As outlined in our framing post, information controls aim to manage the content accessible to a population, including information posted online. Content controls can include laws and regulations that restrict free speech online or in certain media, as well as technical measures designed to limit access to information — otherwise known as “Internet filtering.” We employ a multidisciplinary mixed-methods approach to studying content controls that includes technical testing of government mandated Internet censorship policies and practices, field research by regional and country-level experts, as well as analysis of the country’s legal and regulatory filtering framework. The combination of technical investigation with political, social, and legal contextual research is essential for understanding both how and why information controls are applied. We also aim to determine the specific techniques and, where possible, the products that are used to implement Internet content filtering.

Indonesia is a prime example of a country where mixed-methods provide essential insight to the scope, scale, and character of content controls. As described in our prior post, the country is characterized by a highly distributed and very competitive media environment in which Internet service providers (ISPs), civil society stakeholders, and government ministries engage in a sometimes contentious debate over what content should be filtered, by whom, under what processes, and according to which laws. This dynamic environment is set within a country that has significant cultural and religious sensitivities around certain types of content. Although network measurement provides us with a baseline of data, our analysis of the scope, scale, and character of Indonesian content controls is greatly enriched by local knowledge of the Internet and cyberspace environment in the country, parts of which are explained in our infrastructure and governance post.

Building on past network measurements, legal, and policy analyses undertaken by the OpenNet Initiative, we set out to apply a mixed-methods approach to better understand the current situation. Our analysis is set in the context not only of the 2013 IGF, but amidst increasingly intense debates about free expression and access to information, and rapid technological change and development.

The detailed results of our analysis and technical tests our outlined below. Our main findings can be summarized as follows:

Implementation of Internet filtering in Indonesia is decentralized (in both policy and technical processes). Although the Indonesian government sets broad expectations and “rules” (sometimes informally communicated) about what content should be filtered by ISPs, and is moving towards standardizing telecommunication laws that would more systematically regulate content control practices, the actual control of content today is left primarily to the discretion of ISPs.

Reflecting the decentralized nature of the ISP environment, our research detected  a range of Internet filtering devices and software, and a diversity of content control practices, being used on different ISPs. Some ISPs use the government promoted systems DNS Nawala and Trust+ Positif, while others use different systems. For example, we found one ISP uses Netsweeper, a content filtering service manufactured by a Canadian company based in Guelph, Ontario, Canada.

We also detected the presence of devices manufactured by California-based Blue Coat systems. We detected the presence of Packetshaper devices, which have the ability to monitor and control network traffic on the two biggest Indonesian IPS, Telkom Indonesia and Indosat. We detected the presence of CacheFlow on Telkom Indonesia — an appliance whose primary function is to optimize bandwidth by caching but that can also be configured to block content.

Although formally and officially, Indonesia requires the blocking of pornography and gambling-related content, we found that Indonesian ISPs apply content controls on content related not only to these areas of speech, but also to religious issues and religious advocacy groups, and content related to sexuality and gender (e.g., local  LGBT community websites), among other content categories. We found that there was inconsistency among ISPs as to the precise nature of content that is targeted for filtering.

Citizens are prevented from accessing content that does not fall within objectionable content on ISPs  which rely on evidently error-prone mechanisms to categorize website URLs. We provide evidence that websites of academic institutions and government agencies are categorized on Trust+ Positif URL list dataset as “porn,” which results in these websites being blocked on ISPs relying on these URL lists.

We ran network measurements on Internet connections provided at the 2013 IGF venue and found that the main network connection for workshop sessions was not filtered (as per the stipulations of the IGF host country agreement). However, back up connections (for public areas of the venue) provided by local Indonesian ISPs (Telkom and Indosat) did filter access to content. We compare these results with measurements from network vantage points outside of the IGF venue.

Legal and Regulatory Frameworks

Although Indonesia’s constitution guarantees freedom of expression under Article 28E(3), a number of laws limit freedom of expression online and restrict access to content considered dangerous or socially unacceptable. The Penal Code and a 1965 blasphemy law that prohibits religious blasphemy are used to limit free expression. But the most prominent laws are the 2008 Electronic Information and Transaction Law and the 2008 Anti-Pornography Law. Our blog post on infrastructure and governance explains the nature of these laws in greater detail.

