pith. sign in

arxiv: 1906.11061 · v1 · pith:O57Z7I3Hnew · submitted 2019-06-26 · 💻 cs.CR

Quantifying Information Exposure in Internet Routing

Peter Mell , Assane Gueye , Christopher Schanzle This is my paper

Pith reviewed 2026-05-25 15:35 UTC · model grok-4.3

classification 💻 cs.CR
keywords internet routinginformation exposureBGP routescountry-level analysisnetwork securitydata privacygeolocationroute robustness
0
0 comments X

The pith

Internet routes between countries expose traffic to many intermediate nations.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper measures how much data sent between pairs of countries travels through routers in additional countries. It does this by examining both advertised and observed routes from public sources, then mapping each router to a country using its physical location and the registration country of its owning company. The results show high exposure levels, with even routes between physically close countries passing through many others, and with better-connected countries facing greater exposure. This points to a tradeoff where making the internet more robust against failures also increases the chance that traffic is visible to other nations.

Core claim

We use public data to evaluate both advertised and observed routes through the Internet and measure the extent to which communications between pairs of countries are exposed to other countries. We use both physical router geolocation as well as the country of registration of the companies owning each router. We find a high level of information exposure; even physically adjacent countries use routes that involve many other countries. We also found that countries that are well connected tend to be more exposed. Our analysis indicates that there exists a tradeoff between robustness and information exposure in the current Internet.

What carries the argument

Country-level mapping of internet routes using BGP data combined with geolocation and autonomous system ownership records.

If this is right

  • Even routes between physically adjacent countries involve many other countries.
  • Countries with more connections in the network experience higher exposure.
  • Improving network robustness against failures increases information exposure.
  • Unencrypted or weakly encrypted traffic between any two countries can be read by multiple others.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Policy makers could use similar route mapping to identify high-risk paths for sensitive data.
  • Network operators might adjust peering to reduce exposure for specific country pairs.
  • The tradeoff suggests that complete privacy from foreign monitoring may require accepting less resilient routing.

Load-bearing premise

That physical router locations and the registration countries of their owners accurately show which nations can monitor or change the traffic.

What would settle it

A dataset of verified routes showing that most traffic between country pairs stays inside only one or two additional countries.

Figures

Figures reproduced from arXiv: 1906.11061 by Assane Gueye, Christopher Schanzle, Peter Mell.

Figure 1
Figure 1. Figure 1: Bespin Mean Involved Country Exposure from Geolocation data for [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Hoth Excluded Country Exposure from the Geolocation Data for 2016 [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
read the original abstract

Data sent over the Internet can be monitored and manipulated by intermediate entities in the data path from the source to the destination. For unencrypted communications (and some encrypted communications with known weaknesses), eavesdropping and man-in-the-middle attacks are possible. For encrypted communication, the identification of the communicating endpoints is still revealed. In addition, encrypted communications may be stored until such time as newly discovered weaknesses in the encryption algorithm or advances in computer hardware render them readable by attackers. In this work, we use public data to evaluate both advertised and observed routes through the Internet and measure the extent to which communications between pairs of countries are exposed to other countries. We use both physical router geolocation as well as the country of registration of the companies owning each router. We find a high level of information exposure; even physically adjacent countries use routes that involve many other countries. We also found that countries that are well `connected' tend to be more exposed. Our analysis indicates that there exists a tradeoff between robustness and information exposure in the current Internet.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper claims that analysis of advertised and observed Internet routes using public data, with routers assigned to countries via physical geolocation databases and company registration countries, reveals high information exposure: even physically adjacent countries route through many others. It further reports that well-connected countries tend to have higher exposure and identifies a tradeoff between robustness and information exposure.

Significance. The paper's use of both advertised and observed routes drawn from public data offers a reproducible measurement framework for routing exposure. If the geolocation and registration mappings validly indicate monitoring jurisdictions, the results would quantify substantial privacy risks in inter-country routing and highlight an inherent robustness-exposure tension, with implications for routing policy and encryption requirements.

major comments (2)
  1. [Data and Methodology section (likely §3–4)] The exposure metric (defined via router-to-country assignments) treats physical geolocation and AS/company registration country as direct proxies for which sovereign entities can monitor or manipulate traffic. No validation, error-rate quantification, or sensitivity analysis against known geolocation inaccuracies, leased infrastructure, or international carriers is provided; this assumption is load-bearing for the headline exposure counts, adjacent-country results, connectivity correlation, and robustness tradeoff.
  2. [Results and Analysis section (likely §5)] All quantitative claims (high exposure even for adjacent countries; connectivity-exposure correlation; robustness-exposure tradeoff) are derived directly from the unvalidated country assignments. Without independent checks (e.g., comparison to known monitoring cases or perturbation of geolocation data), the central findings rest on an untested mapping whose systematic mismatches would alter the reported per-country exposure statistics.
minor comments (2)
  1. [Abstract] The abstract states high-level findings but omits any mention of specific datasets, time windows, route collection methods, or handling of geolocation/ownership conflicts, reducing immediate assessability.
  2. [Introduction/Methods] Notation for the exposure metric and robustness measure should be defined more explicitly early in the text to aid readers in following the quantitative results.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for the detailed and constructive comments. We respond point-by-point to the major concerns below.

read point-by-point responses

  1. Referee: [Data and Methodology section (likely §3–4)] The exposure metric (defined via router-to-country assignments) treats physical geolocation and AS/company registration country as direct proxies for which sovereign entities can monitor or manipulate traffic. No validation, error-rate quantification, or sensitivity analysis against known geolocation inaccuracies, leased infrastructure, or international carriers is provided; this assumption is load-bearing for the headline exposure counts, adjacent-country results, connectivity correlation, and robustness tradeoff.

