Hacker News new | comments | show | ask | jobs | submit login
Dropbox, Google Drive and Microsoft OneDrive blocked in Turkey following leaks (turkeyblocks.org)
304 points by purak on Oct 9, 2016 | hide | past | web | favorite | 98 comments



This is so annoying for us. I'm not using Dropbox, Google Drive or OneDrive but GitHub is the tool we use the most as a software agency. We've set-up a VPN server for our team for the moment.

Only good thing coming from this is that I've discovered a software called Pritunl today which made setting up the VPN pretty easy.


The real solution off course is to rid your country of the embarrisment of Erdogan. Vote. If thats still legal coming next election.


I think we are not that close to having theatre elections. I hate admitting it but democracy works pretty well in Turkey.

There are just too many uneducated people here that are influenced by power and religious-themed party platforms. I'm not sure if I'm being elitist but a good democracy requires good, educated people.

The ruling party is systematically fucking the education system here, creating more religious schools, adding more voluntary religious classes. ProTip, in Turkey voluntary classes means it's probably mandatory since school headmasters tend to pick whatever they please for the students, citing scheduling problems and being understaffed.

I've made peace with the fact Erdogan is not going anywhere soon but I still hope for the country. I have an opinion about him and his party which is not popular among my peers. Erdogan is not a stupid bigot. He is not Trump, for example.

From the first day, AKP always hired the best minds in the country. The party had a culture of being reasonable, the founders were good, educated people with the right mindset. They were conservative, which I hate as an atheist, but also social democrats. They supported most things Bernie Sanders supports in the U.S. with a good balance for free market and capitalism. But they attracted stupid bigots as a result of being a religious party. They've done a good job bringing conservatives in Turkey together (also a result of hiring the best, their PR was always good[0]). AKP has a rule where their members can only serve 2 terms in the parliament. As time went by, good ones were replaced by the new generation of party leaders who are just puppets for the President. All the good people were pushed out of the party because they started to disobey orders from the top. They are bigots and too religious. Time to to time, I catch glimpses of Erdogan, supporting our secularism, saying "it's unacceptable to create an Islamic constitution".

As they push religion more on Turkey, more they'll lose support. Because educated people are looking to get away. Investors included. This is hurting the economy. President Erdogan or his advisors soon will see they need to be merging the country not separating it. They'll act more secular and sane. Because as it stands now, AKP will be lost in history after the President dies. They don't want that. They are also scared of religious powers here since the coup attempt. Only people they trust right now is the people they alienated and sentenced to life in prison. Kemalists.

All this combined, we'll see worst days after we see the light but I have hope we'll see it.

[0] The owner of agency which handled most things for the AKP lost his life, along with his son on the Bosphorus Bridge on the night of the coup attempt. Which is why I don't believe AKP was behind the attempt. He was always loyal and a good friend to the President. He cried at the funeral which is something I've never saw him do and not the best political action if it was a role.

(Quick note, I'm sorry if this is too political. I started writing a sentence but I wanted to say something like this for a while, I just had to get it out I guess.)


> I'm not sure if I'm being elitist but a good democracy requires good, educated people

You're not being elitist - good government requires good decisions, which require being educated about the topic. When the people are involved in government (democracy), they also need to understand the ramifications of what they do. The better politically-educated the demographic, the more effective the democracy will be, all other things being equal (which they're usually not...).


> I hate admitting it but democracy works pretty well in Turkey.

Majoritarianism should not be confused with democracy.


That's a pretty easy mistake to make. Care to enlighten me about the difference?


He agrees with the results.

(OK, you want to look up Polybius and the word ochlocracy. But it still comes to that.)


>"Erdogan is not a stupid bigot. He is not Trump, for example"

There are more than a handful of bigoted statements that have come from Erdogan:

Some examples:

https://www.washingtonpost.com/news/worldviews/wp/2014/08/06...

https://www.frontpagemag.com/point/196265/understanding-turk...

"On 5 August 2014, Prime Minister Recep Tayyip Erdoğan, in a televised interview on NTV news network, remarked that being Armenian is "uglier" even than being Georgian, saying "You wouldn't believe the things they have said about me. They have said I am Georgian...they have said even uglier things - they have called me Armenian, but I am Turkish"

Source: https://en.wikipedia.org/wiki/Racism_in_Turkey


For what it is worth, that quote was totally misunderstood and turned into a smear campaign.

