mm   Myanmar

Of 6,915,266 domains extracted from the 572 GiB Geedge Networks Leak (GNL), 298,955 censored domains (93.7% of all GNL-censored domains) appear in neither Tranco top-1M nor CitizenLab test lists. Measurements across China (Guangzhou/Nanjing), Myanmar, Pakistan, and Algeria confirmed censorship via DNS injection and SNI-based TLS connection termination. The GNL covers 25–62% of Tranco-censored domains across countries, showing substantial but incomplete overlap. This vendor-side ground truth reveals a censorship surface roughly two orders of magnitude larger than curated academic test lists.

2026-sheffey-geedge §4.1, Table 2 detection

The GNL reveals that Geedge actively maintains dedicated VPN-infrastructure tracking datasets. The China-specific component includes 7,016 domains in a "vpn-finder-plugins" repository (mesalab_git/intelligence-learning-engine), 4,810 NordVPN server domains, and a Pakistan-specific file listing 68 Psiphon CDN domains (geedge_docs/TSGEN/.../Psiphon-CDN_20240430.json) dated April 2024. A Myanmar deployment file (M22-VPN List.html, 27 domains) further confirms country-specific VPN blocklists are operationally maintained. The "Appsketch" program reverse-engineers VPN apps to extract domains and IP addresses for blocking.

2026-sheffey-geedge §4.2, Table 3 detection

Internal Geedge documents confirm active contracts to deploy GFW-derived censorship and surveillance infrastructure in Myanmar, Pakistan, Ethiopia, Kazakhstan, and at least one additional unidentified country under the Belt and Road framework, in addition to domestic deployments in Xinjiang, Jiangsu, and Fujian. The exported product (the Tiangou Secure Gateway / TSG line) is not a stripped-down export variant — leaked TSG documentation shows DPI, active-probing, ML classifiers, and granular per-region traffic control rules that mirror the domestic GFW capability set.

2025-geedge-mesa-leak §5, §6 deployment

InterSecLab frames the Geedge/TSG export program as the commoditization of national firewall capability: rather than each censor state independently developing detection infrastructure, they contract Geedge for a turnkey system incorporating the cumulative R&D of MESA Lab (>10 years, National Science and Technology Progress Award winners). This structural shift means the marginal cost for an autocratic government to acquire GFW-grade censorship is now a procurement decision, not a multi-year engineering program. The report identifies that Geedge's relationship with the MESA Lab gives customer states indirect access to ongoing academic R&D improvements, not just a static product.

2025-interseclab-internet-coup §2, §6–§7 (InterSecLab report) policy

InterSecLab's 76-page analysis of the Geedge/MESA leak (based on nine months of indexing and translating >100,000 documents) characterizes the Tiangou Secure Gateway (TSG) product line as a commercially deployable detection stack that combines deep packet inspection, real-time mobile subscriber monitoring, active probing, ML-based traffic classifiers, and granular per-region rule sets. TSG is not a research prototype — leaked documentation includes deployment timelines and client government interactions for Kazakhstan, Ethiopia, Pakistan, Myanmar, and one unnamed country, with censorship rules explicitly tailored to each region.

2025-interseclab-internet-coup §3–§5 (InterSecLab report) detection

The report traces the specific corporate pathway through which Geedge Networks exported GFW-derived technology to Myanmar: via front companies, shell entities, and Belt and Road Initiative contract frameworks that obscure the Chinese state's direct involvement. The report names at least three intermediary entities used to transfer equipment and technical personnel to the Myanmar military, and documents that the same export channel was used for ongoing product updates post-deployment.

2025-jfm-silk-road-surveillance §4, §6 policy

Justice for Myanmar documents that Geedge Networks supplied Myanmar's military junta with GFW-derived surveillance and censorship infrastructure under Belt and Road frameworks following the February 2021 coup. The deployed system (Tiangou Secure Gateway / TSG) incorporates the same DPI, active-probing, and ML-classifier capabilities as the domestic Chinese GFW, giving Myanmar one of the most technically capable censorship systems in Southeast Asia.

2025-jfm-silk-road-surveillance §3, §5 deployment

The report documents that Myanmar's military has used its TSG-based infrastructure to execute targeted throttling and selective shutdowns of specific services and platforms, not only blanket internet shutdowns. This includes selective disruption of VPNs and circumvention tools during periods of civil unrest, demonstrating that Myanmar's censors have operationalized the granular per-service traffic control capabilities documented in the Geedge/MESA leak.

