Re: [kictanet] Safaricom and Internet Traffic Tampering
That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report. Even after polite reminders, we did not hear back from them officially. --- Moses
On 23 Mar 2017, at 11:25, Ali Hussein <ali@hussein.me.ke> wrote:
These are very serious allegations guys.
It would be great to hear from Safaricom.
Ali Hussein Principal Hussein & Associates +254 0713 601113
Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <kictanet@lists.kictanet.or.ke> wrote:
I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.
For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.
It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.
This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.
I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.
And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!
On 23 March 2017 at 09:27, Mose Karanja via kictanet <kictanet@lists.kictanet.or.ke> wrote: Hello listers.
CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
You can download the brief from this link:
http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet...
-Moses
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Mose and all We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter internet traffic. In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24th February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express their position. From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered / crafted HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong it should echo back as sent. In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged. We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing). In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of experience, to deliver service to our customers without bias, and does not alter traffic. We further state that anyone testing our network within accepted RFC standards will be able to establish that our network does not in any way alter internet packets. regards Steve From: kictanet [mailto:kictanet-bounces+schege=safaricom.co.ke@lists.kictanet.or.ke] On Behalf Of Mose Karanja via kictanet Sent: Thursday, March 23, 2017 11:54 To: Stephen Chege Cc: Mose Karanja; KICTAnet ICT Policy Discussions Subject: Re: [kictanet] Safaricom and Internet Traffic Tampering That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report. Even after polite reminders, we did not hear back from them officially. --- Moses On 23 Mar 2017, at 11:25, Ali Hussein <ali@hussein.me.ke<mailto:ali@hussein.me.ke>> wrote: These are very serious allegations guys. It would be great to hear from Safaricom. Ali Hussein Principal Hussein & Associates +254 0713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle Sent from my iPad On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote: I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G. For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links. It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic. This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic. I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved. And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job! On 23 March 2017 at 09:27, Mose Karanja via kictanet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote: Hello listers. CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship. In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes. You can download the brief from this link: http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet... -Moses _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. ________________________________ Note: All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here to read the policy. http://www.safaricom.co.ke/images/Downloads/Terms_and_Conditions/safaricom_e...
Steve, This, just doesn't add up.... Let's talk layman, let's talk HTTP; A protocol designed to enable communication between a users browser and the web server. The only parties that should learn how to 'speak' and 'hear' this protocol is only the browser & the web-server period! Whether a browser / web-server breaks this protocol and uses HTTP in a way it wasn't supposed to be used is simply not any ISP's business. The duty is on the web-server to inform the user and vice-versa that they cannot understand what the other is requesting for. The only task an ISP has is simply to *carry* this message, broken or not and charge the user for the data. What you have just written is akin to saying, if I called Ali on your network and then in the middle of the conversation I used broken English, that my conversation will be promptly cut until I use the *correct* English. HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land. The more you try to twist this, the deeper a hole you dig yourselves in. Regards On Thu, Mar 23, 2017 at 5:09 PM, Stephen Chege via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Mose and all
We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter internet traffic. In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24th February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express their position.
From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered / crafted HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong it should echo back as sent.
In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged.
We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).
In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of experience, to deliver service to our customers without bias, and does not alter traffic.
We further state that anyone testing our network within accepted RFC standards will be able to establish that our network does not in any way alter internet packets.
regards
Steve
*From:* kictanet [mailto:kictanet-bounces+schege=safaricom.co.ke@lists. kictanet.or.ke] *On Behalf Of *Mose Karanja via kictanet *Sent:* Thursday, March 23, 2017 11:54 *To:* Stephen Chege *Cc:* Mose Karanja; KICTAnet ICT Policy Discussions *Subject:* Re: [kictanet] Safaricom and Internet Traffic Tampering
That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report.
Even after polite reminders, we did not hear back from them officially.
---
Moses
On 23 Mar 2017, at 11:25, Ali Hussein <ali@hussein.me.ke> wrote:
These are very serious allegations guys.
It would be great to hear from Safaricom.
*Ali Hussein*
*Principal*
*Hussein & Associates*
+254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet < kictanet@lists.kictanet.or.ke> wrote:
I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.
For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.
It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.
This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.
I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.
And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!
On 23 March 2017 at 09:27, Mose Karanja via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Hello listers.
CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
You can download the brief from this link:
http://blog.cipit.org/2017/03/23/cipit-research-reveals- evidence-of-internet-traffic-tampering-in-kenya-the-case- of-safaricoms-network/#more-5833
-Moses
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
------------------------------ *Note:* All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here to read the policy. http://www.safaricom.co.ke/images/Downloads/Terms_and_ Conditions/safaricom_email_terms_and_conditions.pdf
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Regards,* *Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000 www.at.co.ke
+1 Mwendwa, +1, Ngigi. Today I have wondered about two things: 1. Whether Thuo Wilson was in his element when he posted his comment. I believe he did not give it much thought. 2. Whether the engineers who drafted Chege's response were competent enough to draft - how they came up with such a daft response. I am out - for now. On 23 March 2017 at 21:25, Ngigi Waithaka via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Steve,
This, just doesn't add up....
Let's talk layman, let's talk HTTP; A protocol designed to enable communication between a users browser and the web server.
The only parties that should learn how to 'speak' and 'hear' this protocol is only the browser & the web-server period!
Whether a browser / web-server breaks this protocol and uses HTTP in a way it wasn't supposed to be used is simply not any ISP's business. The duty is on the web-server to inform the user and vice-versa that they cannot understand what the other is requesting for.
The only task an ISP has is simply to *carry* this message, broken or not and charge the user for the data.
What you have just written is akin to saying, if I called Ali on your network and then in the middle of the conversation I used broken English, that my conversation will be promptly cut until I use the *correct* English.
HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land.
The more you try to twist this, the deeper a hole you dig yourselves in.
Regards
On Thu, Mar 23, 2017 at 5:09 PM, Stephen Chege via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Mose and all
We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter internet traffic. In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24th February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express their position.
From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered / crafted HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong it should echo back as sent.
In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged.
We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).
In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of experience, to deliver service to our customers without bias, and does not alter traffic.
We further state that anyone testing our network within accepted RFC standards will be able to establish that our network does not in any way alter internet packets.
regards
Steve
*From:* kictanet [mailto:kictanet-bounces+schege= safaricom.co.ke@lists.kictanet.or.ke] *On Behalf Of *Mose Karanja via kictanet *Sent:* Thursday, March 23, 2017 11:54 *To:* Stephen Chege *Cc:* Mose Karanja; KICTAnet ICT Policy Discussions *Subject:* Re: [kictanet] Safaricom and Internet Traffic Tampering
That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report.
Even after polite reminders, we did not hear back from them officially.
---
Moses
On 23 Mar 2017, at 11:25, Ali Hussein <ali@hussein.me.ke> wrote:
These are very serious allegations guys.
It would be great to hear from Safaricom.
*Ali Hussein*
*Principal*
*Hussein & Associates*
+254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet < kictanet@lists.kictanet.or.ke> wrote:
I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.
For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.
It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.
This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.
I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.
And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!
On 23 March 2017 at 09:27, Mose Karanja via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Hello listers.
CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
You can download the brief from this link:
http://blog.cipit.org/2017/03/23/cipit-research-reveals-evid ence-of-internet-traffic-tampering-in-kenya-the-case-of- safaricoms-network/#more-5833
-Moses
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
------------------------------ *Note:* All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here to read the policy. http://www.safaricom.co.ke/images/Downloads/Terms_and_Condit ions/safaricom_email_terms_and_conditions.pdf
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Regards,*
*Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000 www.at.co.ke
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Listers This conversation is important in one sense:- The fact that we have been bashing the government for the last few weeks about snooping on its citizens without recourse to the law or our constitution which they are sworn to protect. Ngigi's response raises serious red flags. And I quote a part of his response:- "HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land. The more you try to twist this, the deeper a hole you dig yourselves in." End quote. Here's my worry. Who do we go to when we get so confused about such stuff? We suspect the government is snooping on us. We suspect the telcos are snooping on us. Who do we ask to intervene? CA? Wait..We aren't even sure about them.. The courts? Maybe that's our only salvation.. Ali Hussein Principal Hussein & Associates +254 0713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle Sent from my iPad
On 23 Mar 2017, at 9:25 PM, Ngigi Waithaka via kictanet <kictanet@lists.kictanet.or.ke> wrote:
HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land.
The more you try to twist this, the deeper a hole you dig yourselves in.
Ali And do you expect courts to understand that technical explanation? ---------------------------------------------------------------------------------- Grace Githaiga Twitter: @ggithaiga Skype: gracegithaiga Linkedin: https://www.linkedin.com/in/gracegithaiga ...the most important office in a democracy is the citizen. So, you see, that’s what our democracy demands. It needs you!----Barrack Obama. ________________________________ From: kictanet <kictanet-bounces+ggithaiga=hotmail.com@lists.kictanet.or.ke> on behalf of Ali Hussein via kictanet <kictanet@lists.kictanet.or.ke> Sent: Friday, March 24, 2017 3:54 AM To: ggithaiga@hotmail.com Cc: Ali Hussein; Mose Karanja Subject: Re: [kictanet] Safaricom and Internet Traffic Tampering Listers This conversation is important in one sense:- The fact that we have been bashing the government for the last few weeks about snooping on its citizens without recourse to the law or our constitution which they are sworn to protect. Ngigi's response raises serious red flags. And I quote a part of his response:- "HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land. The more you try to twist this, the deeper a hole you dig yourselves in." End quote. Here's my worry. Who do we go to when we get so confused about such stuff? We suspect the government is snooping on us. We suspect the telcos are snooping on us. Who do we ask to intervene? CA? Wait..We aren't even sure about them.. The courts? Maybe that's our only salvation.. Ali Hussein Principal Hussein & Associates +254 0713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle Sent from my iPad On 23 Mar 2017, at 9:25 PM, Ngigi Waithaka via kictanet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote: HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land. The more you try to twist this, the deeper a hole you dig yourselves in.
GG Nope... Ali Hussein Principal Hussein & Associates +254 0713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim "We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle Sent from my iPad
On 24 Mar 2017, at 9:02 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote:
Ali
And do you expect courts to understand that technical explanation?
----------------------------------------------------------------------------------
Grace Githaiga Twitter: @ggithaiga Skype: gracegithaiga
Linkedin: https://www.linkedin.com/in/gracegithaiga
...the most important office in a democracy is the citizen. So, you see, that’s what our democracy demands. It needs you!----Barrack Obama.
From: kictanet <kictanet-bounces+ggithaiga=hotmail.com@lists.kictanet.or.ke> on behalf of Ali Hussein via kictanet <kictanet@lists.kictanet.or.ke> Sent: Friday, March 24, 2017 3:54 AM To: ggithaiga@hotmail.com Cc: Ali Hussein; Mose Karanja Subject: Re: [kictanet] Safaricom and Internet Traffic Tampering
Listers
This conversation is important in one sense:-
The fact that we have been bashing the government for the last few weeks about snooping on its citizens without recourse to the law or our constitution which they are sworn to protect.
Ngigi's response raises serious red flags. And I quote a part of his response:-
"HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land.
The more you try to twist this, the deeper a hole you dig yourselves in."
End quote.
Here's my worry. Who do we go to when we get so confused about such stuff?
We suspect the government is snooping on us. We suspect the telcos are snooping on us. Who do we ask to intervene? CA? Wait..We aren't even sure about them.. The courts? Maybe that's our only salvation..
Ali Hussein Principal Hussein & Associates +254 0713 601113
Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 23 Mar 2017, at 9:25 PM, Ngigi Waithaka via kictanet <kictanet@lists.kictanet.or.ke> wrote:
HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land.
The more you try to twist this, the deeper a hole you dig yourselves in.
We go offline. On a lighter note. On Fri, 24 Mar 2017 at 06:55 Ali Hussein via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Listers
This conversation is important in one sense:-
The fact that we have been bashing the government for the last few weeks about snooping on its citizens without recourse to the law or our constitution which they are sworn to protect.
Ngigi's response raises serious red flags. And I quote a part of his response:-
*"HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land. *
*The more you try to twist this, the deeper a hole you dig yourselves in."*
End quote.
Here's my worry. Who do we go to when we get so confused about such stuff?
We suspect the government is snooping on us. We suspect the telcos are snooping on us. Who do we ask to intervene? CA? Wait..We aren't even sure about them.. The courts? Maybe that's our only salvation..
*Ali Hussein* *Principal* *Hussein & Associates* +254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 23 Mar 2017, at 9:25 PM, Ngigi Waithaka via kictanet < kictanet@lists.kictanet.or.ke> wrote:
HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land.
The more you try to twist this, the deeper a hole you dig yourselves in.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bkioko%40bernsoft.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
+1 Ngigi, you got it all from my head before I even said it! ./Ok3ch On Thu, Mar 23, 2017 at 9:25 PM, Ngigi Waithaka via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Steve,
This, just doesn't add up....
Let's talk layman, let's talk HTTP; A protocol designed to enable communication between a users browser and the web server.
The only parties that should learn how to 'speak' and 'hear' this protocol is only the browser & the web-server period!
Whether a browser / web-server breaks this protocol and uses HTTP in a way it wasn't supposed to be used is simply not any ISP's business. The duty is on the web-server to inform the user and vice-versa that they cannot understand what the other is requesting for.
The only task an ISP has is simply to *carry* this message, broken or not and charge the user for the data.
What you have just written is akin to saying, if I called Ali on your network and then in the middle of the conversation I used broken English, that my conversation will be promptly cut until I use the *correct* English.
HTTP is what contains the users data. The fact that you have *written* that you look into HTTP means you look into your users data, something that I believe is explicitly against the laws of the land.
The more you try to twist this, the deeper a hole you dig yourselves in.
Regards
On Thu, Mar 23, 2017 at 5:09 PM, Stephen Chege via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Mose and all
We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter internet traffic. In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24th February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express their position.
From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered / crafted HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong it should echo back as sent.
In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged.
We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).
In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of experience, to deliver service to our customers without bias, and does not alter traffic.
We further state that anyone testing our network within accepted RFC standards will be able to establish that our network does not in any way alter internet packets.
regards
Steve
*From:* kictanet [mailto:kictanet-bounces+schege= safaricom.co.ke@lists.kictanet.or.ke] *On Behalf Of *Mose Karanja via kictanet *Sent:* Thursday, March 23, 2017 11:54 *To:* Stephen Chege *Cc:* Mose Karanja; KICTAnet ICT Policy Discussions *Subject:* Re: [kictanet] Safaricom and Internet Traffic Tampering
That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report.
Even after polite reminders, we did not hear back from them officially.
---
Moses
On 23 Mar 2017, at 11:25, Ali Hussein <ali@hussein.me.ke> wrote:
These are very serious allegations guys.
It would be great to hear from Safaricom.
*Ali Hussein*
*Principal*
*Hussein & Associates*
+254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet < kictanet@lists.kictanet.or.ke> wrote:
I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.
For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.
It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.
This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.
I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.
And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!
On 23 March 2017 at 09:27, Mose Karanja via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Hello listers.
CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
You can download the brief from this link:
http://blog.cipit.org/2017/03/23/cipit-research-reveals-evid ence-of-internet-traffic-tampering-in-kenya-the-case-of- safaricoms-network/#more-5833
-Moses
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/odhiambo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
------------------------------ *Note:* All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here to read the policy. http://www.safaricom.co.ke/images/Downloads/Terms_and_Condit ions/safaricom_email_terms_and_conditions.pdf
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/ngigi%40at.co.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Regards,*
*Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000 www.at.co.ke
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/okechukwu%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Hello Steve et al. Everything raised in this email is answered in our research brief. However for the sake of those who have not read the brief, this is our response: The description above from Safaricom is in fact a confirmation of the presence of a middle-box. Ngigi did an excellent job of using an analogy on this. “Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above.” The fact that Safaricom inspects which packets are standard or not implies tampering. Is that legal? It depends. Quality optimization is one way of justifying this but the presence of this on the network just after the CA announced plans to deploy network monitoring equipment is suspect. Does it mean Safaricom did not have a traffic optimizer before and just deployed one in February? As far as the official RFC Standards go, invalid HTTP requests are not specially discriminated at the transport layer: https://www.ietf.org/rfc/rfc2616.txt <https://www.ietf.org/rfc/rfc2616.txt> As for the responsible disclosure, CIPIT did in fact document the timeline of events and what we were waiting from Safaricom before publishing our research brief was official communication as agreed upon with the subject matter experts. Again, all this is documented in the report. Ali raised the issue of the judiciary and its role in interpreting the law. We coincidentally provided that as our recommendation. The Judicial Training Institute should consider continuous legal training on new technologies and involve subject matter experts. Stephen also raised the point of criminals targeting their network. “We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).” We are not aware of such a practice. Ours is an open research methodology that other people can independently repeat and verify. The easiest way to test independently is to download the app from either Android Play store <https://play.google.com/store/apps/details?id=org.openobservatory.ooniprobe&hl=en_GB> or Apple’s App store <https://itunes.apple.com/US/app/id1199566366>. We run the tests on different vantage points and sense-beat the results for false positives. All the data collected so far in Kenya is openly and freely available here <https://explorer.ooni.torproject.org/country/KE>: As will be noted, all these questions were answered on the research brief but we will are ready to engage as time allows. Finally, we wish to point out that we monitor all telecom service providers using the same protocols. Safaricom's is the only network where we found the anomalies described in our report, and the anomaly disappeared shortly after our conversation with the company. This does not seem to be consistent with industry standard activities. -Moses (CIPIT)
On 23 Mar 2017, at 17:09, Stephen Chege <SChege@Safaricom.co.ke> wrote:
Mose and all
We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter internet traffic. In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24th February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express their position.
From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered / crafted HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong it should echo back as sent.
In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged.
We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).
In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of experience, to deliver service to our customers without bias, and does not alter traffic.
We further state that anyone testing our network within accepted RFC standards will be able to establish that our network does not in any way alter internet packets.
regards
Steve <> From: kictanet [mailto:kictanet-bounces+schege=safaricom.co.ke@lists.kictanet.or.ke] On Behalf Of Mose Karanja via kictanet Sent: Thursday, March 23, 2017 11:54 To: Stephen Chege Cc: Mose Karanja; KICTAnet ICT Policy Discussions Subject: Re: [kictanet] Safaricom and Internet Traffic Tampering
That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report.
Even after polite reminders, we did not hear back from them officially.
--- Moses
On 23 Mar 2017, at 11:25, Ali Hussein <ali@hussein.me.ke <mailto:ali@hussein.me.ke>> wrote:
These are very serious allegations guys.
It would be great to hear from Safaricom.
Ali Hussein Principal Hussein & Associates +254 0713 601113
Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> wrote:
I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.
For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.
It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.
This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.
I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.
And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!
On 23 March 2017 at 09:27, Mose Karanja via kictanet <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> wrote: Hello listers.
CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.
In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
You can download the brief from this link:
http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet... <http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet-traffic-tampering-in-kenya-the-case-of-safaricoms-network/#more-5833>
-Moses
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet <https://lists.kictanet.or.ke/mailman/listinfo/kictanet> Twitter: http://twitter.com/kictanet <http://twitter.com/kictanet> Facebook: https://www.facebook.com/KICTANet/ <https://www.facebook.com/KICTANet/>
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com <https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft." _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet <https://lists.kictanet.or.ke/mailman/listinfo/kictanet> Twitter: http://twitter.com/kictanet <http://twitter.com/kictanet> Facebook: https://www.facebook.com/KICTANet/ <https://www.facebook.com/KICTANet/>
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com <https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. Note: All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here to read the policy. http://www.safaricom.co.ke/images/Downloads/Terms_and_Conditions/safaricom_e... <http://www.safaricom.co.ke/images/Downloads/Terms_and_Conditions/safaricom_email_terms_and_conditions.pdf>
participants (8)
-
Ali Hussein -
Bernard Kioko -
Grace Githaiga -
Mose Karanja -
Ngigi Waithaka -
Odhiambo Washington -
Okechukwu -
Stephen Chege