The 2008 Electronic Information and Transaction Law limits freedom of expression and prohibits defamation. Free speech advocates requested a judicial review of the defamation article in the law, but the Constitutional Court denied the request in 2009. The Anti-Pornography Law was passed in October 2008 amidst opposition from various groups who considered the law a threat to the cultural diversity and the rights of minority groups and women in Indonesia.

The Anti-Pornography Law, which was aggressively promoted and implemented by many ISPs and Internet cafés in 2010 in an effort to block millions of pornography sites during the holy month of Ramadan, was a major turning point for the country’s filtering policies and practices. At this time, efforts to build more centralized systems, such as DNS-Nawala and Trust+ Positif began to emerge with Indonesian policy makers promoting their use among ISPs. Meanwhile, the government began installing Trust+ Positif on computers supplied to villages under its Desa Pintar (Smart Village) program. It was also during this time that the Indonesian government threatened to shut down BlackBerry in the country unless it began filtering pornographic content. BlackBerry announced in January 2011 that it would comply with the request and work with carriers to put in place a filtering solution.

Apart from specific invocations of the law, the Indonesian government also pressures ISPs to block websites it defines as extremist in nature. After religious violence erupted in the country in 2011, 300 websites encouraging greater conflict were blocked as a consequence of this type of pressure. In July 2011, the Indonesian Minister of Communication and Information Tifatul Sembiring announced plans to filter websites offering illegal downloads of music and videos. The Minister warned that users of these sites could face jail terms and heavy fines for illegal downloading. Individuals with intimate knowledge of these processes explain to us that requests to block content are occasionally passed on by government officials over phone or in person during meetings with ISPs and telecom employees. Subtle pressures and moral suasion, rather than transparent and publicly accountable laws and regulations in other words, are occasionally the means ministry officials employ to promote compliance.

As is the case in a number of other countries, Indonesian policymakers have been using codewords that while seemingly innocuous to some create concerns for many of a growing interest in blocking access to or communication of content that is culturally, religiously, or politically offensive. For example, the INSAN Socialization Team of the Ministry of Communications and Information Technology has been actively promoting a “healthy and safe” Internet. The objective of the program is to “socialize a healthy and safe use of Internet to various levels of society in order to avoid misuse and take benefits for society.” Leading up to and during the 2013 IGF Indonesian policymakers emphasized the need to consider an “ethical” Internet — a euphemism around which some Indonesian civil society groups and IGF delegates, including the U.S. State Department representative Christopher Painter, raised concerns.

Prosecution of Netizens

Indonesian laws, rules, and informal directions around content controls are reinforced by occasional prosecution of individuals. The following are some of the more egregious cases.

The most prominent case that invoked the Anti-Pornography Law is that of pop singer Nazril Irham (also known as ‘Ariel’), whose homemade, explicit videos were circulated on the Internet against his consent in June 2010. He was convicted and sentenced to three and a half years in prison and a fine of USD 28,000, but was released after serving only two-thirds of his prison sentence for good behaviour. Irham’s conviction, followed by other sex scandals involving local celebrities and politicians, prompted renewed calls for content control by ICT Minister Tifatul Sembiring to block access to pornography websites during the holy month of Ramadan in 2010. His teams immediately set out to deploy firewalls for more than 2,000 Internet cafes around the country, as he said it was a “race against time” to protect children from harm. Indonesia’s President, Susilo Bambang Yudhoyono, has also indicated his support for an Internet filter to block pornography.

One of the most prominent online defamation cases has been the prosecution of Prita Mulyasari, who was sued by the Omni International Hospital. Prita, a Jakarta-based housewife and mother, communicated her disappointment with Omni Hospital’s service to her friends by email in September 2008, which was forwarded, circulated on electronic mailing lists and posted online. Once the email became public knowledge, Omni International Hospital responded by filing a criminal complaint and a civil lawsuit against Prita. She was then arrested in May 2009, by the Banten Provincial Prosecutor’s Office and charged under Articles 310 and 311 of the Penal Code regarding defamation and Article 27 of the ITE Law. The court had initially found Prita liable in the civil case and ordered her to pay 204 million Rupiah (approximately USD 22,000) to Omni International. The charge sparked outrage among tens of thousands who joined a Facebook group in her support and held an online fundraising campaign, “Coins for Prita”, to help her pay the fine. The campaign raised 650 million Rupiah or more than three times the amount of the fine. After appealing to the Supreme Court, she was later acquitted of all civil charges in September 2010. At the same time, the criminal proceedings were underway, which eventually found her guilty and she was given a suspended sentence of six months’ imprisonment contingent upon good behaviour. Upon appealing in 2012, the Supreme Court overturned the lower court’s decision and quashed the criminal charges.

