Analysis

Majority of the government’s ‘whitelist’ sites for Kashmiris unusable!

The Union government’s whitelisting of sites for residents of Kashmir is being offered as a sop for the residents, cut off from online communication since Aug 4, 2019, on the eve of the abrogation of Art 370.

Rohini Lakshane and Prateek Waghre did this study on how the whitelisted sites really looked.

Whitelisting is a reinforcement of the government’s policy on firewalling the Internet, as medianama editor Nikhil Pahwa reported here.

Do check their report in the form of the tweets and the Dataset here: https://zenodo.org/record/3627665

Tweets:

Thread on the Kashmir Whitelist.

Earlier this week @aldebaran14 and I analysed the 153 websites on the whitelist as per the 18th Jan Order and found that ~80 were not ‘practically usable’. We wanted to understand how these websites will work/look under this whitelist regime (1/n)

https://twitter.com/prateekwaghre/status/1221080964794744839

So we setup Chrome with an extension to allow access only to the hostnames listed in the order. Now, there are limitations with this method. We did not test on a 2G network. We could not carry out actual transactions and the assessment of usability is a bit subjective (2/n)

https://twitter.com/prateekwaghre/status/1221080967458091008

We looked for whether the website was visually affected, if the images loaded, if the login section was accessible and the main function(s) of the website still worked along with some general navigation to see what was affected (3/n)

https://twitter.com/prateekwaghre/status/1221080970654150656

In perusing the list we found typos, duplicate entries, entries without actual hostnames and some that were indeterminate. After removing these, we were left with 134. Of these we found ~80 websites were not practically usable. Why? (4/n)

https://twitter.com/prateekwaghre/status/1221080973200089088

Well, the way most websites are designed, a lot of content comes from subdomains, CDNs. They also have 3rd party content like analytics services, ads, various libraries that manage the UI etc. None of this worked because there were not on the whitelist (5/n)

https://twitter.com/prateekwaghre/status/1221080976551374853

So most of the websites were broken. Here is an example of http://amazon.in. We also pulled a request map to highlight how much content comes from other domains. Different websites were affected to varying degrees depending on how they were designed (6/n)

https://twitter.com/prateekwaghre/status/1221080989625024512

In case of http://irctc.co.in, we found that though the page was still (sort of) readable, the search feature was unresponsive. The train status feature took us to another link, which of course, was not the on the whitelist. (7/n)

https://twitter.com/prateekwaghre/status/1221081000479883264

For the ones classified as banking websites, we found that only 2 of the 15 on the list had accessible login pages (eg. For SBI bank, the whitelisted domain was http://onlinesbi.com, but to login you need to go to http://retail.onlinesbi.com which was not on the list) 8/n

https://twitter.com/prateekwaghre/status/1221081003705241600

The inclusion of streaming services seems absurd because: 1) 2G 2) Most of them use CDNs for delivering video content (as I said earlier, these are not on list). 3) No actual hostnames were given – how does the ISP know what to allow? Are they expected to analyse the apps? (9/n)

https://twitter.com/prateekwaghre/status/1221081006318354434

We excluded these and ‘Jio Chat’, so in reality (esp. over 2G) the number of unusable websites maybe higher than what I said earlier in thread. Of the ones that worked, 25 were minimally impacted (mainly had textual information). 30 were ‘partially usable’ (10/n)

https://twitter.com/prateekwaghre/status/1221081008717488128

We ended the exercise with more questions than answers. Some of them are: 1) On what basis are these (and future) domains selected? 2) Why are some some sites on the list while others in the same category are not? 3) How will ISPs actually implement this? (11/n)

https://twitter.com/prateekwaghre/status/1221081011544453120

I know the list was updated to approx 300.Haven’t read through it in detail,but a cursory glance was enough to spot duplicates and strange entries (trying hard not to judge).I would love to test the new ones, sadly, we’re caught up with other stuff over the next few days. (12/n)

https://twitter.com/prateekwaghre/status/1221081014174269441

We’ve also done a detailed write-up that we’re hoping to publish soon. Both

@aldebaran14

(credit to her for kicking this off) and I are also happy to release the spreadsheet that we recorded our analysis on, in case anyone wants to build off it. (13/n)

https://twitter.com/prateekwaghre/status/1221081016640520192

I’ve tried very hard not to offer any value judgement on this whitelisting approach on this thread. The intent was to (attempt to) understand and draw attention to what some one in Jammu and Kashmir might experience due to this exercise. (14/14)

https://twitter.com/prateekwaghre/status/1221081019400343559

Correction for #8. The whitelisted domain for SBI is www_onlinesbi_com (I’ve replaced the . with _ because twitter drops the www automatically)

https://twitter.com/prateekwaghre/status/1221091207033393152

 

 

 

 

Categories: Analysis

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s