skip to main content
research-article
Public Access

Understanding the Practices of Global Censorship through Accurate, End-to-End Measurements

Published:15 December 2021Publication History
Skip Abstract Section

Abstract

It is challenging to conduct a large scale Internet censorship measurement, as it involves triggering censors through artificial requests and identifying abnormalities from corresponding responses. Due to the lack of ground truth on the expected responses from legitimate services, previous studies typically require a heavy, unscalable manual inspection to identify false positives while still leaving false negatives undetected. In this paper, we propose Disguiser, a novel framework that enables end-to-end measurement to accurately detect the censorship activities and reveal the censor deployment without manual efforts. The core of Disguiser is a control server that replies with a static payload to provide the ground truth of server responses. As such, we send requests from various types of vantage points across the world to our control server, and the censorship activities can be recognized if a vantage point receives a different response. In particular, we design and conduct a cache test to pre-exclude the vantage points that could be interfered by cache proxies along the network path. Then we perform application traceroute towards our control server to explore censors' behaviors and their deployment. With Disguiser, we conduct 58 million measurements from vantage points in 177 countries. We observe 292 thousand censorship activities that block DNS, HTTP, or HTTPS requests inside 122 countries, achieving a 10^-6 false positive rate and zero false negative rate. Furthermore, Disguiser reveals the censor deployment in 13 countries.

