Social media—primarily Facebook—was the dominant venue for direct, experienced threats: 9 of 15 respondents who had content blocked reported being censored on Facebook, and respondents observed that government censorship was shifting away from website blocking toward social media surveillance precisely because social media platforms are 'hard to block.' Respondents lacked any effective technical defenses against peer reporting, group-administrator censorship, and intermediary liability; they relied instead on social management strategies such as abbreviating references to royalty, running 'trial posts,' and self-censoring likes and shares.

Approximately 10% of respondents (n=23) held uncertain or incorrect beliefs about which actor was responsible for a given block, systematically conflating government censorship with geoblocking, paywalls, and platform-side restrictions. This misidentification cascaded into inappropriate tool selection and inaccurate risk assessment: users who could not distinguish state blocking from licensing restrictions could neither choose the right circumvention tool nor accurately gauge the legal jeopardy of accessing the content. Respondents specifically requested a pre-visit blocking-actor classification tool.

§5.2.3, §5.4.1, §6.2.1 evaluation

Nearly 70% (n=160) of respondents reported self-censoring online for fear of the law. Frequency of exposure to blocked content was a statistically significant, ordered predictor of self-censorship (Goodman-Kruskal's gamma = 0.421, 95% CI [0.247, 0.595], p < 0.05), with self-censorship increasing monotonically as exposure to blocked content increased. Notably, self-censorship rates did not differ significantly between respondents inside and outside Thailand, suggesting the chilling effect extends beyond the reach of domestic ISP-level blocking.

§5.5.1 evaluation

Of 229 Thai Internet users surveyed, 63% (n=144) had attempted to circumvent censorship, and of those, roughly 90% (n=132) reported success using VPNs (32.64%), proxies (32.64%), or Tor (23.61%). Failures were isolated to proxies (n=2), VPNs (n=2), and alternative searches (n=3), indicating that existing circumvention tools were technically adequate but that availability and comprehensibility—not raw capability—were the binding constraints on user success.

§5.2.1, Table 2 evaluation

Users in Thailand relied on incident-driven tool selection—running a fresh Google search for a proxy or VPN each time they hit a block—which the paper identifies as a systematic vulnerability: the Thai Royal Police exploited this pattern after the 2014 coup by linking a phishing application to a government block page, harvesting email addresses and gaining application-level access to Facebook profile information. The paper further notes that orchestrated stricter censorship could drive users to a government-operated malicious tool.

§5.3.3, §6.2.2 detection

IRBlock discovered that 1.7M of 3.3M blocked apex domains (52%) were attributed to blanket suffix-level blocking rules rather than individual domain listings. Examples include regex patterns targeting all Israeli domains (.il TLD), adult content (.porn), and country-coded suffixes (.com.mx, .my.id). Of 87K Tranco-ranked apex domains analyzed, 37% fell into adult content, with entertainment and gambling following. Approximately 1.27M apex domains were jointly censored by both DNS and HTTP filters, while the two filters maintained operationally independent blocklists for a significant fraction of domains.

2025-tai-irblock §5.3 dns-poisoningip-blockingkeyword-filtering

For Tier 2 apps (IP geo-blocking only), using a VPN with a foreign endpoint was sufficient to restore access. For Tier 1 apps (SIM + IP geo-blocking), the authors confirmed that (1) removing the Indian SIM card and accessing via WiFi, or (2) intercepting HTTP traffic with a MITM proxy to suppress or rewrite the carrier_region=IN parameter, fully bypassed server-side censorship. The authors note that Indian users primarily rely on mobile Internet, making SIM removal impractical as a user-facing solution.

2024-gosain-out §4.3, §5 ip-blockingkeyword-filtering

After India imposed a permanent ban in January 2021, seven of the eight previously SIM-only-blocked apps escalated to dual-factor filtering: they continued extracting carrier_region=IN from the SIM card while simultaneously adding IP geo-blocking. Accessing these apps now requires both a VPN (for source IP masking) and SIM removal or carrier_region parameter suppression; MICO Chat remained the sole app using only SIM-based blocking.

2024-gosain-out §4.3 (Permanent ban subsection), Table 2 ip-blockingkeyword-filtering

Seven of the 220 banned apps (Tier 1, including TikTok, Likee, Kwai, UC Browser, FaceU, Hago, and V-Fly) used the Android TelephonyManager.getSimCountryISO() API to read the primary SIM's country code and embed a carrier_region=IN parameter in HTTP requests, enabling server-side identification and blocking of Indian users regardless of source IP or VPN state. A dual-SIM phone with an Indian SIM in the secondary slot only (primary empty or non-Indian) bypassed the check.

2024-gosain-out §4.3 ip-blockingkeyword-filtering

GFWeb tested 1.02 billion domains against the GFW over 20 months and discovered 943,000 pay-level domains blocked by HTTP filters and 55,000 by HTTPS filters — the largest GFW blocklist dataset ever published. The HTTP-to-HTTPS ratio (17:1) confirms that the GFW's HTTPS keyword-based and SNI-based blocking covers far fewer domains than its HTTP host-header blocking, likely because HTTPS blocks carry higher collateral-damage risk.

2024-hoang-gfweb Abstract, §5.1 dpidns-poisoningip-blockingkeyword-filteringsni-blocking

The largest measurement study of Turkmenistan censorship to date tested 15.5 million domains and found more than 122,000 domains censored using separate blocklists for DNS, HTTP, and HTTPS. Reverse-engineering the blocking rules revealed approximately 6,000 over-blocking rules that cause incidental filtering of more than 5.4 million additional domains — a 44x collateral damage ratio relative to intentionally blocked domains.

2023-nourin-measuring §Results dns-poisoningdpikeyword-filteringip-blocking