fix: Wrong summary language

This commit also lint the markdown syntax and remove my libreddit instance link (no longer exists)
2025-01-08 03:12:06 +07:00 · 2024-10-08 03:18:39 +07:00 · 2024-10-08 03:18:39 +07:00 · b5d8db6513
commit b5d8db6513
parent 8849dac8e8
2 changed files with 542 additions and 159 deletions
--- a/content/blog/new-stage-of-internet-censorship-in-indonesia-dpi-tcp-reset-attack/index.id.md
+++ b/content/blog/new-stage-of-internet-censorship-in-indonesia-dpi-tcp-reset-attack/index.id.md
@ -1,6 +1,7 @@
 ---
 title: "Babak Baru Sensor Internet di Indonesia: DPI & TCP Reset Attack"
 description: "Beberapa upstream provider atau checkpoint melakukan TCP Reset Attack untuk memblokir akses ke website-website yang dinilai ilegal."
 summary: "Beberapa upstream provider atau checkpoint melakukan TCP Reset Attack untuk memblokir akses ke website-website yang dinilai ilegal."
 date: 2023-06-04T01:19:36+07:00
 lastmod:
 draft: false
@ -11,73 +12,113 @@ pinned: true
 series:
 #  -
 categories:
-  - TIL
+    - TIL
-  - Privasi
+    - Privasi
 tags:
-  - MiTM
+    - MiTM
-  - Internet Positif
+    - Internet Positif
-  - VPN
+    - VPN
-  - Proxy
+    - Proxy
-  - DNS-over-HTTPS
+    - DNS-over-HTTPS
-  - Kominfo
+    - Kominfo
 images:
 #  -
 # menu:
 #   main:
 #     weight: 100
 #     params:
 #       icon:
 #         vendor: bs
 #         name: book
 #         color: '#e24d0e'
 authors:
-  - ditatompel
+    - ditatompel
 ---
-Berbeda dengan sebelumnya yang menggunakan **DNS filtering**, beberapa _upstream_ telah melakukan **TCP Reset Attack** untuk memblokir akses ke website-website yang dinilai ilegal. Dan kenapa Anda harus mulai perduli untuk masalah ini.
+Berbeda dengan sebelumnya yang menggunakan **DNS filtering**, beberapa
-
+_upstream_ telah melakukan **TCP Reset Attack** untuk memblokir akses ke
-<!--more-->
+website-website yang dinilai ilegal. Dan kenapa Anda harus mulai perduli untuk
 masalah ini.
 ## Latar Belakang
-Sejak beberapa bulan yang lalu, saya mulai tidak dapat mengakses **reddit.com** dari koneksi internet **ISP** saya, padahal di jaringan rumah saya sudah memakai **DNS-over-HTTPS (DoH)**. Hal yang sama terjadi juga ketika saya melakukan **VPN** ke server saya yang notabenenya tanpa **"Internet Positif"** (baca: tanpa sensor).
+Sejak beberapa bulan yang lalu, saya mulai tidak dapat mengakses
 **reddit.com** dari koneksi internet **ISP** saya, padahal di jaringan rumah
 saya sudah memakai **DNS-over-HTTPS (DoH)**. Hal yang sama terjadi juga ketika
 saya melakukan **VPN** ke server saya yang notabenenya tanpa
 **"Internet Positif"** (baca: tanpa sensor).
-Browser saya selalu mengatakan _error **"The connection was reset"**_. _Service_ gratis [libreddit yang saya sediakan](https://libreddit.ditatompel.com/) untuk mengakses **Reddit** tanpa konten bermuatan **NSFW** juga menjadi tidak bekerja (servernya sebelumnya ada di **Indonesia Data Center Duren Tiga** atau **IDC-3D**).
+Browser saya selalu mengatakan _error **"The connection was reset"**_.
 _Service_ gratis **libreddit** yang saya sediakan untuk mengakses **Reddit**
 tanpa konten bermuatan **NSFW** juga menjadi tidak bekerja (servernya
 sebelumnya ada di **Indonesia Data Center Duren Tiga** atau **IDC-3D**).
-> _Baca juga: "[Cara Akses Reddit Tanpa VPN Dengan Libreddit]({{< ref "/blog/cara-akses-reddit-tanpa-vpn-dengan-libreddit/index.id.md" >}})"._
+> _Baca juga: "[Cara Akses Reddit Tanpa VPN Dengan Libreddit] ({{< ref "/blog/cara-akses-reddit-tanpa-vpn-dengan-libreddit/index.id.md" >}})"._
-Setelah berdiskusi dengan rekan kantor dan melakukan sedikit observasi, saya dapat menyimpulkan bahwa yang saya alami adalah **_TCP reset attack_ (TCP RST)** dan terjadi di _**Upstream** provider_ / _network checkpoint_ yang saya gunakan. Sepertinya (menurut saya pribadi), _upstream provider_ yang saya gunakan dipaksa atau terpaksa melakukan aktifitas _"jahat"_ ini.
+Setelah berdiskusi dengan rekan kantor dan melakukan sedikit observasi, saya
 dapat menyimpulkan bahwa yang saya alami adalah
 **_TCP reset attack_ (TCP RST)** dan terjadi di _**Upstream** provider_ /
 _network checkpoint_ yang saya gunakan. Sepertinya (menurut saya pribadi),
 _upstream provider_ yang saya gunakan dipaksa atau terpaksa melakukan aktifitas
 _"jahat"_ ini.
-Kenapa saya bilang terpaksa atau dipaksa? Karena _Upstream provider_ adalah pelaku bisnis, dan tujuan bisnis salah satunya adalah meraih laba sebesar-besarnya. Sedangkan untuk melakukan **Deep Packet Inspection (DPI)** untuk _traffic_ yang besar bukan hal yang murah. Coba saja cari informasi harga **Palo Alto 5200** series, **Cisco Firepower 9300** series, atau **FortiGate 6000** series jika tidak percaya. Itu baru biaya _hardware_, belum untuk biaya _maintenance_, dan pengeluaran oprasional seperti _training_, gaji, dan lain-lain. Tapi jika ancamannya adalah pencabutan izin, apa boleh buat?
+Kenapa saya bilang terpaksa atau dipaksa? Karena _Upstream provider_ adalah
 pelaku bisnis, dan tujuan bisnis salah satunya adalah meraih laba
 sebesar-besarnya. Sedangkan untuk melakukan **Deep Packet Inspection (DPI)**
 untuk _traffic_ yang besar bukan hal yang murah. Coba saja cari informasi
 harga **Palo Alto 5200** series, **Cisco Firepower 9300** series, atau
 **FortiGate 6000** series jika tidak percaya. Itu baru biaya _hardware_, belum
 untuk biaya _maintenance_, dan pengeluaran oprasional seperti _training_, gaji,
 dan lain-lain. Tapi jika ancamannya adalah pencabutan izin, apa boleh buat?
-Memang perangkat _firewall enterprise_ sekelas dengan yang saya sebutkan diatas pasti dimiliki perusahaan ISP besar, apa lagi di _network checkpoint_. Namun saya yakin, pelaku bisnis akan lebih memilih menghemat _resource_ dan menghindari komplain dari _customer_ bisnisnya (_downstream_) daripada harus melakukan _deployment_ dan _integration_ DPI di infrastruktur _network_ yang sudah mereka punya.
+Memang perangkat _firewall enterprise_ sekelas dengan yang saya sebutkan diatas
 pasti dimiliki perusahaan ISP besar, apa lagi di _network checkpoint_. Namun
 saya yakin, pelaku bisnis akan lebih memilih menghemat _resource_ dan
 menghindari komplain dari _customer_ bisnisnya (_downstream_) daripada harus
 melakukan _deployment_ dan _integration_ DPI di infrastruktur _network_ yang
 sudah mereka punya.
-Jika _cost_ untuk melakukan **DPI** akan sangat mahal, mungkinkah **TCP-RST attack** tersebut diimplementasikan di setiap _checkpoint_ pada skala nasional? Tidak mungkin bukan? _Hold my beer_, Anda mungkin tidak tahu _track-record_ seberapa _"kaya"_ negara kita untuk membeli dan mengimplementasikan hal-hal seperti itu di bagian [#Privasi](#privasi).
+Jika _cost_ untuk melakukan **DPI** akan sangat mahal, mungkinkah
 **TCP-RST attack** tersebut diimplementasikan di setiap _checkpoint_ pada skala
 nasional? Tidak mungkin bukan? _Hold my beer_, Anda mungkin tidak tahu
 _track-record_ seberapa _"kaya"_ negara kita untuk membeli dan
 mengimplementasikan hal-hal seperti itu di bagian [#Privasi](#privasi).
 ## Investigasi
-Saya melakukan investigasi yang sangat sederhana untuk membuktikan apakah benar **TCP-RST attack** itu secara otomatis terjadi. Ada 2 cara yang saya lakukan:
+Saya melakukan investigasi yang sangat sederhana untuk membuktikan apakah benar
 **TCP-RST attack** itu secara otomatis terjadi. Ada 2 cara yang saya lakukan:
 1. menggunakan browser dengan _inspect element_ (_simple_).
-2. Langsung dari server saya yang berada di Indonesia dan melakukan _network capture_ menggunakan `tcpdump` (_advanced_).
+2. Langsung dari server saya yang berada di Indonesia dan melakukan
   _network capture_ menggunakan `tcpdump` (_advanced_).
-> _CATATAN: Dari yang selama ini saya amati, **TCP-RST attack** belum diimplementasikan di seluruh *checkpoint* / *upstream*. Jadi masih banyak provider yang belum terdampak._
+> _CATATAN: Dari yang selama ini saya amati, **TCP-RST attack** belum
 > diimplementasikan di seluruh *checkpoint* / *upstream*. Jadi masih banyak
 > provider yang belum terdampak._
 ### Menggunakan Browser (_inspect element_, _simple_)
 ![Browser error: connection reset](browser-connection-reset.png#center)
-Cara paling mudah (tetapi tidak detail) adalah menggunakan browser Anda. Ketika Anda tidak dapat mengakses reddit.com (atau situs lain yang diblokir pemerintah) dan mendapatkan pesan _error **"The connection was reset"**_; besar kemungkinan ISP (atau _upstream_ ISP) Anda sudah mengimplementasikan metode ini.
+Cara paling mudah (tetapi tidak detail) adalah menggunakan browser Anda. Ketika
 Anda tidak dapat mengakses reddit.com (atau situs lain yang diblokir
 pemerintah) dan mendapatkan pesan _error **"The connection was reset"**_;
 besar kemungkinan ISP (atau _upstream_ ISP) Anda sudah mengimplementasikan
 metode ini.
