Conclusion

Over the last year, internet censorship in Egypt appears to have become more dynamic, sophisticated and pervasive.

More than 1,000 URLs presented network anomalies throughout the testing period, 178 of which consistently presented a high ratio of HTTP failures, strongly suggesting that they were blocked. Rather than serving block pages, Egyptian ISPs appear to primarily block sites through the use of Deep Packet Inspection (DPI) technology that resets connections. Both HTTP and HTTPS sites appear to have been blocked.

In some cases, instead of RST injection, ISPs appear to drop packets, suggesting a variance in filtering rules. In other cases, ISPs appear to be interfering with the SSL encrypted traffic between Cloudflare’s Point-of-Presence in Cairo and the backend servers of websites hosted outside of Egypt. Latency measurements over the last year and a half also suggest that Egyptian ISPs may have changed their filtering equipment, making the latency-based detection of middleboxes more challenging.

More than 100 URLs that belong to media organizations appear to have been blocked, even though Egyptian authorities only ordered the blocking of 21 news websites last year. These include Egyptian news outlets (such as Mada Masr, Almesryoon, Masr Al Arabia and Daily News Egypt), as well as international media sites (such as Al Jazeera and Huffington Post Arabic). In an attempt to circumvent censorship, some Egyptian media organizations set up alternative domains, but (in a few cases) they got blocked as well.

Through interviews, staff members of blocked Egyptian media websites reported that the censorship has had a severe impact on their work. In addition to not being able to publish and losing part of their audience, the censorship has also had a financial impact on their operations and deterred sources from reaching out to their journalists. A number of Egyptian media organizations have suspended their work entirely, as a result of persisting internet censorship.

Many other websites, beyond media, appear to have been blocked as well. These include human rights websites (such as Human Rights Watch, Reporters without Borders, the Arabic Network for Human Rights Information, the Egyptian Commission for Rights and Freedoms, and the Journalists Observatory against Torture) and sites expressing political criticism (such as the April 6 Youth Movement), raising the question of whether censorship decisions were politically motivated.

Egyptian ISPs appear to be applying “defense in depth” tactics for network filtering by creating multiple layers of censorship that make circumvention harder. This is in part suggested by the blocking of numerous censorship circumvention tool sites (such as torproject.org, hotspotshield.com and psiphon.ca), as well as by the widespread blocking of the Tor network. In some cases, Tor bridges appear to be blocked as well.

What stands out though as a “defense in depth” strategy is the blocking of Egypt’s Freedom and Justice Party (FJP) site. Our testing shows that different versions of this site (http://www.fj-p.com and http://fj-p.com) were blocked by two different middleboxes. In doing so, Egyptian ISPs added extra layers of censorship, ensuring that circumvention requires extra effort.

While the legal justification behind the blocking of all of these websites remains quite unclear, it can probably be attributed to a number of Egyptian laws, such as Article 3 of the Emergency Law, Article 29 of the Anti-Terrorism Law, or Article 7 of the recently approved Cyber Crime Law. This is also suggested by the May 2017 order which banned certain media websites on the grounds of “supporting terrorism and lies”, in reference to such laws. Furthermore, the National Telecommunications Regulatory Authority disclosed that Al-Shurk TV channel’s website was blocked following a request from The Committee for Monitoring and Regulating the Muslim Brotherhood Group Funds. This request also included bans for a number of other media websites.

Apart from censorship, Egyptian ISPs appear to be carrying out an ad campaign as well. Hundreds of OONI Probe network measurements (collected from multiple ASNs) show the redirection of unencrypted HTTP connections to affiliate ads and cryptocurrency mining scripts. Egyptian ISPs appear to be using DPI (or similar networking equipment) to hijack unencrypted connections and inject redirects, though they don’t seem to have a common policy in terms of how they implement these redirects over time. A wide range of different types of URLs were affected, including the Palestinian Prisoner Society, the Women’s Initiatives for Gender Justice, LGBTQI sites, VPN sites, Israeli sites, and even websites of the United Nations, such as un.org and ohchr.org.

While certain Egyptian laws may justify the censorship events identified as part of this study, the extent to which an ad campaign is justifiable remains unclear. The aim of this study was to examine censorship events through the analysis of network measurements, supporting future research efforts and public debate.

Acknowledgements

We thank all the volunteers in Egypt who have run and continue to run OONI Probe, thus making this research possible.

We also thank the translators of this report, Elio Qoshi for the design of its PDF document, Arturo Filastò and our Egyptian friends for review and support.