Context is this, some people in Turkey loves to attack people/politicians for their ethnicity. And I guess some people called him Georgian or Armenian descendant. However, some said it as "Ermeni dölü" - a little hard to translate - "from Armenian seed (or semen)". During his speech he says exactly this: "They called me Georgian. They called me, excuse me, in a very ugly way, Armenian". This is a typical conservative way of talking. He refrained himself using the term "döl-semen" and terms "excuse me" and "very ugly way" was for that word, not for "Armenian".

Of course, to me correct way of talking about this issue could be "they call me this and that.. who cares!"


Before down voting me, please provide a source that includes the whole context then and substantiates your claim.

And this is not the only one. I have provided exampled of at least two others.


Ok I will bite.

This was the rebuttal against the claim. And, it was so obvious to conservative speakers or old timers like me. I was actually baffled that people misunderstood this.

Also, If you are a native speaker, it is obvious (listen it first if you want https://www.youtube.com/watch?v=_UPIF2ql7pw ).

He says "Benim için mesela neler söylediler, çıktı bir tanesi aynı zihniyet Gürcüdür diyen oldu. Çıktı bir tanesi afedersin çok daha çirkin şeylerle Ermeni diyen oldu.." "then one another came out and told, excuse me, with much more uglier things, Armenian."

Grammatically you would not use the term "şeylerle - with..things" there to got the other meaning. Prosody and stops also would be weird to get that meaning. Use of "excuse me" before telling an inappropriate word is also very well known (not for a word like Armenian). It is common that in Turkey many politicians were smeared with slurs like "Armenian dölü-seed" or "Yunan dölü" and he was called with that. He is defining the adjective used frequently. Besides, he is known as the person who tries to break the ice with Armenians state level, do you think he would insult Armenians so calmly like that?

Your second link is based on a racist speech claim. However I cannot find the original Turkish speech to make more comments. But it is a well known fact that there is no black-white racism in Turkey. But please provide a better source to dig further.


"But it is a well known fact that there is no black-white racism in Turkey."

Really? I think Didier Drogba and many others might disagree with you. This was well-publicized:

http://www.nationalturk.com/en/turkish-derbysome-of-fools-sh...

http://www.goal.com/en/news/467/turkey/2013/05/21/3993492/dr...

In regards to the second link, there is another link here:

http://lidblog.com/turkeys-pm-erdogan-believes-blacks-are/


Let's not get ahead of ourselves, racism and bigotry is well documented in Football (Soccer).

To compare any established football team's supporting crowd to a countries Democratic process is foolish.

We're not about to start comparing the social status of Britain to West Ham's Claret and Blue Army, are we? I'd suggest we do not follow the same in Turkey.


>"To compare any established football team's supporting crowd to a countries Democratic process is foolish"

Nowhere did I attempt to conflate racism with democratic process. I even included the one particular statement I was responding to in my post which was:

"But it is a well known fact that there is no black-white racism in Turkey."


Well, No. This is the culture here. Youtube was closed for years because of Ataturk related videos. One goes another comes.

Besides, those leaks are really BS by the way. Those so called Redhack hackers are as idiot as the people who shuts down whole sites for nothing.


What makes you think it's BS? If I had leaks showing that my country's government has nepotism on high position, a big influence over the media and actively silencing opposition and dissent I would be pretty worried. Just part of culture?

http://www.dailydot.com/layer8/redhack-turkey-albayrak-censo...


Legally, yes, YouTube was banned because of those videos. But they stopped the ban after Google started paying taxes here, which IMHO is worse.

I wish we still had good investigative reports who'll read those e-mails and summarize it for us.


Google is not paying taxes here. Those e-mails are as empty as recent Wikileaks AKP e-mails.


Streisand [https://github.com/jlund/streisand] works quite well too.


If you can access github...


We'll, most people I know in Turkey already uses ZenMate on their browsers. It doesn't help in this situation since all these "apps" are also installed software so you need a VPN installed to route every connection for the computer.


Tor


I've actually looked for this and couldn't find it. I should've looked at my starts on GitHub. Pritunl was too easy but I'll try this for my personal needs. :)

Thanks for the link.


