Indian ISP sniffing and censoring CloudFlare’s traffic

A recent report is making rounds of the internet because of its headline itself. According to the report, a popular Indian ISP (Internet Service Provider), Airtel is sniffing and intercepting all unencrypted traffic going upstream from CloudFlare’s India data centers. This is being done irrespective of what ISP the user is on. This is huge because, it will potentially affect everyone in India accessing any of the 2 million+ websites hosted on CloudFlare. This is certainly an alarming news to everyone who are accessing the websites on CloudFlare, as Airtel seems to be interfering with the access.

AirTel is sniffing CloudFlare traffic

Airtel is one of the biggest ISP or internet service providers in India. A team found that the service provider is snooping on traffic that is routed through CloudFlare. This is risking the privacy of millions of web users, which include Airtel users as well as non-Airtel users.

The incidence of CloudFlare traffic censoring came into the picture when some members found that some things did not look right, while they tried to access the Pirate Bay website.

“It started when we discovered that The Pirate Bay was showing a blank page and was attempting to load an iframe to http://airtel.in/dot, which is a notice saying that the site is blocked as per the Department of Telecom’s orders.”

This is what the group could see after analyzing this particular page:

airtel sniffing CloudFlare

Though there are several websites that are blocked by the Indian internet service providers, the group could notice something amiss because this was happening on an HTTPS page, with a valid certificate.

They confirmed the certification by opening the website, https://thepiratebay.org via a VPN. There it loaded fine, and the group confirmed that the certificate for CloudFlare was the same and valid.

The group further got some more clues when the exact same page was shown to people who on non-Airtel networks as well, with a link to Airtel’s notice.

Based on these clues, the group tried to find out the possibilities. One of the possibilities was that CloudFlare it was serving the notice. However, there was an iframe embedded that linked to Airtel’s block message. Hence, the group reached to another possibility, which was fairly possible, but was highly unpleasant. According to the group, CloudFlare was thinking it was talking to The Pirate Bay and was completely unaware that it was actually getting a response from Airtel saying the website was blocked. So it was likely that Airtel was serving this page between CloudFlare and The Pirate Bay.

Though both Airtel and CloudFlare confirmed that there is no flaw on their sides, the story still continues.

Read more about this on Medium.com.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

Leave a Reply

Your email address will not be published. Required fields are marked *