References

  1. 1&1 IONOS INC. [n.d.]. Understanding and Configuring DNS TTL . https://www.ionos.com/community/server-cloud-infrastructure/dns/understanding-and-configuring-dns-ttl/.Google ScholarGoogle Scholar
  2. Alexa. [n.d.]. https://www.alexa.com/topsites .Google ScholarGoogle Scholar
  3. Collin Anderson. 2012. The Hidden Internet of Iran: Private Address Allocations on a National Network. Technical Report. https://arxiv.org/pdf/1209.6398v1.pdfGoogle ScholarGoogle Scholar
  4. Collin Anderson, Philipp Winter, and Roya. 2014. Global Network Interference Detection over the RIPE Atlas Network. In USENIX Workshop on Free and Open Communications the Internet (FOCI) .Google ScholarGoogle Scholar
  5. Anonymous. 2012. The Collateral Damage of Internet Censorship by DNS Injection . ACM SIGCOMM Computer Communication Review (2012).Google ScholarGoogle Scholar
  6. Anonymous, Arian Akhavan Niaki, Nguyen Phong Hoang, Phillipa Gill, and Amir Houmansadr. 2020. Triplet Censors: Demystifying Great Firewalltextquoterights DNS Censorship Behavior. In USENIX Workshop on Free and Open Communications on the Internet (FOCI) .Google ScholarGoogle Scholar
  7. Simurgh Aryan, Homa Aryan, and J. Alex Halderman. 2013. Internet Censorship in Iran: A First Look. In USENIX Workshop on Free and Open Communications on the Internet (FOCI) .Google ScholarGoogle Scholar
  8. Kevin Bock, George Hughey, Xiao Qiang, and Dave Levin. 2019. Geneva: Evolving Censorship Evasion Strategies . In ACM Conference on Computer and Communications Security (CCS) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Stéphane Bortzmeyer. [n.d.]. DNS Censorship (DNS Lies) As Seen By RIPE Atlas . https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes .Google ScholarGoogle Scholar
  10. Sam Burnett, Nick Feamster, and Santosh Vempala. 2010. Chipping Away at Censorship Firewalls with User-Generated Content. In USENIX Security Symposium .Google ScholarGoogle Scholar
  11. CAIDA AS Rank. [n.d.]. http://as-rank.caida.org/.Google ScholarGoogle Scholar
  12. Abdelberi Chaabane, Terence Chen, Mathieu Cunche, Emiliano De Cristofaro, Arik Friedman, and Mohamed Ali Kaafar. 2014. Censorship in the Wild: Analyzing Internet Filtering in Syria. In ACM Internet Measurement Conference (IMC) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Citizen Lab. 2019. URL Testing Lists Intended for Discovering Website Censorship . https://github.com/citizenlab/test-lists/.Google ScholarGoogle Scholar
  14. Jedidiah R. Crandall, Daniel Zinn, Michael Byrd, Earl Barr, and Rich East. 2007. ConceptDoppler: A Weather Tracker for Internet Censorship. In ACM Conference on Computer and Communications Security (CCS) .Google ScholarGoogle Scholar
  15. Roya Ensaf, Philipp Winter, Abdullah Mueen, and Jedidiah R. Crandall. 2015. Analyzing the Great Firewall of China Over Space and Time. In Privacy Enhancing Technologies Symposium (PETS) .Google ScholarGoogle Scholar
  16. David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. 2015. Blocking-resistant Communication through Domain Fronting. In Privacy Enhancing Technologies Symposium (PETS) .Google ScholarGoogle ScholarCross RefCross Ref
  17. Arturo Filastò and Jacob Appelbaum. 2012. OONI: Open Observatory of Network Interference. In USENIX Workshop on Free and Open Communications the Internet (FOCI) .Google ScholarGoogle Scholar
  18. FortiGuard Labs. [n.d.]. https://fortiguard.com/webfilter .Google ScholarGoogle Scholar
  19. Nguyen Phong Hoang, Arian Akhavan Niaki, Jakub Dalek, Jeffrey Knockel, Pellaeon Lin, Bill Marczak, Masashi Crete-Nishihata, Phillipa Gill, and Michalis Polychronakis. 2021. How Great is the Great Firewall? Measuring Chinatextquoterights DNS Censorship. In USENIX Security Symposium .Google ScholarGoogle Scholar
  20. John Holowczak and Amir Houmansadr. 2015. CacheBrowser: Bypassing Chinese Censorship Without Proxies Using Cached Content. In ACM Conference on Computer and Communications Security (CCS) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, and Nikita Borisov. 2011. Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability. In ACM Conference on Computer and Communications Security (CCS) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Bradley Huffaker, Marina Fomenkov, and kc claffy. 2011. Geocompare: a comparison of public and commercial geolocation databases. Technical Report.Google ScholarGoogle Scholar
  23. IP-API. [n.d.]. http://ip-api.com/.Google ScholarGoogle Scholar
  24. IPinfo.io. [n.d.]. http://ipinfo.io/.Google ScholarGoogle Scholar
  25. Lin Jin, Shuai Hao, Haining Wang, and Chase Cotton. 2018. Your Remnant Tells Secret: Residual Resolution in DDoS Protection Services. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) .Google ScholarGoogle Scholar
  26. Lin Jin, Shuai Hao, Haining Wang, and Chase Cotton. 2019. Unveil the Hidden Presence: Characterizing the Backend Interface of Content Delivery Networks. In IEEE International Conference on Network Protocols (ICNP) .Google ScholarGoogle Scholar
  27. Lin Jin, Shuai Hao, Haining Wang, and Chase Cotton. 2021. Understanding the Impact of Encrypted DNS on Internet Censorship. In The Web Conference (WWW) .Google ScholarGoogle Scholar
  28. Ben Jones, Roya Ensafi, Nick Feamster, Vern Paxson, and Nick Weaver. 2015. Ethical Concerns for Censorship Measurement. In ACM SIGCOMM Workshop on Ethics in Networked Systems Research (NS Ethics) .Google ScholarGoogle Scholar
  29. Josh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David P. Mankins, and W. Timothy Strayer. 2011. Decoy Routing: Toward Unblockable Internet Communication. In USENIX Workshop on Free and Open Communications the Internet (FOCI) .Google ScholarGoogle Scholar
  30. Sheharbano Khattak, Mobin Javed, Philip D. Anderson, and Vern Paxson. 2013. Towards Illuminating a Censorship Monitortextquoterights Model to Facilitate Evasion. In USENIX Workshop on Free and Open Communications the Internet (FOCI) .Google ScholarGoogle Scholar