Oh, so all that TLS/SSL errors were because of this! I thought my PC's configuration was broken...

Though there is a lesson in this, apart from politics etc.: if it's not public, don't put it on the net, e.g. set up a Raspberry Pi in your office with a static IP and use it as the DVCS server. Thus, what happens in the outer world does not disrupt your work, and if there is a problem or a need, you can sort it out.


We feel for you! Those DDOS attacks a couple years ago against Github were only intermittent, but more than enough to annoy the shit out of me.


Someone on Reddit highlighted that the block seems to key off of the SSL SNI header, regardless of which IP you try to connect to. There must be some Deep Packet Inspection going on here, then?

https://www.reddit.com/r/europe/comments/56h0s3/they_just_bl...

Is the blocking able to handle stuff like fragrouter where the TCP stream is broken down into 1byte payload packets?


We started seeing more sophisticated DPI capabilities after the Feb '14 internet regulations[0] that required ISPs to block by URL and content strings

IMO blocking so many sites so broadly is a sign that their DPI is failing, because their preference seems to be to block as narrowly as possible because of negative economic effects.

[0] http://aa.com.tr/en/turkey/turkey-s-general-assembly-ratifie...


With ssl the best they can do is this host level blocking unless they perform mitm attacks.


> unless they perform mitm attacks

Which any state-sponsored actor can easily do, of course.


Please tell me how Turkey is going to MITM Google on a recurring basis, enough to implement filtering.


By using a CA they control to generate a fake certificate for Google like they've already "accidentally" done:

http://arstechnica.com/security/2013/01/turkish-government-a...


Which they can only pull off once before their CA is distrusted. See: how Chinese government CA was restricted to .cn domains only


Snort can at least get you close. A custom snort module maybe able to do the specific cert: https://www.snort.org/faq/readme-ssl

It's stream5 preprocessor can deal with most evasion techniques as it does full tcp stream reconstruction.

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/n...


But does that scale to ISP or even country level of traffic? Having enough RAM to reassemble all the TCP connections in a country sounds wild.


Snort is now owned by Cisco (the company is formerly known as Sourcefire). It makes money via hardware integrated with snort. I think a single 3U box pushes 60Gbps. Though that number is highly dependent on the tuning for stream5 and other preprocessors. You don't need to reconstruct the entire stream, just enough to know what the connection is doing. Normally it's only a few packets per stream.

Stream fragmentation has its own entire configuration in snort as it is a known attack method to bypass detection.

Last I remember that top end box was 2x 12 or 16 core Xeon CPUs with 256GB ram.


For those interested in what the leaked emails contained, here's a related article: http://www.dailydot.com/layer8/redhack-turkey-albayrak-censo...


I feel this warrants an own thread or at least a discussion. "Troll armies" have been quite successful in quieting dissent the last years in Russia, Turkey and other authoritarian countries. There are theories Russia is partly responsible for the whole Trump spam on Twitter and Reddit. It's time this is taken as a serious threat instead of shrugging off "it's just the internet, 99 % of the comments is always garbage". It's part of a successful information war now when the majority of the public gets their news from social media, which take popularity as a metric for what news is important. It's propaganda behind a proxy.

Edit: also shame on Twitter for complying with Turkey. The time they were proud of being part of social change like the Green Revolution in Iran seems over.


And a bit more background on RedHack and its ongoing efforts against the government: http://www.al-monitor.com/pulse/originals/2016/09/turkey-red...


Excellent stuff. If someone can repost the email leak to every possible service they can think of - then the Turkish government will be forced to make a difficult choice between 'security concerns' and being part of the modern internet economy. I don't think they have the ability that China has to build enough services within their own boundaries to prevent the latter choice causing some pain.


Even China can only limit their citizens access to the extent that it doesn't totally hinder economic growth. They would never be able to completely insulate themselves from the "outer" internet without massive harm to themselves, the same goes for any country in this day and age.

The risk of harm will always outweigh the minimal discomfort through free and open discourse that the internet inherently brings with it.


Actually what happens in China is that homegrown tech companies will take over the market space left by Western ones, which the government is perfectly happy to let happen because

1. It keeps the tech industry domestic

2. The servers are physically inside China, guaranteeing them access to the data

This is why I've always thought that the Great Firewall's purpose is not only censorship, but also a form of Internet-age protectionism.


