A multi-perspective view of Internet censorship in Myanmar
In the wake of a military coup in February 2021,
Myanmar experienced unprecedented levels of internet censorship.
In response, we collaborated with CAIDA’s Internet Outage Detection and Analysis (IODA) team and
Myanmar ICT for Development Organization (MIDO) on publishing a research report
which documents a series of nightly internet outages
of social media, Wikipedia, and circumvention tool sites in Myanmar
following the military coup.
In the months that followed, we continued to examine internet censorship
in Myanmar quite closely. We collaborated with
and other researchers from UC San Diego and the
University of Michigan to expand our analysis.
We used diverse datasets and measurement methods to offer a holistic
view into the censorship events in Myanmar that occurred since the coup
and show how internet censorship evolved between 1st February 2021
to 30th April 2021.
As an outcome, we produced a research paper (“A
multi-perspective view of Internet censorship in Myanmar”) which we
submitted to the ACM SIGCOMM 2021 Workshop on Free and Open Communications on the Internet (FOCI 2021).
Our paper was
published by FOCI
2021 and CAIDA’s Ramakrishna Padmanabhan
our research findings at the workshop.
READ RESEARCH PAPER
Below we summarize the key findings of our paper.
Summary of findings
You can learn about the findings of our research paper by viewing
the following video produced by CAIDA’s
Following the military coup on 1st February 2021, Myanmar experienced a
series of internet outages
until 28th April 2021.
Source: Internet Outage Detection and Analysis (IODA), IODA Signals
for Myanmar, https://ioda.caida.org/ioda/dashboard#view=inspect&entity=country/MM&lastView=overview&from=1613125943&until=1615545143
In summary, these include:
Coup-day outage. On 1st February 2021, IODA data
that Myanmar experienced a significant internet outage, starting
at 03:30 AM local time. Notably, there were several differences in
the extent to which ISPs were affected by the outage and in timing
patterns, suggesting the lack of an internet kill switch.
Weekend-after-coup outage. On 6th February 2021, IODA data
that Myanmar experienced a 28-hour long internet outage that
affected most ISPs in Myanmar. The outage end-times were similar
across most ISPs, suggesting synchronization and improved
planning, coordination, and execution of the shutdown.
Nightly outages. Starting from the night of 14th February 2021,
Myanmar experienced nightly internet outages
(which affected most ISPs) for 72 nights, until 28th April 2021.
These outages began at the same time (01:00 local time) and lasted
8 hours for most nights. In contrast to the coup-day outage, the
nightly outages occurred in a highly synchronized manner, with
outages beginning and ending at identical times for most ISPs.
Cellular outages. As of 15th March 2021, Kentik traffic data
shows that cellular connectivity has been heavily restricted in
Myanmar. The cellular restrictions were ongoing, as of
Starting from 4th February 2021 (3 days after the coup), ISPs in Myanmar
started blocking access to a number of websites
social media (such as
and circumvention tool websites. These blocks remain
We share these blocked websites through the following chart, which
summarizes OONI measurement findings
between February 2021 to April 2021.
Source: Blocking of websites in Myanmar from February 2021 to April
2021 based on OONI measurements.
In terms of censorship techniques, we found:
IP blocking became more prevalent after the coup. We primarily
observed IP-based blocking of websites, as most OONI measurements
(across ASes) show
that TCP connections to the resolved IP addresses failed (when
resolution succeeded in providing the right IP address for the
website). This censorship technique is primarily seen in OONI data
after the coup, as our analysis in Myanmar in 2020
showed that DNS based interference was previously more prevalent.
Collateral damage as a result of IP blocks. IP based blocking
can potentially lead to collateral damage, affecting the
accessibility of other domains hosted on a blocked IP address. We
found 2 such cases:
Domains hosted on the IP 22.214.171.124. This IP address
belongs to the Google hosting network and includes domains
www.privaterra.org, all of
which presented TCP/IP anomalies between 24th-27th February
2021 (as illustrated in the above chart). This suggests that
some of these domains may have been blocked unintentionally
as a result of collateral damage.
Domains hosted on the IP 126.96.36.199. This address belongs
to the Fastly network and includes the domains
getintra.org, both of which
started to present TCP/IP anomalies on 2nd March 2021. Reverse
IP lookups indicate that the blocking of this IP may lead to
the blocking of more than 10,000 websites, showing the
severity of collateral damage due to IP blocking.