  31. Sheharbano Khattak, Mobin Javed, Syed Ali Khayam, Zartash Afzal Uzmi, and Vern Paxson. 2014. A Look at the Consequences of Internet Censorship Through an ISP Lens. In ACM Internet Measurement Conference (IMC) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Xianghang Mi, Xuan Feng, Xiaojing Liao, Baojun Liu, XiaoFeng Wang, Feng Qian, Zhou Li, Sumayah Alrwais, Limin Sun, and Ying Liu. 2019. Resident Evil: Understanding Residential IP Proxy as a Dark Service. In IEEE Symposium on Security and Privacy (S&P) .Google ScholarGoogle ScholarCross RefCross Ref
  33. Zubair Nabi. 2013. The Anatomy of Web Censorship in Pakistan. In USENIX Workshop on Free and Open Communications on the Internet (FOCI) .Google ScholarGoogle Scholar
  34. Milad Nasr, Hadi Zolfaghari, Amir Houmansadr, and Amirhossein Ghafari. 2020. MassBrowser: Unblocking the Censored Web for the Masses, by the Masses. In Network and Distributed System Security Symposium (NDSS) .Google ScholarGoogle ScholarCross RefCross Ref
  35. Arian Akhavan Niaki, Shinyoung Cho, Zachary Weinberg, Nguyen Phong Hoang, Abbas Razaghpanah, Nicolas Christin, and Phillipa Gill. 2020. ICLab: A Global, Longitudinal Internet Censorship Measurement Platform. In IEEE Symposium on Security and Privacy (S&P) .Google ScholarGoogle Scholar
  36. Aqib Nisar, Aqsa Kashaf, Ihsan Ayyub Qazi, and Zartash Afzal Uzmi. 2018. Incentivizing Censorship Measurements via Circumvention. In ACM SIGCOMM .Google ScholarGoogle Scholar
  37. Paul Pearce, Roya Ensafi, Frank Li, Nick Feamster, and Vern Paxson. 2017a. Augur: Internet-Wide Detection of Connectivity Disruptions. In IEEE Symposium on Security and Privacy (S&P).Google ScholarGoogle Scholar
  38. Paul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Feamster, Nick Weaver, and Vern Paxson. 2017b. Global Measurement of DNS Manipulation. In USENIX Security Symposium .Google ScholarGoogle Scholar
  39. ProxyRack. [n.d.] a. https://www.proxyrack.com/.Google ScholarGoogle Scholar
  40. ProxyRack. [n.d.] b. https://www.proxyrack.com/become-a-peer/.Google ScholarGoogle Scholar
  41. Ram Sundara Raman, Leonid Evdokimov, Eric Wurstrow, J. Alex Halderman, and Roya Ensaf. 2020 a. Investigating Large Scale HTTPS Interception in Kazakhstan. In ACM Internet Measurement Conference (IMC) .Google ScholarGoogle Scholar
  42. Ram Sundara Raman, Prerana Shenoy, Katharina Kohls, and Roya Ensaf. 2020 b. Censored Planet: An Internet-wide, Longitudinal Censorship Observatory. In ACM Conference on Computer and Communications Security (CCS) .Google ScholarGoogle Scholar
  43. Ram Sundara Raman, Adrian Stoll, Jakub Dalek, Armin Sarabi, Reethika Ramesh, Will Scott, and Roya Ensafi. 2020 c. Measuring the Deployment of Network Censorship Filters at Global Scale. In Network and Distributed System Security Symposium (NDSS) .Google ScholarGoogle ScholarCross RefCross Ref
  44. Reethika Ramesh, Ram Sundara Raman, Matthew Bernhard, Victor Ongkowijaya, Leonid Evdokimov, Anne Edmundson, Steven Sprecher, Muhammad Ikram, and Roya Ensafi. 2020. Decentralized Control: A Case Study of Russia . In Network and Distributed System Security Symposium (NDSS) .Google ScholarGoogle ScholarCross RefCross Ref
  45. RIPE Atlas. [n.d.]. https://atlas.ripe.net/.Google ScholarGoogle Scholar
  46. Robert Kisteleki. [n.d.]. Ethics of RIPE Atlas Measurements . https://labs.ripe.net/Members/kistel/ethics-of-ripe-atlas-measurements .Google ScholarGoogle Scholar
  47. Max Schuchard, John Geddes, Christopher Thompson, and Nicholas Hopper. 2012. Routing Around Decoys. In ACM Conference on Computer and Communications Security (CCS) .Google ScholarGoogle Scholar
  48. Will Scott, Thomas Anderson, Tadayoshi Kohno, and Arvind Krishnamurthy. 2016. Satellite: Joint Analysis of CDNs and Network-level Interference. In USENIX Annual Technical Conference (ATC).Google ScholarGoogle Scholar
  49. Michael Carl Tschantz, Sadia Afroz, Anonymous, and Vern Paxson. 2016. SoK: Towards Grounding Censorship Circumvention in Empiricism. In IEEE Symposium on Security and Privacy (S&P) .Google ScholarGoogle Scholar
  50. Benjamin VanderSloot, Allison McDonald, Will Scott, J. Alex Halderman, and Roya Ensafi. 2018. Quack: Scalable Remote Measurement of Application-Layer Censorship. In USENIX Security Symposium .Google ScholarGoogle Scholar
  51. Zhongjie Wang, Shitong Zhu, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V. Krishnamurthy, Kevin S. Chan, and Tracy D. Braun. 2020. SymTCP: Eluding Stateful Deep Packet Inspection with Automated Discrepancy Discovery. In Network and Distributed System Security Symposium (NDSS) .Google ScholarGoogle Scholar
  52. Zachary Weinberg, Shinyoung Cho, Nicolas Christin, Vyas Sekar, and Phillipa Gill. 2018. How to Catch When Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation. In ACM Internet Measurement Conference (IMC) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman. 2011. Telex: Anticensorship in the Network Infrastructure. In USENIX Security Symposium .Google ScholarGoogle Scholar
  54. Xueyang Xu, Z. Morley Mao, and J. Alex Halderman. 2011. Internet Censorship in China: Where Does the Filtering Occur?. In Passive and Active Network Measurement (PAM) .Google ScholarGoogle Scholar
  55. Tarun Kumar Yadav, Akshat Sinha, Devashish Gosain, Piyush Kumar Sharma, and Sambuddho Chakravarty. 2018. Where The Light Gets In: Analyzing Web Censorship Mechanisms in India. In ACM Internet Measurement Conference (IMC) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Hadi Zolfaghari and Amir Houmansadr. 2016. Practical Censorship Evasion Leveraging Content Delivery Networks. In ACM Conference on Computer and Communications Security (CCS) .Google ScholarGoogle Scholar

Index Terms

  1. Understanding the Practices of Global Censorship through Accurate, End-to-End Measurements

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!