A Look at the Consequences of Internet Censorship through an ISP Lens

Similar documents
A Look at the Consequences of Internet Censorship Through an ISP Lens

The Anatomy of Web Censorship in Pakistan

CDN and Traffic-structure

How To Monitor A Network On A Network With Bro (Networking) On A Pc Or Mac Or Ipad (Netware) On Your Computer Or Ipa (Network) On An Ipa Or Ipac (Netrope) On

Step-by-Step Configuration

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

A STUDY OF WORKLOAD CHARACTERIZATION IN WEB BENCHMARKING TOOLS FOR WEB SERVER CLUSTERS

User Guide. You will be presented with a login screen which will ask you for your username and password.

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

Examining How The Great Firewall Discovers Hidden Circumvention Servers

Debugging With Netalyzr

Symantec's Secret Sauce for Mobile Threat Protection. Jon Dreyfus, Ellen Linardi, Matthew Yeo

The Value of Content Distribution Networks Mike Axelrod, Google Google Public

How the Great Firewall discovers hidden circumvention servers. Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

DNS, CDNs Weds March Lecture 13. What is the relationship between a domain name (e.g., youtube.com) and an IP address?

MMGD0204 Web Application Technologies. Chapter 1 Introduction to Internet

Computing & Telecommunications Services Monthly Report March 2015

SEO Presentation. Asenyo Inc.

1 Introduction: Network Applications

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

Domain Name Abuse Detection. Liming Wang

SiteCelerate white paper

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

Inside Dropbox: Understanding Personal Cloud Storage Services

Application Layer -1- Network Tools

Should Internet Service Providers Fear Peer-Assisted Content Distribution?

Internet Content Distribution

Internet Traffic Measurement

Content Delivery Networks

User Identification and Authentication

<Insert Picture Here> Oracle Web Cache 11g Overview

Single Pass Load Balancing with Session Persistence in IPv6 Network. C. J. (Charlie) Liu Network Operations Charter Communications

Collax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.

February Considerations When Choosing a Secure Web Gateway

Know Your Foe. Threat Infrastructure Analysis Pitfalls

Goldman Sachs Conference. 22 May

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

HW2 Grade. CS585: Applications. Traditional Applications SMTP SMTP HTTP 11/10/2009

Content Delivery Networks (CDN) Dr. Yingwu Zhu

How the Netflix ISP Speed Index Documents Netflix Congestion Problems

Analysing the impact of CDN based service delivery on traffic engineering

End of Life Content Report November Produced By The NHS Choices Reporting Team


Managing Users and Identity Stores

Bypassing Internet Censorship for News Broadcasters

Overlay Networks. Slides adopted from Prof. Böszörményi, Distributed Systems, Summer 2004.

Proxy Services: Good Practice Guidelines

Ranch Networks for Hosted Data Centers

2010 Circumvention Tool Usage Report

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

The mobile opportunity: How to capture upwards of 200% in lost traffic

Application-layer protocols

Where Do You Tube? Uncovering YouTube Server Selection Strategy

A Tool for Evaluation and Optimization of Web Application Performance

ACE Management Server Deployment Guide VMware ACE 2.0

GLOBAL SERVER LOAD BALANCING WITH SERVERIRON

How to Configure Captive Portal

HOW DOES GOOGLE ANALYTICS HELP ME?

Google Product. Google Module 1

Rogue DNS servers a case study

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

Step-by-Step Configuration

Data Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director

CHAPTER 4 PERFORMANCE ANALYSIS OF CDN IN ACADEMICS

FortiGuard Web Content Filtering versus Websense March 2005

Digital media glossary

LDAP Authentication and Authorization

Censorship In The Wild: A Measurement-based Analysis of Internet Filtering in Syria

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.

How Comcast Built An Open Source Content Delivery Network National Engineering & Technical Operations

Towards a Comprehensive Picture of the Great Firewall s DNS Censorship

Market Assessment & Campaign SLA Calculator LOGO WE OPEN THE DOOR, SO YOU CAN CLOSE IT.

DOSarrest Security Services (DSS) Version 4.0

FAQ: BroadLink Multi-homing Load Balancers

Cisco & Big Data Security

Combining Global Load Balancing and Geo-location with Emissary TM

Privacy leakage vs. Protection measures: the growing disconnect

What is a Mobile Responsive Website?