In June 2012, civil servant Alexander Aan was sentenced by a West Sumatra court to two-and-a-half years in prison and fined 100 million Rupiah (USD 11,100) (or face another two months in prison) for comments considered blasphemous made on his Facebook account and Facebook fan page, titled Ateis Minang (Minang Atheist). Aan’s conviction was justified on the grounds that he had violated the blasphemy provisions of the Penal Code, as well as Article 28 of the Electronic Information and Transaction Law by “spreading racial and religious hatred.”

Technical Implementation of Content Controls

The Internet environment in Indonesia is highly distributed. As a consequence of this distribution, the scope and depth of what content is actually filtered can vary between ISPs, leaving users with different Internet experiences depending on from where they ultimately connect. Some ISPs even still offer, on occasion, an entirely unfiltered Internet, although that is increasingly rare. We confirmed this variation in both manual and automated network measurements, made from inside and outside the country, which are outlined in detail below.

 In spite of the decentralization, there are also growing tendencies of standardization, if not centralization. For example, a number of national-level systems have emerged that offer filtering services, promoted by the Indonesian MCIT. ISPs are encouraged to connect to these services as a way to sub-contract out the job Internet filtering and to ensure that they comply with government expectations. Additionally, ISPs have begun to purchase commercial filtering products developed outside of Indonesia, for example those made by Netsweeper and Blue Coat, whose services include categorizing and controlling access to content online, thus taking the burden of maintaining content controls away from ISP administrators. Should more ISPs use these type of services, the existing decentralized architecture of the ISP ecosystem could in practice tend towards a degree of standardization of content targeted for filtering, though that is not the case today.

As part of its national program “Healthy and Safe Internet” the INSAN Socialization Team of the MCIT is endorsing two DNS filtering projects that include configurations and URL lists  to standardize content filtering on Indonesian ISPs, Trust+ Positif and DNS Nawala. However, currently the use of these programs is optional. ISPs use a variety of filtering systems and techniques, and are therefore inconsistent in terms of the content that is blocked.  During the IGF 2013 meeting, MCIT booths prominently displayed advertisements for and distributed materials about the “Healthy and Safe Internet” program that promote Trust+ Positif and DNS Nawala (see figure 1 below).

Figure 1. Promotional materials for the “Healthy and Safe Internet” program disseminated by the MCIT at their IGF 2013 booth

DNS-enabled filtering Initiatives

Private sector associations in Indonesia have also made several attempts to standardize content to be controlled and techniques for DNS filtering.  Beginning in 2008, the Association of Indonesia’s Internet Cafés (Awari) started an initiative to standardize filtering across Internet cafes and provide a means for users to report sites for blocking. Prior to 2008, filtering in Internet cafes was decentralized. Standardization of filtering was seen as positive development to ensure that Internet cafes operate on an equal footing.

These moves toward standardization were further enhanced with the development of  DNS Nawala an initiative that was started in November 2009 by the MCIT with the support of Awari, PT Telkom, and  Indonesian political parties in a response to pressures to implement the 2008 Anti-Pornography Law and the introduction of the “Healthy and Safe Internet” (INSAN) program. Standardization of content filtering was seen as a requirement to ensure compliance with the INSAN program. When DNS Nawala was launched  PT Telkom, the largest ISP in Indonesia, agreed to use the program. When PT telkom announced it will use Nawala, Eddy Kurina (Vice President Public and Marketing Communication) stated ”for the growth and development and improvement of quality of young generation and as part of the Corporate Social Responsibility program, Telkom provides DNS Nawala able to select the internet contents,” The program was setback when network disruptions followed an installation of DNS-Nawala on a major Internet Exchange Point.