    Authors: We agree that the country-assignment step is central and that the original manuscript provided no explicit error quantification or sensitivity analysis. These data sources are standard in measurement studies, yet we recognize their limitations. The revised manuscript adds a dedicated limitations subsection citing literature on geolocation accuracy and includes a sensitivity analysis that perturbs country labels at varying rates to measure impact on the reported exposure statistics. revision: yes

  2. Referee: [Results and Analysis section (likely §5)] All quantitative claims (high exposure even for adjacent countries; connectivity-exposure correlation; robustness-exposure tradeoff) are derived directly from the unvalidated country assignments. Without independent checks (e.g., comparison to known monitoring cases or perturbation of geolocation data), the central findings rest on an untested mapping whose systematic mismatches would alter the reported per-country exposure statistics.

    Authors: The quantitative results rest on the mappings, as is typical for public-data routing studies. We have added the perturbation analysis mentioned above, which indicates that the headline findings (high exposure, connectivity correlation, robustness tradeoff) remain directionally stable under moderate label noise. Direct comparison to non-public monitoring cases is not feasible with the data sources used in the paper; we have expanded the discussion to state this limitation explicitly. revision: partial

standing simulated objections not resolved
  • Independent checks against actual (non-public) state-level monitoring jurisdictions or specific known interception cases cannot be performed from the public datasets employed in the study.

Circularity Check

0 steps flagged

No circularity: empirical measurement from external public data

full rationale

The paper is a measurement study that ingests public BGP route data, geolocation databases, and AS registration records to compute exposure counts. No derivations, fitted parameters, predictions, or self-citations are load-bearing; all headline results follow directly from applying the chosen country-assignment rules to the input traces. The mapping from router to country is an explicit modeling choice, not a self-referential definition or renamed fit. This is the normal case of a self-contained empirical analysis with no reduction of outputs to inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on the accuracy and completeness of public routing data plus the validity of assigning exposure based on router location and ownership registration.

axioms (2)
  • domain assumption Public routing data (advertised and observed routes) accurately reflects the paths taken by communications between countries
    Invoked when evaluating routes through the Internet to measure exposure.
  • domain assumption Router physical geolocation and company country of registration correspond to countries that can access or manipulate the data
    Used to determine exposure to other countries.

pith-pipeline@v0.9.0 · 5703 in / 1187 out tokens · 23136 ms · 2026-05-25T15:35:04.459746+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

13 extracted references · 13 canonical work pages · 2 internal anchors

  1. [1]

    Center for applied internet data analysis data,

    “Center for applied internet data analysis data,” Dec. 2017. [Online]. Available: http://www.caida.org/data

    work page 2017

  2. [2]

    Scamper internet topology and performance probing tool,

    “Scamper internet topology and performance probing tool,” Dec. 2017. [Online]. Available: https://www.caida.org/tools/measurement/scamper

    work page 2017

  3. [3]

    Archipelago (ark) measurement infrastructure,

    “Archipelago (ark) measurement infrastructure,” Dec. 2017. [Online]. Available: http://www.caida.org/projects/ark

    work page 2017

  4. [4]

    Maxmind geolocation service,

    “Maxmind geolocation service,” Dec. 2017. [Online]. Available: https://www.maxmind.com/en/home

    work page 2017

  5. [5]

    Geocompare: a comparison of public and commercial geolocation databases,

    B. Huffaker, M. Fomenkov, and K. Claffy, “Geocompare: a comparison of public and commercial geolocation databases,” Proc. NMMC, pp. 1– 12, 2011

    work page 2011

  6. [6]

    Bgpstream toolset,

    “Bgpstream toolset,” Dec. 2017. [Online]. Available: https://bgpstream. caida.org

    work page 2017

  7. [7]

    University of oregon routeviews project,

    “University of oregon routeviews project,” Dec. 2017. [Online]. Available: http://www.routeviews.org

    work page 2017

  8. [8]

    Assortative mixing in networks,

    M. E. Newman, “Assortative mixing in networks,” Physical review letters, vol. 89, no. 20, p. 208701, 2002

    work page 2002

  9. [9]

    Characterizing and Avoiding Routing Detours Through Surveillance States

    A. Edmundson, R. Ensafi, N. Feamster, and J. Rexford, “Characterizing and avoiding routing detours through surveillance states,” arXiv preprint arXiv:1605.07685, 2016

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  10. [10]

    Nation-State Routing: Censorship, Wiretapping, and BGP

    J. Karlin, S. Forrest, and J. Rexford, “Nation-state routing: Censorship, wiretapping, and bgp,” arXiv preprint arXiv:0903.3218 , 2009

    work page internal anchor Pith review Pith/arXiv arXiv 2009

  11. [11]

    Characterizing international bgp de- tours,

    A. Shah and C. Papadopoulos, “Characterizing international bgp de- tours,” Technical Report CS-15-104, Colorado State University, Tech. Rep., 2015

    work page 2015

  12. [12]

    The resilience of the internet to colluding country induced connectivity disruptions,

    P. Mell, R. Harang, and A. Gueye, “The resilience of the internet to colluding country induced connectivity disruptions,” in Proc. of the Workshop on Security of Emerging Networking Technologies , 2015

    work page 2015

  13. [13]

    Measuring limits on the ability of colluding countries to partition the internet,

    ——, “Measuring limits on the ability of colluding countries to partition the internet,” International Journal of Computer Science: Theory and Application, vol. 3, no. 3, 2015

    work page 2015