More Web Proxy on the site http://driver.im/

research-article

Free access

Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests

Authors:

Nick FeamsterAuthors Info & Claims

SIGCOMM '15: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication

Pages 653 - 667

https://doi.org/10.1145/2785956.2787485

Published: 17 August 2015 Publication History

Abstract

Despite the pervasiveness of Internet censorship, we have scant data on its extent, mechanisms, and evolution. Measuring censorship is challenging: it requires continual measurement of reachability to many target sites from diverse vantage points. Amassing suitable vantage points for longitudinal measurement is difficult; existing systems have achieved only small, short-lived deployments. We observe, however, that most Internet users access content via Web browsers, and the very nature of Web site design allows browsers to make requests to domains with different origins than the main Web page. We present Encore, a system that harnesses cross-origin requests to measure Web filtering from a diverse set of vantage points without requiring users to install custom software, enabling longitudinal measurements from many vantage points. We explain how Encore induces Web clients to perform cross-origin requests that measure Web filtering, design a distributed platform for scheduling and collecting these measurements, show the feasibility of a global-scale deployment with a pilot study and an analysis of potentially censored Web content, identify several cases of filtering in six months of measurements, and discuss ethical concerns that would arise with widespread deployment.

Supplementary Material

WEBM File (p653-burnett.webm)

Download
184.78 MB

References

[1]

S. Aryan, H. Aryan, and J. A. Halderman. Internet Censorship in Iran: A First Look. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), aug 2013.

[2]

A. Barth, J. Caballero, and D. Song. Secure content sniffing for web browsers, or how to stop papers from reviewing themselves. In IEEE Symposium on Security and Privacy, pages 360--371, 2009.

Digital Library

[3]

M. bin Tariq, M. Motiwala, N. Feamster, and M. Ammar. Detecting Network Neutrality Violations with Causal Inference. In Proc. CoNEXT, Dec. 2009.

Digital Library

[4]

Bootstrap. http://getbootstrap.com.

[5]

A. Bortz and D. Boneh. Exposing private information by timing web applications. In International Conference on World Wide Web (WWW), pages 621--628, Banff, Alberta, Canada, 2007.

Digital Library

[6]

Browser Security Handbook: Navigation and Content Inclusion Across Domains. http://goo.gl/uMfTN5.

[7]

M. Casado and M. J. Freedman. Peering through the shroud: The effect of edge opacity on ip-based client identification. In USENIX Conference on Networked Systems Design and Implementation (NSDI), Cambridge, MA, Apr. 2007.

Digital Library

[8]

Centinel. https://github.com/iclab/centinel.

[9]

M. Clark. IRB/Ethics Questions, Sept. 2014. http://encore.noise.gatech.edu/irb-mail.txt.

[10]

R. Clayton, S. Murdoch, and R. Watson. Ignoring the Great Firewall of China. In Privacy Enhancing Technologies (PET), pages 20--35. Springer, 2006.

Digital Library

[11]

J. Crandall, D. Zinn, M. Byrd, E. Barr, and R. East. ConceptDoppler: A Weather Tracker for Internet Censorship. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Arlington, VA, Oct. 2007.

Digital Library

[12]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proc. 13th USENIX Security Symposium, San Diego, CA, Aug. 2004.

Digital Library

[13]

K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Protocol misidentification made easy with format-transforming encryption. In ACM Conference on Computer & Communications Security (CCS), pages 61--72, 2013.

Digital Library

[14]

R. Ensafi, J. Knockel, G. Alexander, and J. R. Crandall. Detecting intentional packet drops on the internet via tcp/ip side channels. In Passive and Active Measurement, pages 109--118. Springer, 2014.

Digital Library

[15]

A. Filasto and J. Appelbaum. OONI: Open Observatory of Network Interference. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), Aug. 2012.

[16]

Filbaan. http://filbaan.net.

[17]

Google analytics. https://google.com/analytics.

[18]

Google Transparency Report. http://www.google.com/transparencyreport/.

[19]

GreatFire.org: Online Censorship in China. http://en.greatfire.org/.

[20]

K. P. Gummadi, S. Saroiu, and S. D. Gribble. King: Estimating latency between arbitrary internet end hosts. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pages 5--18. ACM, 2002.

Digital Library

[21]

S. Hao, N. Syed, N. Feamster, A. Gray, and S. Krasser. Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine. In Proc. 18th USENIX Security Symposium, Montreal, Quebec, Canada, Aug. 2009.

