On September 13, the court in Baku ruled in favor of blocking access to the YouTube channel of an online news site “Hürriyyət” [Hurriyyet]. The decision was based on the request from the General Prosecutor’s Office.
The court in its ruling said the news site violated the law on Information, informatization, and protection of information, by publishing prohibited information. Specifically, the court referred to a guest on the show, Elnur Mammadov, who is a reserve colonel and who allegedly shared untrue information about the leaders of the Azerbaijan Army and the Ministry of Defense, thus damaging their reputation.
Earlier, on July 24, the General Prosecutor’s Office requested the arrest of the editor-in-chief of the news site Vugar Mammadov and Elnur Mammadov. Both were sentenced to 30 days in administrative detention for spreading prohibited information online.
Mammadov in his interview discussed cases of corruption and nepotism within the Ministry of Defense as well as raised allegations against the Minister of Defense Zakir Hasanov.
On July 1, Azerbaijan Internet Watch launched a new report titled “Media censorship in Azerbaijan through the lens of network measurement”. The report was prepared in partnership with the Open Observatory of Network Interference (OONI) summarising key findings from network measurements conducted between January 2020 to May 2021. The full report can be accessed here.
Blocking of independent news media and circumvention tool websites. Throughout the testing period, several independent news media and circumvention tool sites presented HTTP failures caused by connection timeouts. This suggests the potential use of Deep Packet Inspection (DPI) by ISPs in Azerbaijan.
Temporary blocking of social media amid 2020 Nagorno-Karabakh war. Between September 2020 to November 2020, several social media websites presented the same HTTP failures (as news media and circumvention tool sites), while the testing of WhatsApp and Telegram presented signs of TLS level interference.
Variance of censorship across networks. ISPs in Azerbaijan appear to be adopting similar censorship techniques. However, censorship varies from network to network, as different ISPs block different websites and apps at different moments in time.
Blocked news media websites
Several independent news media websites presented signs of blocking in Azerbaijan throughout the analysis period.
Blocking of social media amid 2020 Nagorno-Karabakh war
Amid the 2020 Nagorno-Karabakh war, OONI data shows that access to several social media websites and apps was blocked in Azerbaijan. The following chart, limited to social media websites that presented signs of blocking between February 2020 to May 2021, aggregates OONI measurement findings collected from 4 AS networks in Azerbaijan.
As is evident from the above chart, most of these social media websites primarily presented signs of blocking during the 2020 Nagorno-Karabakh war (between 27th September 2020 to 10th November 2020), but were found accessible when tested (on several networks in Azerbaijan) in the months before and after the war. Notably, most anomalous measurements presented HTTP failures (because the HTTP requests timed out), similarly to the blocking of news media websites (discussed previously). This provides a stronger indication that these social media websites were blocked, particularly since ISPs often use the same censorship technique(s) to block a variety of different websites.
Blocked circumvention tool sites
Numerous circumvention tool websites presented signs of potential blocking when tested (on up to 3 AS networks) in Azerbaijan between February 2020 to May 2021, as illustrated through the following chart.
Similar to the blocking of news media and social media websites, we observe that the testing of circumvention tool websites oftenresulted in HTTP failures caused by connection timeouts. This consistency in terms of failures, observed on several AS networks over the period of a year, strongly suggests blocking of these circumvention tool websites. As testing coverage increased from January 2021 onwards, we observed an increased volume of anomalous measurements, most presenting the same HTTP failures.
Press freedom appears to be quite limited in Azerbaijan, as suggested by the blocking of several independent news media websites in the country. These media websites presented signs of blocking throughout their testing (on several local AS networks) between January 2020 to May 2021 (corroborating past reports on the blocking of media websites in Azerbaijan), with recent OONI measurements suggesting that their blocking remains ongoing.
Potentially in an attempt to prevent the circumvention of media censorship, ISPs in Azerbaijan appear to have blocked access to a number of circumvention tool websites over the last year as well. It remains unclear, however, if the apps of these circumvention tool sites were also blocked (as they were not tested as part of this study); and even if they were, it’s possible that local internet users may have been able to use them nonetheless, given that circumvention tools often include in-built circumvention techniques for evading censors.
Several social media websites (such as `www.facebook.com` and `www.youtube.com`) and apps (primarily WhatsApp and Telegram) presented signs of blocking between September 2020 to November 2020, which coincides with the 2020 Nagorno-Karabakh war. It is, therefore, possible that ISPs may have increased efforts to block circumvention tools (during this period) in an attempt to prevent the circumvention of social media censorship.
