Why It’s So Hard to Fully Block X in Brazil

September 6, 2024:

The social network X has been largely inaccessible in Brazil since Saturday, after the country’s Supreme Court ordered all mobile and internet service providers to block the platform. The court order followed a months-long dispute between Judge Alexandre de Moraes and X CEO Elon Musk over the company’s misinformation, hate speech, and moderation policies.

With Brazil’s population of 215 million people, its mature democracy, its sprawling land mass, and more than 20,000 internet service providers, blocking a web platform in the South American nation isn’t straightforward. And while the biggest ISPs have implemented the ban, many are still scrambling to comply with the order, leaving a patchwork of access to the site.

“Brazil has made headway blocking X on the main internet providers, but our telemetry indicates there’s a long tail of local and regional ISPs where the service is still available,” says Isik Mater, director of research at the internet censorship analysis group NetBlocks.

The Open Observatory of Network Interference reported that a similar progression played out when Brazil’s Federal Police obtained a court order in April 2023 for ISPs to block the communication platform Telegram because it would not fully share information about users involved in neo-Nazi group chats. Some large ISPs began blocking Telegram immediately. “However, the block was not implemented by all ISPs in Brazil, nor was it implemented in the same way,” the group wrote. “This suggests lack of coordination between providers, and that each ISP implemented the block autonomously.”

A similar progression has been playing out with the X ban. Brazil’s 20,000 ISPs produce a notably competitive market, but only a few have infrastructure nationwide. About 40 percent are tiny regional providers with 5,000 customers or fewer. The human and digital rights watchdog Freedom House rates Brazil’s internet freedom as “partly free” and trending to be more restrictive, because of the country’s far-reaching efforts to crack down on political misinformation in recent years and its three-day ban on Telegram. Brazil also blocked the secure communication platform WhatsApp in December 2015 and again in May 2016 because it did not respond to similar data requests.

Brazil’s National Telecommunications Agency did not respond to WIRED’s multiple requests for comment.

Unlike in countries including Russia, Iran, and China, there is currently no legal apparatus or technical infrastructure by which the Brazilian government can systematically and comprehensively restrict access to particular websites or online platforms, or impose connectivity blackouts on its citizens.

Reports indicate many Brazilian ISPs that have implemented the ban are using the technique known as “DNS filtering” to block access to X. The domain name system is the internet’s phonebook for looking up the IP addresses associated with URLs such as www.wired.com. DNS queries are sent to a DNS “resolver” that does the IP address lookups, and ISPs can configure their resolvers to filter or block requests for particular websites.

Mobile apps like X’s Android and iOS apps don’t rely on DNS, though, so DNS filtering alone is not enough to block all connections to a web platform. Some Brazilian ISPs seem to also be using IP address “sinkholing”—redirecting online traffic to a different server than the users intended to visit—as a way to send traffic meant for X into the abyss.

“We’re seeing variation by provider in Brazil, and right now it looks they’re each trying their own thing to see what works,” NetBlocks’ Mater says. “Brazil has a diverse network infrastructure with lots of ways for data to enter and leave the country, so there isn’t that centralized choke point and ‘kill switch’ we see in [some] authoritarian-leaning countries.”

VPN usage has surged in Brazil this week under the ban as a way around ISP attempts to block X, but the court order ban includes a provision stating people could be charged a fine of 50,000 reais—around $8,900—per day for using circumvention tools like VPNs.

Source link