Deep Packet Inspection and How It Blocks VPN Services
In recent times, the face of the online world has changed to become much more social than before. This has resulted in massive waves of sentiments flowing out uncontrollably and affecting sentiments of people all over the world at a rapid rate. Responding to this, Governments across the world have stepped up their online censorship and surveillance mechanisms. As of today, there are at least twenty world governments who censor their Internet traffic. Censorship of media has existed since time immemorial but to make things worse, quite a few of these governments take this effort a step further by deploying DPI (Deep Packet Inspection) which is more invasive.
What is Deep Packet Inspection?
A packet is any chunk of data sent over the Internet from your computer to the server of a website. When you browse over an insecure open network or even connect to your ISP, your ISP can capture and read these packets. To bypass this privacy and security pitfall, you can use VPN services. VPN creates a secure and encrypted tunnel between our computer and a VPN server, making it difficult to capture our Internet traffic. However, using VPNs does not always guarantee privacy. DPI (Deep Packet Inspection) technology can beat VPN encryption and can sniff and identify a lot of information from VPN packets.
How Deep Packet Inspection Works
DPI works in two parts:
- Reads Internet packet metadata (packet headers) to identify usage patterns like torrent connections, video streams and VPN connections.
- Reads Internet packet content (packet body) to determine the actual data being transmitted.
DPI is capable of going deep into network packets to look for data and identifiable patterns. This is done by mass examination of incoming and outgoing traffic at your ISP's firewall, where DPI operates as an added security measure. If you want a technical overview of the inner implementations of DPI, here is a discussion from Symantec blog on the usage of DPI techniques in firewalls.
What Are the Uses of Deep Packet Inspection?
Before we go on to mention how Governments around the world use DPI wickedly, it is worth mentioning that DPI has legitimate uses too. DPI is ideally intended for use in network traffic management. But the truth is, we do not live in an ideal world.
Which Countries Use Deep Packet Inspection?
This is a list of countries where the Government uses Deep Packet Inspection to analyze Internet traffic for surveillance and censorship of their citizen, and not always in the public interest.
How it uses Deep Packet Inspection
Intelligently sorts internet traffic from AT&T Inc. for surveillance
Censors its Internet and VPN usage for broadly classified sensitive content
Censors a broad category of content and blocks VPN, causes an overall slow Internet in Iran
Blocks content based on a centrally maintained IP blacklist
Blocks access to pornography, information on drugs and pirated content
Blocks access to politically sensitive content and occasionally block Internet entirely
Blocked access to social networking websites before the 2013 elections
Blocks TOR network and VPN after a nationwide emergency situation in 2016
Blocks social media and YouTube, also blocks Tor network and VPN connections
Blocks Tor network and VPN connections following political unrest in 2012
The Great Firewall Of China (GFW) has been trained to detect TLS handshakes to servers that have a high level of encrypted traffic flowing through them. These servers are identified as VPN servers and the GFW makes various attempts to block VPN connections by blocking TLS handshakes to these VPN servers. You cannot use a VPN service without this handshake. This same technique is also used by the GFW to block HTTPS traffic to certain websites.
Many, if not all of these countries have constitutions that protect their citizen against this kind of blanket surveillance. Some of these countries even have laws (like FISA) that explicitly mention the terms under which the Government can monitor their citizen and it requires a court warrant in most cases. Needless to say, many of these countries violate their own laws when performing a Deep Packet Inspection.
So, is Privacy a Lost Battle?
No, the battle for Privacy is not lost as long as we have better technology available to common people. Now you know what Deep Packet Inspection is and whether you are susceptible to being targeted by it. Next, it is time to find solutions against DPI, and there are a few. We will talk about ways to get around Deep Packet Inspection and VPN blocking in a different article.