Jio and Airtel likely using middlebox devices to block websites in India, says report

Most internet users in India know that thousands of websites, mostly porn or file-sharing sites, have been banned in the country. A recent report elucidates the methods used by Airtel and Jio, which are leading internet service providers in the country, to block these websites. The report says that Airtel and likely Jio but not confirmed use middlebox devices, which are specially-configured routers to read website DNS, to bar websites in India.

Analyzers from the Centre for Internet and Society (CIS) found 25 middleboxes that are utilized to block websites to Airtel users. According to the report, both Jio and Airtel use Server Name Indication (SNI), an extension that identifies websites on a server, to determine the blocking.

The report in MediaNama cited a blog post by Kushagra Singh and Gurshabad Grover, who alleged 25 middleboxes to Airtel that were manipulating internet traffic. They first obtained its IP address and tested it against a public database of IP addresses. As a result, they could identify 25 middleboxes that were associated with Airtel.

One should know that by blocking websites, Airtel and Jio are only complying with the government directives. The Department of Telecommunication issues order to block particular websites in India, and internet service providers have to follow it. Though it is another point that these orders are not publicly available and there is no way for the Indian users to know whether blocking websites is done because of a valid reason or if it is done just because someone somewhere decided that some websites should be banned in India.

Blocking websites isn’t a new thing in India. Over the years we have noticed several times a number of websites’ takedowns for a number of reasons, including on the basis of court-issued John Doe orders.

Though, the recent report makes it clear that unlike the normal website blocking done on the basis of banned domain name lists earlier, now Jio and Airtel are using more complex blocking measures, similar to the tools and methods used by Chinese to ban thousands of websites.

Mostly it suggests that Airtel and Jio depend on Server Name Indication (SNI) to recognize the requested website and then block it in case the website is included in the list of banned sites in the country. For example, if a user attempts to access Torrentz2, he or she gets “PR_CONNECT_RESET_ERROR”.

Through using SNI-based method, Airtel and Jio can also block the HTTPS websites. This is because SNI is unencrypted and it discloses details of which website is going to be accessed, even if HTTPS stops internet service providers from identifying what a user is doing on a secure account. To counter this, web browsers, most notably Mozilla Firefox, have started implementing eSNI, which is encrypted, but currently, the feature remains experimental for all practical purposes.

“Users trying to visit websites usually contact the ISP’s DNS directory to translate a human-parsable address like xyz.com to its network address,” the researchers noted. “Some ISPs in India, like BSNL and MTNL, respond with incorrect network addresses to the users’ searches for websites they wish to block.”

Then they explained that ISPs like Jio and Airtel use the SNI method. “ISPs like Jio, Airtel and Vodafone monitor this field for names of websites they wish to block, intercept such requests, and return anything they wish as a response,” the researchers noted in their blog post.

Researchers were able to identify middleboxes implemented by Airtel. However, they were not 100% confident about Jio using such routers. This, they noted, was likely because Jio has configured middleboxes using proxy servers.