A detailed analysis of Internet censorship and circumvention in Turkmenistan
As Internet connectivity becomes essential for the transactions of day-to-day life, complete Internet shutdowns become more and more costly for repressive states (censors), both monetarily and in terms of public perception. However, piecing together the censorship landscape is particularly challenging in less-studied regions with low digital literacy and Internet penetration, such as Turkmenistan. To date, it has been difficult to recruit volunteers for testing inside the country. It is also dangerous, since the traffic that would be generated by probing tools used to test whether or not specific sites are censored are more likely to stand out to the censor. In fact, it has been reported that Turkmen internet users of high-speed Internet, who have been found to be using an “excessive amount” of data (more than 3GB) have been interrogated, had their devices seized and searched, and have been threatened with imprisonment.
Additionally, Internet censorship in Turkmenistan doesn’t appear to follow any obvious pattern. In contrast, Russia, China and Iran have all been known to increase censorship efforts in response to particular events, uprisings, or politically relevant dates. Other countries may be more focused on censoring particular content, such as LGBTIQ sites in countries where the rights of LGBTIQ people are repressed. Countries with a lower dependence on the Internet, have been known to completely shut down the Internet for brief periods during elections or other events. However, none of these scenarios seem to fully explain the censorship Turkmenistan is currently experiencing.
What do we know about Turkmenistan’s censorship of the Internet?
Internet censorship can be difficult to verify, measure, and understand. This has proven to be the case for Turkmenistan. However, based on some investigative reports and volunteer contributions, it is possible to piece together information about the ongoing censorship in Turkmenistan. Some major contributors to this effort are the Open Observatory of Network Interference (OONI), The Tor Project, Cloudflare radar, the net4people BBS, ntc.party forum, and the Centre for Applied Internet Data Analysis’ Internet Outage Detection and Analysis (IODA).
Tor is an overlay network that primarily offers anonymity online by directing encrypted Internet traffic through a series of volunteer Tor relays. Tor also works to provide censorship resistant connections to users all over the world and is often subject to blocking by censors. Tor uses privacy preserving measurements to monitor connections to their network. Starting in July 2021, The Tor Project noticed a significant drop in Tor relay users in Turkmenistan.
Source: The Tor Project
The addresses of Tor’s entry relays are publicly listed, so it is not especially difficult for censors to block access to the network. That being said, it does not seem that Turkmenistan is blocking Tor relays through this public list, but rather by IP range. This means that while the entire Tor network is not blocked, enough of it is blocked that it is difficult (or impossible) for users to find the Tor relays that the censor has missed.
Tor metrics show a noticeable drop in usage as well in early 2022. Interestingly, all of the metrics from Tor measurements in Turkmenistan report a huge spike in users for a brief window around September of 2022 that followed another drop in usage that has only just started to recover.
Source: The Tor Project
OONI confirmed similar disruptions to the Internet in Turkmenistan before all of the volunteer-run OONI probes and vantage points within the region stopped reporting entirely.
The net4people BBS, a forum created by censorship circumvention researchers and activists also began looking into the censorship activity in Turkmenistan. They found strict filtering rules for popular websites and many additional websites that contain parts of the same domain. Interestingly, the rules used to filter connections occasionally differed across each of HTTP, HTTPS and DNS protocols. This was further verified through research by Nourin et al. that were able to confirm 122 thousand blocked domains out of 15.5 million that they tested with a probing tool they developed. The researchers attempted to reverse engineer the actual blocklists used to censor the Internet in Turkmenistan from these blocked domains. They were able to identify 6 thousand rules that would block far more than just the (likely) intended domain due to imprecise matching rules. The researchers suggest that such imprecise rules could result in the unintentional blocking of more than 5.4 million domains as collateral damage.
Source: August 25 2022, VPN Community Gathering
Another major censorship event occurred in April 2022, where Turkmen citizens saw a near complete shutdown of the Internet reported on Cloudflare radar and explained in detail in turkmen.news.
It is difficult to provide a full explanation for these large-scale censorship events in Turkmenistan since they don’t seem to follow a clear pattern or correspond with specific dates. However, if the scale and type of Internet censorship seen in Turkmenistan depends on contracts from international companies, the changing of companies/equipment could be involved with the patterns of censorship seen. This is discussed in further detail below.
What censorship circumvention tools are used in Turkmenistan?
