Not a member yet? Register now and get started.

lock and key

Sign in to your account.

Account Login

Forgot your password?

Safaricom and Internet Traffic Tampering

23 Mar Posted by in kictanet | 1 comment

Mose and all


We have noted CIPTs claim and wish to state categorically that Safaricom does not in any way alter internet traffic.  In addition, Safaricom did reach out to CIPT through a conference call with our engineers on 24th February 2017, which we believed was the best way to engage on this issue as it is technical and both parties had a chance to express their position.


From our understanding, CIPT use an application called Ooniprobe to test whether there is any alteration of a packet sent through a particular ISPs network. It uses crowdsourcing to collect information about a network, which is later uploaded to an analytics server whose front-end is the website. In order to test tampering it makes use of detuned / altered / crafted  HTTP parameters. The crafted HTTP packet is then directed towards dedicated servers that echo back HTTP header(s). The expectation is that such a crafted packet should not be subject to any form of network manipulation, even if the query used is wrong it should echo back as sent.


In the discussions we had with CIPT, we clarified that on our network, we strictly follow the correct formats of the HTTP version on the optimisation gateway, because packets are expected in the correct HTTP format as per agreed global standards (RFC 2616: Section 2.2). Any crafted or altered packets that violate the accepted correct HTTP formats generate an error. So by CIPT sending a packet that has its HTTP parameters detuned/altered, they would receive an error as explained above. This is not evidence of a middle box as now alleged. 


We have also observed a concerning trend where entities use the same packet crafting methods mentioned above to defraud the ISP by tunneling traffic through zero rated sites (i.e. by-passing billing).


In summary, we have a standard ISP traffic optimizer whose sole purpose is to optimize quality of experience, to deliver service to our customers without bias, and does not alter traffic.


We further state that anyone testing our network within accepted RFC standards will be able to establish that our network does not in any way alter internet packets.






From: kictanet [] On Behalf Of Mose Karanja via kictanet
Sent: Thursday, March 23, 2017 11:54
To: Stephen Chege
Cc: Mose Karanja; KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] Safaricom and Internet Traffic Tampering


That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report. 


Even after polite reminders, we did not hear back from them officially. 



On 23 Mar 2017, at 11:25, Ali Hussein <> wrote:

These are very serious allegations guys.


It would be great to hear from Safaricom.

Ali Hussein


Hussein & Associates

+254 0713 601113 


Twitter: @AliHKassim

Skype: abu-jomo



"We are what we repeatedly do. Excellence, therefore, is not an act but a habit."  ~ Aristotle


Sent from my iPad

On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <> wrote:

Comments Closed


One comment