Yes, but they wouldn't be able to do that abruptly. That's why they are now forcing all American companies to create "joint ventures" with the local Chinese companies, which can steal the American technology, and then say 10 years later, the American part can be removed.

And American companies seem to go along with it, thinking they have no choice. They do, but they're too scared to lose the Chinese market to risk anything at all, and second, they're too shortsighted to create strong alliances with their competitors to speak out against Chinese policies.

Think about how Microsoft was ecstatic that Google was getting banned from China, believing this would be an "opportunity" for the company to gain market share - it wasn't. Baidu filled out all the vacuum left by Google. And now Microsoft has to accept whatever bullshit policies China throws at it, too.

Instead of allying with Google and others, it thought it can pull one over Google. That's the kind of shortsighted thinking I'm talking about. If American companies want to thrive in China, they need to create strong alliances and cooperate more against bad Chinese government policies, and not sell each other out for some promised short-term gains, that they'll lose in the end to local companies anyway.


The IT industry is not special. It's not different from other industries that have been nationalized or have to do what the government of the countries they work into wants. The only way out is to somewhat control those governments (good luck with China) or operate within mutual trade agreements signed at government level. Again, China put itself into an almost unassailable negotiation position having so many of the industries of the world.

What I see is a trend to rebuild on the Internet the same borders that are enforced in the physical world. Some countries will keep their internets open to each others, others are already closing them down partially. They're probably putting them at a disadvantage, especially the small ones, but the governments usually only cares about keeping their seats.


It's definitely those, and likely also a matter of national security: 3. The CIA doesn't get to know about the private lives of every state and military official and their families.


I'm in Russia, and I really scared. This is the way we go here, too.


I would be scared too if our government blocked pornhub.


What sites are blocked?


Lot of them. You can see a list here: https://reestr.rublacklist.net/


[flagged]


Do you see that red `1019855` in the top of that site? That's the number of "collaterals", sites which are not intently banned, but just happened to share some infrastructure with blocked ones, and suffering as well.

As a most clear example, there is 93.184.220.29, DigiCert's IP to serve revocation lists. It is banned since September 29, don't ask why. This basically means that GitHub, Facebook, PayPal, SUSE and ICANN websites all are either not opening or take 20-30 secs to load, depending on the browser. Degeneracy-free indeed!


> DigiCert's IP to serve revocation lists

Forgive my ignorance, but does this mean that Russian internet user's browsers would not be aware of revocations? Or is there another way on this one?

Edit: obviously only mean revocations of DigiCert certs


Censorship is always abused. Once the infrastructure is in place, it's used for all kinds of things. They always start with the usual "think of the children" or "it's against terrorism" spiel, but sooner or later it's used to sweep anything inconvenient under the rug.


[dead]


DMCAs aren't the same thing, but those are also abused to silence negative opinions.

If you give people a powerful tool, they tend to get funny ideas.


[dead]


How do you know?


I heard there's a country where Entartung ("degeneracy") is illegal and in some cases punishable by death... oh wait, that's Nazi Germany, never mind.

Seriously, if you look at the countries that try to ban "degenerate" activity (which itself is a matter of opinion), the list isn't all that pretty. Singapore is probably the only one that's livable, but only if you relish the idea of living in a full-on police state.


Obviously you could try Russia, it perfectly fits this attitude.


People going to casinos are degenerates?


Recently you only could see blocked sites when surfing for porn or on aibs, because some activists hunted for CP (also drug stores and suicide manuals, though I never really seen these). Now I see blocks regularily on definitely-non-porn sites. Turn on Opera Turbo and it opens.

Tendency here is to quick-block-and-wait, and it is site owner who must prove, not they. "It seems like" is enough.

Btw, judge who blocked p*hub.com "didn't know it is popular".


And this is why the web should be decentralized. To be clear, not so we can access centralized services (Dropbox, Google Drive, and MS OneDrive), but so an entire country can't have it's access to the Internet so easily censored / blocked. This has happened like, a thousand times already, but I guess, like Ebola until it hits the U.S.A. hard enough we're gonna just keep on reading about it in the news with some fascination but otherwise not caring to act.


