Updated on the 2020-12-10 This report is also published in spanish. Este reporte también está publicado en español.

On Monday, December 7, VE Sin Filtro identified a series of blocks against servers used by the Voatz app, a digital voting tool implemented as one of the participation mechanisms for the Consulta Popular (“People’s Consultation”) organized and promoted by the National Assembly and Juan Guaidó.

The Consulta Popular is a vote-like referendum organized by the opposition to Nicolas Maduro framed as a foil to the December 6 parliamentary elections, boycotted by the opposition and not recognized by the current opposition-controlled National Assembly.

These IP blocks carried out by CANTV, the most important internet provider in Venezuela and a state company, partially affect some functions of the Voatz app, but by the end of 2020-12-07 we do not know if it affects the process of participating in the Consulta Popular.

On the first day of the initiative, Voatz has presented delays in the validation of the identities of the voters, presumably because of the large number of people registering; these delays do not appear to be related with the identified blocks. Users must validate their identity, and wait for it to be certified as a valid voter for the app to enable the electronic ballot.

The internet blocks that we have documented seems to affect the display of certain web and multimedia content within the app. This does not limit user registration on Android, it shows an error where the Terms of Service should appear, but still allowing the user to continue; on iOS this impeded user registration. We did not identify any problems filling the ballot or submitting it for users already registered and verified.

Moreover, mobile telephone services providers in the country appear to have blocked the SMS messages used by Voatz to verify users’ phone numbers, as text messages were no longer received by customers from all operators. Various tests suggest that the operators blocked messages coming only from the telephone number belonging to Voatz, but not all outgoing messages from the mass messaging service used by the application, one of the most commonly used by technology companies.

As a result of these events, Voatz implemented the verification option via email and began to use different telephone numbers for user registration, in order to mitigate the scope of the blocks.

We will be publishing a full report about this case soon..

Context

Nicolas Maduro and Juan Guaido have been disputing the presidency of Venezuela since early 2019, when the previous presidential term for Nicolas Maduro ended after an election that was not recognized by the opposition-controlled National Assembly, many Latin American countries, the EU, Canada and the USA. Without an elected elected President to take office, the legislative named it’s speaker, Juan Guaido, President in-charge based on the constitucional provisions in case there is no president elect to swear in.

With diverging interpretations of the legal status of multiple public powers and institutions, and conflicting authorities. The term of the current National Assembly is set to end in January.

In this context, the exercise of human rights on the internet has been severely limited by actions of the Government of Nicolás Maduro, limiting the rights to freedom of expression and information, freedom of association and the right to privacy, among others.

Organizations such as Espacio Público have documented cases of persecution of internet users for comments made on social media and VE Sin Filtro has documented persistent internet censorship, which includes a large number of blocked news portals and the use of tactical blocks against major platforms during politically sensitive events. This has been reflected in international reports such as the ones from Freedom on the Net and the Office of the United Nations High Commissioner for Human Rights.

Initiatives from the National Assembly and Juan Guaidó have already suffered previous blockades, for example the blocking of social networks during the election of the National Assembly board or the blocking of an informative website about COVID-19. In addition, constant blockades have been reported towards news websites and against censorship circumvention tools such as the VPN TunnelBear and Psiphon.

Particularly serious have been the massive phishing attacks coordinated from CANTV, the country’s main internet service provider and a state-owned company. In 2019 a phishing attack promoted by the government aimed to attack the users of the VoluntariosXVenezuela program, and in April of this same year, Ve Sin Filtro published another report where the phishing attack against the platform Héroes de la Salud is detailed.

Recommendations

The full impact of this block against Voatz is still being monitored, however there is a possibility that other functions within the app will be blocked or even that a phishing attack will be applied against citizens who decide to participate through the website of the Consulta Popular.

For this reason, we recommend having a safe and reliable VPN service already installed and configured on your devices, in case the app doesn’t work correctly. Our VPN recommendations are Psiphon and Tunnelbear, their main webpages are blocked but both applications are still available to be installed from the iOS and Andriod application stores, and also from the following alternative links:

Psiphon

Tunnelbear

If you want to participate through the website instead of the app, our recommendations are the following:


1- Only get the link directly from official sources, not from messaging chains or social media posts that could have fake links

2- Using a trusted VPN like Psiphon is the most recommended

3- Check that the website is written correctly, fake pages usually have a slightly different detail or use a different suffix

4- Make sure that the link starts with HTTPS:// and be suspicious if the browser gives a security warning, since this means that someone could be pretending to be the genuine page and entering data there could expose users.



You can follow the instructions to install and use Psiphon in this video:

More information on how to identify fake pages in this video: