[kictanet] Safaricom and Internet Traffic Tampering

Stephen Chege SChege at Safaricom.co.ke
Thu Mar 23 17:09:18 EAT 2017 

Mose and all

We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter internet traffic.  In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24th February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express their position.

From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered / crafted  HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong it should echo back as sent.

In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged.

We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).

In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of experience, to deliver service to our customers without bias, and does not alter traffic.

We further state that anyone testing our network within accepted RFC standards will be able to establish that our network does not in any way alter internet packets.

regards

Steve

From: kictanet [mailto:kictanet-bounces+schege=safaricom.co.ke at lists.kictanet.or.ke] On Behalf Of Mose Karanja via kictanet
Sent: Thursday, March 23, 2017 11:54
To: Stephen Chege
Cc: Mose Karanja; KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] Safaricom and Internet Traffic Tampering

That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report.

Even after polite reminders, we did not hear back from them officially.

---
Moses

On 23 Mar 2017, at 11:25, Ali Hussein <ali at hussein.me.ke<mailto:ali at hussein.me.ke>> wrote:
These are very serious allegations guys.

It would be great to hear from Safaricom.
Ali Hussein
Principal
Hussein & Associates
+254 0713 601113


Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim

"We are what we repeatedly do. Excellence, therefore, is not an act but a habit."  ~ Aristotle



Sent from my iPad

On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.

For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.

It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.

This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.

I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.

And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!



On 23 March 2017 at 09:27, Mose Karanja via kictanet <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
Hello listers.

CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.

In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.

You can download the brief from this link:

http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet-traffic-tampering-in-kenya-the-case-of-safaricoms-network/#more-5833

-Moses

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
________________________________
Note:
All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here to read the policy.
http://www.safaricom.co.ke/images/Downloads/Terms_and_Conditions/safaricom_email_terms_and_conditions.pdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170323/b9df74d0/attachment.htm>

More information about the KICTANet mailing list