<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">Mose and all<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter
internet traffic. In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24<sup>th</sup> February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express
their position.<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration
of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered /
crafted HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong
it should echo back as sent.<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct
formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate
an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged.
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">We have also observed a concerning trend where entities use the same packet crafting methods mentioned
above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of
experience, to deliver service to our customers without bias, and does not alter traffic.<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">We further state that anyone testing our network within accepted RFC standards will be able to establish
that our network does not in any way alter internet packets.<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">regards<o:p></o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-align:justify;line-height:130%"><span style="font-size:10.0pt;line-height:130%;font-family:"Calibri",sans-serif;color:#1F497D">Steve
<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> kictanet [mailto:kictanet-bounces+schege=safaricom.co.ke@lists.kictanet.or.ke]
<b>On Behalf Of </b>Mose Karanja via kictanet<br>
<b>Sent:</b> Thursday, March 23, 2017 11:54<br>
<b>To:</b> Stephen Chege<br>
<b>Cc:</b> Mose Karanja; KICTAnet ICT Policy Discussions<br>
<b>Subject:</b> Re: [kictanet] Safaricom and Internet Traffic Tampering<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Even after polite reminders, we did not hear back from them officially. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">---<o:p></o:p></p>
<div>
<p class="MsoNormal">Moses<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On 23 Mar 2017, at 11:25, Ali Hussein <<a href="mailto:ali@hussein.me.ke">ali@hussein.me.ke</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">These are very serious allegations guys.<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal" style="margin-bottom:12.0pt">It would be great to hear from Safaricom.<o:p></o:p></p>
<div>
<p class="MsoNormal"><b>Ali Hussein</b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><b>Principal</b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><b>Hussein & Associates</b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif">+254 0713 601113 <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p style="margin:0in;margin-bottom:.0001pt">Twitter: @AliHKassim<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt">Skype: abu-jomo<o:p></o:p></p>
<p style="margin:0in;margin-bottom:.0001pt">LinkedIn: <a href="http://ke.linkedin.com/in/alihkassim" target="_blank">http://ke.linkedin.com/in/alihkassim</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
</div>
<p class="MsoNormal">Sent from my iPad<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 23 March 2017 at 09:27, Mose Karanja via kictanet <<a href="mailto:kictanet@lists.kictanet.or.ke" target="_blank">kictanet@lists.kictanet.or.ke</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Hello listers. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network
of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be
used for traffic manipulation, surveillance and aiding censorship.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies
announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">You can download the brief from this link: <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet-traffic-tampering-in-kenya-the-case-of-safaricoms-network/#more-5833" target="_blank">http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet-traffic-tampering-in-kenya-the-case-of-safaricoms-network/#more-5833</a> <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">-Moses<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet" target="_blank">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/" target="_blank">https://www.facebook.com/KICTANet/</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com" target="_blank">
https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT
enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or
qualifications.<o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">Best regards,<br>
Odhiambo WASHINGTON,<br>
Nairobi,KE<br>
+254 7 3200 0004/+254 7 2274 3223<br>
"<span style="font-size:9.5pt">Oh, the cruft."</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
Twitter: <a href="http://twitter.com/kictanet">http://twitter.com/kictanet</a><br>
Facebook: <a href="https://www.facebook.com/KICTANet/">https://www.facebook.com/KICTANet/</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com">
https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT
enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or
qualifications.<o:p></o:p></p>
</div>
</blockquote>
</div>
</blockquote>
</div>
<meta name="GENERATOR" content="MSHTML 8.00.7600.17051">
<hr>
<div><span style="FONT-FAMILY: Calibri"><strong>Note:</strong></div>
<div><span style="FONT-FAMILY: Calibri" ;FONT-WEIGHT:bold?="" lang="EN-GB">All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here to read the policy.
<div><a href="http://www.safaricom.co.ke/images/Downloads/Terms_and_Conditions/safaricom_email_terms_and_conditions.pdf"><span><font color="#400080">http://www.safaricom.co.ke/images/Downloads/Terms_and_Conditions/safaricom_email_terms_and_conditions.pdf</font></span></a>
</div>
</span></div>
</span>
</body>
</html>