pith. sign in

arxiv: 1907.04245 · v2 · pith:IRB5SHQFnew · submitted 2019-07-09 · 💻 cs.CR · cs.CY· cs.NI· cs.SI

ICLab: A Global, Longitudinal Internet Censorship Measurement Platform

Arian Akhavan Niaki , Shinyoung Cho , Zachary Weinberg , Nguyen Phong Hoang , Abbas Razaghpanah , Nicolas Christin , Phillipa Gill This is my paper

Pith reviewed 2026-05-25 00:23 UTC · model grok-4.3

classification 💻 cs.CR cs.CYcs.NIcs.SI
keywords internet censorshipmeasurement platformVPN vantage pointsDNS manipulationblock pageslongitudinal monitoringTCP packet injectionnetwork interference
0
0 comments X

The pith

ICLab uses commercial VPNs as global vantage points to measure internet censorship with both breadth and detail since late 2016.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces ICLab, a specialized measurement platform that deploys commercial VPN services distributed worldwide as vantage points to study internet censorship. This setup provides simultaneous wide geographic coverage and detailed detection of specific blocking methods including DNS manipulation, TCP packet injection, and overt block pages. The platform has operated continuously since late 2016 while archiving raw observations to support later analysis with new techniques. Data from 2017 and 2018 covers over 53 million web page measurements and documents blocking of 3,602 unique URLs across 60 countries.

Core claim

ICLab achieves a new balance between breadth of coverage and detail of measurements by using commercial VPNs as vantage points distributed around the world. It has been operated continuously since late 2016. It can currently detect DNS manipulation and TCP packet injection, and overt block pages however they are delivered. ICLab records and archives raw observations in detail, making retrospective analysis with new techniques possible. At every stage of processing, ICLab seeks to minimize false positives and manual validation. Within 53,906,532 measurements of individual web pages, collected by ICLab in 2017 and 2018, we observe blocking of 3,602 unique URLs in 60 countries.

What carries the argument

Commercial VPNs serving as distributed vantage points for detecting DNS manipulation, TCP packet injection, and block pages.

If this is right

  • Different blocking techniques are deployed in different regions and against different types of content.
  • Longitudinal monitoring pinpoints changes in censorship in India and Turkey concurrent with political shifts.
  • Clustering techniques discover 48 previously unknown block pages.
  • Broad measurements expose other forms of network interference such as surveillance and malware injection.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The archived raw data enables future researchers to apply improved detection methods without recollecting measurements.
  • VPN-based vantage points reduce reliance on local infrastructure for studying censorship in many countries.
  • Comparisons of blocking patterns across regions could reveal systematic differences in how governments implement censorship.
  • Continuous operation since 2016 creates a baseline for identifying new censorship tactics as they appear.

Load-bearing premise

Commercial VPN services provide vantage points whose observed blocking behavior is representative of what ordinary local users experience and are not subject to special treatment or detection by censors.

What would settle it

Direct comparison in one or more countries showing that blocking events observed via the commercial VPNs differ systematically from blocking experienced by local residential connections.

read the original abstract

Researchers have studied Internet censorship for nearly as long as attempts to censor contents have taken place. Most studies have however been limited to a short period of time and/or a few countries; the few exceptions have traded off detail for breadth of coverage. Collecting enough data for a comprehensive, global, longitudinal perspective remains challenging. In this work, we present ICLab, an Internet measurement platform specialized for censorship research. It achieves a new balance between breadth of coverage and detail of measurements, by using commercial VPNs as vantage points distributed around the world. ICLab has been operated continuously since late 2016. It can currently detect DNS manipulation and TCP packet injection, and overt "block pages" however they are delivered. ICLab records and archives raw observations in detail, making retrospective analysis with new techniques possible. At every stage of processing, ICLab seeks to minimize false positives and manual validation. Within 53,906,532 measurements of individual web pages, collected by ICLab in 2017 and 2018, we observe blocking of 3,602 unique URLs in 60 countries. Using this data, we compare how different blocking techniques are deployed in different regions and/or against different types of content. Our longitudinal monitoring pinpoints changes in censorship in India and Turkey concurrent with political shifts, and our clustering techniques discover 48 previously unknown block pages. ICLab's broad and detailed measurements also expose other forms of network interference, such as surveillance and malware injection.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper presents ICLab, a global longitudinal censorship measurement platform that uses commercial VPN services as vantage points. It has operated continuously since late 2016 and collected 53,906,532 measurements in 2017–2018, detecting DNS manipulation, TCP packet injection, and overt block pages. The work reports blocking of 3,602 unique URLs across 60 countries, compares blocking techniques by region and content, identifies longitudinal changes in India and Turkey, discovers 48 previously unknown block pages via clustering, and notes additional network interference such as surveillance and malware injection. Raw observations are archived to support retrospective analysis.