Tor has a number of censorship resistant tools that can be deployed to help users who are unable to connect to the Tor network due to censorship. One of these tools is Tor bridges. Bridges are private, unlisted relays that help users connect to Tor. To successfully block all bridge connections, a censor would need to learn every possible bridge IP address, test whether or not it is actually a bridge, and then block it. Bridges can be made even more censorship resistant with pluggable transports like obfs4 which are designed to resist filtering rules that a censor might use to block Internet connections. Bridges can still raise the suspicions of a censor if there is a sudden spike in requests to a particular IP address, and if the traffic to and from that address has greater bandwidth and response times than the censorship infrastructure would typically allow. However the most difficult problem to overcome is distributing secret bridges to censored users within Turkmenistan. In extreme censorship situations like Turkmenistan is experiencing, it is often necessary to create a direct line of communication between users and bridge operators who can facilitate the information exchange, which does not easily scale. Despite these challenges, obfs4 bridges have been a more stable way for users in Turkmenistan to stay connected to the Internet.
Another censorship circumvention technique called domain-fronting, involves using highly available domains (e.g., azureedge.net, google.com) as a “front” to a proxy or service that can access the wider Internet. Domain-fronting is an effective circumvention technique because it forces a censor to choose between blocking the highly available site, strategically chosen to incur a significant economic impact, and enforcing censorship. Meek is Tor’s name for their domain fronting protocol. Currently in Turkmenistan, Meek, through Microsoft Azure cloud, is working to keep people connected to the Internet. However, beginning in 2018 many cloud providers that allowed domain fronting through their services began curtailing use of this technique due to stated concerns that domain fronting was providing cover for malware operators. There is also speculation that China and Russia may have been involved with pressuring these corporations by threatening to completely shut down access to their services. Microsoft has continued to be one of the only large cloud providers to still allow domain fronting but in 2021 announced that they also plan to disable it on Azure. Nevertheless, domain fronting with Azure is effective in Turkmenistan, likely because the government relies on Microsoft services, like Teams, Outlook, and/or Skype, for communication and are hesitant to block IP addresses issued to Microsoft. Aside from Azure, it has been challenging to find a domain that a censor would hesitate to block in Turkmenistan. It seems that the collateral damage wrought by blocking a highly available site may not be as damaging to the Turkmen censor as allowing a relatively simple, accessible, and cheap method of censorship circumvention.
Another tool, snowflake, is typically very censorship resistant as it involves the automatic establishment of a peer-to-peer connection between the censored user and a remote peer who is running a snowflake server through their browser. This is a powerful tool for censorship resistance as it both automates the pairing between censored users and uncensored snowflakes, and expands the pool of IP addresses that a censored user can connect to. Unfortunately, all of the servers needed to negotiate the peer to peer connection (Session Traversal Utilities for NAT servers) were blocked in Turkmenistan through the blocking of port 3478 around November of 2021. While some success was found on the AGTS network by specifying STUN servers that used unconventional ports like the typical HTTPS port, 443, and a domain fronted address to make the initial connection, it is difficult to find a combination of connections that works to bootstrap the snowflake connection.
Who is responsible for censorship of the Internet in Turkmenistan?
Though Internet shutdowns to the degree we are now seeing in Turkmenistan are new, Turkmenistan’s telecommunications industry has a long history of surveillance and abuse. A 2013 report from Access Now details the evolution of surveillance systems in Central Asia, starting with the Soviet KGB developed Russian System for Operative-Investigative Activities (SORM), a technical framework for electronic surveillance that was copied throughout Central Asia in the 1980s. Since the breakup of the Soviet Union, there has been a continued desire by Central Asian leadership for surveillance of their populations, but an apparent gap in the expertise required to carry it out in-country. This has opened the door for partnerships with international corporations who are willing to trade surveillance equipment and expertise with Central Asian countries. A Wikileaks cable from 2009 shows the German company, Siemens provided surveillance equipment, among other things, to the Turkmen government. Another Wikileaks release from 2013 includes an installation and commissioning document from Munich based Finfisher’s FinFly ISP project, prepared for Turkmenistan, that fits with a report from Citizen Lab that identified a server inside Turkmenistan’s ministry of communications.
In 2018, Human Rights Watch urged another major German technology firm, Rohde and Schwarz, to disclose any agreements made with the Turkmen government after a senior vice president of the company had met with the former President Gurbanguly Berdimuhamedov. The firm, who have an office in Ashgabat, have stated that in principle they do not disclose information on possible business and customers in security-relevant areas. Interestingly, in November 2020 the EU passed Dual Use legislation for restricting sales of cyber-surveillance goods to repressive regimes which reportedly had been blocked by Germany prior to that time.
Most recently, Confidential documents obtained by Turkmen.news detail a contract made in 2021 between NTT Data Romania S.A. and Turkmenistan’s president for the purchase of €29.4 Million worth of cyber security equipment, installation, and training for Turkmen specialists. The report by Turkmen.news could not confirm whether the services detailed in the contract were delivered but noted that in April 2022, the Extraordinary Commission to Combat Infectious Diseases had allowed the arrival of technical specialists from Israel, Belarus and Serbia, where NTT Data Romania S.A. has an office, in order to set up special equipment for the Ministry of National Security. These contracts roughly correspond to some of the censorship activity mentioned above.
Overall, it is difficult to name any specific government agency in charge of censoring and controlling the Internet in Turkmenistan. However, the Ministry of Communications, the Ministry of Defence and the Ministry of National Security (successor of Soviet KGB) are mentioned by international sources as ones engaged in censorship activities.
Calls to Action:
Turkmenistan’s censorship and surveillance reached new highs in 2021 and 2022 with a widespread Internet shutdown that has seen blocking of much of the Internet. The contributions of volunteers and researchers have been essential for understanding the extent of the Internet shutdowns in Turkmenistan and finding solutions to keep Turkmen citizens connected to the Internet. At the moment, Tor’s obfs4 bridges have been the most successful circumvention tool to connect to the Tor network which provides users in Turkmenistan access to the free and open Internet. However, the Internet has become an essential resource for all aspects of society to develop and thrive. The citizens of Turkmenistan should not be expected to rely solely on niche circumvention tools for basic connectivity to the wider Internet.
Despite the recent EU legislation that aims to restrict the sale of surveillance tools and services to repressive regimes, it is likely that such services continue to be offered to Turkmenistan. The international community must stand together in recognizing the harms caused by Internet censorship and loudly and effectively condemn these repressive practices in Turkmenistan.
For volunteers and researchers:
- Run an obfs4 Tor bridge to help Turkmen citizens connect to the open Internet.
- Conduct further research on the mechanisms used to censor the Internet and on user-friendly, accessible circumvention techniques. In particular, on difficult to block signalling channels that can be used to distribute circumvention resources and pluggable transports.
- Identify international bodies such as the WTO, WHO, UNICEF, World Bank, IMF, International embassies whose websites are blocked within Turkmenistan despite agreements and partnerships with the Turkmen government.
For the international community, activists and policy makers:
- Call on NTT Data Romania to provide transparency about their agreements with the Turkmen government and in particular, any expertise or equipment they have provided that may be used to help censor the Internet in Turkmenistan and may be in violation of Dual Use regulations.
- Call on Rohde & Schwarz to investigate claims that their services are being used by Turkmenistan’s Ministry of Defence and the Ministry of Communications of Turkmenistan to censor the Internet.
- Call on the international community and the EU to strengthen regulation and restrictions for companies providing network analysis and surveillance software that may reasonably result in human rights harms.
- Call on International bodies who’s websites are blocked within Turkmenistan despite having agreements and partnerships with the Turkmen government (such as the WTO, WHO, UNICEF, World Bank, OSCE, IMF, International embassies) to put pressure on the government to make the details of these agreements, partnerships, commitments, and relevant information available to Turkmen citizens.
- Call on companies such as Microsoft to continue support for Azure/Domain fronting for services that are widely used for censorship circumvention.
- Fund and support research and development of new censorship circumvention tools, especially difficult to block signalling channels that can be used to distribute circumvention resources and pluggable transports.
- Call on the Turkmen government to recommit to their UN Sustainable Development Goals, in particular, good health and well-being, quality education, and peace, justice and strong institutions (3, 4 and 16 respectively), which in the digital age, go hand in hand with access to the free and open Internet.
Summary:
Turkmen citizens and international researchers show evidence of, what appears to be, an extremely unsophisticated approach to Internet censorship in Turkmenistan, including the blocking of whole IP subnets. This suggests a complete lack of concern for collateral damage to the GDP or development goals of Turkmenistan that would be incurred by blocking important websites. Despite the EU’s passing of the Dual Use regulations, to prevent EU countries from exporting surveillance equipment that may result in human rights harms, it is possible that such services continue to be offered to Turkmenistan, due to their natural gas reserves and geopolitically important location.
This research has been developed in cooperation with the author who holds a graduate degree with specialization and publications in privacy protection and censorship circumvention technologies. The author is anonymous for security reasons.