Interestingly, we observe similar censorship techniques adopted by different ISPs in Azerbaijan, but variance in terms of which internet services are blocked by ISPs over time. In other words, we see ISPs blocking websites and apps in similar ways (seemingly using the same censorship techniques), but different ISPs block access to different websites and apps (and sometimes this varies at different moments in time).
Throughout the testing period, independent news media and circumvention tool websites presented HTTP failures caused by connection timeouts, suggesting the potential use of Deep Packet Inspection (DPI) by ISPs in Azerbaijan. Similarly, when social media websites were temporarily blocked amid the 2020 Nagorno-Karabakh war, their testing also presented HTTP failures caused by connection timeouts. This suggests that most ISPs in Azerbaijan block websites using similar (if not the same) censorship techniques.
Both WhatsApp and Telegram presented signs of TLS level interference on several different AS networks in Azerbaijan amid the 2020 Nagorno-Karabakh war. In the case of WhatsApp, the HTTP requests to `web.whatsapp.com` succeeded, while the HTTPS requests failed (during the TLS handshake), which could be an indication of SNI-based filtering. In the case of Telegram, we see that both HTTP and HTTPS requests to `web.telegram.org` timed out.
As media censorship (and the blocking of circumvention tool websites) appears to be ongoing in Azerbaijan, there is a need for further testing to evaluate these censorship events in more depth over time. The temporary blocking of social media amid the 2020 Nagorno-Karabakh war also suggests that new censorship events can emerge in Azerbaijan, as political events evolve.
In its most recent measurement report, the Open Observatory of Network Interference [OONI] concludes that “while social media censorship in Azerbaijan appears to have been lifted, the media censorship remains.” These and other findings are based on the recent measurement report produced in partnership with OONI.
Here are some highlights.
The news websites that presented signs of blocking in Azerbaijan (between December 2020 to February 2021) include:
🛑 azerbaycansaati.tv – at the time of blocking azerbaycansaati.tv in 2017, the Government of Azerbaijan claimed “a number of articles published” by the news website “included calls aimed at ‘forcible change of the constitutional order,’ ‘organization of mass riots,’ and other illegal activities.”
🛑 www.24saat.org – a more detailed report about how 24saat.org was blocked can be found in this report, published by Qurium in 2017.
🛑 www.abzas.net – DDoS attacks against abzas.net commenced on January 12, 2017, and lasted for eight days. During five full consecutive days, the website remained inaccessible until it was finally migrated to VirtualRoad.org’s secure hosting infrastructure.
🛑 www.azadliq.info – as a hosting provider for azadliq.info Qurium published this report about initial signs of blocking against this online news platform. The website was attacked numerous times according to documentation and forensic reports by Qurium. The technology deployed in these DDoS attacks was Allot and Sandvine DPI gear.
🛑 www.azadliq.org – the news website which represents the Azerbaijan Service for Radio Free Europe, was blocked on March 27, 2017.
🛑 www.gununsesi.org – signs of DPI technology used in blocking gununsesi.org were once again documented by Qurium.
🛑 www.kanal13.tv – was among blocked websites in 2017 while its editor prosecuted [charges were dropped three years later.]
🛑 www.meydan.tv – was also among the websites that were blocked in 2017 together with azerbaycansaati, azadliq.info and others.
🛑 www.occrp.org – in response to the leaks about Azerbaijan Laundromat published by the Organized Crime and Corruption Research Project [OCCRP], the government of Azerbaijan suspended access to OCCRP’s website.
There is no official data on the number of blocked websites in Azerbaijan. The Ministry of Communication, High Technologies and Transportation has so far failed to provide accurate lists. This in itself is a violation of Article 13.3.6 of the Law on Information, Informatisation and Access to Information, which requests the Ministry to prepare a list of blocked websites if it has blocked access to a resource and the court upheld this decision.
In July 2018, the Prosecutor General’s Office launched criminal investigations against four news websites: criminal.az, bastainfo.com, topxeber.az and fia.az. The former two were accused of “knowingly spreading false information,” while the latter two were accused of “spreading unfounded, sensational claims in order to confuse the public.” Criminal.az is an independent website, known for its coverage of crime-related news, while bastainfo.com is affiliated with the opposition party Musavat. The latter two are run-of-the-mill online news websites.
