2017-morshed-when
findings extracted from this paper
-
Because Bangladesh's ban targeted specific named applications rather than underlying protocols, users successfully substituted functionally equivalent but unlisted apps: 'Banning Facebook, Viber, and Whatsapp for security purposes was not sufficient. For example, I used IMO to operate those apps. So, ultimately, nothing happened.' Authorities responded by expanding the blocklist to cover substitute apps, producing a reactive cat-and-mouse dynamic over the 26-day ban.
-
The Bangladesh Telecommunication Regulatory Commission (BTRC) directed ISPs to block Facebook, Viber, WhatsApp, and Facebook Messenger on November 18, 2015; the ban expanded over 26 days to include Twitter, Skype, IMO, and Instagram, with a coincidental 1-hour complete internet blackout at the outset. Blocking was enforced at the ISP level via written BTRC directives, targeting specific named platforms rather than underlying protocols or ports.
-
At least one participant was unable to use VPN during Bangladesh's ban because her Windows Phone (Lumia) did not carry VPN client apps in its app store, leaving her 'totally unable to communicate' for the ban's duration despite awareness of the workaround. Device platform and app-store access restrictions created a hard circumvention barrier independent of user intent or technical knowledge.
-
During Bangladesh's 2015 internet ban, police conducted roadside stops and physically inspected mobile phones for VPN software, confiscating devices found with VPN installed and asserting VPN use was illegal — despite no official government directive prohibiting VPN. This extra-legal enforcement, carried out by low-ranking constables, created a chilling deterrent effect on circumvention adoption beyond the technical challenge of blocking.
-
Prior to Bangladesh's 2015 internet ban, only 1 of 21 study participants had prior knowledge of VPN or IP-masking software; during the 26-day ban, VPN knowledge spread virally through social networks until it was described as 'fairly commonplace,' with adoption driven almost entirely by peer-to-peer instruction rather than technical documentation. Users required only procedural knowledge — installation steps and connection — not understanding of VPN mechanics.