An engineering student in Egypt found herself with no access to remote classes as authorities in Egypt unilaterally blocked the VPN service she had relied on to study.
Egyptian authorities are using the Deep Packet Inspection (DPI) technique to impede access to virtual private networks (VPNs), commonly used in Egypt to access restricted content.
Blocking the Tools Bypassing Blocks
Between 2017 and 2020, Egypt blocked 600 websites and online services, including 400 virtual networks, proxy service providers, and 11 news websites. Regional and international organizations asserted that the Egyptian state uses DPI technology to intercept communications and impose censorship.
Undeterred by dissenting voices, authorities persisted in limiting the options available for people in Egypt to access online content freely. This entailed restricting any resources that could facilitate the circumvention of the government’s censorship framework.
In August 2022, the Egyptian government took its first measures to ban the use of VPNs. It blocked connections facilitated by the Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP), not yet blocking OpenVPN— most commonly used VPN protocol.
However, on October 3, 2022, internet users started complaining about connectivity hitches when using OpenVPN. Eventually, communication via this protocol became impossible. The Egyptian government used DPI technology to throttle internet connection and identify data transferred via OpenVPN, PPTP, and L2TP protocols.
They used firewalls to obstruct VPN ports that rely on OpenVPN’s protocol, and VPN providers were required to retain browsing records for two years to continue operating in the country.
Engineer and computer science expert Ahmed Abdel-Gawad confirmed to SMEX that virtual private networks are functional in Egypt. However, users must opt for virtual networks that DPI and other network blocking mechanisms cannot detect.
Some users turn to virtual networks operating on a protocol to bypass this restriction. This enables the virtual network to assign Internet Protocol (IP) addresses that elude identification and blocking by the authorities. Abdel-Gawad explains that such networks typically employ a swift and secure protocol like Lightway, which boasts a lean structure with approximately two thousand lines of code, fewer than comparable networks.
Abdel-Gawad added that using these networks requires a monthly payment of around eight U.S. dollars, averaging 250 Egyptian pounds.
Commercial or Security Goals?
While the prohibition of unrestricted virtual networks carries negative implications, an alternative perspective emerges, as highlighted by Dr. Mervat Abou Oaf, a media legislation professor at the American University in Cairo.
“The authorities’ decision to obstruct virtual networks functioning on open protocols can be attributed to the recent surge in artificial intelligence development, coupled with their aspiration to promote the utilization of their own products soundly, much like the situation with ChatGPT,” Dr. Abou Oaf told SMEX. “This emphasis is particularly pertinent in the education and media sectors.”
Abou Oaf firmly asserts, “progress is an inevitable trajectory, and the adoption of these technologies is inescapable. Engaging with and integrating them would be more prudent while simultaneously devising mechanisms to shield society from their adverse outcomes.”
Dr. Abou Oaf deems the situation unfair since “those able to connect to paid virtual networks can readily access any content, while those without the knowledge or financial resources will find themselves deprived of such access.”
Conversely, an anonymous network engineer specializing in the field contends that “this pretext of banning free virtual networks in Egypt is merely a smokescreen.” He explained that artificial intelligence products are perfectly functional in Egypt and can be accessed through payment despite attracting few users. He added that banning free virtual networks is nothing but “authorities’ way of securing a share of the fees paid to VPN service providers.”
Deep Packet Inspection (DPI)
All information found on the internet is condensed in what is called a “data packet.” These packets include crucial details about data traffic, such as the source, content, destination, etc. Deep Packet Inspection (DPI) is a technique used to scrutinize the contents of data packets as they traverse the network. This technology meticulously analyzes the particulars embedded in the packet header to identify attributes like the IP address and port number (specifically denoting the sender, recipient, and transmission time).
DPI technology evaluates the packet header and its payload, allowing it to find the packet’s origin and destination and discern the communication’s substance, context, and intent.
This technology finds wide application in both commercial and security contexts, unveiling concealed threats such as unauthorized data access, malware, and spam and identifying violations of content policies. It allows operators to monitor user behavior, glean statistical insights, and consequently monetize browsing data by selling it to marketing and advertising entities.
Extensive scanning techniques can also inadvertently introduce network latency due to heightened processing demands. The government can leverage these techniques to facilitate targeted assaults on specific data categories.
DPI technology allows Internet Service Providers (ISPs) to intercept their clientele’s comprehensive online activities, such as browsing histories, emails, and downloads. ISPs can do this, given the absence of encryption in a substantial portion of internet traffic. This situation takes on graver implications with the potential for this harvested data to be exploited, compromising the privacy of individuals.
Moreover, DPI techniques are harnessed for eavesdropping, surveillance, preemptive interruption of lawful or unlawful communication without prior notice, monitoring internet traffic, and imposing censorship on specific content and websites.
DPI techniques encompass three fundamental methodologies, as explained by computer and network engineer Ruby Gamal:
- Pattern or Signature Matching technology, which identifies and obstructs malevolent patterns.
- Protocol Anomaly Detection technology is responsible for discerning permissible content and traffic per protocol definitions.
- The Intrusion Prevention System is capable of real-time attack deterrence by impeding access to malicious data packets based on their content.
Gamal affirms that by utilizing these technologies, ISPs possess the capacity to identify and hinder a majority of virtual private network protocols. However, the complete range of these protocols remains beyond their reach. Additionally, providers can determine the time of connection to these network servers and the volume of data transmitted, both uploads and downloads. Nevertheless, using VPN applications thwarts their ability to decipher the encrypted data within the packets.
As more VPN applications get blocked and DPI technology enforced, internet users find themselves defenseless, stripped of the protective shields that once provided concealment against the authorities’ gaze.
Feature image by AXP Photography via Unsplash.
