2025-11-17 –, Westin - Partenkirchen
Authoritarian regimes are increasingly leveraging the internet’s architecture to exert real-time control over communication and information. This talk dissects the technical mechanisms used to surveil, filter, and shut down internet access at scale. From deep packet inspection and TLS fingerprinting to BGP hijacking and protocol suppression, we examine how entire populations are digitally silenced. Real-world measurements from global observatories such as OONI, IODA, and RIPE Atlas illustrate the anatomy of large-scale blackouts. Attendees will gain a deep technical understanding of how modern censorship is implemented—and how it continues to evolve.
The internet is no longer a guaranteed channel for free expression. In many parts of the world, state-controlled censorship infrastructures are used to throttle, filter, and shut down online communication with precision and speed. This session delivers a technical deep dive into the modern tactics authoritarian regimes employ to control internet access—often under the pretense of national security or public morality.
We will walk through the technical architecture of internet censorship, including:
• Deep Packet Inspection (DPI): How governments classify, disrupt, or terminate encrypted traffic using TLS SNI filtering, JA3 fingerprinting, and first-packet heuristics.
• Protocol Whitelisting and Throttling: How non-standard protocols (e.g., VPNs, obfs4, DNS-over-HTTPS) are blocked or degraded using traffic shaping and active probing.
• Routing-Level Censorship: The use of BGP hijacking, IP blacklisting, and choke-point control to cut off international access.
• DNS Manipulation: Poisoning, NXDOMAIN injection, and blocking of encrypted DNS channels.
• Shutdown Mechanics: A detailed analysis of recent full-scale outages triggered by centralized control over physical and logical gateways.
Case studies are drawn from high-profile events across the last decade, with supporting telemetry from measurement platforms such as NetBlocks, IODA, Censored Planet, and RIPE Atlas. These events demonstrate the increasingly adaptive and layered nature of modern network-level repression.
This session is intended for cybersecurity engineers, threat analysts, and researchers who want to understand how internet infrastructure is being exploited—not just by threat actors, but by state-level adversaries. Participants will leave with a multi-layer understanding of real-world censorship mechanisms and the observable signatures they leave behind.
Internet censorship, Network shutdown, State-scale internet control, Deep packet inspection (DPI)
I’m a cybersecurity professional with a background in network security, threat analysis, and internet infrastructure research. My focus is on the intersection of technology and civil liberties, particularly how network-layer protocols are used—and misused—by state actors to control access to information.