Internet to Tunisia

Mailman List Mirror (Read Only)
1

I am hearing reports of Internet blockage in / to Tunisia, where a near full-on revolt is being coordinated / reported on by
social media such as twitter ( #sidibouzid ), Facebook and Youtube.

Can anyone confirm that there is blockage ? Are there any in-country resources to check this ? There does not appear to be a looking glass in Tunisia.

Regards
Marshall

2

a message of 10 lines which said:

Can anyone confirm that there is blockage ?

There exists filtering for a long time and it is widely documented. I
am not aware of a global blockage today.

Are there any in-country resources to check this ?

The Web site of the Tunisian Internet agency, <http://www.ati.tn/>, it
is hosted in Tunis, as are some of the name servers of .TN like
ns2.ati.tn.

3

Are you referring to this:

http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernames-and-passwords

(short url: http://tinyurl.com/36tu64h)

Nick

4

I am hearing reports of Internet blockage in / to Tunisia, where a near full-on revolt is being coordinated / reported on by
social media such as twitter ( #sidibouzid ), Facebook and Youtube.

Can anyone confirm that there is blockage ? Are there any in-country resources to check this ? There does not appear to be a looking glass in Tunisia.

Are you referring to this:

http://www.thetechherald.com/article.php/201101/6651/Tunisian-government-harvesting-usernames-and-passwords

(short url: http://tinyurl.com/36tu64h)

No, I have received personal communications.

On twitter right now there are frequent claims that all https is blocked (presumably a port blocking).

Regards
Marshall

5

A quick search pulls up.
http://www.cpj.org/internet/2011/01/tunisia-invades-censors-facebook-other-accounts.php

Since Gmail defaults to HTTPS, and many other sites left to their own devices,
it is necessary for an attacker to try and force clients to use HTTP or start
conversation using HTTP (so that no one notices when the important bit isn't
encrypted, or to enable javascript from a third part to be injected).

NoScript for Firefox has a force HTTPS for a domain feature.
http://noscript.net/faq#qa6_3

But what clients really need is a way for servers to say "always use
encryption".
http://noscript.net/faq#STS

Of course when it gets to the level of countries, it is quite plausible your
browser may already trust a certificate authority under their jurisdiction so
all bets are off.

I think I'm saying HTTPS doesn't quite hack it in browsers yet, but it will
be "secure enough" real soon now.