The Indonesian Internet Service Provider Association (Asosiasi Penyelenggara Jasa Internet Indonesia, APJII) has an agreement with DNS Nawala to provide use of the service to the 250 members of the ISP association. As part of this cooperation APJII provides DNS nalawa with 5 servers and DNS Nawla its block lists available to APJII members.

The use of DNS Nawala is not compulsory for APJII members. However, in a statement APJII Chairman Sammy Pangerapan cautioned APJII members that they are responsible for content on their networks and the APJII encourages members  to use the service.

Trust+ Positif

Trust+ Positif is maintained and endorsed by the MCIT, and provides content filtering capabilities distributed as configuration files and block lists for the popular open source Squid HTTP proxy and the SquidGuard add on which is an open source implementation of URL access control lists for Squid. Trust+ Positif is another attempt to standardize content filtering in Indonesia and is described as providing access to a “safe and healthy internet by protecting internet access based on series of lists containing healthy and reliable information.”  The system aims to protect society against values, ethics, morals “that do not fit with the image of the Indonesian nation.”

Figure 2. Ministry of Communication and Information Technology booth at IGF 2013 promoting Trust+ Positif

Trust+ Positif feeds Squidguard two URL databases:

Domain List: Contains a list of top-level domains. If a domain is found on this list (e.g. facebook.com) then any subdomain or path (e.g. *.facebook.com or www.facebook.com/home.php) which includes the top-level domain will be included

URL List: Contains lists of single URLs (e.g. www.facebook.com/pages/Everybody-Draw-Mohammed-Day).

These lists group URLs and domains into a number of categories:

White List (Positive/Reliable): This category includes domains and URLs that have been flagged as “positive or trusted” (e.g. government domains).

Black List (Negative/Filtered). This category contains URLs and domains with content that is considered “negative” such as pornography. The black list is divided into three categories: “Study Results and Public Submissions”,  “International Pornography” and “International Open-Proxy”

The contents of these lists  and information about the number of domains and URLs included are made publicly accessible, as seen in Figure 3.

Figure 3. Quantity of URLs and domains in Trust+ Positif databases


The Trust+ Positif website includes a submission page that encourages users to participate in the development of URL lists (to blacklist websites for filtering or whitelist for accessibility)  by forwarding pages to an email address or filling in a submission form (as of Oct 25 2013 this form is described as “under development”). However, how this submission process operates in practice is unclear and the ultimate decisions of what to block is made by the MCIT. No judicial order is required.

Trust+ Positif URL Miscategorization

The Trust+ Positif website provides users with the option to search for information about domain names or URLs that have been registered in the Trust+ Positif URL lists. This search helps users find out whether a domain name or URL has been listed in the Trust+ Positif database, and check for categorization.

We  enter URLs of websites containing sexual and pornographic content and the database returned their categorization as “porn” websites. For example, the URL playboy.com was returned as “porn”, as seen below in Figure 4.

Figure 4. Trust+ Positif shows categorization of playboy.com as “porn”

Interestingly however, when we tried URLs of non-pornographic websites that have been found blocked on some Indonesian ISPs, the database returned no data. For example a search for the website   www.faithfreedom.org, which has alternative views on the faith of Islam returned the message “Tidak ada data” (no data), as seen in Figure 5

Figure 5. Trust+ Positif reports no data available for the blocked URL faithfreedom.org

We analyzed how the Trust+ Positif URL dataset categorizes a sample of URLs and found that there are numerous URL miscategorizations that result in erroneous blocking.  We downloaded the block list which categorizes which domains are pornographic which is publicly available on the Trust+ Positif website.  We then searched through the list to find examples of potential miscategorizations. Once completed, we verified that these URLs and domains are currently in the Trust+ Positif URL lists by submitting them to their online URL checking tool.

Examples of such miscategorization are provided in Table 1.



