Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trustpositif.kominfo.go.id – Indonesia blocklist query tool #401

Open
wkrp opened this issue Oct 3, 2024 · 4 comments
Open

trustpositif.kominfo.go.id – Indonesia blocklist query tool #401

wkrp opened this issue Oct 3, 2024 · 4 comments
Labels
Indonesia

Comments

@wkrp
Copy link
Member

wkrp commented Oct 3, 2024
edited
Loading

The site https://trustpositif.kominfo.go.id/ appears to allow you to check whether a domain is on the Indonesian TrustPositif blocklist. However, access to the site is apparently restricted to Indonesian IP addresses, since 2023.

A Wayback Machine archive of 2023-10-07 has the text:

Isilah Domain/URL/Keyword yang ingin Anda cari pada kolom isian di bawah, cukup 1 bagian kata saja, misalkan: ‘Domain’. Kemudian klik ‘CARI DATA’ untuk melakukan pencarian. Anda tidak perlu menyertakan ‘http://’ pada awal kata pencarian ataupun trailing slash ‘/’ pada akhir kata pencarian.

[Cari data pemblokiran trustpositif]

Fill in the Domain/URL/Keyword that you want to search in the field below, just 1 part of the word, for example: ‘Domain’. Then click ‘SEARCH DATA’ to search. You do not need to include ‘http://’ at the beginning of the search word or trailing slash ‘/’ at the end of the search word.

[Search trustpositif blocking data]

I found about this query tool from an issue at the Tor bug tracker about the blocking of Tor relay IP addresses in Indonesia.

Volunteers on OONI slack reported that some Tor relays in Indonesia were blocked by Kominfo in September 2024.

How to check

"To test, you have to use Indonesian IP because Kominfo restricted it to non Indonesian IP in 2023.
There are currently 2 Tor relays that got blocked by Indonesian government as of September 22 2024."

https://trustpositif.kominfo.go.id
@wkrp wkrp added the Indonesia label Oct 3, 2024
@wkrp
Copy link
Member Author

wkrp commented Oct 4, 2024

At the same 2023-10-07 Wayback Machine archive, I followed the "Download Blacklist TrustPositif" link (https://trustpositif.kominfo.go.id/assets/db/domains) and found an archive of that file too. Here's a compressed copy:

trustpositif.kominfo.go.id-domains-20230921193408.gz

It's a text file with 2,031,242 lines. (Compare to #316 (comment): "This slide claims 2,501,070 domains and subdomains were blocked as of 2023-12-01.")

Each line of the file has a domain name. Judging by the looks of things, most of them are porn sites. The leftmost components of each domain string is censored with 4, 7, or 10 * characters:

p**********nisindonesia.wordpress.com
r****ondibrahim.com
b****idansaksi.com
m**********firun.forumotion.net
m****anmuslim.com
i**********neinstitute.org
i****vestama.com
i****ackmarket.com
j**********ckmarket.com

Taking this censoring into consideration, there are 1,667,555 distinct lines in the file. Some of the duplicates would likely become distinct if the characters under the **** were to be revealed, for example:

a**********00.blogspot.com
a**********00.blogspot.com
a**********00.blogspot.com

The Wayback Machine has other versions of the "domains" file:
https://web.archive.org/web/20230921000000*/https://trustpositif.kominfo.go.id/assets/db/domains

It would make a good FOCI short paper, for example, to analyze the historical version of this file, and set up periodic monitoring to track changes in it. It's also worth checking if there's anything else of interest under https://trustpositif.kominfo.go.id/assets/.

@wkrp wkrp mentioned this issue Oct 4, 2024
Open
@F640
Copy link

F640 commented Oct 5, 2024
edited
Loading

At the same 2023-10-07 Wayback Machine archive, I followed the "Download Blacklist TrustPositif" link (https://trustpositif.kominfo.go.id/assets/db/domains) and found an archive of that file too. Here's a compressed copy:

trustpositif.kominfo.go.id-domains-20230921193408.gz

It's a text file with 2,031,242 lines. (Compare to #316 (comment): "This slide claims 2,501,070 domains and subdomains were blocked as of 2023-12-01.")

Each line of the file has a domain name. Judging by the looks of things, most of them are porn sites. The leftmost components of each domain string is censored with 4, 7, or 10 * characters:

p**********nisindonesia.wordpress.com
r****ondibrahim.com
b****idansaksi.com
m**********firun.forumotion.net
m****anmuslim.com
i**********neinstitute.org
i****vestama.com
i****ackmarket.com
j**********ckmarket.com

Taking this censoring into consideration, there are 1,667,555 distinct lines in the file. Some of the duplicates would likely become distinct if the characters under the **** were to be revealed, for example:

a**********00.blogspot.com
a**********00.blogspot.com
a**********00.blogspot.com

The Wayback Machine has other versions of the "domains" file: https://web.archive.org/web/20230921000000*/https://trustpositif.kominfo.go.id/assets/db/domains

It would make a good FOCI short paper, for example, to analyze the historical version of this file, and set up periodic monitoring to track changes in it. It's also worth checking if there's anything else of interest under https://trustpositif.kominfo.go.id/assets/.

There is uncensored version of it. This link is most likely intended for ISPs, but i am surprised they make it public. I found it at bottom of the page in "File Zone DNS" button.

https://trustpositif.kominfo.go.id/assets/dns_zone/trustpositifkominfo

Sample:

$TTL 900

@	SOA	localhost.	aduankonten.mail.kominfo.go.id.	(
	
	24011113	;Serial
	120			;Refresh
	60			;Retry
	2592000		;Expiry
	900)		;TTL

@	IN	NS	localhost.
partaikomunisindonesia.wordpress.com 3600 IN CNAME lamanlabuh.aduankonten.id.
raymondibrahim.com 3600 IN CNAME lamanlabuh.aduankonten.id.
buktidansaksi.com 3600 IN CNAME lamanlabuh.aduankonten.id.
murtadinkafirun.forumotion.net 3600 IN CNAME lamanlabuh.aduankonten.id.
mantanmuslim.com 3600 IN CNAME lamanlabuh.aduankonten.id.

Edit 1:
This one also looks interesting to me. Recently found it at Google.
https://trustpositif.kominfo.go.id/assets/db/ipaddress_isp
Contains list of blocked IP addresses, likely for ISPs as usual.

Their blocked website lookup also seems to not enforce 5 entries limit and captcha as i can simply lookup more than 5 domains /IP addresses directly through this link.

To do this you need to enter any domain(s)/IP address(es) in domains key's value and separate each of them with %0A.

@wkrp
Copy link
Member Author

wkrp commented Oct 6, 2024

Wow! Great find! Someone needs to start systematically archiving these files:

There are 2 Wayback Machine captures of /assets/dns_zone/trustpositifkominfo. The 20230927150157 capture looks like it got truncated: it's only 1 MB and 17,585 lines. But the 20230922040315 capture looks complete: it's 228 MB and 3,869,861 lines. Here's a compressed copy:

trustpositif.kominfo.go.id-trustpositifkominfo-20230922040315.gz

There are 11 lines of header, and every domain name appears to have a wildcard version:

partaikomunisindonesia.wordpress.com 3600 IN CNAME trustpositif.kominfo.go.id.
raymondibrahim.com 3600 IN CNAME trustpositif.kominfo.go.id.
buktidansaksi.com 3600 IN CNAME trustpositif.kominfo.go.id.
...
*.partaikomunisindonesia.wordpress.com 3600 IN CNAME trustpositif.kominfo.go.id.
*.raymondibrahim.com 3600 IN CNAME trustpositif.kominfo.go.id.
*.buktidansaksi.com 3600 IN CNAME trustpositif.kominfo.go.id.

So that makes 1,934,925 records in /assets/dns_zone/trustpositifkominfo.

I didn't do a comprehensive comparison, but the domains in /assets/dns_zone/trustpositifkominfo appear to correspond to the censored ones in /assets/db/domains:

/assets/db/domains /assets/dns_zone/trustpositifkominfo 
p**********nisindonesia.wordpress.com
r****ondibrahim.com
b****idansaksi.com
m**********firun.forumotion.net
m****anmuslim.com
i**********neinstitute.org
i****vestama.com
i****ackmarket.com
j**********ckmarket.com
 
partaikomunisindonesia.wordpress.com 3600 IN CNAME trustpositif.kominfo.go.id.
raymondibrahim.com 3600 IN CNAME trustpositif.kominfo.go.id.
buktidansaksi.com 3600 IN CNAME trustpositif.kominfo.go.id.
murtadinkafirun.forumotion.net 3600 IN CNAME trustpositif.kominfo.go.id.
mantanmuslim.com 3600 IN CNAME trustpositif.kominfo.go.id.
id.gatestoneinstitute.org 3600 IN CNAME trustpositif.kominfo.go.id.
indovestama.com 3600 IN CNAME trustpositif.kominfo.go.id.
idblackmarket.com 3600 IN CNAME trustpositif.kominfo.go.id.
jakartablackmarket.com 3600 IN CNAME trustpositif.kominfo.go.id.

There are no captures of /assets/db/ipaddress_isp on the Wayback Machine.

@merdekaid
Copy link

merdekaid commented Oct 6, 2024
edited by wkrp
Loading

There are no captures of /assets/db/ipaddress_isp on the Wayback Machine.

Because the ipaddress_isp were made when Kominfo restrict non Indonesian IP address to access trustpositif.kominfo.go.id. Unless Wayback Machine has a probe within Indonesian network, it cannot archive it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Indonesia
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wkrp @F640 @merdekaid