-Cara lebih detail, sebelum mencoba akses ke reddit.com, _klik kanan_ pada browser dan cari kata "_inspect_" atau "_developer tools_". Masuk ke tab "**Network**" kemudian baru coba akses reddit.com. Informasi "_CONNECTION_RESET_" pada kolom status muncul jika server mengirimkan _packet reset_ (**RST**).
+Cara lebih detail, sebelum mencoba akses ke reddit.com, _klik kanan_ pada
 browser dan cari kata "_inspect_" atau "_developer tools_". Masuk ke tab
 "**Network**" kemudian baru coba akses reddit.com. Informasi
 "_CONNECTION_RESET_" pada kolom status muncul jika server mengirimkan
 _packet reset_ (**RST**).
 ### Menggunakan `tcpdump` dan `curl` (_advanced_)
-> Supaya dapat mengerti metode ini, Anda perlu mengetahui **konsep dasar TCP/IP** dan **3-Way-Handshake**. Saya pernah menulis mengenai analogi [TCP/IP - 3-Way-Handshake - MiTM - Session Hijacking]({{< ref "/blog/tcp-ip-3-way-handshake-mitm-session-hijacking/index.id.md" >}}) di tahun 2012 lalu. Atau silahkan mencari sendiri dari mesin penelusuran favorit Anda.
+> Supaya dapat mengerti metode ini, Anda perlu mengetahui
 > **konsep dasar TCP/IP** dan **3-Way-Handshake**. Saya pernah menulis mengenai
 > analogi [TCP/IP - 3-Way-Handshake - MiTM - Session Hijacking]({{< ref "/blog/tcp-ip-3-way-handshake-mitm-session-hijacking/index.id.md" >}}) di tahun 2012 lalu.
 > Atau silahkan mencari sendiri dari mesin penelusuran favorit Anda.
-Saya mencoba melakukan investigasi **langsung** dari server saya yang berada di **Indonesia Data Center Duren Tiga**. Caranya cukup _simple_, yaitu dengan mengirimkan **HTTP GET** ke reddit.com menggunakan `curl` dan melakukan _packet capture_ menggunakan `tcpdump` secara bersamaan.
+Saya mencoba melakukan investigasi **langsung** dari server saya yang berada
 di **Indonesia Data Center Duren Tiga**. Caranya cukup _simple_, yaitu dengan
 mengirimkan **HTTP GET** ke reddit.com menggunakan `curl` dan melakukan
 _packet capture_ menggunakan `tcpdump` secara bersamaan.
-Dibawah ini `151.101.xx.xxx` adalah salah 1 IP reddit.com yang saya dapatkan dari **DNS resolver** saat melakukan testing. Sedangkan `xxx.xxx.x06.26` adalah IP public server milik saya.
+Dibawah ini `151.101.xx.xxx` adalah salah 1 IP reddit.com yang saya dapatkan
 dari **DNS resolver** saat melakukan testing. Sedangkan `xxx.xxx.x06.26` adalah
 IP public server milik saya.
 Sample `curl https://reddit.com -vvv` output:
@ -128,86 +169,241 @@ listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes
 ![TCP-RST attack](tcp-rst-attack.png#center)
-Terlihat jelas setelah server melakukan _handshake_ dan mengirimkan pengiriman _packet data_, saya langsung menerima `RST` (_reset_) _flag_.
+Terlihat jelas setelah server melakukan _handshake_ dan mengirimkan pengiriman
 _packet data_, saya langsung menerima `RST` (_reset_) _flag_.
 ## Kenapa Anda Harus Perduli?
-Meskipun belum sekelas [The Great Firewall of China (GFW)](https://en.wikipedia.org/wiki/Great_Firewall), tetapi indikasi menuju kesana sangat terasa. yang sebelumnya hanya dari **DNS spoofing**, **filtering** dan **redirect**; sekarang sudah menggunakan **Deep Packet Inspection** dan **TCP reset attack**.
+Meskipun belum sekelas [The Great Firewall of China (GFW)][gfw_wiki], tetapi
 indikasi menuju kesana sangat terasa. yang sebelumnya hanya dari
 **DNS spoofing**, **filtering** dan **redirect**; sekarang sudah menggunakan
 **Deep Packet Inspection** dan **TCP reset attack**.
-[Dikutip dari Wikipedia](https://en.wikipedia.org/wiki/Deep_packet_inspection#Indonesia), pemerintah Indonesia melalui **Telkom Indonesia** (ISP milik pemerintah) mengunakan teknologi **Deep Packet Inspection (DPI)** dari **Cisco Meraki** melakukan pengawasan (_surveillance_) dan _maping_ Nomor Induk Kependudukan (**NIK**) terhadap masyarakat yang menggunakan jasa ISP milik pemerintah.
+[Dikutip dari Wikipedia][dpi_id_wiki], pemerintah Indonesia melalui
 **Telkom Indonesia** (ISP milik pemerintah) mengunakan teknologi
 **Deep Packet Inspection (DPI)** dari **Cisco Meraki** melakukan pengawasan
 (_surveillance_) dan _maping_ Nomor Induk Kependudukan (**NIK**) terhadap
 masyarakat yang menggunakan jasa ISP milik pemerintah.
-Tujuan dari **Deep Packet Inspection (DPI)** termasuk melakukan _filter_ terhadap konten pornografi, ujaran kebencian dan meredakan tensi (misalnya di Papua 2019). Pemerintah Indonesia juga berencana [meningkatkan pengawasan](wikipedia-dpi-indonesia.png#center) (_surveillance_) ke tingkat lebih lanjut hingga tahun 2030.
+Tujuan dari **Deep Packet Inspection (DPI)** termasuk melakukan _filter_
 terhadap konten pornografi, ujaran kebencian dan meredakan tensi (misalnya di
 Papua 2019). Pemerintah Indonesia juga berencana
 meningkatkan pengawasan (_surveillance_) ke tingkat lebih lanjut hingga tahun 2030.
 ![](wikipedia-dpi-indonesia.png#center)
 ### Makin Terbatasnya Akses Terhadap Informasi
-Kedepannya, ~~Anda~~ kita akan mengalami kesulitan untuk mendapatkan informasi yang dianggap _"terlarang"_ oleh pemerintah. Ingin melihat dan mencoba sendiri contoh nyata-nya? Coba gunakan mesin pencari asal China bernama [Baidu](https://www.baidu.com/) dan lakukan pencarian dengan kata kunci **"Tiananmen Square"**. Bandingkan hasil penelusuran dari **Baidu** dengan hasil pencarian mesin pencari lain.
+Kedepannya, ~~Anda~~ kita akan mengalami kesulitan untuk mendapatkan informasi
 yang dianggap _"terlarang"_ oleh pemerintah. Ingin melihat dan mencoba sendiri
 contoh nyata-nya? Coba gunakan mesin pencari asal China bernama
 [Baidu][baidu_web] dan lakukan pencarian dengan kata kunci
 **"Tiananmen Square"**. Bandingkan hasil penelusuran dari **Baidu** dengan
 hasil pencarian mesin pencari lain.
-Saya sendiri sudah mengalaminya, meskipun tidak seperti dan separah di China sana, tetapi sangat merepotkan dan menyebalkan. Misalnya ketika saya mencoba melakukan pencarian mengenai _trouble_ yang saya alami mengenai masalah **IT**, sering kali mesin pencarian mengeluarkan hasil pencarian dari **Reddit** dan solusi itu ada dan sudah didiskusikan disana. Namun untuk mengaksesnya saya harus melakukan koneksi **VPN** ke server saya yang berada di luar Indonesia terlebih dahulu sebelum masuk ke _link_ hasil pencarian tersebut.
+Saya sendiri sudah mengalaminya, meskipun tidak seperti dan separah di China
 sana, tetapi sangat merepotkan dan menyebalkan. Misalnya ketika saya mencoba
 melakukan pencarian mengenai _trouble_ yang saya alami mengenai masalah **IT**,
 sering kali mesin pencarian mengeluarkan hasil pencarian dari **Reddit** dan
 solusi itu ada dan sudah didiskusikan disana. Namun untuk mengaksesnya saya
 harus melakukan koneksi **VPN** ke server saya yang berada di luar Indonesia
 terlebih dahulu sebelum masuk ke _link_ hasil pencarian tersebut.
 ### Rusaknya Hak Asasi dan Turunnya Nilai-Nilai Demokrasi
-Pembatasan hak digital dapat merusak hak asasi manusia dan menurunkan nilai-nilai demokrasi. Contohnya pada awal tahun 2021, penduduk **desa Wadas** yang telah menolak proyek pertambangan batu Andesit (untuk keperluan proyek **Bendungan Bener**). Selama beberapa bulan kemudian, penduduk desa Wadas masih meluncurkan seri protes dan menggunakan media sosial untuk menggerakkan dukungan dan meningkatkan kesadaran. Namun, konektivitas internet mereka justru (diyakini) dibatasi oleh pihak berwajib sebagai respon terhadap protes warga pada Februari 2022.
+Pembatasan hak digital dapat merusak hak asasi manusia dan menurunkan
 nilai-nilai demokrasi. Contohnya pada awal tahun 2021, penduduk **desa Wadas**
 yang telah menolak proyek pertambangan batu Andesit (untuk keperluan proyek
 **Bendungan Bener**). Selama beberapa bulan kemudian, penduduk desa Wadas masih
 meluncurkan seri protes dan menggunakan media sosial untuk menggerakkan
 dukungan dan meningkatkan kesadaran. Namun, konektivitas internet mereka justru
 (diyakini) dibatasi oleh pihak berwajib sebagai respon terhadap protes warga
 pada Februari 2022.
-Penduduk Wadas melaporkan kesulitan dalam mengakses akun Twitter masing-masing pada minggu yang sama, walaupun belum jelas bagaimana pembatasan tersebut dilakukan. Siilahkan baca sendiri artikel dari DetiX berjudul [Derasnya Penindasan Hak Digital di Wadas](https://news.detik.com/x/detail/investigasi/20220221/Derasnya-Penindasan-Hak-Digital-di-Wadas/).
+Penduduk Wadas melaporkan kesulitan dalam mengakses akun Twitter masing-masing
 pada minggu yang sama, walaupun belum jelas bagaimana pembatasan tersebut
 dilakukan. Siilahkan baca sendiri artikel dari DetiX berjudul
 [Derasnya Penindasan Hak Digital di Wadas][detik_1].
 ### _Chilling Effect_ / Efek Jera dan Matinya Kebebasan Berekspresi
-Efek jera atau biasa dikenal sebagai [_Chilling Effect_](https://en.wikipedia.org/wiki/Chilling_effect) adalah sebuah konsep ketakutan masyarakat yang muncul karena hukum atau peraturan perundang-undangan yang ambigu (_EHEMMMMM... UUITE.. Ehemmmm.. Maaf tiba-tiba batuk_). Biasanya _chilling effect_ berhubungan dengan peraturan yang terkait dengan pencemaran nama baik atau fitnah (_Ehemmmm... maaf batuk lagi.._).
+Efek jera atau biasa dikenal sebagai [_Chilling Effect_][chilling_effect_wiki]
 adalah sebuah konsep ketakutan masyarakat yang muncul karena hukum atau
 peraturan perundang-undangan yang ambigu
 (_EHEMMMMM... UUITE.. Ehemmmm.. Maaf tiba-tiba batuk_).
 Biasanya _chilling effect_ berhubungan dengan peraturan yang terkait dengan
 pencemaran nama baik atau fitnah (_Ehemmmm... maaf batuk lagi.._).
-Selama 2018, [polisi menangkap 122 orang terkait ujaran kebencian di media sosial](https://nasional.kompas.com/read/2019/02/15/15471281/selama-2018-polisi-tangkap-122-orang-terkait-ujaran-kebencian-di-medsos). Disana, ada lima jenis kejahatan, mulai dari _hoaks_, berita bohong, berita palsu, penistaan agama, hingga pencemaran nama baik ungkap **Brigjen Pol. Rachmad Wibowo** yang saat itu menjabat sebagai **Direktur Tindak Pidana Siber Badan Reserse Kriminal Polri**.
+Selama 2018, [polisi menangkap 122 orang terkait ujaran kebencian di media
 sosial][kompas_1]. Disana, ada lima jenis kejahatan, mulai dari _hoaks_,
 berita bohong, berita palsu, penistaan agama, hingga pencemaran nama baik
 ungkap **Brigjen Pol. Rachmad Wibowo** yang saat itu menjabat sebagai
 **Direktur Tindak Pidana Siber Badan Reserse Kriminal Polri**.
-Kemudian di 2021, dengan _"diaktifkannya"_ **Polisi Siber** akan makin membungkam kebebasan sipil itu sendiri, khususnya tekait kebebasan berekspresi. Hal tersebut disampaikan oleh Koordinator Komisi untuk Orang Hilang dan Tindak Kekerasan (**Kontras**), **Fatia Maulidiyanti**.
+Kemudian di 2021, dengan _"diaktifkannya"_ **Polisi Siber** akan makin
 membungkam kebebasan sipil itu sendiri, khususnya tekait kebebasan berekspresi.
 Hal tersebut disampaikan oleh Koordinator Komisi untuk Orang Hilang dan Tindak
 Kekerasan (**Kontras**), **Fatia Maulidiyanti**.
-Dan di bulan februari 2022, hasil survey dari **Indikator Politik Indonesia** menunjukan bahwa 62,9% (dengan metode _stratified random_ dari 1.200 responden dengan _margin of error_ sekitar 2,9%) responden menyatakan setuju dan sangat setuju bahwa [masyarakat saat ini semakin takut dalam mengeluarkan pendapat](https://nasional.tempo.co/read/1580168/survei-indikator-politik-indonesia-629-persen-rakyat-semakin-takut-berpendapat).
+Dan di bulan februari 2022, hasil survey dari **Indikator Politik Indonesia**
 menunjukan bahwa 62,9% (dengan metode _stratified random_ dari 1.200 responden
 dengan _margin of error_ sekitar 2,9%) responden menyatakan setuju dan sangat
 setuju bahwa [masyarakat saat ini semakin takut dalam mengeluarkan
 pendapat][tempo_1].
-> "_Sekarang Polisi Siber itu gampang sekali, kalau misalnya Anda mendapatkan berita yang mengerikan, lalu lapor ke polisi, dalam waktu sekian menit diketahui dapat dari siapa, dari mana, lalu ditemukan pelakunya lalu ditangkap." - **Mahfud MD**_
+> "_Sekarang Polisi Siber itu gampang sekali, kalau misalnya Anda mendapatkan
 > berita yang mengerikan, lalu lapor ke polisi, dalam waktu sekian menit
 > diketahui dapat dari siapa, dari mana, lalu ditemukan pelakunya lalu
 > ditangkap." - **Mahfud MD**_
 ### Privasi
-Sebenarnya, privasi adalah hal pertama yang seharusnya saya sebut dari semua poin-poin ini. Tapi karena di Indonesia masyarakatnya masih tidak begitu perduli urusan privasi ya saya taruh di hampir akhir. _Lha wong_ data **BSI** bocor aja yang paling banyak diributin duitnya, bukan kebocoran data pribadinya.
+Sebenarnya, privasi adalah hal pertama yang seharusnya saya sebut dari semua
 poin-poin ini. Tapi karena di Indonesia masyarakatnya masih tidak begitu
 perduli urusan privasi ya saya taruh di hampir akhir. _Lha wong_ data **BSI**
 bocor aja yang paling banyak diributin duitnya, bukan kebocoran data pribadinya.
-> _Tenang boss, duit itu pasti balik karena perbankan pasti punya rekap data dan backup, transaksi sesama bank maupun antar bank juga pasti tercatat. Yang rugi adalah waktu dan tenaga Anda saat layanan tersebut tidak bisa digunakan. Dan yang paling penting, data pribadi Anda yang nantinya diperjual belikan._
+> _Tenang boss, duit itu pasti balik karena perbankan pasti punya rekap data
 > dan backup, transaksi sesama bank maupun antar bank juga pasti tercatat. Yang
 > rugi adalah waktu dan tenaga Anda saat layanan tersebut tidak bisa digunakan.
 > Dan yang paling penting, data pribadi Anda yang nantinya diperjual belikan._
-Kembali ke masalah privasi dan **Deep Packet Inspection (DPI)**, sebenarnya awal DPI dibuat oleh _engineer_ adalah untuk mengukur dan mengatur keamanan jaringan dan melindungi pengguna dan mencegah penyebaran _malware_. Tapi, dengan dimanfaatkan teknologi tersebut sebagai alat _surveillance_ akan sangat berdampak buruk pada privasi ~~Anda~~ kita. Selain itu, DPI juga dapat dimanfaatkan untuk mempelajari prilaku / _interest_ seorang individu maupun instansi dari aktifitas mereka di internet yang pada akhirnya dapat digunakan untuk _targeted (behavioral) marketing_.
+Kembali ke masalah privasi dan **Deep Packet Inspection (DPI)**, sebenarnya
 awal DPI dibuat oleh _engineer_ adalah untuk mengukur dan mengatur keamanan
 jaringan dan melindungi pengguna dan mencegah penyebaran _malware_. Tapi,
 dengan dimanfaatkan teknologi tersebut sebagai alat _surveillance_ akan sangat
 berdampak buruk pada privasi ~~Anda~~ kita. Selain itu, DPI juga dapat
 dimanfaatkan untuk mempelajari prilaku / _interest_ seorang individu maupun
 instansi dari aktifitas mereka di internet yang pada akhirnya dapat digunakan
 untuk _targeted (behavioral) marketing_.
-Berbagai laporan telah mengaitkan pihak berwajib dengan pembelian dan penggunaan _spyware_ dan alat-alat _surveillance_ canggih lainnya. Misalnya, di tahun 2015, **Citizen Lab**; sebuah kelompok penelitian yang berbasis di **Toronto** [menduga bahwa pemerintah Indonesia pernah menggunakan _spyware_ **FinFisher**](https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/) yang mengumpulkan data seperti audio **Skype**, _key log_, dan tangkapan layar.
+Berbagai laporan telah mengaitkan pihak berwajib dengan pembelian dan
 penggunaan _spyware_ dan alat-alat _surveillance_ canggih lainnya. Misalnya,
 di tahun 2015, **Citizen Lab**; sebuah kelompok penelitian yang berbasis di
 **Toronto** [menduga bahwa pemerintah Indonesia pernah menggunakan _spyware_
 **FinFisher**][citizenlab_finfishers]
 yang mengumpulkan data seperti audio **Skype**, _key log_, dan tangkapan layar.
-Di tahun 2016, [**Joseph Cox**](https://www.vice.com/en/contributor/joseph-cox) [mengungkap](https://www.vice.com/en/article/4xaq4m/the-uk-companies-exporting-interception-tech-around-the-world) bahwa _International Mobile Subscriber Identity-catchers_ ([**IMSI-catchers**](https://en.wikipedia.org/wiki/IMSI-catcher)) pernah dijual ke Indonesia dari perusahaan Swiss dan Inggris. **IMSI-catcher** adalah perangkat yang digunakan untuk menangkap (_intercept_) _traffic_ jaringan ponsel dan melakukan pelacakan lokasi kepada pengguna ponsel. Bisa dibilang, seperti sebuah _"BTS palsu"_ sebagai perantara antara ponsel milik pengguna ke BTS asli milik ISP.
+Di tahun 2016, [**Joseph Cox**][joseph_cox] [mengungkap][vice_1] bahwa
 _International Mobile Subscriber Identity-catchers_
 ([**IMSI-catchers**][imsi_catcher_wiki]) pernah dijual ke Indonesia dari
 perusahaan Swiss dan Inggris. **IMSI-catcher** adalah perangkat yang digunakan
 untuk menangkap (_intercept_) _traffic_ jaringan ponsel dan melakukan pelacakan
 lokasi kepada pengguna ponsel. Bisa dibilang, seperti sebuah _"BTS palsu"_
 sebagai perantara antara ponsel milik pengguna ke BTS asli milik ISP.
-Pada Desember 2021, **Citizen Lab**, menyatakan bahwa ada kemungkinan besar pemerintah Indonesia telah menjadi pelanggan **Cytrox** yang menjual **Predator** _spyware_. Selain itu, **Citizen Lab** juga melaporkan pada Desember 2020 bahwa Indonesia sangat mungkin pernah membeli teknologi dari [**Circles**](https://dimse.info/circles/), sebuah perusahaan yang menjual _exploit_ dari sistem selular global yang kemudian bergabung dengan [NSO group](https://www.nsogroup.com/). Metode yang dilakukan **Citizen Lab** untuk mengetahui hal tersebut adalah dengan melakukan _scanning & signature fingerprinting_ terhadap _checkpoint firewall_ pada perangkat **Circles** melalui layanan [Shodan](https://www.shodan.io/).
+Pada Desember 2021, **Citizen Lab**, menyatakan bahwa ada kemungkinan besar
 pemerintah Indonesia telah menjadi pelanggan **Cytrox** yang menjual
 **Predator** _spyware_. Selain itu, **Citizen Lab** juga melaporkan pada
 Desember 2020 bahwa Indonesia sangat mungkin pernah membeli teknologi dari
 [**Circles**][dimse_circles], sebuah perusahaan yang menjual _exploit_ dari
 sistem selular global yang kemudian bergabung dengan [NSO group][nsogroup_web].