In addition to the usual suspects, video streaming service Vimeo appeared to be briefly blocked during the testing coverage:
Several circumvention tool websites appear to have been interfered with in Azerbaijan during the testing period, as illustrated below:
The good news are that access to social media sites and apps was restored during the testing period. The following chart shows that while WhatsApp and Telegram were blocked in November 2020, both apps (along with Facebook Messenger) have been accessible in recent months:
Azerbaijan ranked among the top countries where VPN services were in high demand last year between September and November during the 44-day war between Armenia and Azerbaijan. According to Proprivacy and NordVPN research “global events in 2020 have caused surges in VPN demand, as citizens from Belarus to Hong Kong set out to secure their online privacy and protect themselves from censorship and persecution for their online activities.” Azerbaijan was among the top ten countries where interest in VPN providers spiked in 2020.
“In late September, as the violent clashes between Azerbaijan and Armenia continued to escalate over the Nagorno-Karabakh region, the Ministry of Transport, Communications and High Technologies of Azerbaijan took action to restrict internet access across the country. Extensive social media restrictions were put in place that took down major communications services, including: Facebook, WhatsApp, YouTube, Instagram, Twitter, Zoom, Skype, Messenger,” said the joing report.
In a different report Azerbaijan was once again among the top countries where the biggest increase of VPN usage was recorded. “On September 29, NordVPN saw online privacy tool usage increased by 148 times due to internet access restrictions,” said the report.
Not surprisingly, NordVPN, a Lithuanian by origin, was among the top targeted providers by pro-government media outlets, which said the service was owned by Armenians and therefore users in Azerbaijan should avoid using this provider.
Finally, Surfshark, analyzed 185 countries and their social media blocking practices from 2015 to the present day. There Azerbaijan is ranked among the most recent cases of social media blocking [Surfshark too was discredited by Azerbaijan media outlet as being allegedly owned by Armenians, even though the company is registered in BVI. You can check out it’s ranking here.]
On September 27, the government in Azerbaijan introduced a series of restrictions on Internet access as a result of military operations in Nagorno Karabakh. Users in Azerbaijan were left with limited Internet access while access to a number of social media platforms, as well as communication apps, were restricted.
According to collected OONI data, Azerbaijan experienced the blocking of independent media websites as well as signs of potential circumvention tool site blocking. However, further OONI Prote testing is required to confirm these censorship events. Azerbaijan Internet Watch continues to monitor the situation.
Starting on September 27, a number of social media services indicated signs of blocking in Azerbaijan. Among these were:
Whatsapp: between 27th September 2020 to 11th November 2020 , all OONI Probe WhatsApp tests showed signs of WhatsApp blocking. This is illustrated through OONI Probe WhatsApp measurements collected from multiple local networks in Azerbaijan. Previously according to the same measurements, no such instances were documented. The measurements indicated that attempted connections to WhatsApp’s registration service and web interface (web.whatsapp.com) failed. In some cases HTTP request to web.whatsapp.com succeeded while HTTPS request failed as illustrated below.
This could be an indication of SNI based filtering of WhatsApp. We also observe that the tls_handshakes field presented failures, further suggesting that access to WhatsApp was blocked in Azerbaijan by means of SNI based filtering.
This pattern was seen across multiple ISPs in Azerbaijan between 27th September 2020 to 11th November 2020.
Telegram: Similarly to the testing of WhatsApp, OONI measurements presented signs of Telegram blocking in Azerbaijan between 27th September 2020 to 11th November 2020. But unlike WhatsApp, a few Telegram tests during this period were successful. This is illustrated through OONI Probe Telegram measurements collected from multiple local networks in Azerbaijan between 1st September 2020 to 27th November 2020. The following table illustrates OONI measurements collected from the testing of Telegram and WhatsApp on 5 different networks in Azerbaijan between September 2020 to November 2020.
We not only observed similarities between the date range of potential blocking (of WhatsApp and Telegram), but we also saw potentially similar censorship techniques, as the HTTP requests to Telegram Web (web.telegram.org) timed out as well. Similarly to WhatsApp, we observed a timeout in the TLS handshake, suggesting TLS level interference of Telegram as well. As a result, it is possible that internet users in Azerbaijan couldn’t use the Telegram and WhatsApp mobile apps (on the tested networks) during this time period (between 27th September 2020 to 11th November 2020), even though connections to the tested app endpoints succeeded.
Social media sites: apart from WhatsApp and Telegram, several social media websites presented signs of blocking as well, starting from early October 2020. These include:
It is however, important to note these sites’ limited testing coverage limits Azerbaijan Internet Watch and OONI’s confidence with respect to their blocking, and they have not been tested more recently especially after the conflict ended.
AIW and OONI continue monitoring the situation with blocking.
In August, when people in Belarus took the streets across the country in protest of election results where incumbent President Lukashenka secured yet another victory in a contested presidential election, authorities deliberately cut the internet. Quickly, experts concluded DPI technology may be in use. By the end of August, it was reported that this DPI technology was produced by the Canadian company Sandvine and supplied to Belarus as part of a $2.5million contract with the Russian technology supplies Jet Infosystems.
DPI (Deep Packet Inspection) is known as digital eavesdropping that allows information extraction. More broadly as explained here, DPI “is a method of monitoring and filtering internet traffic through inspecting the contents of each packet that is transmitted through an inspection point, allowing for filtering out malware and unwanted traffic, but also real-time monitoring of communications, as well as the implementation of targeted blockings and shutdowns.”
Canadian company Sandvine is owned by American private equity firm Francisco Partners.
Sandvine technology has been detected in many countries across the world, including in Ethiopia, Iran, as well as Turkey, and Syria as previously reported. One other country where Sandvine technology was reportedly deployed is Azerbaijan.
In Azerbaijan, the DPI deployments have been used since March 2017. This was reported in January 2019, when VirtualRoad, the secure hosting project of the Qurium – Media Foundation published a report documenting fresh attacks against Azerbaijan’s oldest opposition newspaper Azadliq’s website (azadliq.info). The report concluded: “After ten months trying to keep azadliq.info online inside Azerbaijan using our Bifrost service and bypassing multi-million dollar DPI deployments, this is one more sign of to what extent a government is committed to information control”.
Another report released in April 2018 showed evidence of the government of Azerbaijan using Deep Packet Inspection (DPI) since March 2017. The report also found out that this specialized security equipment was purchased at a price tag of 3 million USD from an Israeli security company Allot Communications.
Now, according to this story reported by Bloomberg, Sandvine worked with Delta Telecom – Azerbaijan’s main internet provider and owned by the government to install a system to block live stream videos from YouTube, Facebook, and Instagram. “The social media blackout came last week after deadly clashes with Armenia. As a result, people in Azerbaijan couldn’t reach websites including Facebook, WhatsApp, YouTube, Instagram, TikTok, LinkedIn, Twitter, Zoom, and Skype, according to internet monitoring organization Netblocks,” wrote Bloomberg.
Azerbaijan Internet Watch has been monitoring the situation on the ground since September 27, the day when clashes began. Together with OONI, Azerbaijan Internet Watch reported that access to several social media applications and websites was blocked.
Access to the Internet remains throttled in Azerbaijan as of writing this post. Many of the social media applications remain accessible only through a VPN provider. As a result, authorities have resorted to other means in order to prevent users from using VPN services. From banks to ISPs encouraging users not to use VPN services, this account on Facebook made a list of VPNs alleging they were of Armenian origin in order to discourage users.
Four months ago, the Plenum of the Supreme Court in Azerbaijan annulled previous court decisions issued by the Courts of Appeal and Cassation regarding five news websites that were blocked in 2017. On June 5, the Plenum sent the cases back to the Baku Court of Appeal for reconsideration.
The five media platforms include Meydan TV, Azadliq Radio [Azerbaijan Service for Radio Free Europe], Turan TV, Azerbaijansaadi, and Azadliq newspaper [not related to Azadliq Radio]. In March 2017, the Ministry of Communication [which later became the Ministry of Transportation, Communication, and High Technologies] restricted access to these online resources on the grounds these websites’ content was threatening national security and promoted “violence, hatred, or extremism” and “violated privacy or constituted slander.” The forensics carried out by an independent organization Virtual Road showed evidence of Deep Packet Inspection (DPI) technology used to interfere with access even before there was a court ruling in place. By May 2017, the Ministry had a court ruling to block access. In December 2017, the Court of Appeal in Baku upheld the court ruling from May.
The blocking of these news resources came shortly after the National Parliament of Azerbaijan adopted changes to the law on Information, Informatisation, and access to Information. With the new changes, authorities were allowed to block access to any website on the grounds it contained prohibited information, was posing danger to the state or society, and in the case, the website owner failed to remove content within eight hours of receiving the notification.
In 2017, the Ministry asked for the following in its court appeal:
court order to prevent access to five platforms’ websites;
block all other resources offering access to the content (this included YouTube, Facebook, and other online resources);
In its decision, the Sabail Court ruled in favor of the first request, leaving the second demand out. The Ministry was satisfied and blocking became effective immediately.
