Cuba's April 2026 Internet Blocks: New Services Targeted, Methods Clarified

Cuba has expanded its roster of blocked websites and services in April 2026, according to publicly available reports and OONI measurement data. The changes represent a continuation of the state's DNS-level filtering and IP blacklisting infrastructure rather than a dramatic shift in censorship architecture. Understanding what was blocked, when, and how is essential for technical observers and security researchers monitoring Caribbean-region internet governance.

Cuba's internet filtering apparatus has operated under the regulatory authority of the Ministry of Communications (MINCOM) since 2013, when control shifted from the military. The actual technical implementation falls to ETECSA (Empresa de Telecomunicaciones de Cuba), the state monopoly provider. Historical blocking has targeted human-rights sites, independent news outlets, and circumvention tools themselves. In April 2026, reports indicate that additional social-media scheduling tools, certain VPN detection services, and niche social platforms were added to blocked lists. Specific dates of implementation remain unclear in publicly available sources; OONI's network measurement project has not yet published granular April 2026 data for Cuba at the time of writing, though historical OONI datasets confirm the blocking methodology described here.

Technically, Cuba's censorship relies primarily on DNS filtering at the network's recursive resolvers. ETECSA operates nameservers that return NXDOMAIN or null responses for blocked domains, preventing end-users from resolving domains to IP addresses. This method is cost-effective and applies to all traffic passing through ETECSA's infrastructure—in Cuba's case, effectively all civilian internet access. Secondary layers include IP-level blacklisting at borders, where known IP ranges associated with blocked services receive null-route or packet-drop treatment. Recent reports suggest limited use of SNI (Server Name Indication) inspection on HTTPS traffic, though the extent and deployment of this technique remain undocumented in peer-reviewed studies. Deep-packet inspection (DPI) for keyword filtering is not a primary mechanism in Cuba's publicly documented approach, unlike in China or Iran. BGP-level blocking and route hijacking have not been reported as part of Cuba's censorship toolkit.

The April 2026 additions reportedly include scheduling-automation platforms (such as tools used for social-media posting), certain free-tier analytics services, and smaller messaging applications. Access Now's ongoing KeepItOn documentation does not yet classify these as part of a shutdown event; rather, they appear to be incremental DNS-filter list updates. No widespread throttling of remaining open services was reported in April 2026. The practical effect remains that users with access to ETECSA's network—the vast majority of Cuban internet users—cannot resolve these domains. Alternative routing through non-Cuban nameservers or other workarounds remain possible for technically sophisticated users but carry significant legal and practical risk under Article 70 of Cuba's Penal Code, which criminalizes unauthorized computer access.

For individuals in Cuba seeking to circumvent these blocks, the technical landscape offers several generic approaches, each with distinct tradeoffs. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) allow users to send DNS queries through encrypted channels to public nameservers (such as Cloudflare's 1.1.1.1 or Quad9's 9.9.9.9), bypassing ETECSA's filtering. These protocols require no client software beyond updated operating systems or browsers, but ISPs can potentially detect and block the target IP addresses of public resolvers using IP blacklisting or DPI. Open-source VPN protocols like OpenVPN and WireGuard establish encrypted tunnels that encapsulate all traffic, including DNS queries, though they are themselves often blocked by IP address. Obfuscation protocols such as obfs4 and REALITY (part of the Xray/V2Ray suite) wrap encrypted traffic in patterns that resemble ordinary HTTPS or other benign protocols, reducing detectability against DPI. Tor, particularly via pluggable transports like Snowflake (which relays traffic through WebRTC to volunteers' browsers) and the newer WebTunnel transport, remains functional in many censorship contexts because its distributed bridge architecture makes centralized blocking difficult. However, Tor's relatively low bandwidth and potential for endpoint correlation attacks mean it is best suited for censorship circumvention rather than as a general-purpose anonymity tool. MASQUE (Multiplexed Application Substrate over QUIC Encryption), still in standardization, offers a newer transport method but is not yet widely deployed in circumvention tools.

The technical diversity of available circumvention methods reflects the ongoing asymmetry between censors and circumventors. Cuba's reliance on DNS filtering and IP blacklisting, while effective against casual users, remains vulnerable to encrypted DNS, tunneling protocols, and distributed bridge architectures. However, enforcement risk—the possibility of legal consequences for attempted circumvention—remains the primary deterrent for most users. No major shift in Cuba's censorship infrastructure was announced in April 2026, and the blocking updates appear consistent with incremental policy enforcement rather than a technical overhaul.