 Metode yang dilakukan **Citizen Lab** untuk mengetahui hal tersebut adalah
 dengan melakukan _scanning & signature fingerprinting_ terhadap
 _checkpoint firewall_ pada perangkat **Circles** melalui layanan
 [Shodan][shodan].
 ### Dampak Terhadap Perekonomian
-Dari yang saya amati sampai saat ini, implementasi **TCP-RST attack** masih ada di beberapa _upstream provider_ saja. Namun jika hal ini ini terus dilakukan dan diimplementasikan di seluruh _checkpoint_ yang keluar dari Indonesia, maka akan berdampak pada minat beli dan investasi ke _Cloud Provider_ / _Datacenter_ yang berlokasi di Indonesia.
+Dari yang saya amati sampai saat ini, implementasi **TCP-RST attack** masih ada
 di beberapa _upstream provider_ saja. Namun jika hal ini ini terus dilakukan
 dan diimplementasikan di seluruh _checkpoint_ yang keluar dari Indonesia, maka
 akan berdampak pada minat beli dan investasi ke _Cloud Provider_ / _Datacenter_
 yang berlokasi di Indonesia.
-Siapa yang mau jika tiba-tiba _microservices_-nya tidak berfungsi karena **TCP-RST attack** tersebut? Saya sendiri mulai memindahkan VPS-VPS saya ke luar Indonesia karena menurut saya, infrastruktur _server_ / _cloud_ seharusnya tidak (secara tiba-tiba) dibatasi (tanpa pemberitahuan sebelumnya) untuk mengakses data yang sudah tersedia di _public_ / _public API_.
+Siapa yang mau jika tiba-tiba _microservices_-nya tidak berfungsi karena
 **TCP-RST attack** tersebut? Saya sendiri mulai memindahkan VPS-VPS saya ke
 luar Indonesia karena menurut saya, infrastruktur _server_ / _cloud_ seharusnya
 tidak (secara tiba-tiba) dibatasi (tanpa pemberitahuan sebelumnya) untuk
 mengakses data yang sudah tersedia di _public_ / _public API_.
 ![Moving to AWS](moving-to-aws.png#center)
 ## Menghindari sensor
-Untuk melakukan _bypass_ pemblokiran yang berbasis **DNS** seperti **DNS spoofing**, **DNS filtering** dan **DNS redirect**; mengajari orang _awam_ memanfaatkan **DNS-over-HTTPS (DoH)** masih cukup mudah. Tetapi untuk melakukan _bypass_ DPI dan **TCP RST attack**, saya rasa akan sangat sulit dan mustahil dilakukan oleh mayoritas orang awam (secara teknologi) di Indonesia.
+Untuk melakukan _bypass_ pemblokiran yang berbasis **DNS** seperti
 **DNS spoofing**, **DNS filtering** dan **DNS redirect**; mengajari orang
 _awam_ memanfaatkan **DNS-over-HTTPS (DoH)** masih cukup mudah. Tetapi untuk
 melakukan _bypass_ DPI dan **TCP RST attack**, saya rasa akan sangat sulit dan
 mustahil dilakukan oleh mayoritas orang awam (secara teknologi) di Indonesia.
-Salah satu cara adalah menggunakan _tunnel_ ke _server_ yang berada diluar Indonesia, entah itu **VPN** atau **SOCKS5 proxy**. Itu pun pemerintah dan ISP yang Anda gunakan akan tetap tahu bahwa Anda menggunakan **Proxy** / **VPN**. Bedanya mereka hanya tahu Anda melakukan koneksi VPN / Proxy server dan dimana VPN / Proxy server tersebut berada. Selebihnya mereka tidak tahu (hanya Anda, VPN / Server / Proxy _provider_ yang tahu _service_ dan \*host\*\* mana Anda berkomunikasi).
+Salah satu cara adalah menggunakan _tunnel_ ke _server_ yang berada diluar
 Indonesia, entah itu **VPN** atau **SOCKS5 proxy**. Itu pun pemerintah dan ISP
 yang Anda gunakan akan tetap tahu bahwa Anda menggunakan **Proxy** / **VPN**.
 Bedanya mereka hanya tahu Anda melakukan koneksi VPN / Proxy server dan dimana
 VPN / Proxy server tersebut berada. Selebihnya mereka tidak tahu (hanya Anda,
 VPN / Server / Proxy _provider_ yang tahu _service_ dan _host_ mana Anda
 berkomunikasi).
-Jika Anda benar-benar _concern_ terhadap privasi, pemilihan **VPN provider** juga harus dilakukan dengan riset yang cukup rumit. Banyak sekali aplikasi di **App Store** yang menawarkan **VPN gratis**, tetapi tidak sedikit **VPN provider** yang pada akhirnya mengolah dan menjual data Anda.
+Jika Anda benar-benar _concern_ terhadap privasi, pemilihan **VPN provider**
 juga harus dilakukan dengan riset yang cukup rumit. Banyak sekali aplikasi di
 **App Store** yang menawarkan **VPN gratis**, tetapi tidak sedikit
 **VPN provider** yang pada akhirnya mengolah dan menjual data Anda.
-Kita juga berharap bahwa teknologi **QUIC/HTTP3** segera masuk ke babak baru yang **"mungkin"** akan sedikit membantu mengurangi dampak **TCP RST attack**.
+Kita juga berharap bahwa teknologi **QUIC/HTTP3** segera masuk ke babak baru
 yang **"mungkin"** akan sedikit membantu mengurangi dampak **TCP RST attack**.
 ## Sumber dan Referensi
- "[Indonesia: Freedom on the Net 2022 Country Report](https://freedomhouse.org/country/indonesia/freedom-net/2022)" - freedomhouse.org.
+-   "[Indonesia: Freedom on the Net 2022 Country Report][foh_id_2022]" -
- "[State of Privacy Indonesia](https://privacyinternational.org/state-privacy/1003/state-privacy-indonesia)" - privacyinternational.org.
+    freedomhouse.org.
- NetBlocks. 2019b: "[Internet disrupted in Papua, Indonesia amid protests and calls for independence](https://netblocks.org/reports/internet-disrupted-in-papua-indonesia-amid-mass-protests-and-calls-for-independence-eBOgrDBZ)" - netblocks.org.
+-   "[State of Privacy Indonesia][privacyinternational_id]" -
- Thompson, Nik; McGill, Tanya; and Vero Khristianto, Daniel, "[Public Acceptance of Internet Censorship in Indonesia](https://aisel.aisnet.org/acis2021/22)" (2021). ACIS 2021 Proceedings. 22.
+    privacyinternational.org.
- Wildana, F. (2021) "[An Explorative Study on Social Media Blocking in Indonesia](https://journal.unesa.ac.id/index.php/jsm/article/view/12976)", The Journal of Society and Media, 5(2), pp. 456–484. doi: 10.26740/jsm.v5n2.p456-484.
+-   NetBlocks. 2019b: "[Internet disrupted in Papua, Indonesia amid protests
- Paterson, Thomas (4 May 2019). "[Indonesian cyberspace expansion: a double-edged sword](https://doi.org/10.1080%2F23738871.2019.1627476)". _Journal of Cyber Policy_. 4 (2): 216–234. doi:10.1080/23738871.2019.1627476. ISSN 2373-8871. S2CID 197825581.
+    and calls for independence][netblocks_2019b]" - netblocks.org.
- Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, and Ron Deibert, "[Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/)" - citizenlab.ca.
+-   Thompson, Nik; McGill, Tanya; and Vero Khristianto, Daniel, "[Public
- Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert, "[Running in Circles
+    Acceptance of Internet Censorship in Indonesia][aisanet_1]" (2021). ACIS
-  Uncovering the Clients of Cyberespionage Firm Circles](https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/)" - citizenlab.ca.
+    2021 Proceedings. 22.
- Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and Sarah McKune, "[Pay No Attention to the Server Behind the Proxy](https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/)", Mapping FinFisher’s Continuing Proliferation - citizenlab.ca.
+-   Wildana, F. (2021) "[An Explorative Study on Social Media Blocking in
- Joseph Cox, "[British Companies Are Selling Advanced Spy Tech to Authoritarian Regimes](https://www.vice.com/en/article/4xaq4m/the-uk-companies-exporting-interception-tech-around-the-world)" - vice.com.
+    Indonesia][unesa_journal_1]", The Journal of Society and Media, 5(2),
- Thomas Brewster, "[A Multimillionaire Surveillance Dealer Steps Out Of The Shadows and His $9 Million WhatsApp Hacking Van](https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/)" - forbes.com.
+    pp. 456–484. doi: 10.26740/jsm.v5n2.p456-484.
- Moh. Khory Alfarizi, Febriyan, "[Survei Indikator Politik Indonesia: 62,9 Persen Rakyat Semakin Takut Berpendapat](https://nasional.tempo.co/read/1580168/survei-indikator-politik-indonesia-629-persen-rakyat-semakin-takut-berpendapat)" - tempo.co .
+-   Paterson, Thomas (4 May 2019). "[Indonesian cyberspace expansion: a
- Abba Gabrillin, Krisiandi, "[Selama 2018, Polisi Tangkap 122 Orang Terkait Ujaran Kebencian di Medsos](https://nasional.kompas.com/read/2019/02/15/15471281/selama-2018-polisi-tangkap-122-orang-terkait-ujaran-kebencian-di-medsos)" - kompas.com.
+    double-edged sword][doi_1]". _Journal of Cyber Policy_. 4 (2): 216–234.
- Tsarina Maharani, Dani Prabowo "[Kontras: Polisi Siber yang Akan Diaktifkan Pemerintah Berpotensi Bungkam Kebebasan Berekspresi](https://nasional.kompas.com/read/2020/12/28/14074121/kontras-polisi-siber-yang-akan-diaktifkan-pemerintah-berpotensi-bungkam)" - kompas.com.
+    doi:10.1080/23738871.2019.1627476. ISSN 2373-8871. S2CID 197825581.
 -   Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi,
    Siena Anstis, Kristin Berdan, and Ron Deibert, "[Pegasus vs. Predator:
    Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary
    Spyware][citizenlab_cytrox]" - citizenlab.ca.
 -   Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and
    Ron Deibert, "[Running in Circles Uncovering the Clients of Cyberespionage
    Firm Circles][citizenlab_circles]" - citizenlab.ca.
 -   Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and
    Sarah McKune, "[Pay No Attention to the Server Behind the
    Proxy][citizenlab_finfishers]", Mapping FinFisher’s Continuing
    Proliferation - citizenlab.ca.
