающие DNS Leakage, никак не влияли на отклик ресурсов;
3- Блокировались не хосты, а целые подсети, из-за чего, список ресурсов, подверженных “замедлению” не ограничивается только перечисленными в статье ресурсами;
4- Многие популярные VPN-сервисы и используемые ими протоколы/методы аутентификации, также, были заблокированы или работали с огромным откликом.

TheRambotnik · 2021-11-03T18:00:47.046Z

В продолжении темы - немного замеров в сторону всё ещё мёртвого YouTube:

bash measure.sh www.youtube.com
time: Wed Nov  3 17:58:14 UTC 2021
domain: www.youtube.com
client_country: UZ
client_as: AS8193 Uzbektelekom Joint Stock Company

DNS_INJECTION
  root_nameserver: a.root-servers.net.
  query_error: Could not get response
  analysis: INTERFERENCE - Could not get response
HTTP
  analysis: LIKELY_INTERFERENCE - Unexpected time out when Host is www.youtube.com (curl: (28) Operation timed out after 5001 milliseconds with 0 bytes received)
SNI
  analysis: INCONCLUSIVE - Failed to get TLS ServerHello (curl: (28) Operation timed out after 5001 milliseconds with 0 out of 0 bytes received)

tango · 2021-11-09T18:05:07.085Z

“Uzkomnozorat” restricted access to Telegram, Facebook, Instagram and other social networks

In addition to TikTok, Twitter, VKontakte and Skype, Telegram, Facebook, Odnoklassniki, YouTube and others are included in the register of violators of legislation on personal data in Uzbekistan. The work of these social networks is limited.

Added: The head of Uzkomnazorat was dismissed, access to social networks was restored.

tango · 2021-11-09T18:24:17.364Z

I think this link is supposed to be Shaxsga doir ma’lumotlar bazalarining davlat reyestri | pd.gov.uz.

I don’t see what you mean about the list items being empty. The listing looks uniform to me: WeChat, VKontakte, Skype, TikTok, Twitter. (Archive) Is it something in the structure of the HTML?

ValdikSS · 2021-11-10T19:27:06.182Z

It had blank forms at the time when I wrote that post, now everything seems fixed.