Three years later, the Ministry of Communication, Transportation, and High Technologies went straight to the Plenum. According to media law expert Khaled Aghaly, the reason is that the Ministry wants to expand blocking. Considering the experience with the previous court decisions and rulings in Azerbaijan, the chances of the court ruling coming out in favor of the blocked websites are dim.
Although the Ministry has not explicitly mentioned any of the platforms or names of other resources that have shared content from these blocked news outlets, Aghaly explains that in the new complaint the Ministry claims that the blocked news resources continue to share their content online using other “resources” and that other media platforms also share the content from these blocked platforms. It is possible that the Ministry is looking for ways to not only prevent access to more online news sites but also, access to social media platforms of Azadliq Radio, Meydan TV, and others.
Can individual social media accounts and/or content be blocked?
Technically it can. There are previous instances where Facebook did limit access to certain content. This was the case in Thailand in 2017 when Thai users of the social media platform no longer had access to a video that showed the country’s king at a mall in Germany, his tattoos exposed and accompanied by one of his mistresses. According to this Vice story, Facebook blocked the video based on Thailand’s government legislation that deems it insulting to the king and in violation of the country’s laws banning criticism of the monarchy.
Another option to prevent access is on an ISP level. An example would be what happened in Kazakhstan in 2019 when the government there instructed local ISPs to force their users into installing a government-issued certificate on all their devices, and in every browser. With this certificate installed, the government had access to users’ HTTPS traffic that normally would keep it anonymous. In case, users refused to install the certificate, they were blocked from accessing the internet altogether. At the time, the Kazakh Ministry of Digital Development Innovation and Aerospace said the measure was “aimed at enhancing the protection of citizens, government bodies and private companies from hack attacks, internet fraudsters and other types of cyber threats.”
Similarly, “mobile service providers instructed their customers to install encryption software on mobile phones that would allow security services to intercept data traffic and circumvent email and messaging applications’ encryption.”
It is worth noting that ISPs in Azerbaijan are bound to the government for the main internet backbone provider in Azerbaijan is government-owned Delta Telekom. In addition, the history of collaboration between mobile operators and the Ministry of the Interior is full of examples when private information of customers was handed over and as a result, led to further targeting.
Impunity for all these user violations is rampant.
On December 24, 2019, the administrative-economic court in Baku rejected the claim by arqument.az against Transportation, Communication and High Technologies ministry. Arqument.az took the ministry to court following its decision to block arqument.az inside the country.
The website’s editor Shamshad Agayev intends to appeal the decision.
Arqument.az was blocked on August 8, 2018, following a decision issued by Sabail District Court. A few days later, Baku Court of Appeal annulled district court’s decision.
But arqument.az was blocked once again in April 2019 after publishing coverage of protests in Jalilabad district. The website was also subject to cyber attacks after being blocked.
On December 5, Shakir Zade, Azerbaijani activist living abroad, reported his YouTube channel was taken down by the platform following takedown requests made by Milli TV, Qanun TV and AnTV.
Following the incident, it was possible to identify that Milli TV and Qanun TV were working together, however, since the incident, it has been not possible to locate the admins of either of the YouTube channels or the Milli TV YouTube channel.
On December 10, it was still possible to see, two email addresses that were connected to each of the YouTube channels – email@example.com (Qanun TV) and firstname.lastname@example.org (Milli TV). However, since Zade’s channel was restored, this information appears to be missing, as well as any traces of Milli TV on YouTube. The following message appears when using the previous link associated with Milli TV.
Zade also said, he was reached out by the admin of AnTV who informed Zade, his personal account was hacked during the reporting and that it was not the original owner of the channel who reported Zade’s YouTube channel.
This is not the first time, YouTube accounts, Facebook accounts, or Instagram accounts have been taken down by the companies following “takedown requests” by contentious users in Azerbaijan.
Update: December 19, 2019
Shakir Zade’s YouTube account was once again reportedly taken down by the YouTube platform after a series of “copyright violation” reports sent in by AnTV and Qafqaz News accounts.
The alleged victim who claims the videos were a copyright violation is registered at email@example.com and firstname.lastname@example.org. administers AnTV and Qafqaz News.
Update: January 3, 2020
YouTube once again has closed down Shakir Zade’s YouTube channel, on what seems like yet another false copyright violation report.
This time, Milli TV appeared to have a new email: email@example.com. Ali Hasanov is a former aid to the president. He was known prior to his dismissal as the man behind media censorship in Azerbaijan. He was dismissed on November 30, 2019 as part of alleged reforms introduced by the president Ilham Aliyev.