 -   Joseph Cox, "[British Companies Are Selling Advanced Spy Tech to
    Authoritarian Regimes][vice_1]" - vice.com.
 -   Thomas Brewster, "[A Multimillionaire Surveillance Dealer Steps Out Of The
    Shadows and His $9 Million WhatsApp Hacking Van][forbes_1]" - forbes.com.
 -   Moh. Khory Alfarizi, Febriyan, "[Survei Indikator Politik Indonesia:
    62,9 Persen Rakyat Semakin Takut Berpendapat][tempo_1]" - tempo.co.
 -   Abba Gabrillin, Krisiandi, "[Selama 2018, Polisi Tangkap 122 Orang Terkait
    Ujaran Kebencian di Medsos][kompas_1]" - kompas.com.
 -   Tsarina Maharani, Dani Prabowo "[Kontras: Polisi Siber yang Akan Diaktifkan
    Pemerintah Berpotensi Bungkam Kebebasan Berekspresi][kompas_2]" -
    kompas.com.
 [gfw_wiki]: https://en.wikipedia.org/wiki/Great_Firewall "The Great Firewall of China (GFW)"
 [dpi_id_wiki]: https://en.wikipedia.org/wiki/Deep_packet_inspection#Indonesia "Country-wide Surveillance by Indonesian Goverment"
 [baidu_web]: https://www.baidu.com/ "Baidu Website"
 [detik_1]: https://news.detik.com/x/detail/investigasi/20220221/Derasnya-Penindasan-Hak-Digital-di-Wadas/ "Derasnya Penindasan Hak Digital di Wadas"
 [chilling_effect_wiki]: https://en.wikipedia.org/wiki/Chilling_effect "Chilling Effect"
 [kompas_1]: https://nasional.kompas.com/read/2019/02/15/15471281/selama-2018-polisi-tangkap-122-orang-terkait-ujaran-kebencian-di-medsos "Selama 2018, Polisi Tangkap 122 Orang Terkait Ujaran Kebencian di Medsos"
 [kompas_2]: https://nasional.kompas.com/read/2020/12/28/14074121/kontras-polisi-siber-yang-akan-diaktifkan-pemerintah-berpotensi-bungkam "Polisi Siber yang Akan Diaktifkan Pemerintah Berpotensi Bungkam Kebebasan Berekspresi"
 [tempo_1]: https://nasional.tempo.co/read/1580168/survei-indikator-politik-indonesia-629-persen-rakyat-semakin-takut-berpendapat "Survei Indikator Politik Indonesia: 62,9 Persen Rakyat Semakin Takut Berpendapat"
 [citizenlab_finfishers]: https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/ "Pay No Attention to the Server Behind the Proxy"
 [citizenlab_cytrox]: https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/ "Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware"
 [citizenlab_circles]: https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/ "Running in Circles Uncovering the Clients of Cyberespionage Firm Circles"
 [joseph_cox]: https://www.vice.com/en/contributor/joseph-cox "Joseph Cox"
 [vice_1]: https://www.vice.com/en/article/4xaq4m/the-uk-companies-exporting-interception-tech-around-the-world "British Companies Are Selling Advanced Spy Tech to Authoritarian Regimes"
 [imsi_catcher_wiki]: https://en.wikipedia.org/wiki/IMSI-catcher "international mobile subscriber identity-catcher"
 [dimse_circles]: https://dimse.info/circles/ "Circles surveillance firm"
 [nsogroup_web]: https://www.nsogroup.com/ "NSO Group Website"
 [shodan]: https://www.shodan.io/ "Shodan.io Website"
 [foh_id_2022]: https://freedomhouse.org/country/indonesia/freedom-net/2022 "Indonesia: Freedom on the Net 2022 Country Report"
 [privacyinternational_id]: https://privacyinternational.org/state-privacy/1003/state-privacy-indonesia "State of Privacy Indonesia"
 [netblocks_2019b]: https://netblocks.org/reports/internet-disrupted-in-papua-indonesia-amid-mass-protests-and-calls-for-independence-eBOgrDBZ "Internet disrupted in Papua, Indonesia amid protests and calls for independence"
 [aisanet_1]: https://aisel.aisnet.org/acis2021/22 "Public Acceptance of Internet Censorship in Indonesia"
 [unesa_journal_1]: https://journal.unesa.ac.id/index.php/jsm/article/view/12976 "An Explorative Study on Social Media Blocking in Indonesia"
 [doi_1]: https://doi.org/10.1080%2F23738871.2019.1627476 "Indonesian cyberspace expansion: a double-edged sword"
 [forbes_1]: https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/ "A Multimillionaire Surveillance Dealer Steps Out Of The Shadows and His $9 Million WhatsApp Hacking Van"
--- a/content/blog/new-stage-of-internet-censorship-in-indonesia-dpi-tcp-reset-attack/index.md
+++ b/content/blog/new-stage-of-internet-censorship-in-indonesia-dpi-tcp-reset-attack/index.md
@ -1,6 +1,7 @@
 ---
 title: "New Stage of Internet Censorship in Indonesia: DPI & TCP Reset Attack"
-description: "Beberapa upstream provider atau checkpoint melakukan TCP Reset Attack untuk memblokir akses ke website-website yang dinilai ilegal."
+description: "Some upstream providers in Indonesia perform TCP Reset Attacks to block access to websites that are considered illegal."
 summary: "Some upstream providers in Indonesia perform TCP Reset Attacks to block access to websites that are considered illegal."
 date: 2023-06-04T01:19:36+07:00
 lastmod:
 draft: false
@ -9,69 +10,104 @@ featured: true
 pinned: false
 # comments: false
 series:
-#  - 
+#  -
 categories:
-  - TIL
+    - TIL
-  - Privacy
+    - Privacy
 tags:
-  - MiTM
+    - MiTM
-  - VPN
+    - VPN
-  - Proxy
+    - Proxy
-  - DNS-over-HTTPS
+    - DNS-over-HTTPS
 images:
 #  - 
 # menu:
 #   main:
 #     weight: 100
 #     params:
 #       icon:
 #         vendor: bs
 #         name: book
 #         color: '#e24d0e'
 authors:
-  - ditatompel
+    - ditatompel
 ---
-Unlike before that using **DNS filtering**, several *upstreams* have performed a **TCP Reset Attack** to block access to websites that are considered illegal. And why you (especially Indonesian) should care for this mess.
+Unlike before that using **DNS filtering**, several _upstreams_ have performed
-
+a **TCP Reset Attack** to block access to websites that are considered illegal.
-<!--more-->
+And why you (especially Indonesian) should care for this mess.
 ---
 ## Background
 A few months ago, I started facing problems when trying to access **reddit.com** from my home connection, even though all devices in my home network already use **DNS-over-HTTPS (DoH)**. The same thing happened even I route all my traffic to my server located in **Indonesia Data Center** using _**VPN** tunnel_.
-My browser always shows **_"The connection was reset"_** error message when I try to access reddit.com. [My libreddit service](https://libreddit.ditatompel.com/) that I provided to access **Reddit** without **NSFW** contents stopped working (Previous server location: **Indonesia Data Center Duren Tiga** or **IDC-3D**).
+A few months ago, I started facing problems when trying to access
 **reddit.com** from my home connection, even though all devices in my home
 network already use **DNS-over-HTTPS (DoH)**. The same thing happened even I
 route all my traffic to my server located in **Indonesia Data Center** using
 _**VPN** tunnel_.
-After discussing with colleagues and make some observations, I'm sure that I've become a victim of **TCP reset attack (TCP RST)** and it happened at the *upstream provider* / *network checkpoint* that I used. It seems (in my personal opinion), my *upstream provider* is *"forced"* to carry out this *"evil"* activity.
+My browser always shows **_"The connection was reset"_** error message when
 I try to access reddit.com. My **libreddit** service that I provided to access
 **Reddit** without **NSFW** contents stopped working (Previous server location:
 **Indonesia Data Center Duren Tiga** or **IDC-3D**).
-Why do I say *"forced"*? Because most *upstream providers* are typically business oriented, and one of their business goals is to get the maximum profit. Meanwhile, doing **Deep Packet Inspection (DPI)** for large amount of traffic is not cheap. Just search for the price of **Palo Alto 5200** series, **Cisco Firepower 9300** series, or **FortiGate 6000** series if you did not believe in me. That's just hardware costs, not for maintenance costs, and operational expenses such as training, salaries, and others.
+After discussing with colleagues and make some observations, I'm sure that I've
 become a victim of **TCP reset attack (TCP RST)** and it happened at the
 _upstream provider_ / _network checkpoint_ that I used. It seems (in my
 personal opinion), my _upstream provider_ is _"forced"_ to carry out this
 _"evil"_ activity.
-I'm aware that *enterprise firewall* devices like the ones I mentioned above must be owned by large ISP companies, especially at *network checkpoints*. But I'm sure, business people will prefer to save *resources* and avoid complaints from their customers (*downstream*) rather than to *deploy* and *integrate* DPI in their network infrastructure they already run.
+Why do I say _"forced"_? Because most _upstream providers_ are typically
 business oriented, and one of their business goals is to get the maximum
 profit. Meanwhile, doing **Deep Packet Inspection (DPI)** for large amount of
 traffic is not cheap. Just search for the price of **Palo Alto 5200** series,
 **Cisco Firepower 9300** series, or **FortiGate 6000** series if you did not
 believe in me. That's just hardware costs, not for maintenance costs, and
 operational expenses such as training, salaries, and others.
-If the cost of doing **DPI** will be very expensive, is it possible that the **TCP-RST attack** is implemented at every *checkpoint* on a national scale? It is just impossible, right? *Hold my beer*, read how *"rich"* our country is to buy and implement such things in [#Privacy](#privacy) section.
+I'm aware that _enterprise firewall_ devices like the ones I mentioned above
 must be owned by large ISP companies, especially at _network checkpoints_. But
 I'm sure, business people will prefer to save _resources_ and avoid complaints
 from their customers (_downstream_) rather than to _deploy_ and _integrate_ DPI
 in their network infrastructure they already run.
 If the cost of doing **DPI** will be very expensive, is it possible that the
 **TCP-RST attack** is implemented at every _checkpoint_ on a national scale? It
 is just impossible, right? _Hold my beer_, read how _"rich"_ our country is to
 buy and implement such things in [#Privacy](#privacy) section.
 ## Investigation
 I did a very simple investigation to prove whether it was true that **TCP-RST attack** was automatically performed. There are 2 things that I do:
 1. Simply use my browsers *inspect element* feature (*simple*).
 2. Directly check from my server in Indonesia and do network capture using `tcpdump` (*advanced*).
-> _NOTE: From what I have observed, **TCP-RST attack** has not been implemented in all *checkpoint* / *upstream*. So there are still many providers who have not been affected._
+I did a very simple investigation to prove whether it was true that **TCP-RST
 attack** was automatically performed. There are 2 things that I do:
 1. Simply use my browsers _inspect element_ feature (_simple_).
 2. Directly check from my server in Indonesia and do network capture using
   `tcpdump` (_advanced_).
 > _NOTE: From what I have observed, **TCP-RST attack** has not been implemented
 > in all *checkpoint* / *upstream*. So there are still many providers who have
 > not been affected._
 ### Using browser's _inspect element_ feature (_simple_)
 ### Using browser's *inspect element* feature (*simple*)
 ![Browser error: connection reset](browser-connection-reset.png#center)
-The easiest (but less detail) way is to use your browser. When you can't access reddit.com (or any other government-blocked site) and get **_"The connection was reset"_** error message; most likely your ISP (or *upstream* ISP) already implemented this method.
+The easiest (but less detail) way is to use your browser. When you can't access
 reddit.com (or any other government-blocked site) and get
 **_"The connection was reset"_** error message; most likely your ISP (or
 _upstream_ ISP) already implemented this method.
-In a more detailed way, before trying to access reddit.com, *right-click* on your browser and look for something like "*inspect*" or "*developer tools*". Go to the "**Network**" tab and try to access reddit.com. The "*CONNECTION_RESET*" information message in the *status* column appears when the server sends *packet reset* (**RST**).
+In a more detailed way, before trying to access reddit.com, _right-click_ on
 your browser and look for something like "_inspect_" or "_developer tools_".
 Go to the "**Network**" tab and try to access reddit.com. The
 "_CONNECTION_RESET_" information message in the _status_ column appears when
 the server sends _packet reset_ (**RST**).
-### Using `tcpdump` and `curl` (*advanced*)
+### Using `tcpdump` and `curl` (_advanced_)
 > In order to understand this method, you need to know **basic concepts of TCP/IP** and [**3-Way-Handshake**](https://en.wikipedia.org/wiki/Handshake_(computing)#TCP_three-way_handshake).
-I tried to do a direct investigation from my server which is at **Indonesia Data Center Duren Tiga**. The method is quite *simple*, by sending **HTTP GET** using `curl` to reddit.com and do packet capture using `tcpdump` simultaneously.
+> In order to understand this method, you need to know **basic concepts of
 > TCP/IP** and [**3-Way-Handshake**][3_way_handshake_wiki].
-Below, `151.101.xx.xxx` is one of the reddit.com IPs that I got from **DNS resolver** when doing testing, and `xxx.xxx.x06.26` is my server public IP.
+I tried to do a direct investigation from my server which is at **Indonesia
 Data Center Duren Tiga**. The method is quite _simple_, by sending **HTTP GET**
 using `curl` to reddit.com and do packet capture using `tcpdump` simultaneously.
 Below, `151.101.xx.xxx` is one of the reddit.com IPs that I got from **DNS
 resolver** when doing testing, and `xxx.xxx.x06.26` is my server public IP.
 Sample `curl https://reddit.com -vvv` output:
 ```plain
 *   Trying 151.101.xx.xxx:443...
 * TCP_NODELAY set
@ -82,12 +118,13 @@ Sample `curl https://reddit.com -vvv` output:
 *   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
-* OpenSSL SSL_connect: Connection reset by peer in connection to reddit.com:443 
+* OpenSSL SSL_connect: Connection reset by peer in connection to reddit.com:443
 * Closing connection 0
 curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to reddit.com:443
 ```
 sample `tcpdump -i ens18 dst 151.101.xx.xxx or src 151.101.xx.xxx -Nnn` output:
 ```plain
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes
@ -107,85 +144,235 @@ listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes
 **Note from the `tcpdump` _flag_ result above**:
 | TCP Flag  | tcpdump flag | Description          |
-| --------  | ------------ | -------------------- |
+| --------- | ------------ | -------------------- |
 | `SYN`     | `S`          | Connection start     |
 | `FIN`     | `F`          | Connection end       |
 | **`RST`** | **`R`**      | **Connection reset** |
-| `PUSH`    | `P`          | Data *push*          |
+| `PUSH`    | `P`          | Data _push_          |
-| `ACK`     | `.`          | *Acknowledgment*     |
+| `ACK`     | `.`          | _Acknowledgment_     |
-> _* Flag may be combined, for example `[s.]` is `SYN-ACK` packet._
+> _\* Flag may be combined, for example `[s.]` is `SYN-ACK` packet._
 ![TCP-RST attack](tcp-rst-attack.png#center)
-It is clear that after *handshakes* and first *data packet* was sent from my server, I immediately receive a `RST` (*reset*) *flag*.
+It is clear that after _handshakes_ and first _data packet_ was sent from my
 server, I immediately receive a `RST` (_reset_) _flag_.
 ## Why you should care?
 Even though it is not (yet) in the same class as [The Great Firewall of China (GFW)](https://en.wikipedia.org/wiki/Great_Firewall), the indications *going to be there* are very high. The previous method were just **DNS spoofing**, **DNS Filtering** and **DNS Redirect**; but now using *Deep Packet Inspection* and *TCP reset attack* which impossible for majority *non-tech* in Indonesia to *bypass*.
-[Quoted from Wikipedia](https://en.wikipedia.org/wiki/Deep_packet_inspection#Indonesia), the Indonesian government through **Telkom Indonesia** (government-owned ISP) supported by **Cisco Meraki** **DPI** technology perform country-wide surveillance by the way of *Deep Packet Inspection* and *map* National Identity Number (**NIK**) of its citizens that registered to the state-owned ISP.
+Even though it is not (yet) in the same class as [The Great Firewall of China
 (GFW)][gfw_wiki], the indications _going to be there_ are very high. The
 previous method were just **DNS spoofing**, **DNS Filtering** and **DNS
 Redirect**; but now using _Deep Packet Inspection_ and _TCP reset attack_ which
 impossible for majority _non-tech_ people in Indonesia to _bypass_.
-The purpose of **Deep Packet Inspection (DPI)** includes *filtering* pornographic content, hate speech and reducing tension (for example in Papua 2019). Indonesian government also plans to [scale up the surveillance](wikipedia-dpi-indonesia.png#center) to the next level until 2030.
+[Quoted from Wikipedia][dpi_id_wiki], the Indonesian government through
 **Telkom Indonesia** (government-owned ISP) supported by **Cisco Meraki**
 **DPI** technology perform country-wide surveillance by the way of _Deep Packet
 Inspection_ and _map_ National Identity Number (**NIK**) of its citizens that
 registered to the state-owned ISP.
 The purpose of **Deep Packet Inspection (DPI)** includes _filtering_
 pornographic content, hate speech and reducing tension (for example in Papua
 2019). Indonesian government also plans to
 [scale up the surveillance](wikipedia-dpi-indonesia.png#center) to the next
 level until 2030.
 ### Increasingly limited access to information
 In the future, obtaining information that is considered *"forbidden"* by the government will be very difficult. Want to see and try the real examples by yourself? Try using a search engine from China called [Baidu](https://www.baidu.com/) and do a search with **"Tiananmen Square"** keyword. Compare search results from **Baidu** with other search engines results.
-I've experienced it myself, although it's not like and as bad as in China, but it's very inconvenient and annoying. For example, when I try to search something related to **IT** problems, Reddit discussion usually appears on search engine results, the solution was there (or at least, link to the solution was there). But to access it, I have to route all my laptop internet traffic to my VPN server (outside Indonesia) first before entering the reddit link page of the search results.
+In the future, obtaining information that is considered _"forbidden"_ by the
 government will be very difficult. Want to see and try the real examples by
 yourself? Try using a search engine from China called [Baidu][baidu_web] and
 do a search with **"Tiananmen Square"** keyword. Compare search results from
 **Baidu** with other search engines results.
 I've experienced it myself, although it's not like and as bad as in China, but
 it's very inconvenient and annoying. For example, when I try to search
 something related to **IT** problems, Reddit discussion usually appears on
 search engine results, the solution was there (or at least, link to the
 solution was there). But to access it, I have to route all my laptop internet
 traffic to my VPN server (outside Indonesia) first before entering the reddit
 link page of the search results.
 ### Damage to human rights and democratic values
 Restrictions on digital rights can undermine human rights and reduce democratic values. For example, at the beginning of 2021, residents of **desa Wadas** who had rejected the Andesite stone mining project (for the purposes of the **Bendungan Bener** project). Over the next few months, residents of *desa Wadas* are still launched a series of protests and using social media as online mobilization tools and raise awareness. However, their internet connectivity was (believed to be) restricted by the authorities in response to citizen protests in February 2022.
-*Wadas* protesters reported difficulty accessing their Twitter accounts that same week, though it remains unclear how authorities limiting their access to their own Twitter accounts. Read more complete article from **DetikX**: "[*Derasnya Penindasan Hak Digital di Wadas*](https://news.detik.com/x/detail/investigasi/20220221/Derasnya-Penindasan-Hak-Digital-di-Wadas/)" written in Bahasa Indonesia.
+Restrictions on digital rights can undermine human rights and reduce democratic
 values. For example, at the beginning of 2021, residents of **desa Wadas** who
 had rejected the Andesite stone mining project (for the purposes of the
 **Bendungan Bener** project). Over the next few months, residents of _desa
 Wadas_ are still launched a series of protests and using social media as online
 mobilization tools and raise awareness. However, their internet connectivity
 was (believed to be) restricted by the authorities in response to citizen
 protests in February 2022.
-### *Chilling Effect* and the death of freedom of expression
+_Wadas_ protesters reported difficulty accessing their Twitter accounts that
-[*Chilling Effect*](https://en.wikipedia.org/wiki/Chilling_effect) is a concept of public fear that arises due to ambiguous laws or regulations (*EHEMMMMM… [UUITE](https://en.wikipedia.org/wiki/Internet_censorship_in_Indonesia#ITE_Law). Ehemmmm… Sorry for coughing suddenly*). In Indonesia *chilling effect* usually is related defamation or hate speech (*Ehemmm… sorry cough again…*).
+same week, though it remains unclear how authorities limiting their access to
 their own Twitter accounts. Read more complete article from **DetikX**:
 "[_Derasnya Penindasan Hak Digital di Wadas_][detik_1]" written in Bahasa
 Indonesia.