Could you elaborate on what that decentralized architecture might look like? P2P? IPFS?


I've given this tons of thought, and to be honest, haven't hit on a solution that I think would be a fix-it-all solution. Some thoughts though.

a) "Private" neighborhood mesh networks should be more heavily utilized. They would be "private" from the rest of the Internet, but "public" in as much as they are community based / owned.

b) We should admit that cryptography is here to stay, and work with that assumption. End-to-end encryption doesn't automatically provide 100% anonymity. The traffic movement can still be traced. This is much like a car that is being followed by law enforcement from one private residence to another. Law enforcement doesn't yet know what is going on in either residence or in the car, but can still do there job, and eventually law enforcement can target a weak-point in the activities that does not rely on encryption, such as talking to neighbors, turning suspects into cooperating witnesses, or investigating legal activities such as bank statements. My point is, encryption is here to stay, and if good citizens can't use it, whatever, "criminals" (and political dissidents and victims of domestic violence, etc.) will use it. Additionally, in my mind, encryption should fall under the protection provided by the second amendment. It's important to remember that the second amendment was meant to allow citizens to arm themselves to protect themselves against the government in times of war. It was not meant to allow for folksy looking guns to go hunting for Bambi.

It might sound like I'm going on a crazy tangent, but consider what a decentralized web requires. It requires it's constituent parts to be equally robust. If they are not equally robust then there will quickly be a "winner takes all" shuffling of the lines of communication. If your local network is not robust, you're not going to use it for banking, health care, government communication, etc.

So, a decentralized web will be a "confederacy" of networks, each of which can choose to be equally robust in terms of network speed, capacity, and security. It isn't necessary that each is equal, but each must be allowed to be so if so desired.

c) Between local or regional networks a federal network would provide much the same purpose as the federal highway system currently does for car traffic. I say this to mean the same purpose both as relates to 1) physical movement, 2) freedom to execute such physical movement, and 3) legally enforcing certain rights and restrictions as relates to such traffic. 1) The federated networks work provide physical infrastructure for the traffic and provide financial and administrative mechanisms to make such traffic a reality. 2) The federated network would politically / legally enforce the equal rights of individuals belonging to regional / confederate members to participate in taking advantage of the federal network. 3) The federated network would enforce laws and regulations on the "restrictions" sides of things as well, such as "no illicit" packages.

One difference between the real world highway system and what I'm describing here that is of interest is the potential for overlapping boundaries of the smaller (confederate) members. So, provided there is "region a", "region b", "region c", and the "federated network", "region b" might overlap some with "region a" and some with "region c", such that an individual in "region a" could send a package to "region c" either via the "federated network" or via "region b", provided the individual is fine with the terms set by "region b".

d) Provided you're working within the framework described above, I guess there will be P2P, IPFS, and other protocols. So, I suggesting that a major component that is missing is the communities, the goverment components. You can come up with all the protocols you want, but until they are required by the governments we legitimize, then they are not going to change society. So, in summary, it's not a technical solution we need, it's a political.


It seems like the turkish government is trying to create jobs here. Building a "nationalised turkish twitter alternative"? The way things are right now, they need a nationalized turkish github service first.


National Turkish government alternative may be a solution.


Actually, it's not acceptable from a national security standpoint to massively let a country's citizen flock on US services, at least as long as the NSA/CIA exists. The internet does need much more competition on all continents, including for webmail services. For example I don't see why my government (in Europe) should accept tax reports with a US email (because everybody has @gmail.com or @hotmail.com) – Why not at this point go all the way and delegate our tax collection to the American IRS...

On the other hand it has to go towards privacy, choice and democracy. Obviously cutting your citizen from the international websites is the one wrong way to stem local competition...


Or a decentralized github service ;-)


Maybe a distributed version control system to power it? ;)


You mean something like this?

https://github.com/clehner/git-ssb


I think the joke was that git is distributed already


Yes but I feel the joke is on me as some kind of hosting makes discovery at lot easier.


I think decentralizing government is easier and better.


This is what I first think of when a government makes up excuses to block a foreign service, they are just trying to promote their own local services like Baidu/Sina Weibo in China.