Ongoing DNS based tampering. Even though ISPs in Myanmar
primarily appear to implement IP-based blocks following the coup,
we continue to observe cases of DNS based interference as well.
Many ISPs in Myanmar showed evidence of confirmed DNS blocking
(as illustrated in the previous chart), usually resolving to an IP
address that hosted a blockpage. Some ISPs responded with
for domains like
www.facebook.com. DNS interference was not
consistent inside an ISP; some DNS resolvers implemented DNS
blocking while others in the same ISP did not.
Overall, we found:
Censorship variance across networks. We found different websites blocked on different networks,
and different censorship methods used by different ISPs in
Myanmar. This suggests that internet censorship in Myanmar is
not centralized and that local ISPs may implement blocking at
their own discretion.
Non-deterministic censorship. OONI measurements show that IP
blocks are not implemented consistently, offering additional signs
that ISPs operate independently and (sometimes) arbitrarily.
Within the same AS, we do not observe IP blocking for all the
addresses associated with a domain. One cause of this
inconsistency could potentially be the result of ISPs using
incomplete addresslists for blocking. For example, OONI
measurements collected from the testing of
Frontiir (AS58952) show the blocking of Facebook’s IP
188.8.131.52, but not
of Facebook’s IP
Twitter hijack and collateral damage
On 5th February 2021 —the same day that Twitter was blocked in Myanmar—
Myanmar’s Campana Mythic (AS136168) announced the
prefix, belonging to Twitter. The proximity of this hijacking event in
time to the blocking of Twitter in other Myanmar ISPs suggests that the
original intent was to blackhole traffic to Twitter for users of this
Myanmar ISP. However, this route accidentally leaked to the global
internet, appearing as if AS136168 owned/hosted Twitter’s address space.
This accidental event offers additional evidence that providers used
various ways to perform IP-level blocking to censor domains.
Our analysis of BGP data collected by the Routeviews and RIPE RIS
projects shows the illegitimate route propagated (at least) to operators
in Singapore (AS4844, AS56300, AS24482, AS132132) and Vietnam (AS45903)
who received, accepted, and further propagated it. This resulted in
collateral damage for Twitter users outside Myanmar.
We quantify the extent of this collateral damage in the following graph,
which shows that a small volume of traffic from Kentik’s customers
outside Myanmar was directed towards the hijacker (AS136168) instead of
Source: Collateral damage to Twitter users outside Myanmar as a
result of the BGP hijack event affecting Twitter’s address space. The
figure shows Twitter traffic observed by Kentik from different source
ASes (indicated by different colors) that was being routed towards
Campana Mythic (AS136168).
The following timeline summarizes the main internet censorship events
that we detected in Myanmar following the February 2021 military coup.
Image: Timeline of censorship events in Myanmar.
Collectively, these are among the most disruptive, long-lasting, and
widespread censorship events in recent times.
The censorship events in Myanmar reflect emerging patterns of politically inspired
censorship and offer insight into the ways in which authoritarian
regimes combine censorship approaches strategically to achieve their
immediate goals. The timing of censorship events in Myanmar coincided
with the military coup, which is
consistent with many other studies which have shown that internet
censorship is targeted during sensitive political time periods and
periods of potential power transitions, such as
and large-scale protests.
The fact that the initial outages were implemented by the challenger
rather than the incumbent government suggests that internet censorship
during a coup attempt can increase the probability of a successful coup.
Conspirators in a coup may benefit from shutting communications quickly,
to prevent public or government coordination against their coup attempt.
Yet, the haphazard nature of the outages during the initial coup in
Myanmar may reflect the difficulty of the challenger in implementing
this censorship, and could be a reflection of their initial lack of
After consolidating power, the new junta in Myanmar began imposing
internet curfews, shutting down the internet during the night while
keeping it on in the day. Like physical curfews, regimes may implement
internet curfews to target organization of political dissent while
minimizing the impact on the economy, as many sectors require internet access
during the day.
While nightly outages in Myanmar have now ended, the ongoing blocking of social media and circumvention tool websites
(which has persisted since February 2021) may indicate a move
toward more selective methods of censorship. This shift is consistent
with a pattern in authoritarian regimes of engaging in targeted censorship to maximize political impact
while minimizing its cost.
We hope this
provide a template of combining internet measurements to provide a
broader understanding of digital strategy of autocrats, an effort that
could be scaled and replicated cross-nationally in future work.