-During 2018, [police arrested 122 people for hate speech on social media](https://nasional.kompas.com/read/2019/02/15/15471281/selama-2018-polisi-tangkap-122-orang-terkait-ujaran-kebencian-di-medsos) (written in Bahasa Indonesia). There are five types of crimes, ranging from *hoaxes*, fake news, blasphemy, to defamation said **Brigjen Pol. Rachmad Wibowo** who at that time served as **Direktur Tindak Pidana Siber Badan Reserse Kriminal Polri** (*Director of cyber crime at the [Indonesian National Police](https://en.wikipedia.org/wiki/Indonesian_National_Police)'s criminal investigation agency*).
+### _Chilling Effect_ and the death of freedom of expression
-Then in 2021, the *"activation"* of [**Indonesia Cyber Police**](https://cfds.fisipol.ugm.ac.id/2021/02/05/the-existence-of-indonesia-cyber-police-what-does-it-mean-for-us-netizens/) drive civils to increasingly practice [self-censorship](https://en.wikipedia.org/wiki/Self-censorship), especially regarding [freedom of speech](https://en.wikipedia.org/wiki/Freedom_of_speech). That statement was conveyed by the Coordinator of **Komisi untuk Orang Hilang dan Tindak Kekerasan** (**Kontras**, the *Commission for Missing Persons and Acts of Violence*), **Fatia Maulidiyanti**.
+[_Chilling Effect_][chilling_effect_wiki] is a concept of public fear that
 arises due to ambiguous laws or regulations (_EHEMMMMM… [UUITE][ite_law_wiki].
 Ehemmmm… Sorry for coughing suddenly_). In Indonesia _chilling effect_ usually
 is related defamation or hate speech (_Ehemmm… sorry cough again…_).
-And in February 2022, the survey results from **Indikator Politik Indonesia** showed that 62.9% (using the *stratified random* method out of 1,200 respondents with a *margin of error* of around 2.9%) respondents agreed and strongly agreed that [the public is now increasingly afraid of expressing opinions](https://nasional.tempo.co/read/1580168/survei-indikator-politik-indonesia-629-persen-rakyat-semakin-takut-berpendapat) (written in Bahasa Indonesia).
+During 2018, [police arrested 122 people for hate speech on social
 media][kompas_1] (written in Bahasa Indonesia). There are five types of crimes,
 ranging from _hoaxes_, fake news, blasphemy, to defamation said
 **Brigjen Pol. Rachmad Wibowo** who at that time served as **Direktur Tindak
 Pidana Siber Badan Reserse Kriminal Polri** (_Director of cyber crime at the
 [Indonesian National Police][indonesian_police_wiki]'s criminal investigation
 agency_).
-> _"If (for example) you get terrible (fake) news, then report it to the police, in a few minutes it will be known from whom, where from, then the culprit is found and then arrested." — **Mahfud MD**_
+Then in 2021, the _"activation"_ of [**Indonesia Cyber Police**][ugm_1] drive
 civils to increasingly practice [self-censorship][self_censorship_wiki],
 especially regarding [freedom of speech][freedom_of_speech_wiki]. That
 statement was conveyed by the Coordinator of **Komisi untuk Orang Hilang dan
 Tindak Kekerasan** (**Kontras**, the _Commission for Missing Persons and Acts
 of Violence_), **Fatia Maulidiyanti**.
 And in February 2022, the survey results from **Indikator Politik Indonesia**
 showed that 62.9% (using the _stratified random_ method out of 1,200
 respondents with a _margin of error_ of around 2.9%) respondents agreed and
 strongly agreed that [the public is now increasingly afraid of expressing
 opinions][tempo_1] (written in Bahasa Indonesia).
 > _"If (for example) you get terrible (fake) news, then report it to the
 > police, in a few minutes it will be known from whom, where from, then the
 > culprit is found and then arrested." — **Mahfud MD**_
 ### Privacy
 Actually, **Deep Packet Inspection** was initially created to measure and manage network security and protect users and prevent the spread of *malware*. However, using this technology as a surveillance tool will have a very bad impact on ~~your~~ our privacy. In addition, DPI can also be used to study the behavior or *interest* of an individual or institution from their activities on the internet which can be used for *targeted (behavioral) marketing*.
-Various reports have linked authorities with the purchase and use of *spyware* and other sophisticated *surveillance* tools. For example, in 2015, **Citizen Lab**; a research group based in **Toronto** [alleges that the Indonesian government use **FinFisher** *spyware*](https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation) which collects data such as **Skype** audio, *key log*, and screenshots.
+Actually, **Deep Packet Inspection** was initially created to measure and
 manage network security and protect users and prevent the spread of _malware_.
 However, using this technology as a surveillance tool will have a very bad
 impact on ~~your~~ our privacy. In addition, DPI can also be used to study the
 behavior or _interest_ of an individual or institution from their activities on
 the internet which can be used for _targeted (behavioral) marketing_.
-In 2016, [**Joseph Cox**](https://www.vice.com/en/contributor/joseph-cox) [revealed](https://www.vice.com/en/article/4xaq4m/the-uk-companies-exporting-interception-tech-around-the-world) that **International Mobile Subscriber Identity-catchers** ([**IMSI-catchers**](https://en.wikipedia.org/wiki/IMSI-catcher)) was sold to Indonesia from Switzerland and British companies. **IMSI-catcher** is a device used to intercept traffic of cellphone networks and track the location of cellphone users. You could say, it's like a *"fake BTS"* as an intermediary between the user's cellphone and the ISP's original BTS.
+Various reports have linked authorities with the purchase and use of _spyware_
 and other sophisticated _surveillance_ tools. For example, in 2015,
 **Citizen Lab**; a research group based in **Toronto** [alleges that the
 Indonesian government use **FinFisher** _spyware_][citizenlab_finfishers] which
 collects data such as **Skype** audio, _key log_, and screenshots.
-In December 2021, **Citizen Lab**, stated that there was a high probability that the Indonesian government had become a **Cytrox** (selling **Predator Spyware**) customer. In addition, **Citizen Lab** also reported in December 2020 that Indonesia is very likely to have purchased technology from [**Circles**](https://dimse.info/circles/), a company that sells exploits of global cellular systems who later joined the [NSO group](https://www.nsogroup.com/). The method used by **Citizen Lab** to find out their report is by doing *scanning & signature fingerprinting* of *firewall checkpoint* on **Circles** devices through [Shodan](https://www.shodan.io/) service.
+In 2016, [**Joseph Cox**][joseph_cox] [revealed][vice_1] that **International
 Mobile Subscriber Identity-catchers** ([**IMSI-catchers**][imsi_catcher_wiki])
 was sold to Indonesia from Switzerland and British companies. **IMSI-catcher**
 is a device used to intercept traffic of cellphone networks and track the
 location of cellphone users. You could say, it's like a _"fake BTS"_ as an
 intermediary between the user's cellphone and the ISP's original BTS.
 In December 2021, **Citizen Lab**, stated that there was a high probability
 that the Indonesian government had become a **Cytrox** (selling **Predator
 Spyware**) customer. In addition, **Citizen Lab** also reported in
 December 2020 that Indonesia is very likely to have purchased technology from
 [**Circles**][dimse_circles], a company that sells exploits of global cellular
 systems who later joined the [NSO group][nsogroup_web]. The method used by
 **Citizen Lab** to find out their report is by doing _scanning & signature
 fingerprinting_ of _firewall checkpoint_ on **Circles** devices through
 [Shodan][shodan] service.
 ### Economic impact
 So far (from what I have observed), **TCP-RST attack** implementations still only exist in several *upstream providers / checkpoints*. However, if this continues to be carried out and implemented in all *checkpoints* that leaving Indonesia (*outbound traffic*), then it will definitely have an impact on buying interest for *Cloud Provider* / *Datacenter* located in Indonesia.
-Who wants their *microservices* suddenly stopped working because of this **TCP-RST attack**? I started moving my VPSes somewhere outside Indonesia, because in my opinion, server / cloud infrastructures should not be (suddenly) restricted (without prior notification) to access public data or APIs.
+So far (from what I have observed), **TCP-RST attack** implementations still only exist in several _upstream providers / checkpoints_. However, if this continues to be carried out and implemented in all _checkpoints_ that leaving Indonesia (_outbound traffic_), then it will definitely have an impact on buying interest for _Cloud Provider_ / _Datacenter_ located in Indonesia.
 Who wants their _microservices_ suddenly stopped working because of this **TCP-RST attack**? I started moving my VPSes somewhere outside Indonesia, because in my opinion, server / cloud infrastructures should not be (suddenly) restricted (without prior notification) to access public data or APIs.
 ![Moving to AWS](moving-to-aws.png#center)
 ## Evading censorship
 To *bypass* **DNS** based censorship such as **DNS spoofing**, **DNS filtering** and **DNS redirect**; teaching *non-tech* people to use **DNS-over-HTTPS (DoH)** is quite easy. But to *bypass* **DPI** and **TCP RST attack** would be very difficult and impossible for majority *non-tech* people in Indonesia to do.
-A few way to avoid censorship is use *network tunnel* to a *server* outside Indonesia, whether it's **VPN** or **SOCKS5 proxy**. Even then, the government and the ISP you use will still know that you are using a **Proxy** / **VPN**. The difference is: they only know that you are connecting to VPN / SOCKS5 servers and where the VPN / SOCKS5 server is located. Other than that, they don't know anything (only you and VPN / Server / Proxy provider know what service / host you communicate with).
+To _bypass_ **DNS** based censorship such as **DNS spoofing**,
 **DNS filtering** and **DNS redirect**; teaching _non-tech_ people to use
 **DNS-over-HTTPS (DoH)** is quite easy. But to _bypass_ **DPI** and **TCP RST
 attack** would be very difficult and impossible for majority _non-tech_ people
 in Indonesia to do.
-If you are really *concern* about privacy, choosing a **VPN provider** must also be done with quite complicated research. Lots of apps on the **App Store** offer **free VPN**, but most of them end up with selling your data.
+A few way to avoid censorship is use _network tunnel_ to a _server_ outside
 Indonesia, whether it's **VPN** or **SOCKS5 proxy**. Even then, the government
 and the ISP you use will still know that you are using a **Proxy** / **VPN**.
 The difference is: they only know that you are connecting to VPN / SOCKS5
 servers and where the VPN / SOCKS5 server is located. Other than that, they
 don't know anything (only you and VPN / Server / Proxy provider know what
 service / host you communicate with).
-And I hope, **QUIC/HTTP3** technology will enter a new chapter soon that *"may"* help us mitigate the impact of **TCP RST attack** a bit.
+If you are really _concern_ about privacy, choosing a **VPN provider** must
 also be done with quite complicated research. Lots of apps on the **App Store**
 offer **free VPN**, but most of them end up with selling your data.
 And I hope, **QUIC/HTTP3** technology will enter a new chapter soon that
 _"may"_ help us mitigate the impact of **TCP RST attack** a bit.
 ## Sources and references
- "[Indonesia: Freedom on the Net 2022 Country Report](https://freedomhouse.org/country/indonesia/freedom-net/2022)" – freedomhouse.org.
+
- "[State of Privacy Indonesia](https://privacyinternational.org/state-privacy/1003/state-privacy-indonesia)" – privacyinternational.org.
+-   "[Indonesia: Freedom on the Net 2022 Country Report][foh_id_2022]" -
- NetBlocks. 2019b: "[Internet disrupted in Papua, Indonesia amid protests and calls for independence](https://netblocks.org/reports/internet-disrupted-in-papua-indonesia-amid-mass-protests-and-calls-for-independence-eBOgrDBZ)" – netblocks.org.
+    freedomhouse.org.
- Thompson, Nik; McGill, Tanya; and Vero Khristianto, Daniel, "[Public Acceptance of Internet Censorship in Indonesia](https://aisel.aisnet.org/acis2021/22)" (2021). ACIS 2021 Proceedings. 22.
+-   "[State of Privacy Indonesia][privacyinternational_id]" -
- Wildana, F. (2021) "[An Explorative Study on Social Media Blocking in Indonesia](https://journal.unesa.ac.id/index.php/jsm/article/view/12976)", The Journal of Society and Media, 5(2), pp. 456–484. doi: 10.26740/jsm.v5n2.p456-484.
+    privacyinternational.org.
-  Paterson, Thomas (4 May 2019). "[Indonesian cyberspace expansion: a double-edged sword](https://doi.org/10.1080%2F23738871.2019.1627476)". *Journal of Cyber Policy*. 4 (2): 216–234. doi:10.1080/23738871.2019.1627476. ISSN 2373-8871. S2CID 197825581.
+-   NetBlocks. 2019b: "[Internet disrupted in Papua, Indonesia amid protests
- Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, and Ron Deibert, "[Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/)" – citizenlab.ca.
+    and calls for independence][netblocks_2019b]" - netblocks.org.
- Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert, "[Running in Circles
+-   Thompson, Nik; McGill, Tanya; and Vero Khristianto, Daniel, "[Public
-Uncovering the Clients of Cyberespionage Firm Circles](https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/)" – citizenlab.ca.
+    Acceptance of Internet Censorship in Indonesia][aisanet_1]" (2021). ACIS
- Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and Sarah McKune, "[Pay No Attention to the Server Behind the Proxy](https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/)", Mapping FinFisher’s Continuing Proliferation – citizenlab.ca.
+    2021 Proceedings. 22.
- Joseph Cox, "[British Companies Are Selling Advanced Spy Tech to Authoritarian Regimes](https://www.vice.com/en/article/4xaq4m/the-uk-companies-exporting-interception-tech-around-the-world)" – vice.com.
+-   Wildana, F. (2021) "[An Explorative Study on Social Media Blocking in
- Thomas Brewster, "[A Multimillionaire Surveillance Dealer Steps Out Of The Shadows and His $9 Million WhatsApp Hacking Van](https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/)" – forbes.com.
+    Indonesia][unesa_journal_1]", The Journal of Society and Media, 5(2),
- Moh. Khory Alfarizi, Febriyan, "[Survei Indikator Politik Indonesia: 62,9 Persen Rakyat Semakin Takut Berpendapat](https://nasional.tempo.co/read/1580168/survei-indikator-politik-indonesia-629-persen-rakyat-semakin-takut-berpendapat)" – tempo.co.
+    pp. 456–484. doi: 10.26740/jsm.v5n2.p456-484.
- Abba Gabrillin, Krisiandi, "[Selama 2018, Polisi Tangkap 122 Orang Terkait Ujaran Kebencian di Medsos](https://nasional.kompas.com/read/2019/02/15/15471281/selama-2018-polisi-tangkap-122-orang-terkait-ujaran-kebencian-di-medsos)" – kompas.com.
+-   Paterson, Thomas (4 May 2019). "[Indonesian cyberspace expansion: a
- Tsarina Maharani, Dani Prabowo "[Kontras: Polisi Siber yang Akan Diaktifkan Pemerintah Berpotensi Bungkam Kebebasan Berekspresi](https://nasional.kompas.com/read/2020/12/28/14074121/kontras-polisi-siber-yang-akan-diaktifkan-pemerintah-berpotensi-bungkam)" – kompas.com.
+    double-edged sword][doi_1]". _Journal of Cyber Policy_. 4 (2): 216–234.
    doi:10.1080/23738871.2019.1627476. ISSN 2373-8871. S2CID 197825581.
 -   Bill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi,
    Siena Anstis, Kristin Berdan, and Ron Deibert, "[Pegasus vs. Predator:
    Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary
    Spyware][citizenlab_cytrox]" - citizenlab.ca.
 -   Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and
    Ron Deibert, "[Running in Circles Uncovering the Clients of Cyberespionage
    Firm Circles][citizenlab_circles]" - citizenlab.ca.
 -   Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and
    Sarah McKune, "[Pay No Attention to the Server Behind the
    Proxy][citizenlab_finfishers]", Mapping FinFisher’s Continuing
    Proliferation - citizenlab.ca.
 -   Joseph Cox, "[British Companies Are Selling Advanced Spy Tech to
    Authoritarian Regimes][vice_1]" - vice.com.
 -   Thomas Brewster, "[A Multimillionaire Surveillance Dealer Steps Out Of The
    Shadows and His $9 Million WhatsApp Hacking Van][forbes_1]" - forbes.com.
 -   Moh. Khory Alfarizi, Febriyan, "[Survei Indikator Politik Indonesia:
    62,9 Persen Rakyat Semakin Takut Berpendapat][tempo_1]" - tempo.co.
 -   Abba Gabrillin, Krisiandi, "[Selama 2018, Polisi Tangkap 122 Orang Terkait
    Ujaran Kebencian di Medsos][kompas_1]" - kompas.com.
 -   Tsarina Maharani, Dani Prabowo "[Kontras: Polisi Siber yang Akan Diaktifkan
    Pemerintah Berpotensi Bungkam Kebebasan Berekspresi][kompas_2]" -
    kompas.com.
 [indonesian_police_wiki]: https://en.wikipedia.org/wiki/Indonesian_National_Police "Indonesian National Police"
 [3_way_handshake_wiki]: https://en.wikipedia.org/wiki/Handshake_(computing)#TCP_three-way_handshake "TCP three-way handshakewiki"
 [ite_law_wiki]: https://en.wikipedia.org/wiki/Internet_censorship_in_Indonesia#ITE_Law "ITE Law"
 [ugm_1]: https://cfds.fisipol.ugm.ac.id/2021/02/05/the-existence-of-indonesia-cyber-police-what-does-it-mean-for-us-netizens/ "Indonesia Cyber Police"
 [self_censorship_wiki]: https://en.wikipedia.org/wiki/Self-censorship "Self Censorship Wiki"
 [freedom_of_speech_wiki]: https://en.wikipedia.org/wiki/Freedom_of_speech "Freedom of Speech Wiki"
 [gfw_wiki]: https://en.wikipedia.org/wiki/Great_Firewall "The Great Firewall of China (GFW)"
 [dpi_id_wiki]: https://en.wikipedia.org/wiki/Deep_packet_inspection#Indonesia "Country-wide Surveillance by Indonesian Goverment"
 [baidu_web]: https://www.baidu.com/ "Baidu Website"
 [detik_1]: https://news.detik.com/x/detail/investigasi/20220221/Derasnya-Penindasan-Hak-Digital-di-Wadas/ "Derasnya Penindasan Hak Digital di Wadas"
 [chilling_effect_wiki]: https://en.wikipedia.org/wiki/Chilling_effect "Chilling Effect"
 [kompas_1]: https://nasional.kompas.com/read/2019/02/15/15471281/selama-2018-polisi-tangkap-122-orang-terkait-ujaran-kebencian-di-medsos "Selama 2018, Polisi Tangkap 122 Orang Terkait Ujaran Kebencian di Medsos"
 [kompas_2]: https://nasional.kompas.com/read/2020/12/28/14074121/kontras-polisi-siber-yang-akan-diaktifkan-pemerintah-berpotensi-bungkam "Polisi Siber yang Akan Diaktifkan Pemerintah Berpotensi Bungkam Kebebasan Berekspresi"
 [tempo_1]: https://nasional.tempo.co/read/1580168/survei-indikator-politik-indonesia-629-persen-rakyat-semakin-takut-berpendapat "Survei Indikator Politik Indonesia: 62,9 Persen Rakyat Semakin Takut Berpendapat"
 [citizenlab_finfishers]: https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/ "Pay No Attention to the Server Behind the Proxy"
 [citizenlab_cytrox]: https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/ "Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware"
 [citizenlab_circles]: https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/ "Running in Circles Uncovering the Clients of Cyberespionage Firm Circles"
 [joseph_cox]: https://www.vice.com/en/contributor/joseph-cox "Joseph Cox"
 [vice_1]: https://www.vice.com/en/article/4xaq4m/the-uk-companies-exporting-interception-tech-around-the-world "British Companies Are Selling Advanced Spy Tech to Authoritarian Regimes"
 [imsi_catcher_wiki]: https://en.wikipedia.org/wiki/IMSI-catcher "international mobile subscriber identity-catcher"
 [dimse_circles]: https://dimse.info/circles/ "Circles surveillance firm"
 [nsogroup_web]: https://www.nsogroup.com/ "NSO Group Website"
 [shodan]: https://www.shodan.io/ "Shodan.io Website"
 [foh_id_2022]: https://freedomhouse.org/country/indonesia/freedom-net/2022 "Indonesia: Freedom on the Net 2022 Country Report"
 [privacyinternational_id]: https://privacyinternational.org/state-privacy/1003/state-privacy-indonesia "State of Privacy Indonesia"
 [netblocks_2019b]: https://netblocks.org/reports/internet-disrupted-in-papua-indonesia-amid-mass-protests-and-calls-for-independence-eBOgrDBZ "Internet disrupted in Papua, Indonesia amid protests and calls for independence"
 [aisanet_1]: https://aisel.aisnet.org/acis2021/22 "Public Acceptance of Internet Censorship in Indonesia"
 [unesa_journal_1]: https://journal.unesa.ac.id/index.php/jsm/article/view/12976 "An Explorative Study on Social Media Blocking in Indonesia"
 [doi_1]: https://doi.org/10.1080%2F23738871.2019.1627476 "Indonesian cyberspace expansion: a double-edged sword"
 [forbes_1]: https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/ "A Multimillionaire Surveillance Dealer Steps Out Of The Shadows and His $9 Million WhatsApp Hacking Van"