2025-jfm-silk-road-surveillance §5 deployment

The merged KIO-IODA dataset (Jan 2018–Aug 2021) documents 219 national-scale Internet shutdowns across 35 countries and 714 spontaneous outages across 150 countries; the 35 shutdown-affected countries collectively represent more than 1 billion estimated Internet users. Myanmar (53 IODA events), Syria (52), and Iraq (38) are the most frequently affected countries in the shutdown dataset.

2023-bischof-destination §4, Table 2 evaluation

The endpoint-free methodology fails when bidirectional censorship is absent or when residual censorship is pervasive: experiments in Burundi, Equatorial Guinea, Myanmar, and Kyrgyzstan could not confirm bidirectional censorship, rendering automated triggering-and-measurement inapplicable. Residual censorship causes false positives by making innocuous domains appear blocked following a censored query.

2023-nourin-detecting §3 evaluation

Previous work reported that Myanmar ISPs selectively applied DNS blocking versus TCP/IP blocking, but analysis of the underlying data revealed they applied both concurrently. The apparent difference arose because some OONI volunteers bypassed DNS tampering by using public DNS resolvers (Cloudflare, Google Public DNS) and subsequently experienced IP-level blocking instead, making measurements appear selective when they were not.

2023-raman-advancing §3.1 evaluation

Documented Internet shutdown events grew from 75 in 2016 to 213 in 2019 across 33 countries, with individual shutdowns lasting from hours to 472 days (Chad). These shutdowns completely sever IP connectivity, rendering all existing circumvention tools (Tor, VPNs, Shadowsocks, etc.) non-functional since they require at least partial Internet access to operate.

2023-sharma-dolphin §1–2 deployment

Cellular data restrictions imposed from Mar. 15, 2021 were invisible to IODA (which uses BGP routing data, active probing, and darknet traffic) because cellular networks commonly use Carrier Grade NAT. Kentik's AS-level NetFlow aggregates clearly showed the cellular traffic drop, with all four major cellular ASes (MPT AS9988, Mytel AS136255, Telenor AS133385, Ooredoo AS132167) experiencing sustained traffic reductions while fixed-line providers only showed nightly dips.

2021-padmanabhan-multi-perspective §3.2 evaluation

Beginning Feb. 14, 2021, country-wide Internet outages affected Myanmar for 72 consecutive nights until Apr. 28, starting at 18:30 UTC (01:00 local time) and lasting 8 hours each night. These nightly curfews were highly synchronized across most ISPs—identical start and end times—in stark contrast to the haphazard, mis-timed outages on the day of the coup.

2021-padmanabhan-multi-perspective §3.2 deployment

IP blocking in Myanmar was non-deterministic within individual ASes: Frontiir (AS58952) blocked Facebook's IP 157.240.15.36 but not 31.13.82.36, indicating ISPs used incomplete address lists. Different websites were blocked on different networks, and DNS interference was inconsistent even within a single ISP's resolvers, confirming that censorship was decentralized rather than implemented via a national choke point.

2021-padmanabhan-multi-perspective §3.3 detection

Post-coup, Myanmar ISPs shifted from primarily DNS-based blocking (dominant in 2020) to IP-based blocking. Blocking Fastly's IP 151.101.1.195 triggered collateral unavailability of more than 10,000 co-hosted websites; blocking a Google-hosted IP (172.217.194.121) rendered snapchat.com, getoutline.org, and others unreachable on at least 4 ASes during Feb. 24–27, 2021.

2021-padmanabhan-multi-perspective §3.3 evaluation

On Feb. 5, 2021, Campana Mythic (AS136168) announced Twitter's 104.244.42.0/24 prefix—apparently intending to blackhole Twitter traffic locally as part of the national Twitter block—but the route leaked to operators in Singapore and Vietnam, causing collateral disruption for Twitter users outside Myanmar. This accidental BGP leak corroborates evidence that Myanmar ISPs were independently implementing IP-level censorship without a centralized national kill switch.

2021-padmanabhan-multi-perspective §3.4 deployment

Applying automated block-page detection to the ONI dataset (49 countries, 2007–2012) reveals that Burma's (AS 18399) censorship mechanism shifted from DNS redirection to a transparent proxy returning a custom block page in mid-2009, then block pages largely disappeared after Burma's late-2011 political liberalization. Saudi Arabia (AS 25019) shows a similar transition with WireFilter replacing an unidentified prior tool in 2011, with two concurrent block-page templates suggesting multiple simultaneous filtering devices.

2014-jones-automated §6 evaluation