AD Account Lockout Investigation and Root Cause Analysis

Basheer Al-Duwairi Jordan University of Science & Technology

Workday Mobile Security FAQ

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

WEBSITE AND MARKETING REPORT. Prepared for

DNS Record Injection Vulnerabilities in Home Routers

Solution Brief FortiMail for Service Providers. Nathalie Rivat

FAQs for Oracle iplanet Proxy Server 4.0

NAT usage in Residential Broadband Networks

Uncovering the Big Players of the Web

Transcription:

A Look at the Consequences of Internet Censorship through an ISP Lens Sheharbano Khattak (University of Cambridge)! Mobin Javed (UC Berkeley) Syed Ali Khayam (PLUMgrid) Zartash Afzal Uzmi (LUMS SBASSE, Pakistan) Vern Paxson (UC Berkeley, ICSI)

Agenda Problem Statement! Description of Dataset! Groundtruth Reconstruction! Analysis! Discussion

Consequences of Internet Censorship Effective policy requires informed perspectives on how humans actually respond to events

Consequences of Internet Censorship Effective policy requires informed perspectives on how humans actually respond to events! When a persistent censorship policy emerges:! Do users comply and stop accessing the blocked content or do they subvert censorship on a massive scale?! Does censorship hurt or benefit ISPs?! How much do competing content providers thrive?

Challenges Measuring consequences of censorship requires data snapshots before and after the events A vantage point that captures all traffic a user exchanges with the Internet

We examine one slice of this overall question (the consequences of Internet censorship) in the context of ISP customers in Pakistan

Agenda Problem Statement! Description of Dataset! Groundtruth Reconstruction! Analysis! Discussion

Description of Dataset! Network traces captured at a medium-sized Pakistani ISP at different points between Oct 11- Aug 13

Description of Dataset! Network traces captured at a medium-sized Pakistani ISP at different points between Oct 11- Aug 13 Represent snapshots around two major censorship events: Nov 11: Thousands of porn domains blocked Sep 12: YouTube blocked (continues to date..)

! Description of Dataset 03Oct11! 22Oct11

! Description of Dataset Porn blocked 03Oct11! 22Oct11

! Description of Dataset Porn blocked 03Oct11! 21Dec11! 22Oct11 28Feb12

! Description of Dataset Porn blocked 03Oct11! 21Dec11! 22Oct11 28Feb12 YouTube blocked

! Description of Dataset Porn blocked 03Oct11! 21Dec11! 18Sep12! 22Oct11 28Feb12 YouTube blocked 02Aug13

! Description of Dataset Porn blocked 03Oct11! 21Dec11! 18Sep12! 22Oct11 28Feb12 02Aug13 YouTube blocked! ~1.8 TB data! Entire analysis based on Bro protocol logs!

! Description of Dataset Porn blocked 03Oct11! 21Dec11! 18Sep12! 22Oct11 28Feb12 02Aug13 YouTube blocked! ~1.8 TB data! Entire analysis based on Bro protocol logs! Individual traces! range between 200-500 GB and 6-20 hours

! Description of Dataset Porn blocked 03Oct11! 21Dec11! 18Sep12! 22Oct11 28Feb12 02Aug13 YouTube blocked! ~1.8 TB data! Entire analysis based on Bro protocol logs! Individual traces! range between 200-500 GB and 6-20 hours! Traces split into Small Office/Home Office (SOHO) and Residential Traffic

Capture Location Can observe internal ISP data and! inbound/outbound traffic

Agenda Problem Statement! Description of Dataset! Groundtruth Reconstruction! Analysis! Discussion

Groundtruth Reconstruction We have historic dataset for which we lack ground truth:! What was blocked?! How was it blocked (DNS, TCP/IP, HTTP) Figure: Murdoch, Steven J. and Anderson, Ross (2008) Tools and technology of Internet filtering, in R. J. Deibert, J. G. Palfrey, R. Rohozinski, & J. Zittrain (Eds.) Access Denied: The Practice and Policy of Global Internet Filtering. Cambridge, MA: MIT Press.

Groundtruth Reconstruction Censorship Indicators: A blocking mechanism leaves a trail in network traces.! Ambiguous Indicators can occur because of legitimate reasons (server load, measurement loss)!!! Unambiguous Indicators can be exclusively attributed to censorship (DNS redirection)

Groundtruth Reconstruction High frequency of ambiguous indicators for known censored content implies censorship.! Known censored content: determined through a supplementary medium (e.g. newspapers)

Groundtruth Reconstruction High frequency of ambiguous indicators for known censored content implies censorship.! Known censored content: determined through a supplementary medium (e.g. newspapers)! Example: Consistently observe DNS No Response when the queried domain name is porn Domain Category DNS Reply facebook.com Social networking 1.1.1.1 bad1.com Porn - bad2.com Porn - bbc.co.uk News 2.2.2.2

Porn Censorship Mechanism Porn blocked - DNS Redirection - DNS Redirection! - IP Block - DNS Redirection - DNS Redirection! - HTTP No Response!

YouTube Censorship Mechanism - DNS Redirection! - HTTP Redirection YouTube blocked - DNS Redirection! - HTTP No Response!

Agenda Problem Statement! Description of Dataset! Groundtruth Reconstruction! Analysis! Discussion

Analysis Impact on end users, content providers and service providers! Go over salient results in question/answer fashion

Analysis Consequences on content providers >What constitutes a content provider?! Determine porn content by classifying all websites occurring in our dataset by topic using McAfee URL categ. service porn All websites

Analysis Consequences on content providers >What constitutes a content provider?! Determine porn content by classifying all websites occurring in our dataset by topic using McAfee URL categ. service!!! porn All websites Competing content providers to YouTube determined by regional popularity (DailyMotion, Vimeo, TunePK)

Consequences on Users

What is user* response after viewing a block page? Give me bad.com Blocked! Network User * IP address + HTTP User Agent

* IP address + HTTP User Agent What is user* response after viewing a block page? Give me bad.com Blocked! Network User Monitor HTTP for 5 mins

What is user* response after Porn:! viewing a block page? 60% users perform search engine query (domain-specific)! 70% users access another porn domain! YouTube:! 75% users perform search engine query (information retrieval)! 7% users access an alternate video content provider on the day of block, rising to 12% a year later. * IP address + HTTP User Agent

Do residential users shift to alternate/free DNS resolvers? Traces No shift (~8% queries to! external DNS resolvers! consistent with previous! trend) ASN! of! DNS! Resolver DNS queries* for blocked content (YouTube/porn) * Percentage distribution

Do SOHO users shift to alternate/free DNS resolvers? Traces Local ISP drops from ~90%! to ~69% on the day of! YouTube block ASN! of! DNS! Resolver DNS queries* for blocked content (YouTube/porn) * Percentage distribution

Do SOHO users shift to alternate/free DNS resolvers? Traces ISP handles ~74% queries! (~90% pre-block) a year! after YouTube block ASN! of! DNS! Resolver DNS queries* for blocked content (YouTube/porn) * Percentage distribution

Does traffic generated by residential users change? Porn bandwidth (%) reduces! to half the average pre-block consumption

Does traffic generated by SOHO users change? Porn bandwidth (%) reduces! to 1/3 of the average pre-block consumption

Does traffic generated by SOHO users change? Video traffic reduces to 12% and a year later to ~5% from an average pre-block consumption of 50%

Does traffic generated by SOHO users change? Drastic increase in SSL! post YouTube block

Consequences on Content Providers

Does (residential*) user demand for porn content providers change? Ongoing churn in porn domains post block Traces Porn! content! providers! (anon.) Traffic Vol. from Top-5 Porn Domains** * Similar trend for SOHO users ** Percentage distribution

How is video traffic distributed among content providers? YouTube rules the world prior to the block

How is video traffic distributed among content providers? Competitors pick up the slack post YouTube block

How are users embedded video watch requests distributed among content providers? <iframe frameborder="0" width="600" height="300" src="//www.dailymotion.com/ embed/video/x26ql41" allowfullscreen></iframe>

How are users embedded video watch requests distributed among content providers? Competitors get share in YouTube s pre-block dominant position in embedded video requests

Consequences on Operators

Where do operators fetch videos from? races ASN! of! video! content! prvdrs. Prior to YouTube block, ISP! gets to serve bandwidth hungry video locally Video Traffic Vol.

Where do operators fetch videos from? Traces Leakage due to caching! on the day of YouTube block ASN! of! video! content! prvdrs. Video Traffic Vol.

Where do operators fetch videos from? Traces ASN! of! video! content! prvdrs. Post YouTube block, ISP has to pay peers for it Video Traffic Vol.

Summary Porn block: significant lessening of traffic; some shifting to equivalent alternate sources Censor s presumed goal at least partially met

Summary Porn block: significant lessening of traffic; some shifting to equivalent alternate sources Censor s presumed goal at least partially met! YouTube block: Spurred some users to outsource their DNS Spurred shift to SSL Shifted cost structure: ISPs burdened, YouTube competitors thrived

Agenda Problem Statement! Description of Dataset! Groundtruth Reconstruction! Metrics! Analysis! Discussion

1. Collateral Damage on Blocked Content Provider We looked at how YouTube block impacts competing content providers YouTube vs. DailyMotion, Vimeo, TunePK

1. Collateral Damage on Blocked Content Provider We looked at how YouTube block impacts competing content providers YouTube vs. DailyMotion, Vimeo, TunePK! Identities on the Internet are not entirely isolated (YouTube, Google) What is the impact of YouTube block on other Google services?

Traffic to YouTube (as seen by Google) YouTube blocked

Traffic to Google Docs (as seen by Google) YouTube blocked

2. Impact on Ad Targeting (and Revenue?) What does the wide usage of circumvention tools mean for ad targeting?

2. Impact on Ad Targeting (and Revenue?) What does the wide usage of circumvention tools mean for ad targeting? Anonymise IP address >ad geotargeting is hurt Strip off HTTP cookie >ads cannot target user profile any more

Thanks Q&A! Sheharbano.Khattak@cl.cam.ac.uk! mobin@eecs.berkeley.edu akhayam@plumgrid.com zartash@lums.edu.pk vern@cs.berkeley.edu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information