It's a torrent file you damn ignorant politicians. Tell your favorite IT guys to block this : magnet:?xt=urn:btih:489b0cef1d7d49fe5ae2ae8cc2f0708b8286cbb3&dn=All+mail+Including+Spam+and+Trash.rar


176/354. Hmm, it is pretty popular, will seed until 10.0.


Yeah it's more popular than I thought it would be. Currently seeding it with my 1Gbit which is maxed out at ~112MB/sec, and looking at the peers there are people from all over the world that are grabbing it. Either there are lots of VPN users in the swarm or people are very interested in reading what the dump contains.

Hopefully we'll see some more revalations in the upcoming days, I am worried about the path Turkey is going but in the end it is the Turkish citizens that decide.


I'm one that doesn't care what it contains, but want to help keep it available for those who do care. I typically just seed linux isos and other free software, but when there are leaks or other things that people care about I'll chip in too.

I don't have 1 Gbps, so thanks for providing that bandwidth to the swarm, even if it's only for a short amount of time.


Added another seed. 11G, that's quite the archive. The more exposure this gets the better.


First time I'm really scared to allow a torrent.

btw, some people talk about a 17GB fileset, is it the same leak uncompressed ?


When blocking do they display a state issued message like "This website has been blocked for X and Y reasons" (like in KSA)

Or do they just 404 it, like they used to do in Tunisia back in the days of censorship?


The article says it's showing SSL errors, so they could be trying to show a message, but without a valid cert no browser would connect.


No message, just not responding.


Does using a VPN put people under any kind of threat like in the UAE?


Till today, I've never heard anyone sued over a situation like using vpn but I'm sure we'll see that in not so distant future. For almost a year, I've been forced to use vpn at least couple of times a month for a similar problem.


Glad to hear that you live in a country where people generally have to be sued in order to be punished.


To be honest, for a couple of years, "justice" is not a thing in Turkey sadly.

If you become a target against government for any reason at all, you'll get sued for an absurd claim, taken into prison till the law case to be handled which will not be lasted for years.

There are dozens of examples of the scenario above including mostly journalists, activists, military personnel etc.

To describe how serious this is let me give an example: I'm arguing my dad for him to not share his political messages via facebook from his account. It is that paranoid you've become that you fear for a simple fb message, you can lose your parents.


Whats the situation in the UAE? I am not familiar with this.

I know in China VPNs are a game of whackamole but I haven't heard of any personal liability for using one.


There needs to be some kind of new censorship metric for governments, the weaker the government, the more they try to censor and hinder use of the internet by their citizenry.


The stronger the government, the more they succeed?


Someone warned about this like yesterday... https://news.ycombinator.com/item?id=12668079


Thats was not really valid. Every site is technical. There is far more business documents in dropbox than in github. Plus the purpose of the leakers is to create disruption, and apparently it works.


For people working in a turkey as programmers I'm pretty sure not having access to GitHub and Dropbox is not great. Surely for political statements you can use any stupid host.


It all depends on our goals. If the intent is to get people to act, disrupting their life might just be the right thing to do. In this case I blame the Turkish government 100%, the publishers of the material 0%. The guy in question is actually shutting down opposition media in Turkey.

If we expect the dissidents to not use the best-connected channels available to them for fear of inconveniencing others, we are complicit in silencing them.


> disrupting their life might just be the right thing to do.

Never the right thing to do.

> we are complicit in silencing them.

This is akin to calming a baby crying really hard for attention.

I understand that you want to partake in a protest from really far away, but you must have better ways of doing so than hurting them.


Civil disobedience has a long history of sometimes working.

> I understand that you want to partake in a protest from really far away, but you must have better ways of doing so than hurting them.

I'm observing, not partaking. The Turkish state is doing the hurting, don't shift the blame.


I am sad to say it but Github is also blocked.


I am curious and maybe someone form Turkey could say, does the government inform people of these service disruptions?

I mean in addition to the economic impact from loss of productivity there is the loss of time by everyone trying to troubleshoot what they may think is "their technical problem" which is in fact an issue intentionally created at the state level.


Being an IT worker in Turkey is horribly hard.


Wow, this makes doing your work suddenly a lot harder... I wonder how much this whole fiasco affects the software industry.


Any context on the why of those blocks? I've heard some of the news of the situation in Turkey lately, but the article does not talks about why would they block those services now...


I wonder when will the government sites be blocked? sigh




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: