Internet Performance Delivered right to your inbox

Internet Governance: Censorship Issues With China, Egypt, Iran & CleenFeed

In recent years, we’ve seen a massive rise of censorship and national limitations placed across the Internet. The reasons for doing so differ widely across the world – sometimes economic, sometimes technical, and sometimes purely political.

Even in the free world, we’ve faced the potential for Internet censorship caused by US copyright infringement legislation known as SOPA and PIPA, but that’s certainly not the only manifestation of this subject.

With this post, I’ll look at four specific regions where we see heavy Internet governance and discuss some of the complexities around them.

The catalyst for this post came from Dyn Marketing Manager Josh Nason as he returned from the Mesh Conference in Toronto, Canada. He had heard Rebecca MacKinnon speaking about her newest book, “Consent of the Networked.” Rebecca gave a great talk at TEDGlobal in Edinburgh, titled “Let’s Take The Internet Back.” Her talk gives a good introduction to the nature of filtering employed around the world and why these mechanisms work the way they do.

She makes an interesting point about the effectiveness of these systems, essentially citing that the systems that work effectively do so because they’ve been in existence for so long and have matured with the network. But also, for those long-standing systems of censorship, those who are being denied information have been deprived for so long that they neither know or care about what they’re missing. It’s a digital adaptation of Plato’s Allegory of the Cave.

firewall-antivirus1I wanted to highlight some well-known Internet censorship systems used on a national basis today: the Great Firewall of China, The Iranian Firewall, Cleanfeed and the Egyptian Internet Outage.


The world largest Internet censorship platform, the Great Firewall of China, has roots back to 1998 when the Internet arrived in China. Due to the sheer scale and size of the Internet there and a lack of modern Deep Packet Inspection (DPI) technology, the Chinese developed a complex system of techniques designed to keep certain websites offline.

These techniques include IP filtering, DNS injection and redirection, URL filtering, packet filtering and connection termination.

These techniques are primarily deployed at Chinese “international gateways” – sites responsible for connecting domestic Chinese networks to the international Internet at large. Researchers have spent countless hours examining the filtering regimes of the Chinese firewall, as documented here, here and here. Examples of the IP filtering, DNS redirection, and TCP reset/throttling techniques employed are well documented, but hardly well understood universally.


The Iranian elections of 2009 brought light to the existence of the Iranian firewall when researchers at Arbor Networks took a deep look at the nature of that country’s Internet censorship techniques. This report cited extensive use of proxy and DPI equipment deployed in Iran’s national telecommunications provider, the Data Communications Company of Iran, known as DCI.

As seen from the report, the country of Iran was only typically pushing 5 Gbps of traffic to the Internet and had a reported capacity of 12 Gbps. Using modern technology, this is a trivial amount of traffic to filter and can be done so using DPI equipment monitoring at the flow level. This amount of small-scale traffic hardly requires the complexity of something like the Chinese Great Firewall.

And even with all of this technology, reports that well-known technologies, such as The Onion Router (TOR), easily bypass Iran’s Internet filtering.


In researching this post, I learned about a content blocking system currently employed in both the United Kingdom and Canada, and is potentially going to be implemented in Australia. Known as CleanFeed, this system is a list of URLs known to contain child sexual abuse content in the UK and child pornography sites in Canada. The technical implementation policy routes subject IP addresses to transparent proxy servers, which then perform page level inspection of the content, stripping offending pages from the Internet.


Last on my list, the Egyptian Internet outage of January 2011 cites a different tactic: turn the Internet off. Underground commentary worldwide suspected that the outage was caused by power being cut to a pair of Juniper MX960 routers contained at the core of Egypt’s government facilities, but extensive analysis performed by the experts at Renesys showed otherwise. In this case, it seems government ordered withdrawals of BGP routed prefixes to Egypt caused the outage for the country.

The fear with all of these systems, which ties back to the introductory points of this post and Rebecca’s points, is that the development of these technologies, whether to filter pornography, to censor content, or to control access to social media, quickly delve into a slippery slope of usage. It’s why SOPA and PIPA are so controversial in the United States – the technology developed could permit the censorship of ANY website on the Internet, regardless of reason.

Furthermore, the technical holes in the resiliency and reliability of the Internet – a lack of ability to deploy Domain Name System Security Extensions (DNSSEC) or a hacking attempt on the feed services themselves can have ripple effects in years to come.

The Internet is unique because of its capability to transgress geographic and political boundaries, and its ability to enable world commerce. The dependence of human social interaction has become a core foundation of the Internet and has driven its growth substantially. It’s why people who sit behind the walls of a censored Internet work so hard to connect via virtual private networks (VPNs), tunneling services such as Tor, and through unblocked social media networks. And the Internet’s sheer complexity instigates the use of highly complex, and often failure prone filtering systems.

It’s why I think an open Internet is the best Internet.

As a network of loosely coupled networks, each with their own policies for routing, filtering, and censorship, it’s important to note that all of these components are simply prone to additional failure. They can be the cause of regional and national outages and provide mechanisms for unintended filtering to occur for non-related reasons (think copyright protection enforcement on a system designed to filter pornography). It’s why we, as technologists, shouldn’t be afraid to raise our voices to Internet governance when we hear of potential technologies being developed that can be used for unintended reasons.

A popular Googler, Wael Ghonim, involved in the Egyptian revolution, said it best, stating, “If you want to liberate a country, give them the Internet.”

Share Now

Whois: Tom Daly

Tom Daly is a co-founder of Dyn, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.

To current Dyn Customers and visitors considering our Dynamic DNS product: Oracle acquired Dyn and its subsidiaries in November 2016. After June 29th, 2020, visitors to will be redirected here where you can still access your current Dyn service and purchase or start a trial of Dynamic DNS. Support for your service will continue to be available at its current site here. Sincerely, Oracle Dyn