[kictanet] Safaricom and Internet Traffic Tampering

Odhiambo Washington odhiambo at gmail.com
Thu Mar 23 22:03:24 EAT 2017


+1 Mwendwa, +1, Ngigi.

Today I have wondered about two things:

1. Whether Thuo Wilson was in his element when he posted his comment. I
believe he did not give it much thought.
2. Whether  the engineers who drafted Chege's response were competent
enough to draft - how they came up with such a daft response.

I am out - for now.


On 23 March 2017 at 21:25, Ngigi Waithaka via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> Steve,
>
> This, just doesn't add up....
>
> Let's talk layman, let's talk HTTP; A protocol designed to enable
> communication between a users browser and the web server.
>
> The only parties that should learn how to 'speak' and 'hear' this protocol
> is only the browser & the web-server period!
>
> Whether a browser / web-server breaks this protocol and uses HTTP in a way
> it wasn't supposed to be used is simply not any ISP's business. The duty is
> on the web-server to inform the user and vice-versa that they cannot
> understand what the other is requesting for.
>
> The only task an ISP has is simply to *carry* this message, broken or not
> and charge the user for the data.
>
> What you have just written is akin to saying, if I called Ali on your
> network and then in the middle of the conversation I used broken English,
> that my conversation will be promptly cut until I use the *correct* English.
>
> HTTP is what contains the users data. The fact that you have *written*
> that you look into HTTP means you look into your users data, something that
> I believe is explicitly against the laws of the land.
>
> The more you try to twist this, the deeper a hole you dig yourselves in.
>
> Regards
>
>
> On Thu, Mar 23, 2017 at 5:09 PM, Stephen Chege via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Mose and all
>>
>>
>>
>> We have noted CIPTs claim and wish to state categorically that Safaricom
>> does not in any way alter internet traffic.  In addition, Safaricom did
>> reach out to CIPT through a conference call with our engineers on 24th
>> February 2017, which we believed was the best way to engage on this issue
>> as it is technical and both parties had a chance to express their position.
>>
>>
>>
>> From our understanding, CIPT use an application called Ooniprobe to test
>> whether there is any alteration of a packet sent through a particular ISPs
>> network. It uses crowdsourcing to collect information about a network,
>> which is later uploaded to an analytics server whose front-end is the
>> website. In order to test tampering it makes use of detuned / altered /
>> crafted  HTTP parameters. The crafted HTTP packet is then directed towards
>> dedicated servers that echo back HTTP header(s). The expectation is that
>> such a crafted packet should not be subject to any form of network
>> manipulation, even if the query used is wrong it should echo back as sent.
>>
>>
>>
>> In the discussions we had with CIPT, we clarified that on our network, we
>> strictly follow the correct formats of the HTTP version on the optimisation
>> gateway, because packets are expected in the correct HTTP format as per
>> agreed global standards (RFC 2616: Section 2.2). Any crafted or altered
>> packets that violate the accepted correct HTTP formats generate an error.
>> So by CIPT sending a packet that has its HTTP parameters detuned/altered,
>> they would receive an error as explained above. This is not evidence of a
>> middle box as now alleged.
>>
>>
>>
>> We have also observed a concerning trend where entities use the same
>> packet crafting methods mentioned above to defraud the ISP by tunneling
>> traffic through zero rated sites (i.e. by-passing billing).
>>
>>
>>
>> In summary, we have a standard ISP traffic optimizer whose sole purpose
>> is to optimize quality of experience, to deliver service to our customers
>> without bias, and does not alter traffic.
>>
>>
>>
>> We further state that anyone testing our network within accepted RFC
>> standards will be able to establish that our network does not in any way
>> alter internet packets.
>>
>>
>>
>> regards
>>
>>
>>
>> Steve
>>
>>
>>
>> *From:* kictanet [mailto:kictanet-bounces+schege=
>> safaricom.co.ke at lists.kictanet.or.ke] *On Behalf Of *Mose Karanja via
>> kictanet
>> *Sent:* Thursday, March 23, 2017 11:54
>> *To:* Stephen Chege
>> *Cc:* Mose Karanja; KICTAnet ICT Policy Discussions
>> *Subject:* Re: [kictanet] Safaricom and Internet Traffic Tampering
>>
>>
>>
>> That is why we did a responsible disclosure. Safaricom did reach back to
>> us and promised to give a detailed report.
>>
>>
>>
>> Even after polite reminders, we did not hear back from them officially.
>>
>>
>>
>> ---
>>
>> Moses
>>
>>
>> On 23 Mar 2017, at 11:25, Ali Hussein <ali at hussein.me.ke> wrote:
>>
>> These are very serious allegations guys.
>>
>>
>>
>> It would be great to hear from Safaricom.
>>
>> *Ali Hussein*
>>
>> *Principal*
>>
>> *Hussein & Associates*
>>
>> +254 0713 601113
>>
>>
>>
>> Twitter: @AliHKassim
>>
>> Skype: abu-jomo
>>
>> LinkedIn: http://ke.linkedin.com/in/alihkassim
>>
>>
>>
>> "We are what we repeatedly do. Excellence, therefore, is not an act but a
>> habit."  ~ Aristotle
>>
>>
>>
>>
>>
>> Sent from my iPad
>>
>>
>> On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>> I recently had a very traumatizing experience with a client I was
>> consulting for and whose preferred mode of connection is Safaricom 4G.
>>
>>
>>
>> For two days I was struggling to figure out why what seemed so obvious
>> (in my mind) was NOT working with Safaricom while I had tested the same
>> with JTL and Access Kenya links.
>>
>>
>>
>> It turned out that Safaricom truly tamper with traffic to the Internet.
>> This includes even VPN traffic.
>>
>>
>>
>> This test result presented here is not a surprise to me at all.
>> Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced
>> that they can do ANYTHING with your traffic.
>>
>>
>>
>> I wrote a private email to Stephen Chege of Safaricom (we all remember
>> him) but didn't receive even an acknowledgement. The problem I had - with
>> DNS and VPN still stand unresolved.
>>
>>
>>
>> And this is why I am always suspicious about the dalliance (for lack of a
>> better word. I am thinking in Dholuo and translating to English) between
>> Safaricom and the govt, especially since one of them was given a senior
>> govt job!
>>
>>
>>
>>
>>
>>
>>
>> On 23 March 2017 at 09:27, Mose Karanja via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>> Hello listers.
>>
>>
>>
>> CIPIT has been conducting network measurements on Kenyan Internet Service
>> Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10
>> February 2017, the data indicated the presence of a middle-box on the
>> cellular network of one provider, Safaricom Limited (AS33771) that had not
>> previously presented any signs of traffic manipulation. Middle-boxes assume
>> dual-use character in that they can be used for legitimate functions (e.g.,
>> network optimisation) and can simultaneously be used for traffic
>> manipulation, surveillance and aiding censorship.
>>
>>
>>
>> In light of such dual uses, this report makes clear that service
>> providers operating middle-boxes must communicate to the public in a
>> transparent manner the justification for such activity. This is especially
>> relevant as government bodies announce plans to monitor and possibly censor
>> the Internet during Kenya’s current electoral processes.
>>
>>
>>
>> You can download the brief from this link:
>>
>>
>>
>> http://blog.cipit.org/2017/03/23/cipit-research-reveals-evid
>> ence-of-internet-traffic-tampering-in-kenya-the-case-of-
>> safaricoms-network/#more-5833
>>
>>
>>
>> -Moses
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>> ailman/options/kictanet/odhiambo%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>>
>>
>>
>>
>> --
>>
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254 7 3200 0004/+254 7 2274 3223
>> "Oh, the cruft."
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>> ailman/options/kictanet/info%40alyhussein.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>> ------------------------------
>> *Note:*
>> All emails sent from Safaricom Limited are subject to Safaricom’s Email
>> Terms & Conditions. Please click here to read the policy.
>> http://www.safaricom.co.ke/images/Downloads/Terms_and_Condit
>> ions/safaricom_email_terms_and_conditions.pdf
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>> ailman/options/kictanet/ngigi%40at.co.ke
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
>
> --
> *Regards,*
>
> *Wait**haka Ngigi*
> Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod
> Building
> T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000
> www.at.co.ke
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/odhiambo%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170323/a52f7fa8/attachment.htm>


More information about the KICTANet mailing list