Digital Library

[22]

HAR 1.2 spec. http://www.softwareishard.com/blog/har-12-spec/.

[23]

HerdictWeb: The Verdict of the Herd. http://herdict.org.

[24]

Herdict: Browse Lists. http://herdict.org/lists. Visited 2014-02-26.

[25]

F. Howard. Malware with your mocha: Obfuscation and antiemulation tricks in malicious javascript. Sophos Technical Papers, 2010.

[26]

L.-S. Huang, Z. Weinberg, C. Evans, and C. Jackson. Protecting browsers from cross-origin CSS attacks. In ACM Conference on Computer and Communications Security (CCS), pages 619--629, Chicago, IL, Oct. 2010.

Digital Library

[27]

B. Jones, R. Ensafi, N. Feamster, V. Paxson, and N. Weaver. Ethical concerns for censorship measurement (to appear). In Ethics in Networked Systems Research, Aug. 2015.

Digital Library

[28]

jQuery. http://jquery.com.

[29]

M. Karir, G. Huston, G. Michaelson, and M. Bailey. Understanding IPv6 Populations in the Wild. In Passive and Active Measurement (PAM), pages 256--259, Hong Kong, Mar. 2013.

Digital Library

[30]

V. Lam, S. Antonatos, P. Akritidis, and K. G. Anagnostakis. Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure. In ACM Conference on Computer and Communications Security (CCS), pages 221--234, Alexandria, VA, Oct. 2006.

Digital Library

[31]

MaxMind GeoIP Country. http://www.maxmind.com/app/geolitecountry. Retrieved: June 2011.

[32]

Z. Nabi. The anatomy of web censorship in Pakistan. In USENIX Workshop on Free and Open Communications on the Internet (FOCI13), Washington, DC, Aug. 2013.

[33]

Noction: Network Intelligence. http://www.noction.com.

[34]

Workshop on Ethics in Networked Systems Research. http://conferences.sigcomm.org/sigcomm/2015/netethics.php.

[35]

OpenNet Initiative. http://www.opennet.net/.

[36]

OpenNet Initiative Research Publications. http://www.opennet.net/research/.

[37]

Report on China's Filtering Practices, 2008. Open Net Initiative. http://opennet.net/sites/opennet.net/files/china.pdf.

[38]

Open Observatory of Network Interference (OONI). https://ooni.torproject.org.

[39]

Phantomjs. http://phantomjs.org.

[40]

Same Origin Policy. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Same_origin_policy_for_JavaScript. Mozilla Developer Network.

[41]

S. Schechter and C. Bravo-Lillo. Ethical-response survey report: Fall 2014. Technical Report MSR-TR-2014-140, November 2014.

[42]

A. Sfakianakis, E. Athanasopoulos, and S. Ioannidis. CensMon: A Web Censorship Monitor. In USENIX Workshop on Free and Open Communication on the Internet (FOCI), San Francisco, CA, Aug. 2011.

[43]

How to add a favicon to your site. http://www.w3.org/2005/10/howto-favicon.

[44]

P. Winter. Towards a Censorship Analyser for Tor. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), Washington, DC, Aug. 2013.

[45]

Content security policy. http://www.w3.org/TR/CSP/, Nov. 2012.

[46]

X. Xu, Z. M. Mao, and J. A. Halderman. Internet censorship in China: Where does the filtering occur? In Passive and Active Measurement (PAM), pages 133--142, Atlanta, GA, 2011.

Digital Library

[47]

J. Zittrain and B. Edelman. Internet filtering in China. IEEE Internet Computing, 7(2):70--77, 2003.

Digital Library

Cited By

Frieß JSchulmann HWaidner M(2024)Crowdsourced Distributed Domain ValidationProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696869(318-325)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696869
Beer PSquarcina MVeronese LLindorfer M(2024)Tabbed Out: Subverting the Android Custom Tab Security Model2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00105(4591-4609)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00105
El-Sayed S(2024)A practitioner-centered policy roadmap for ethical computational social science in Germany, Austria, and SwitzerlandAccountability in Research10.1080/08989621.2024.2420811(1-21)Online publication date: 5-Nov-2024
https://doi.org/10.1080/08989621.2024.2420811
Show More Cited By

Index Terms

Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests
1. Networks
  1. Network performance evaluation
    1. Network measurement
  2. Network properties
    1. Network security
      1. Web protocol security
2. Social and professional topics
  1. Computing / technology policy
    1. Censorship
      1. Technology and censorship

