[albert_e]

I am trying to understand how it is possible to filter all IP activity for such a (broad) search term. As opposed to say superbowl livestream.

They only looked at requests sent to YouTube? Doesn't YouTube use https by default?

Did they do a simple YouTube search for 'Tom and Jerry' note down the full URLs for first two pages of search results... and look for those in the ISP logs?

DNS lookups only show "www.youtube.com" but not the VideoID or full URL I presume. So ISPs must be logging all URLs being visited by all their users?

[dharmab]

India's encryption laws require service providers to allow law enforcement to intercept, monitor and trace encrypted traffic. Encryption within India is limited by law to weak forms.

https://www.eff.org/deeplinks/2021/07/indias-draconian-rules...

[gruez]

Is this actually implemented? Do all browsers in india use weakened TLS or something?

[A1kmm]

I don't know if it is actually implemented, but note it could be either of the two endpoints that could cooperate to allow decryption - client (browser) or server.

It is possible that Google is not allowed to operate in India unless they transmit all the keys to the government somehow. If they are forced to share the private key used for Youtube's certificates, that would allow effective MITM, or entirely passive surveillance if a non-ephemeral key suite is used. Google could also be required to send them every ephemeral key.

[subins2000]

There is no such implementation in India. The major censorship in internet here is SNI based HTTPS filtering.

[shmoe]

Likely a governmental man-in-the-middle attack.

[gruez]

That's non-trivial to pull off without massive noise being generated by users. Even if you're able to somehow able to backdoor all domestic computers to install the government's root certificate, there's going to be a steady stream of complaints from foreigners coming in with their non-backdoored devices.

[cortesoft]

That means that either the government has a browser trusted root CA (which means they could spy on anyone in the world if they can MITM them), or they somehow force everyone in the country to install their trusted CAs.

[shmoe]

Who says they can't, but weak encryption is definitely an easier lift.

[Lvl999Noob]

They said they were able to identify the specific video that the child watched.

[filoleg]

From the article:

> A police officer said that they searched for Tom and Jerry cartoons on YouTube and showed three or four of them to the child, who identified one particular cartoon. The URL of this cartoon was sent to the Cyber Cell.