filtermap measuring censorship filters at global scale
play

FilterMap: Measuring Censorship Filters at Global Scale Ram Sundara - PowerPoint PPT Presentation

Sep 06, 2022 •228 likes •922 views

FilterMap: Measuring Censorship Filters at Global Scale Ram Sundara Raman 1 , Adrian Stoll 1 , Jakub Dalek 2 , Reethika Ramesh 1 , Will Scott 3 , Roya Ensafi 1 University of Michigan 1 , The Citizen Lab 2 , Independent 3 24 February 2020 Content

  1. FilterMap: Measuring Censorship Filters at Global Scale Ram Sundara Raman 1 , Adrian Stoll 1 , Jakub Dalek 2 , Reethika Ramesh 1 , Will Scott 3 , Roya Ensafi 1 University of Michigan 1 , The Citizen Lab 2 , Independent 3 24 February 2020

  2. Content Filtering Technologies Filters, DPIs, middleboxes ● Dual Use Technology ● Intended use - Security ○ Side effect - Censorship, surveillance ○ Commoditization of filters - High availability, low cost, and ● advanced features Very little, but important, information on use of filters ● 2

  3. Netsweeper and Citizen Lab Netsweeper - Canadian filter vendor - Provides carrier ● grade filtering, dynamic categorization of websites Citizen Lab conducted investigations of use of Netsweeper ● products over several years “Alternative Lifestyles” category used by UAE, others to ● block LGBTQ content Netsweeper removed the option to block category ● 3

  4. Auditing filters can drive change! 4

  5. Proliferation of Filters 5

  6. Previous Work Biased towards few, well-known filters ● Significant manual effort ● Physical access ○ In-country collaborators ○ 6

  7. Filters respond with blockpages ● Blockpages Rich with information ● Trademark of the ○ manufacturing vendor Identity of the deploying actor ○ Use blockpages to identify ● censorship filter deployments Identification using blockpages is ● consistent and scalable 7

  8. Objectives Data Collection Data Analysis Collect many Identify filters from blockpages from blockpages filter deployments 8

  9. Data Collection Collect the most comprehensive database of filter blockpages 9

  10. Data Collection Censorship measurement techniques frequently observe blockpages 10

  11. Data Collection Censorship measurement techniques frequently observe blockpages TCP Handshake GET https:// blocked .com Inject V o l u n t e e r Server Volunteer measurement https://ooni.org/ Challenges Limited scale and ethical constraints ● 11

  12. Data Collection Censorship measurement techniques frequently observe blockpages TCP Handshake GET https:// blocked .com (Port 7) https://ooni.org GET https:// blocked .com Measurement Inject Inject Echo Machine Quack Server Challenges Remote measurement VanderSloot et al. [USENIX 2018] Cannot detect filters on common Port 80/443 ● 12

  13. Data Collection Censorship measurement techniques frequently observe blockpages Quack Novel remote measurement technique ● https://ooni.org Remote measurement Web servers running on ports 80 and 443 ● Idea: Responses from web server when ● Hyperquack requesting a domain not hosted on the server is predictable New remote measurement 13

  14. Hyperquack 46.43.36.222 14

  15. Hyperquack 46.43.36.222 15

  16. Hyperquack Measurement Machine 46.43.36.222 16

  17. Hyperquack GET https://www.ndss-symposium.org Measurement Machine 46.43.36.222 17

  18. Hyperquack GET https://www.ndss-symposium.org Measurement Machine 46.43.36.222 18

  19. Hyperquack GET https://www.usenix.org Measurement Machine 46.43.36.222 19

  20. Hyperquack GET https://www.usenix.org Measurement Machine 46.43.36.222 20

  21. Hyperquack GET https://www.sigsac.org Measurement Machine 46.43.36.222 21

  22. Hyperquack GET https://www.sigsac.org Measurement Machine 46.43.36.222 22

  23. Hyperquack GET https://www.sigsac.org Measurement Machine 46.43.36.222 23

  24. Canonical Templates Request several bogus but ● benign domain patterns (<www>.example1298.<com>) From the response, remove ● commonly changing elements e.g. date, domain If response for all tests match, ● save as canonical template 24

  25. Censorship Detection Send HTTP(S) GET requests ● Measurement Machine W e b S e r v e r TCP Handshake for sensitive keywords GET https:// example{1,2,3} .com If response different from ● template of server Build Canonical canonical template, then HTTPS reply (e.g., Status Code: 301 Moved) there is censorship response Control tests both before ● GET https:// blocked .com and after to ensure x4 different from consistency Response Inject Canonical Template : GET https:// example{1,2,3} .com Censorship HTTPS reply (e.g., Status Code: 301 Moved) 25

  26. Censorship Detection Send HTTP(S) GET requests ● Measurement Machine W e b S e r v e r TCP Handshake for sensitive keywords GET https:// example{1,2,3} .com If response different from ● template of server Build Canonical canonical template, then HTTPS reply (e.g., Status Code: 301 Moved) there is censorship response Control tests both before ● GET https:// blocked .com and after to ensure x4 different from consistency Response Inject Canonical Template : GET https:// example{1,2,3} .com Censorship HTTPS reply (e.g., Status Code: 301 Moved) 26

  27. Censorship Detection Send HTTP(S) GET requests ● Measurement Machine W e b S e r v e r TCP Handshake for sensitive keywords GET https:// example{1,2,3} .com If response different from ● template of server Build Canonical canonical template, then HTTPS reply (e.g., Status Code: 301 Moved) there is censorship response Control tests both before ● GET https:// blocked .com and after to ensure x4 different from consistency Response Inject Canonical Template : GET https:// example{1,2,3} .com Censorship HTTPS reply (e.g., Status Code: 301 Moved) 27

  28. Censorship Detection Send HTTP(S) GET requests ● Measurement Machine W e b S e r v e r TCP Handshake for sensitive keywords GET https:// example{1,2,3} .com If response different from ● template of server Build Canonical canonical template, then HTTPS reply (e.g., Status Code: 301 Moved) there is censorship response Control tests both before ● GET https:// blocked .com and after to ensure x4 different from consistency Response Inject Canonical Template : GET https:// example{1,2,3} .com Censorship HTTPS reply (e.g., Status Code: 301 Moved) 28

  29. 53 million public HTTP hosts Source - censys.io 29

  30. Vantage Point Selection We use infrastructural servers to reduce risk ● PeeringDB - list of offjcial websites of Internet service ● providers Use servers hosting the website for measurement ~10,000 ● 30

  31. Vantage Point Selection We use infrastructural servers to reduce risk ● PeeringDB - list of offjcial websites of Internet service ● providers Use servers hosting the website for measurement ~10,000 ● https://corporate.comcast.com/ 31

  32. Vantage Point Selection We use infrastructural servers to reduce risk ● PeeringDB - list of offjcial websites of Internet service ● providers Use servers hosting the website for measurement ~10,000 ● https://corporate.comcast.com/ 23.219.228.121 32

  33. Ethics Followed all the ethical recommendations made in Quack ● Made it clear that we are running measurements on our ● website Rate limit and close connections ● Make only one measurement at a time to a server ● OONI obtains informed consent ● 33

  34. Measurements Latitudinal Measurements: Longitudinal Measurements: ● ● 3 weeks in October 2018 HyperQuack and Quack ○ ○ twice a week - November HyperQuack - 9,223 VPs ○ 2018 to January 2019 Quack - 33,602 VPs ○ Citizen Lab Global List ○ 18,736 domains - Citizen ○ (~1200 domains) + Alexa Lab Test List Top 1000 domains Added OONI data ○ 34

  35. Data Analysis Automate the identification of filters from more than a million disrupted responses 35

  36. Iterative Classification Insight: Filters often send the same blockpage regardless ● of the test domain Recursively finds large groups of HTML pages with the ● same content Blockpage clusters are labeled with signatures, a unique ● subset of the HTML page or header Example: <th>Barracuda NextGen Firewall:</th> ● 36

  37. Image Clustering Cluster pages with dynamic content - DBSCAN algorithm ● T remendously reduce the manual effort - 1 page in 200 groups ● 37

  38. FilterMap FilterMap enables continuous, sustainable, data-driven view of filter deployment 38

  39. Results FilterMap creates a map of filter deployments based on the vantage points measured 39

  40. FilterMap Results FilterMap found 90 blockpage clusters (Clusters indicate ● either vendors or actors) Filters are deployed in many locations in 103 countries ● Filter types found - Commercial products, national ● firewalls, ISP and organizational deployments 40