Recommendations

Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests
SIGCOMM'15

Despite the pervasiveness of Internet censorship, we have scant data on its extent, mechanisms, and evolution. Measuring censorship is challenging: it requires continual measurement of reachability to many target sites from diverse vantage points. ...
Web Filtering and Censoring

Information on the Web is not as uncontrolled as it may appear.
Web security in a windows system as PrivacyDefender in private browsing mode

Recently, due to the advance and development of Internet technology and its development, web browsers have become essential applications. A web browser is not only used to surf the Internet, but also plays an important role as a portable operating ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '15: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication

August 2015

684 pages

ISBN:9781450335423

DOI:10.1145/2785956

General Chairs:
Steve Uhlig
Queen Mary University of London, UK
,
Olaf Maennel
Tallinn U. of Technology in Estonia, Estonia
,
Program Chairs:
Brad Karp
University College London, UK
,
Jitendra Padhye
Microsoft, USA

ACM SIGCOMM Computer Communication Review Volume 45, Issue 4
SIGCOMM'15
October 2015
659 pages
ISSN:0146-4833
DOI:10.1145/2829988
Editors:
Konstantina Papagiannaki
Telefonica Research, Barcelona, Spain
,
Katerina Argyraki
EPFL, Switzerland
,
Hitesh Ballani
Microsoft Research Cambridge, UK
,
Fabián Bustamante
Northwestern University, USA
,
Joseph Camp
SMU, USA
,
Augustin Chaintreau
Columbia University, USA
,
Phillipa Gill
Stony Brook University, USA
,
Marco Mellia
Politecnico di Torino, Italy
,
Bhaskaran Raman
IIT Bombay, India
,
Joel Sommers
Colgate University, USA
,
Aline Carneiro Viana
INRIA, France
Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Conference

SIGCOMM '15

Sponsor:

SIGCOMM

SIGCOMM '15: ACM SIGCOMM 2015 Conference

August 17 - 21, 2015

London, United Kingdom

Acceptance Rates

SIGCOMM '15 Paper Acceptance Rate 40 of 242 submissions, 17%;

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
1,583
Total Downloads

Downloads (Last 12 months)392
Downloads (Last 6 weeks)118

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Frieß JSchulmann HWaidner M(2024)Crowdsourced Distributed Domain ValidationProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696869(318-325)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696869
Beer PSquarcina MVeronese LLindorfer M(2024)Tabbed Out: Subverting the Android Custom Tab Security Model2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00105(4591-4609)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00105
El-Sayed S(2024)A practitioner-centered policy roadmap for ethical computational social science in Germany, Austria, and SwitzerlandAccountability in Research10.1080/08989621.2024.2420811(1-21)Online publication date: 5-Nov-2024
https://doi.org/10.1080/08989621.2024.2420811
Finn MShilton K(2023)Ethics governance development: The case of the Menlo ReportSocial Studies of Science10.1177/0306312723115170853:3(315-340)Online publication date: 19-Feb-2023
https://doi.org/10.1177/03063127231151708
Flechais IChalhoub G(2023)Practical Cybersecurity Ethics: Mapping CyBOK to Ethical ConcernsProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633505(62-75)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3633500.3633505
Zhang FLiu BAlowaisheq EChen JLu CSong LMa YLiu YDuan HYang MMeng WJensen CCremers CKirda E(2023)Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS ServersProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616647(296-310)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616647
Matias NPennington EChan Z(2022)Testing Concerns about Technology's Behavioral Impacts with N-of-one TrialsProceedings of the 2022 ACM Conference on Fairness, Accountability, and Transparency10.1145/3531146.3533227(1722-1732)Online publication date: 21-Jun-2022
https://dl.acm.org/doi/10.1145/3531146.3533227
Demir NGroße-Kampmann MUrban TWressnegger CHolz TPohlmann N(2022)Reproducibility and Replicability of Web Measurement StudiesProceedings of the ACM Web Conference 202210.1145/3485447.3512214(533-544)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3485447.3512214
Macnish Kvan der Ham J(2022)Ethical Approaches to CybersecurityOxford Handbook of Digital Ethics10.1093/oxfordhb/9780198857815.013.28(611-630)Online publication date: 18-Mar-2022
https://doi.org/10.1093/oxfordhb/9780198857815.013.28
Bian RHao SWang HCotton C(2022)Shining a light on dark placesComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.108893208:COnline publication date: 8-May-2022
https://dl.acm.org/doi/10.1016/j.comnet.2022.108893
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents