skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 10:00 PM to 12:00 PM ET on Tuesday, March 25 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Quack: Scalable Remote Measurement of Application-Layer Censorship.
Remote censorship measurement tools can now detect DNS- and IP-based blocking at global scale. However, a major unmonitored form of interference is blocking triggered by deep packet inspection of application-layer data. We close this gap by introducing Quack, a scalable, remote measurement system that can efficiently detect application-layer interference. We show that Quack can effectively detect application layer blocking triggered on HTTP and TLS headers, and it is flexible enough to support many other diverse protocols. In experiments, we test for blocking across 4458 autonomous systems, an order of magnitude larger than provided by country probes used by OONI. We also test a corpus of 100,000 keywords from vantage points in 40 countries to produce detailed national blocklists. Finally, we analyze the keywords we find blocked to provide insight into the application-layer blocking ecosystem and compare countries’ behavior. We find that the most consistently blocked services are related to circumvention tools, pornography, and gambling, but that there is significant country-to-country variation.  more » « less
Award ID(s):
1755841
PAR ID:
10094507
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
Proceedings of the 27th USENIX Security Symposium
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ; ; (, Proceedings of the ACM SIGCOMM Internet Measurement Conference)
    We report the first wide-scale measurement study of server-side geographic restriction, or geoblocking, a phenomenon in which server operators intentionally deny access to users from particular countries or regions. Many sites practice geoblocking due to legal requirements or other business reasons, but excessive blocking can needlessly deny valuable content and services to entire national populations. To help researchers and policymakers understand this phenomenon, we develop a semi-automated system to detect instances where whole websites were rendered inaccessible due to geoblocking. By focusing on detecting geoblocking capabilities offered by large CDNs and cloud providers, we can reliably distinguish the practice from dynamic anti-abuse mechanisms and network-based censorship. We apply our techniques to test for geoblocking across the Alexa Top 10K sites from thousands of vantage points in 177 countries. We then expand our measurement to a sample of CDN customers in the Alexa Top 1M. We find that geoblocking occurs across a broad set of countries and sites. We observe geoblocking in nearly all countries we study, with Iran, Syria, Sudan, Cuba, and Russia experiencing the highest rates. These countries experience particularly high rates of geoblocking for finance and banking sites, likely as a result of US economic sanctions. We also verify our measurements with data provided by Cloudflare, and find our observations to be accurate. 
    more » « less
  2. ; ; ; (, Remote Sensing)
    By 2050, two-thirds of the world’s population is expected to be living in cities and towns, a marked increase from today’s level of 55 percent. If the general trend is unmistakable, efforts to measure it precisely have been beset with difficulties: the criteria defining urban areas, cities and towns differ from one country to the next and can also change over time for any given country. The past decade has seen great progress toward the long-awaited goal of scientifically comparable urbanization measures, thanks to the combined efforts of multiple disciplines. These efforts have been organized around what is termed the “statistical urbanization” concept, whereby urban areas are defined by population density, contiguity and total population size. Data derived from remote-sensing methods can now supply a variety of spatial proxies for urban areas defined in this way. However, it remains to be understood how such proxies complement, or depart from, meaningful country-specific alternatives. In this paper, we investigate finely resolved population census and satellite-derived data for the United States, Mexico and India, three countries with widely varying conceptions of urban places and long histories of debate and refinement of their national criteria. At the extremes of the urban–rural continuum, we find evidence of generally good agreement between the national and remote sensing-derived measures (albeit with variation by country), but identify significant disagreements in the middle ranges where today’s urban policies are often focused. 
    more » « less
  3. ; ; (, IMF Economic Review)
    Levchenko, Andrei (Ed.)
    This paper studies international trade and macroeconomic dynamics triggered by economic sanctions, and the associated welfare losses, in a calibrated, asymmetric, three-country model of the world economy. We assume that there are two production sectors in each country, and the sanctioned country has a comparative advantage in production of a commodity (for convenience, gas) needed to produce final, differentiated consumption goods. We consider three types of sanctions: sanctions on trade in final goods, financial sanctions, and gas trade sanctions. We calibrate the model to an aggregate of countries that are currently imposing sanctions on Russia (the European Union, the UK, and the USA), Russia, and an aggregate of third countries (China, India, and Turkey). We show that, instead of reflecting the success of sanctions, exchange rate movements reflect the type of sanctions and the direction of the resulting within-country sectoral reallocations. Our welfare analysis demonstrates that the sanctioned country’s welfare losses are significantly mitigated, and the sanctioning country’s losses are amplified, if the third country does not join the sanctions, but the third country benefits from not joining. These findings highlight the necessity, but also the challenge, of coordinating sanctions internationally. 
    more » « less
  4. ; ; (, International Conference on Intelligent Networking and Collaborative Systems (INCoS 2021))
    null (Ed.)
    As organizations drastically expand their usage of collaborative systems and multi-user applications during this period of mass remote work, it is crucial to understand and manage the risks that such platforms may introduce. Improperly or carelessly deployed and configured systems hide security threats that can impact not only a single organization, but the whole economy. Cloud-based architecture is used in many collaborative systems, such as audio/video conferencing, collaborative document sharing/editing, distance learning and others. Therefore, it is important to understand that safety risk can be triggered by attacks on remote servers and confidential information might be compromised. In this paper, we present an AI powered application that aims to constantly introspect multiple virtual servers in order to detect malicious activities based on their anomalous behavior. Once the suspicious process(es) detected, the application in real-time notifies system administrator about the potential threat. Developed software is able to detect user space based keyloggers, rootkits, process hiding and other intrusion artifacts via agent-less operation, by operating directly from the host machine. Remote memory introspection means no software to install, no notice to malware to evacuate or destroy data. Conducted experiments on more than twenty different types of malicious applications provide evidence of high detection accuracy 
    more » « less
  5. ; ; (, Proceedings of the International AAAI Conference on Web and Social Media)
    Online communities often overlap and coexist, despite incongruent norms and approaches to content moderation. When communities diverge, decentralized and federated communities may pursue group-level sanctions, including defederation (disconnection) to block communication between members of specific communities. We investigate the effects of defederation in the context of the Fediverse, a set of decentralized, interconnected social networks with independent governance. Mastodon and Pleroma, the most popular software powering the Fediverse, allow administrators on one server to defederate from another. We use a difference-in-differences approach and matched controls to estimate the effects of defederation events on participation and message toxicity among affected members of the blocked and blocking servers. We find that defederation causes a drop in activity for accounts on the blocked servers, but not on the blocking servers. Also, we find no evidence of an effect of defederation on message toxicity. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email