Categorization in the Trust+ Positif Database


GLBT Resource Center at Colorado State University



Dating website



UK government website about Gibraltar



New Spirit Community Church



Liberty Education Forum – Think Tank from Washington, DC



LBGT Social Issues and Personal Site



LGBT Social Issues Site



Academic Paper about Peeping Toms

Porn (urls)


Library at the University of Rochester



Literary Journal



IT Firm from Florida



Dating Site


Table 1: Examples of URLs miscategorized in the Trust+ Positif database as “porn”

The Trust+ Positif website is served to users browsing blocked content on certain ISPs (http://internet-positif.org) is ranked by Alexa amongst the top 100 pages accessed in Indonesia (number 72 in October 24, 2013) which suggests that a significant number of access attempts are served the blockpage.

Comparison of Nawala and Trust+ Positif Block Lists

We compared the lists from both Nawala and Trust+ Positif of domains that they categorize as pornographic content. The Nawala block list was retrieved at a time in which a misconfiguration of the Nawala website in 2010 allowed for the download of the block list. The Trust+ Positif blocklist was retrieved directly from a public link on their website. Upon comparison we found that the majority of domains listed are common between the two sets of lists.  The Trust+ Positif list does not include any additional domains which are included in the Nawala list, while the Nawala list has 205 additional domains which  are not in the Trust+ Positif list.

Canadian and US Commercial URL filtering Products Detected in Indonesia


Netsweeper is a technology company based in Guelph, Ontario, Canada, which provides software products that are used to filter Web content. In previous research, we found that Netsweeper software was deployed to censor political and human rights related content at the national level in Pakistan, Qatar, Kuwait, UAE, and Yemen. We searched for signatures of the Netsweeper products in the search engine Shodan, using methods described here, and we found an installation of Netsweeper on the Indonesian ISP Excelcomindo Pratama Pt.

The Netsweeper control panel appears at while the block page is accessible at

Figure 6. Netsweeper control panel installed on ISP Excelcomindo Pratama Pt.

Blue Coat

Blue Coat Systems is a California-based provider of network security and optimization appliances. Some of these products include functionality that can enable network filtering and surveillance. These products include: ProxySG  that works with WebFilter, to categorize web pages for filtering; PacketShaper, a cloud-based networking management devices that can establish visibility of over 600 web applications and control undesirable traffic; and CacheFlow, a web caching appliance that functions to optimize bandwidth. ProxySG provides “SSL Inspection” services to solve “issues with intercepting SSL for your end-users.” PacketShaper has the ability to monitor and control network traffic: it is integrated with WebPulse, Blue Coat Systems’ real-time network intelligence service that can filter application traffic by content category. CacheFlow can be configured to block content.

While these tools can be used to maintain and secure networks, they can also be used to implement politically-motivated restrictions on access to information, and monitor and record private communications. Thus, depending on its end-use, these tools can be used to serve legitimate and positive purposes, or purposes resulting in adverse impacts on human rights. This capacity is often referred to as “dual-use,” a term adapted from language used to describe technologies with both civilian and military applications.

As part of prior Citizen Lab research that included a combination of wide-area scanning techniques, Shodan queries, and other experimental methods, we found Blue Coat devices on public networks of 83 countries (20 countries with both ProxySG and PacketShaper, 56 countries with PacketShaper only, and 7 countries with ProxySG only). Among those findings was the presence of PacketShaper on the networks of both IndoSat ( and Telkom Indonesia ( networks. We also found installations of CacheFlow on Telkom  (

Network Measurements

We used a variety of techniques for measuring censorship on networks in Indonesia including client-based tests performed within Indonesia and remote tests through publicly available web proxies and virtual private networks (VPNs).

Client-based tests: Data was collected by performing synchronized HTTP requests in both a field location (i.e., a location where Web censorship is suspected) and lab location (at the University of Toronto) using customized measurement software written in Python in a client-server model. The lab network acts as a control and is located at a site that does not censor the type of content tested by the measurement software. The field locations included a number of Indonesian ISPs.

During tests the client attempts to access a pre-defined list of URLs simultaneously in the country of interest (the “field”) and in a control network (the “lab”). Tests were conducted on URL lists that consisted of globally sensitive URLs, tested in all regions, and locally sensitive URLs that are specific to the social, political and cultural context of Indonesia.

A number of data points are collected for each URL access attempt: HTTP headers and status code, IP address, page body, and in some cases traceroutes and packet captures. A combined process of automated and manual analysis attempts to identify differences in the results returned between the field and lab in order isolate instances of filtering. As attempts to access websites from different geographic locations can return different data points for innocuous reasons (such as a domain resolving to different IP addresses for load balancing, or displaying content in different languages depending on where a request originates from) manual inspection of results is often necessary to verify if inaccessibility is caused by deliberate filtering or mundane network errors.

In addition to tests using our measurement software, tests were also run with two other network measurement tools: Netalyzr and OONI-Probe. Netalyzr is a network diagnostic tool developed at the University of California, Berkeley. We ran it to gather additional data about the properties of tested networks. Collin Anderson an independent researcher who attended the 2013 IGF also ran tests with OONI-probe  (a client based Internet censorship measurement tool developed by the Tor project) and contributed his results to this post.

Remote tests: We ran tests of website accessibility using publicly available Indonesian web proxies and VPNs. The purpose of these tests were to help develop our URL testing lists for client-based measurements.

2008-2010 Network Measurement Results

Between 2008-2010 we ran client-based network measurements on 20 different ISPs in Indonesia. The results of this testing show significant decentralization in how Indonesian ISPs technically implement filtering and inconsistency between ISPs in terms of the content that is blocked.

On Indosat (AS 4795) and XL Axiata (AS 24203) we observed block pages delivered via DNS redirection to IP addresses hosted by each ISP, and we noted that Indosat’s use of blockpages began in late 2010. Similarly, we observed XL Axiata implementing a combination of DNS redirection and block pages in 2010, but lack longitudinal data about this ISP.

In contrast to Indosat and XL Axiata that display block pages, BIZ Net (AS 17451) implemented DNS redirects that went to non-routable IPs, and therefore look like transient failures from the user’s perspective. In 2008, redirects went to IP, but in 2009 and onwards we saw this shift to the link-local IP address. Finally, we note that in 16 different tests over three years at First Media (AS 23700) showed no evidence at all of DNS redirection.

The specific content blocked is also inconsistent across ISPs. Pornographic content and gambling websites were regularly blocked by Indonesian ISPs in our sample. However, testing conducted from 2009-2010 showed that on some ISPs (e.g. Indosat, XL Axiata) blocked websites included content related to free expression (e.g. http://freespeech.org an online video network, and http://freespeecolation.com, a free speech colation group), and anonymizers and censorship circumvention software. Content related to local LGBT community groups and information portals was also found blocked.

 A summary of historical data that ONI has collected from Indonesia from 2008-2010 is in shown in figure 7.  It shows the fraction of blocking behaviours observed on different ISPs in the region.  The possible behaviours indicated are:

No DNS Response – When there is not DNS response given in Indonesia, while there is in Toronto

DNS Redirection – When a DNS query redirects to a different IP in Indonesia compared to Toronto

No HTTP Response – When an HTTP response is seen in Toronto but not in Indonesia

LCRST (Low Confidence Reset) – When the page is retrieved successfully in Toronto (Response code < 400) while a reset packet is observed in Indonesia with no content returning.

RST (Reset) – When LCRST occurs more than three times in a week for the URL in Indonesia.

Block Page – When a known block page is returned in Indonesia.

Figure 7. Summary of blocking in Indonesia (ISPs with at least 10 blocked URLs per year in at least 2 years). For further technical details regarding how these categories are determined please refer to table 3, page 5 in http://www.cs.stonybrook.edu/~phillipa/papers/ONIAnaly.html

2013 Network Measurement Results

Remote measurement results

Nawala: Testing was conducted using Nawala’s publicly accessible DNS servers ( and using the same list of URLs used for in-country testing . 215 URLs from this list of 1387 URLs resolved to the IP address, which is the blockpage for the Nawala service as seen in Figure 8. The full list of URLs tested and found blocked using the Nawala service can be found here.

The blockpage reads (translation from Indonesian):

“The website you are trying to open cannot be access on this network. www.playboy.com is categorized as one of the following:

- Porn

- Gambling

- Phising (sic) /malware

- SARA [SARA stands for “Suku, Agama, Ras, Antar-golongan”, which refers to content related to ethnicity, religion, race and Inter-group relations].

If you feel the website that you want to access is erroneously categorized, please contact us via email info@nawala.org”


Figure 8. DNS Nawala blockpage

Client-based measurement  results

Client-based network measurements were run run on 4 ISPs, including 3 connections provided to delegates at the IGF 2013 venue and 1 ISP outside of the IGF venue to provide a basis for comparison between content controls at the IGF and those elsewhere in the country.

AS: THREE-AS-ID Hutchison CP Telecommunications, PT
Netalyzr Results

Testing was conducted on October 22 and 23, 2013 on the ISP Tri using a 3G mobile connection tethered to a laptop running our client-based measurement software. Test results showed 142 URLs blocked out of the sample of 1387 URLs tested. Blocked content spanned 22 content categories, including LGBT content, critical religious content, independent media, circumvention tools, sex education sites, gambling and pornography. A full list of blocked content can be found here

Blocked content resolved to a private routable IP address of and displayed a non-transparent blockpage stating “It works!”.  The HTML source is identical to the default web page of a fresh installation of the apache web server,  as seen below in figure 9.


Figure 9. Blockpage and HTML source found on ISP Tri

IGF Venue Network Measurement Results: The Bali Nusa Dua Convention Centre (the venue for the 2013 IGF) provided four wireless connections to participants (SSIDs: IGF 2013, IGF-a, IGF2013.wifi.id, IGF2013@Indosat). See Figure 10.

Figure 10. Sign describing wireless Internet access points at the IGF 2013 venue

The host country agreement signed between the government of Indonesia and United Nations mandates that an open Internet connection is provided. The primary wireless network, identified by the SSID IGF2013, is intended to offer this unfettered access. A network administrator from the organizing committee informed us that “the main wi-fi access managed by [the IGF host] committee is using SSID “IGF2013″, and we didn’t filter any sites”. A 5 Ghz version of this primary network, with the SSID IGF2013-a, was also made available. Both of these connections rely on bandwidth from Telkomsei and are routed out of the country through that ISP. However, these connections have their own Network Operations Centre (NOC).

Two other networks are available at the event and are under the filtering regimes of their respective ISPs: IGF2013@wifi.id is provided by Telkomsei and IGF2013@Indosat is provided by Indosat. These ISPs are the two largest providers in Indonesia and regularly provide connectivity to the Bali Nusa Dua Convention Center where the 2013 IGF and other major events such as the recent 2013 APEC conference summit are held.

SSID: IGF2013 – IPV6 (2.4 GHgz)
AS: IGF2013-ID Internet Governance Forum 2013
Netalzyer Results

Testing on the SSID IGF2013 (AS: IGF2013-ID Internet Governance Forum 2013) showed no evidence of filtering out of the 1387 URLs tested. This network is described by organizers as offering unfettered access as per the UN host agreement, and our technical testing verifies this claim.

SSID: IGF2013@wifi.id
AS: TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
Netalyzer Results

Testing on the SSID IGF2013@wifi.id (AS TELKOMNET-AS2-AP PT)  found 197 URLs blocked out of the sample of 1387 URLs tested through DNS tampering. A variety of content was blocked, including LGBT content, independent media sites, critical religious content and circumvention and anonymizer tools. A full list of blocked URLs can be found here.

All blocked content resolved to the IP address Users were redirected to a blockpage hosted at internet-positif.org, as seen in a response to an HTTP GET request:

HTTP/1.1 307

Server: nginx

Date: Mon, 21 Oct 2013 10:22:31 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Cache-Control: no-cache

Location: href=”http://internet-positif.org/site.block?

Upon redirection the blockpage shown in figure 11 is served to users.

Figure 11. Trust+ Positif blockpage observed on the SSID: IGF2013@wifi.id

The text on the blockpage reads:

“This forbidden site cannot be accessed because it is indicated that it may contain one of the following: Pornography, Gambling, Phising (sic), SARA [SARA stands for “Suku, Agama, Ras, Antar-golongan”, which refers to content related to ethnicity, religion, race and Inter-group relations], or PROXY. If you feel that this site is not included in any of the aforementioned categories, please contact advankonten [at] depkominfo [dot] go [dot] id.”

The Trust+ Positif block page serves a number of advertisements hosted on third party sites, as seen by figure 12, which shows the HTTP gets to different domains required when you visit the blockpage once.

