2015-ververis-understanding

Understanding Internet Censorship Policy: The Case of Greece

Vasilis Ververis, George Kargiotakis, Arturo Filastò, Benjamin Fabian, Afentoulis Alexandros · Free and Open Communications on the Internet · 2015

canonical link →

Tags

censors: gr
techniques: rst-injection

findings extracted from this paper

DNS hijacking of blocked gambling domains in Greece also destroyed MX records for those domains in seven of eight ISPs, making it impossible for users to send email to the censored companies. Only OTE preserved MX records for some (not all) blacklisted domains, and even those were not consistently updated. The Greek Gaming Commission's own public guidance directed affected users to consult prior bank statements for contact information.

§4.3 policy dns-poisoning gr
After the EEEP blacklist was updated in July 2014 to remove pokerstarsblog.com, multiple ISPs continued blocking it — overblocking was observed at Cosmote (7 entries), Wind (7 entries), Vodafone (7 entries), Cyta (3 entries), Forthnet (3 entries), HOL (3 entries), and OTE (3 entries). The blacklist itself contained 28 duplicate domains (6.39%), 17 malformed entries (3.88%), and 3 entries (0.68%) with no gambling content (expired or parked domains).

§5.2, Table 4 evaluation dns-poisoning gr
At least two ISPs (Cyta and Wind) returned fake HTTP 404 errors instead of mandated block pages for a portion of censored entries, and some ISPs served connection timeouts (port 443 blocked) with no explanation — in both cases obscuring deliberate censorship as an apparent network or server failure. Additionally, Cyta embedded Google Analytics on its block landing page to track users who attempted to access censored content.

§4.2, §5.2 policy dpidns-poisoning gr
Across eight Greek ISPs measured in June–August 2014, DNS hijacking was the dominant blocking method: seven of eight ISPs used it exclusively, while only Vodafone deployed DPI (Bluecoat WebProxy/6.0) for URL-level filtering. Compliance with the EEEP blacklist of 438 entries ranged from 21.91% (Forthnet) to 100% (Cosmote, HOL, OTE), with no ISP exactly matching the regulator's list.

§4.2, Table 1 evaluation dns-poisoningdpi gr
Vodafone Greece's DPI system (Bluecoat WebProxy/6.0) performed exact-URL matching against the EEEP blacklist: requests to rivernilecasino.net and www.rivernilecasino.net passed through unblocked, while the exact blacklisted URL www.rivernilecasino.net/index.asp was intercepted and redirected to http://1.2.3.50/ups/no_access_gambling.htm. Subdomains of DNS-hijacked domains returned NXDOMAIN with no A record, making them silently unreachable rather than redirected.

§4.2, Appendix A.1 detection dpidns-poisoning gr