  41. Commercial Filters 41

  42. Commercial Filters 15 commercial filters used in 102 countries ● Sold by companies in the US ● Filters found in 36 out of 48 countries labelled as “Not Free” ● or “Partly Free” by Freedom House Pornography , gambling , provocative attire and ● anonymization tools most commonly blocked 42

  43. FilterMap Results 4 National Firewalls - Iran, Saudi Arabia, Bahrain and South Korea ● 43

  44. FilterMap Results 4 National Firewalls - Iran, Saudi Arabia, Bahrain and South Korea ● Large number of filters in ISPs, especially in Russia ● 44

Recommend

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely Internet Measurement Village 2020 Ram Sundara Raman June 26, 2020 Measuring Censorship is a Complex Problem! Internet censorship practices are

644 views • 52 slides
Measuring Internet filters and their unexpected impact Leonid Evdokimov nullcon, Goa, March

Measuring Internet filters and their unexpected impact Leonid Evdokimov nullcon, Goa, March

Measuring Internet filters and their unexpected impact Leonid Evdokimov nullcon, Goa, March 2018 WHAT IS I N T E R N E T C E N S O R S H I P? Internet Censorship |ntnt snsrp| 1. a distortion of the reality of the Internet

327 views • 31 slides
Measuring Decentralization of Chinese Keyword Censorship via Mobile Games Jeffrey Knockel, Lotus

Measuring Decentralization of Chinese Keyword Censorship via Mobile Games Jeffrey Knockel, Lotus

Measuring Decentralization of Chinese Keyword Censorship via Mobile Games Jeffrey Knockel, Lotus Ruan, and Masashi Crete-Nishihata Citizen Lab, Munk School of Global Affairs, University of Toronto Dept. of Computer Science, University of New

595 views • 37 slides
Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018

Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018

Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018 1 Measuring Internet Censorship Globally PROBLEM: - How can we detect whether pairs of hosts around the world can talk to each other? user ?

780 views • 49 slides
Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020

Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020

Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020 Its harder to notice the blocking of less popular sites &amp; services Internet censorship often differs from network to network within a

602 views • 34 slides
Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech http://www.cc.gatech.edu/~feamster/ Joint work with Sam Burnett, Santosh Vempala, Sathya Gunasekaran, Crisitan Lumezanu, Hans Klein, Wenke Lee, Phillipa

570 views • 38 slides
TEST LISTS FOR MEASURING INTERNET CENSORSHIP APPLICABILITY, PROBLEMS &amp; SOLUTIONS IMPROVING

TEST LISTS FOR MEASURING INTERNET CENSORSHIP APPLICABILITY, PROBLEMS &amp; SOLUTIONS IMPROVING

TEST LISTS FOR MEASURING INTERNET CENSORSHIP APPLICABILITY, PROBLEMS &amp; SOLUTIONS IMPROVING LISTS OF CENSORED ONLINE CONTENT Update test lists for 48 states in Latin America, Africa, MENA, Asia and CIS Develop methodology

444 views • 31 slides
Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship? History of Censorship Arguments for censorship Arguments against censorship What do we mean by media? AUSTRALIA Statutory Regulation Recent

566 views • 37 slides
Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrs E. Azprua #imv2020 @VEsinFiltro VEsinFiltro.com VENEZUELAN CONTEXT Critical failure

833 views • 56 slides
Characterizing Global Web Censorship: Why is it so hard? Phillipa Gill The Citizen Lab/Stony

Characterizing Global Web Censorship: Why is it so hard? Phillipa Gill The Citizen Lab/Stony

Workshop on Active Internet Measurements CAIDA Feb. 8, 2012 Characterizing Global Web Censorship: Why is it so hard? Phillipa Gill The Citizen Lab/Stony Brook University Work done in collaboration with: Masashi Crete Nishihata, Jakub Dalek,

411 views • 39 slides
Measuring Up: How Do We Align Aid With Priorities? David Wheeler Center for Global Development

Measuring Up: How Do We Align Aid With Priorities? David Wheeler Center for Global Development

Measuring Up: How Do We Align Aid With Priorities? David Wheeler Center for Global Development Allocation Calculus N W R Objective Function 0 i 1 i S = Scale of donor activity V i p R S 1 i

450 views • 29 slides
Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of Economics Royal Holloway, University of London Presentation given at the International Studies Association 57 th annual convention, Atlanta, GA, March

504 views • 24 slides
H ( s ) x ( t ) y ( t ) 1 1 1 c c c x ( t ) = A cos( t + ) Bandpass

H ( s ) x ( t ) y ( t ) 1 1 1 c c c x ( t ) = A cos( t + ) Bandpass

Analog Filters Overview To Do List Discuss time-domain versus frequency domain characteristics Ideal Filters Overshoot First-Order Filters Settling time Active &amp; Passive Filters Show examples of filters applied to

319 views • 16 slides
Global IPv6 statistics Measuring the current state of IPv6 for ordinary users Steinar H.

Global IPv6 statistics Measuring the current state of IPv6 for ordinary users Steinar H.

Global IPv6 statistics Measuring the current state of IPv6 for ordinary users Steinar H. Gunderson Software Engineer 1 Motivation There is too little data about IPv6 among clients Existing measurements mostly on a small scale and/or

517 views • 20 slides
Overview of Discrete-Time Filters First-order filters Ideal filters Practical filters

Overview of Discrete-Time Filters First-order filters Ideal filters Practical filters

Overview of Discrete-Time Filters First-order filters Ideal filters Practical filters Frequency-selective filter specifications Ripple versus filter order tradeoff Application example Portland State University ECE 223 DT

588 views • 40 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

654 views • 44 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

517 views • 23 slides
f*g=? f g ? f g ? f*g=? original image h filtered original image h filtered Filters for

f*g=? f g ? f g ? f*g=? original image h filtered original image h filtered Filters for

9/8/2009 Last time Various models for image noise Linear filters and convolution useful for Linear Filters and Edges Image smoothing, removing noise Box filter Gaussian filter Impact of scale / width of

309 views • 8 slides
Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005

Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005

Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005 Tools for Censorship Resistance p.1/36 Overview Approaches to Censorship Circumvention methods Case study: China Censorship in a free

628 views • 36 slides
MEASURING EDUCATION ABROAD PARTICIPATION ON A NATIONAL SCALE:

MEASURING EDUCATION ABROAD PARTICIPATION ON A NATIONAL SCALE:

MEASURING EDUCATION ABROAD PARTICIPATION ON A NATIONAL SCALE: Strategies and Benefits Kate Geddie, Canada Jo Asquith, Australia Rajika Bhandari, USA Wednesday,

334 views • 10 slides
of Infinite Input Extensions Diego Nehab Andr Maximo IMPA GE Global Research GTC 2017

of Infinite Input Extensions Diego Nehab Andr Maximo IMPA GE Global Research GTC 2017

Parallel Recursive Filtering of Infinite Input Extensions Diego Nehab Andr Maximo IMPA GE Global Research GTC 2017 Linear time-invariant filters filter Linear Invariant to scale filter scale scale filter Linear Invariant to

1.03k views • 55 slides
? 0 1 0 0 0 0 0 0 0 - 1 1 1 = ? * 0 2 0 1 1 1 Original 0 0 0 1 1 1

? 0 1 0 0 0 0 0 0 0 - 1 1 1 = ? * 0 2 0 1 1 1 Original 0 0 0 1 1 1

Last time Cross correlation Convolution Examples of smoothing filters Filters, Features, Edges Box filter (averaging) Thursday, Sept 11 Gaussian Convolution Smoothing with a Gaussian Parameter is the scale /

146 views • 13 slides
Extreme-scale Computing Global Knowledge without Global Communication Dr. Giuse seppe pe Di Fa

Extreme-scale Computing Global Knowledge without Global Communication Dr. Giuse seppe pe Di Fa

Invited Talk: Epidemic Protocols for Extreme-scale Computing Global Knowledge without Global Communication Dr. Giuse seppe pe Di Fa Fatta ta G.DiFatta@reading.ac.uk Wednesday, September 24, 2014 Outline e X tre reme-sca scale le

918 views • 67 slides
Optimum IIR Filters Introduction and Scope Definitions Discussed FIR filters for both

Optimum IIR Filters Introduction and Scope Definitions Discussed FIR filters for both

Optimum IIR Filters Introduction and Scope Definitions Discussed FIR filters for both stationary and nonstationary cases Design and properties For simplicity and due to time constraints, will limit discussion of IIR filters to

1.2k views • 7 slides

More recommend