KUALA LUMPUR, Aug 9 — The Malaysian Communications and Multimedia Commission (MCMC) has issued a statement following recent reports that Malaysian internet service providers (ISP) had quietly forced all internet traffic to their local DNS servers. As reported earlier, several ISPs have implemented Transparent DNS Proxy, which prevents Malaysian users from accessing blocked sites even if they use alternative DNS such as Google Public DNS and Cloudflare.

MCMC enhances DNS management for user protection

MCMC says it has been given a mandate to regulate the communications industry to protect citizens including restricting access to harmful content. It said that blocking of websites has been implemented as a mechanism to protect users under the Communications and Multimedia Act (CMA 1998) along with other jurisdictions of enforcement agencies such as the Royal Malaysian Police (PDRM), the Ministry of Domestic Trade and Cost of Living and the Securities Commission.

95.7 per cent of the blocked websites include online gambling, pornography, copyright infringement, online scams and prostitution. The regulator added that the restriction of access to websites can curb various crimes including human trafficking, child abduction, and sale of prohibited items such as drugs as well as organised crimes.

The regulator said to ensure the restriction of such websites remains effective and in line with current technology developments, MCMC has collaborated closely with local ISPs to further improve and strengthen prevention and protection measures including the aspect of Domain Name System (DNS) management. It said that the cooperation between MCMC and ISPs is meant to ensure a safer online environment and to ensure safety for all users.

The regular said their action was in line with the 10 National Policy Goals under CMA 1998 which include guaranteeing information security, trust and network integrity. It said the effort requires a holistic “whole of nation” approach from all walks of life to bypass the protection mechanism which could harm individuals including families and children.

From the statement, MCMC has acknowledged that additional measures have been introduced to enhance censorship and blocking of harmful websites. However, there’s no mention when this directive was issued to all telco and broadband providers in Malaysia. It has been alleged that Malaysian ISPs were instructed to block public DNS as early as February.

Following the report by Sinar Project, we verified the claims by testing several blocked websites on several ISPs while using Google and Cloudflare DNS. We noticed that the forced redirection to local DNS was in effect for Time, Maxis, U Mobile, CelcomDigi and Unifi. As shown above, our traffic to a blocked website was directed to 175.139.42.25, an IP used to redirect traffic for websites under MCMC’s blacklist.

MCMC has blocked over 20,000 websites in the past five years

According to the regulator, they have blocked over 20,000 websites between January 1, 2020 and August 1, 2024. This includes 4,482 online gambling websites, 3,271 pornography websites, 1,654 websites with copyright infringement violations, 316 scams and illegal investment websites, and 249 for online prostitution.

While MCMC has increased its blocking mechanism, there are still several workarounds to bypass which include enabling Secure DNS (DNS over TLS or DNS over HTTPS) and VPN.

The latest move has raised concerns and criticism as it could be seen as potential censorship and restriction of freedom of speech if such measures were to be abused. MCMC has made controversial moves in the past to block websites including MalaysiaKini’s Undi.info, Sarawak Report and Medium.

The government has also increased its measures to regulate social media platforms by introducing a new licensing requirement for social media and instant messaging platforms with at least eight million Malaysian users. — Soya Cincau