Figure 12. HTTP transactions from a visit to http://internet-positif.org Image taken from http://urlquery.net/report.php?id=7114070

Tests of website accessibility on this network were also undertaken by independent researcher Collin Anderson, who collaborated with us on the research for this post. Anderson performed a DNS consistency test with OONI-probe against the Alexa top 1 million URL list. Based on those results, Anderson extracted the domains that pointed to the filtering server. He then scripted a retrieval of the OpenDNS assessments on every filtered domain and extracted community categorizations for each. The results of these tests can be found here and the distribution of blocked URLs in each primary category can be seen in Figure 13.

Figure 13. Alexa 200,000 top URLs blocked on SSID IGF2013@wifi.id per primary OpenDNS categorization.

During the IGF, the website for Freegate (internetfreedom.org) , a circumvention tool, was found to be filtered on this network. On October 21 at 4pm,  network administrators were notified by a conference attendee of this blocked website, and by 11pm the site was made accessible. The prompt response by network administrators and the ISP shows an example of remediation for potentially erroneous blocking, but also demonstrates an informal ad-hoc process.

ISP: IGF2013@Indosat
Netalyzer Results

Testing conducted on SSID: IGF2103@indosat (AS: INDOSATM2-ID) found 164 URLs blocked out of the sample of 1387 URLs tested. These websites include LGBT content, independent media sites, critical religious content, gambling websites and pornograpy. Websites found blocked included Free Speech TV (freespeech.org), Equal Marriage for Same Sex Couples (samesexmarriage.ca)  and the Indonesian religious site Fatih Freedom (http://indonesia.faithfreedom.org/doc/). The full list of URLs blocked on this ISP can be found here:

Filtering on this ISP is implemented through DNS tampering, with all filtered domains resolving to the IP After being redirected to this IP, users are served the blockpage seen in Figure 14.

Figure 14. Blockpage observed on SSID IGF2013@Indosat

This blockpage has the following HTML source:






<font face=”arial” size=”15″ color=”black”>

<b>Access Restricted by</b>


<img src=”logo_netsafe.JPG” alt=”netSAFE”></img>


<font size=”4″>

Versi 1.0 beta



Copyright (c) 2011 INDOSAT group



Cross-ISP Comparison

Indonesia’s highly decentralized filtering environment means that what content is filtered and how filtering is implemented can vary greatly between ISPs. Our results do show such a variation in filtering, although there is a general overlap in the types of content filtered. Our test results shows that porngraphy, a putative focus of the filtering regime, is highly filtered on all ISPs, as is non-pornographic LGBT content. One notable area of difference is anonymizers and circumvention tools, which are heavily filtered on Telkmonet’s IGF network while generally available on the other two networks.

A breakdown of the variation in filtered content between ISPs can be seen in figure 15.

Figure 15. Proportion of tested URLs found blocked on each ISP, sorted by URL content category

Figure 16 shows the variation and overlap in blocked content between the three ISPs.

Figure 16. Venn diagram of number of URLs blocked between three ISPs, grouped by content category.

Summary and Next Steps

The research and analysis presented here shows that an understanding of content controls requires a combination of methods and insights from both technical and qualitative approaches, and in particular perspectives from those who understand the social, political, cultural, and economic context of Indonesia.  It is clear from the data we collected and the analysis we undertook, that Indonesian content controls are exercised in a way that is inconsistent, lacks transparency, and includes numerous instances of overblocking, or blocking of content far beyond that which is publicly justified and discussed.  Some of this over-blocking is the consequence of categorization errors; others appear to be the result of overzealous compliance by ISPs; and still others may be the result of other factors, including subtle pressure and influence by government officials or other parties. As Indonesian development in ICTs continues to rapidly progress, the lack of transparency, accountability, and clear processes for content controls will likely exacerbate tensions and disputes in the country among stakeholders operating in an uncertain environment.


Completed lists of URLs used for testing, and URLs found blocked through both remote and client based tests can be found here:

Google Doc version

CSV [forthcoming]


The post IGF 2013: Analyzing Content Controls in Indonesia (Part 2 of 4) appeared first on The Citizen Lab.

Show more