Significance. If the VPN vantage points prove representative, the platform's scale, continuous operation, detailed archiving of raw data, and focus on minimizing false positives would provide a valuable resource for studying censorship techniques, regional differences, and temporal changes. The reported discovery of new block pages and exposure of other interference forms would strengthen its utility for the field.

major comments (2)
  1. [§3 and §4] §3 (Platform Architecture) and §4 (Measurement Methodology): The central claim that commercial VPN vantage points yield measurements representative of ordinary local users is not supported by any side-by-side comparisons against residential connections, ground-truth lists, or controls for differential treatment of VPN ranges. This assumption is load-bearing for all reported blocking statistics, country-level findings, and longitudinal observations.
  2. [§5 and abstract] §5 (Results) and abstract: No quantitative validation (e.g., precision, recall, or false-positive rates) is provided for the DNS manipulation, TCP injection, or block-page detectors despite the repeated emphasis on minimizing false positives. The 3,602 blocked URLs and 48 new block pages therefore rest on unshown accuracy metrics.
minor comments (2)
  1. [Table 1] Table 1 (or equivalent summary table of vantage points): the number of VPN providers per country and any selection criteria for avoiding known VPN ranges should be stated explicitly.
  2. [§5.3] The description of clustering for block-page discovery would benefit from a short pseudocode or parameter list to allow reproduction.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their careful reading and constructive comments. We address each major point below and indicate planned revisions to the manuscript.

read point-by-point responses

  1. Referee: [§3 and §4] §3 (Platform Architecture) and §4 (Measurement Methodology): The central claim that commercial VPN vantage points yield measurements representative of ordinary local users is not supported by any side-by-side comparisons against residential connections, ground-truth lists, or controls for differential treatment of VPN ranges. This assumption is load-bearing for all reported blocking statistics, country-level findings, and longitudinal observations.

    Authors: We agree that direct empirical validation of VPN vantage-point representativeness would strengthen the claims. The original study did not include side-by-side residential comparisons, which would require substantial additional infrastructure. In the revised manuscript we will add an explicit limitations subsection in §3 that discusses known differences between VPN and residential paths (citing prior literature on VPN routing and DPI treatment), describes our use of multiple independent providers as a partial mitigation, and qualifies all reported statistics as measurements from commercial VPN endpoints rather than claiming direct equivalence to residential users. revision: partial

  2. Referee: [§5 and abstract] §5 (Results) and abstract: No quantitative validation (e.g., precision, recall, or false-positive rates) is provided for the DNS manipulation, TCP injection, or block-page detectors despite the repeated emphasis on minimizing false positives. The 3,602 blocked URLs and 48 new block pages therefore rest on unshown accuracy metrics.

    Authors: The manuscript describes conservative heuristics, cross-validation across detection methods, and manual review, but does not report aggregate precision/recall figures. We will add a new evaluation subsection (or appendix) that quantifies the detectors using the internal validation data collected during the study, including estimated false-positive rates derived from the manual-review process and any available ground-truth block pages. revision: yes

Circularity Check

0 steps flagged

No circularity; empirical platform description with no derivations or self-referential reductions

full rationale

The paper presents an empirical measurement system (ICLab) that collects and reports direct observations of web blocking via commercial VPN vantage points. No equations, fitted parameters, predictions, or uniqueness theorems appear in the provided text; all reported findings (e.g., 3,602 blocked URLs, changes in India/Turkey, 48 new block pages) are stated as outcomes of the 53M+ raw measurements rather than quantities derived from or equivalent to the platform's own inputs by construction. The methodological choice of VPN vantage points is presented as an engineering decision whose validity is external to the reported data, not a self-definitional or fitted-input step. No self-citation load-bearing or ansatz smuggling is present. This is a standard measurement-platform paper whose central claims remain independent of any circular reduction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The platform rests on domain assumptions about the representativeness of commercial VPN vantage points and the accuracy of the three detection techniques; no free parameters or invented entities are introduced.

axioms (1)
  • domain assumption Commercial VPN services provide vantage points whose observed blocking behavior is representative of what ordinary local users experience and are not subject to special treatment or detection by censors.
    The validity of all reported blocking observations depends on this premise being true.

pith-pipeline@v0.9.0 · 5831 in / 1258 out tokens · 28997 ms · 2026-05-25T00:23:52.338416+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

98 extracted references · 98 canonical work pages · 4 internal anchors

  1. [1]

    Whiskey, Weed, and Wukan on the World Wide Web: On Measuring Censors’ Resources and Motivations,

    N. Aase, J. R. Crandall, Á. Díaz, J. Knockel, J. O. Molinero, J. Saia, D. Wallach, and T. Zhu, “Whiskey, Weed, and Wukan on the World Wide Web: On Measuring Censors’ Resources and Motivations,” inFree and Open Communications on the Internet. USENIX, 2012

    work page 2012

  2. [2]

    The web never forgets: Persistent tracking mechanisms in the wild,

    G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz, “The web never forgets: Persistent tracking mechanisms in the wild,” in Computer and Communications Security. ACM, 2014, pp. 674–689. doi:10.1145/2660267.2660347

    work page doi:10.1145/2660267.2660347 2014

  3. [3]

    Internet Censorship in Italy: A First Look at 3G/4G Networks,

    G. Aceto, A. Montieri, and A. Pescapè, “Internet Censorship in Italy: A First Look at 3G/4G Networks,” inCryptology and Network Security. Springer, 2016, pp. 737–742.doi:10.1007/978-3-319-48965-0_53

    work page doi:10.1007/978-3-319-48965-0_53 2016

  4. [4]

    Exploring Server-side Blocking of Regions

    S. Afroz, M. C. Tschantz, S. Sajid, S. A. Qazi, M. Javed, and V. Paxson, “Exploring Server-side Blocking of Regions,” 2018.arXiv:1805.11606

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  5. [5]

    How are Alexa’s traffic rankings determined?

    Alexa Internet, Inc., “How are Alexa’s traffic rankings determined?” accessed 2014. url:http://www.alexa.com/faqs/?p=134

    work page 2014

  6. [6]

    Dimming the Internet: Detecting Throttling as a Mechanism of Censorship in Iran

    C. Anderson, “Dimming the Internet: Detecting Throttling as a Mecha- nism of Censorship in Iran,” 2013.arXiv:1306.4361

    work page internal anchor Pith review Pith/arXiv arXiv 2013

  7. [7]

    Global Network Interference Detec- tion over the RIPE Atlas Network,

    C. Anderson, P. Winter, and Roya, “Global Network Interference Detec- tion over the RIPE Atlas Network,” inFree and Open Communications on the Internet. USENIX, 2014

    work page 2014

  8. [8]

    Towards a Comprehensive Picture of the Great Firewall’s DNS Censorship,

    Anonymous, “Towards a Comprehensive Picture of the Great Firewall’s DNS Censorship,” inFree and Open Communications on the Internet. USENIX, 2014

    work page 2014

  9. [9]

    The Collateral Damage of Internet Censorship by DNS Injection,

    Anonymous, “The Collateral Damage of Internet Censorship by DNS Injection,”SIGCOMM Computer Communications Review, vol. 42, no. 3, pp. 21–27, 2012.url:http://www.sigcomm.org/node/3275

    work page 2012

  10. [10]

    Internet Censorship in Iran: A First Look,

    S. Aryan, H. Aryan, and J. A. Halderman, “Internet Censorship in Iran: A First Look,” inFree and Open Communications on the Internet. USENIX, 2013

    work page 2013

  11. [11]

    Website Inaccessibility Test Lists,

    Berkman Klein Center, “Website Inaccessibility Test Lists,” 2018. url:https://github.com/berkmancenter/url-lists

    work page 2018

  12. [12]

    Updates to the Special-Purpose IP Address Registries,

    R. Bonica, M. Cotton, B. Haberman, and L. Vegoda, “Updates to the Special-Purpose IP Address Registries,” RFC 8190, 2017. url:https://tools.ietf.org/html/rfc8190

    work page 2017

  13. [13]

    NXDOMAIN: There Really Is Nothing Underneath,

    S. Bortzmeyer and S. Huque, “NXDOMAIN: There Really Is Nothing Underneath,” RFC 8020, 2016.url:https://tools.ietf.org/html/rfc8020

    work page 2016

  14. [14]

    An HTTP Status Code to Report Legal Obstacles,

    T. Bray, “An HTTP Status Code to Report Legal Obstacles,” RFC 7725,

    work page

  15. [15]

    url:https://tools.ietf.org/html/rfc7725

    work page

  16. [16]

    Pakistan hijacks YouTube,

    M. A. Brown, “Pakistan hijacks YouTube,” 2008, accessed 2018. url:https://dyn.com/blog/pakistan-hijacks-youtube-1/

    work page 2008

  17. [17]

    Making Sense of Internet Censorship: A New Frontier for Internet Measurement,

    S. Burnett and N. Feamster, “Making Sense of Internet Censorship: A New Frontier for Internet Measurement,”SIGCOMM Computer Communications Review, vol. 43, no. 3, pp. 84–89, 2013.doi:10.1145/ 2500098.2500111

    work page arXiv 2013

  18. [18]

    Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests,

    S. Burnett and N. Feamster, “Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests,” inSIGCOMM. ACM, 2015, pp. 653–667.doi:10.1145/2785956.2787485

    work page doi:10.1145/2785956.2787485 2015

  19. [19]

    AS Classification,

    CAIDA, “AS Classification,” accessed 2017.url:http://www.caida.org/ data/as-classification/

    work page 2017

  20. [20]

    Satellite,

    Censored Planet, “Satellite,” accessed 2018.url:http://www.censoredplanet. com/projects/satellite

    work page 2018

  21. [21]

    Censorship in the wild: Analyzing Internet filtering in Syria,

    A. Chaabane, T. Chen, M. Cunche, E. De Cristofaro, A. Friedman, and M. A. Kaafar, “Censorship in the wild: Analyzing Internet filtering in Syria,” inInternet Measurement Conference. ACM, 2014, pp. 285–298. doi:10.1145/2663716.2663720

    work page doi:10.1145/2663716.2663720 2014

  22. [22]

    Collection of censorship blockpages,

    Citizen Lab, “Collection of censorship blockpages,” 2015.url:https: //github.com/citizenlab/blockpages

    work page 2015

  23. [23]

    URL testing lists intended for discovering website censorship,

    Citizen Lab, “URL testing lists intended for discovering website censorship,” 2014.url:https://github.com/citizenlab/test-lists

    work page 2014

  24. [24]

    Ignoring the Great Firewall of China,

    R. Clayton, S. J. Murdoch, and R. N. M. Watson, “Ignoring the Great Firewall of China,” inPrivacy Enhancing Technologies. Springer, 2006, pp. 20–35.doi:10.1007/11957454_2

    work page doi:10.1007/11957454_2 2006

  25. [25]

    ConceptDoppler: A Weather Tracker for Internet Censorship,

    J. R. Crandall, D. Zinn, M. Byrd, E. Barr, and R. East, “ConceptDoppler: A Weather Tracker for Internet Censorship,” in Computer and Communications Security. ACM, 2007, pp. 352–365. doi:10.1145/1315245.1315290

    work page doi:10.1145/1315245.1315290 2007

  26. [26]

    Analysis of Country-Wide Internet Outages Caused by Censorship,

    A. Dainotti, C. Squarcella, E. Aben, K. C. Claffy, M. Chiesa, M. Russo, and A. Pescape, “Analysis of Country-Wide Internet Outages Caused by Censorship,”Transactions on Networking, vol. 22, pp. 1964–1977, 2013. doi:10.1109/TNET.2013.2291244

    work page doi:10.1109/tnet.2013.2291244 1964

  27. [27]

    A Method for Identifying and Confirming the Use of URL Filtering Products for Censorship,

    J. Dalek, B. Haselton, H. Noman, A. Senft, M. Crete-Nishihata, P. Gill, and R. J. Deibert, “A Method for Identifying and Confirming the Use of URL Filtering Products for Censorship,” inInternet Measurement Conference. ACM, 2013, pp. 23–30.doi:10.1145/2504730.2504763

    work page doi:10.1145/2504730.2504763 2013

  28. [28]

    Information controls during military operations: The case of Yemen during the 2015 political and armed conflict,

    J. Dalek, R. Deibert, S. McKune, P. Gill, A. Senft, and N. Noor, “Information controls during military operations: The case of Yemen during the 2015 political and armed conflict,” Citizen Lab, 2015. url:https://citizenlab.ca/2015/10/information-controls- military-operations-yemen/

    work page 2015

  29. [29]

    FilteredWeb: A Framework for the Automated Search-Based Discovery of Blocked URLs,

    A. Darer, O. Farnan, and J. Wright, “FilteredWeb: A Framework for the Automated Search-Based Discovery of Blocked URLs,” inTraffic Measurement and Analysis. IEEE, 2017, pp. 1–9.doi:10.23919/TMA.2017. 8002914

    work page doi:10.23919/tma.2017 2017

  30. [30]

    Deibert, J

    R. Deibert, J. Palfrey, R. Rohozinski, and J. Zittrain, Eds., Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. MIT Press, 2010

    work page 2010

  31. [31]

    A search engine backed by Internet-wide scanning,

    Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman, “A search engine backed by Internet-wide scanning,” inComputer and Communications Security. ACM, 2015, pp. 542–553.doi:10.1145/2810103. 2813703

    work page doi:10.1145/2810103 2015

  32. [32]

    Monero Cryptomining Attack Affects Over 200,000 ISP-Grade Routers Globally,

    M. Emem, “Monero Cryptomining Attack Affects Over 200,000 ISP-Grade Routers Globally,” CCN Markets , ac- cessed 2018. url:https://www.ccn.com/monero-cryptomining-attack-affects- over-200000-isp-grade-routers-globally/

    work page 2018

  33. [33]

    Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels,

    R. Ensafi, J. Knockel, G. Alexander, and J. R. Crandall, “Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels,” in Passive and Active Measurement. Springer, 2014, pp. 109–118.doi:10. 1007/978-3-319-04918-2_11

    work page 2014

  34. [34]

    Large-scale Spatiotemporal Characterization of Inconsistencies in the World's Largest Firewall

    R. Ensafi, P. Winter, A. Mueen, and J. R. Crandall, “Large-scale Spatiotemporal Characterization of Inconsistencies in the World’s Largest Firewall,” 2014.arXiv:1410.0735

    work page internal anchor Pith review Pith/arXiv arXiv 2014

  35. [35]

    Examining How the Great Firewall Discovers Hidden Circumvention Servers,

    R. Ensafi, D. Fifield, P. Winter, N. Feamster, N. Weaver, and V. Paxson, “Examining How the Great Firewall Discovers Hidden Circumvention Servers,” inInternet Measurement Conference. ACM, 2015, pp. 445–458. doi:10.1145/2815675.2815690

    work page doi:10.1145/2815675.2815690 2015

  36. [36]

    Analyzing the Great Firewall of China Over Space and Time,

    R. Ensafi, P. Winter, A. Mueen, and J. R. Crandall, “Analyzing the Great Firewall of China Over Space and Time,” inPrivacy Enhancing Technologies. De Gruyter, 2015, pp. 61–76.doi:10.1515/popets-2015-0005

    work page doi:10.1515/popets-2015-0005 2015

  37. [37]

    Poisoning the Well: Exploring the Great Firewall’s Poisoned DNS Responses,

    O. Farnan, A. Darer, and J. Wright, “Poisoning the Well: Exploring the Great Firewall’s Poisoned DNS Responses,” inPrivacy in the Electronic Society. ACM, 2016, pp. 95–98.doi:10.1145/2994620.2994636

    work page doi:10.1145/2994620.2994636 2016

  38. [38]

    OONI: Open Observatory of Network Interference,

    A. Filasto and J. Appelbaum, “OONI: Open Observatory of Network Interference,” inFree and Open Communications on the Internet . USENIX, 2012

    work page 2012

  39. [39]

    FortiGuard Labs Web Filter,

    “FortiGuard Labs Web Filter,” accessed 2018.url:https://fortiguard.com/ webfilter

    work page 2018

  40. [40]

    Freedom on the Net 2017,

    Freedom House, “Freedom on the Net 2017,” accessed 2018. url:https://freedomhouse.org/report/freedom-net/freedom-net-2017

    work page 2017

  41. [41]

    Country Profiles 2017: Turkey,

    Freedom House, “Country Profiles 2017: Turkey,” accessed 2018. url:https://freedomhouse.org/report/freedom-net/2017/turkey

    work page 2017

  42. [42]

    General Data Protection Regulation (2016/679),

    “General Data Protection Regulation (2016/679),”Official Journal of the European Union, vol. L 119, pp. 1–88, 2016.url:https://gdpr-info.eu/

    work page 2016

  43. [43]

    Geosurf: Residential and data center proxy network,

    Geosurf, “Geosurf: Residential and data center proxy network,” accessed

    work page

  44. [44]

    url:https://www.geosurf.com

    work page

  45. [45]

    Characterizing Web Censorship Worldwide: Another Look at the OpenNet Initiative Data,

    P. Gill, M. Crete-Nishihata, J. Dalek, S. Goldberg, A. Senft, and G. Wiseman, “Characterizing Web Censorship Worldwide: Another Look at the OpenNet Initiative Data,”Transactions on the Web, vol. 9, no. 1,

    work page

  46. [46]

    The Dictator’s Digital Toolkit: Explaining Variation in Internet Filtering in Authoritarian Regimes,

    S. Hellmeier, “The Dictator’s Digital Toolkit: Explaining Variation in Internet Filtering in Authoritarian Regimes,”Politics & Policy, vol. 44, no. 6, pp. 1158–1191, 2016.doi:10.1111/polp.12189

    work page doi:10.1111/polp.12189 2016

  47. [47]

    Herdict: help spot web blockages,

    “Herdict: help spot web blockages,” accessed 2018. url:https: //www.herdict.org/

    work page 2018

  48. [48]

    An Empirical Study of the I2P Anonymity Network and Its Censorship Resistance,

    N. P. Hoang, P. Kintis, M. Antonakakis, and M. Polychronakis, “An Empirical Study of the I2P Anonymity Network and Its Censorship Resistance,” inInternet Measurement Conference. ACM, 2018, pp. 379–

    work page 2018

  49. [49]

    doi:10.1145/3278532.3278565

    work page doi:10.1145/3278532.3278565

  50. [50]

    Hola!VPN: Access any website,

    “Hola!VPN: Access any website,” accessed 2018.url:https://hola.org/

    work page 2018

  51. [51]

    Censorship in the wild: Analyzing Internet filtering in Syria,

    B. Jones, T.-W. Lee, N. Feamster, and P. Gill, “Automated Detection and Fingerprinting of Censorship Block Pages,” inInternet Measurement Conference. ACM, 2014, pp. 299–304.doi:10.1145/2663716.2663722

    work page doi:10.1145/2663716.2663722 2014

  52. [52]

    Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?

    S. Kenin, “Mass MikroTik Router Infection – First we cryptojack Brazil, then we take the World?”SpiderLabs Blog, accessed 2018. url:https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/mass- mikrotik-router-infection-first-we-cryptojack-brazil-then-we-take-the-world/

    work page 2018

  53. [53]

    An Empirical Analysis of the Commercial VPN Ecosystem,

    M. T. Khan, J. DeBlasio, G. M. Voelker, A. C. Snoeren, C. Kanich, and N. Vallina-Rodriguez, “An Empirical Analysis of the Commercial VPN Ecosystem,” inInternet Measurement Conference. ACM, 2018, pp. 443–456.doi:10.1145/3278532.3278570

    work page doi:10.1145/3278532.3278570 2018

  54. [54]

    A Look at the Consequences of Internet Censorship Through an ISP Lens,

    S. Khattak, M. Javed, S. A. Khayam, Z. A. Uzmi, and V. Paxson, “A Look at the Consequences of Internet Censorship Through an ISP Lens,” inInternet Measurement Conference. ACM, 2014, pp. 271–284. doi:10.1145/2663716.2663750

    work page doi:10.1145/2663716.2663750 2014

  55. [55]

    Three Researchers, Five Conjectures: An Empirical Analysis of TOM-Skype Censorship and Surveillance

    J. Knockel, J. R. Crandall, and J. Saia, “Three Researchers, Five Conjectures: An Empirical Analysis of TOM-Skype Censorship and Surveillance.” inFree and Open Communications on the Internet . USENIX, 2011

    work page 2011

  56. [56]

    MineSweeper: An In-depth Look into Drive-by Cryp- tocurrency Mining and Its Defense,

    R. K. Konoth, E. Vineti, V. Moonsamy, M. Lindorfer, C. Kruegel, H. Bos, and G. Vigna, “MineSweeper: An In-depth Look into Drive-by Cryp- tocurrency Mining and Its Defense,” inComputer and Communications Security. ACM, 2018, pp. 1714–1730.doi:10.1145/3243734.3243858

    work page doi:10.1145/3243734.3243858 2018

  57. [57]

    Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation,

    V. Le Pochat, T. Van Goethem, S. Tajalizadehkhoob, M. Korczyński, and W. Joosen, “Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation,” inNetwork and Distributed System Security Symposium, 2019. doi:10.14722/ndss.2019.23386

    work page doi:10.14722/ndss.2019.23386 2019

  58. [58]

    Luminati: largest business proxy service,

    “Luminati: largest business proxy service,” accessed 2018.url:http: //luminati.io

    work page 2018

  59. [59]

    China’s Great Cannon,

    B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Scott-Railton, R. Deibert, and V. Paxson, “China’s Great Cannon,” Citizen Lab, 2015.url:https://citizenlab.org/2015/04/chinas-great-cannon/

    work page 2015

  60. [60]

    How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation,

    A. McDonald, M. Bernhard, L. Valenta, B. VanderSloot, W. Scott, N. Sullivan, J. A. Halderman, and R. Ensafi, “403 Forbidden: A Global View of CDN Geoblocking,” inInternet Measurement Conference. ACM, 2018, pp. 218–230.doi:10.1145/3278532.3278552

    work page doi:10.1145/3278532.3278552 2018

  61. [61]

    Resident Evil: Understanding Residential IP Proxy as a Dark Service,

    X. Mi, Y. Liu, X. Feng, X. Liao, B. Liu, X. Wang, F. Qian, Z. Li, S. Alrwais, and L. Sun, “Resident Evil: Understanding Residential IP Proxy as a Dark Service,” inSymposium on Security and Privacy. IEEE, 2019, pp. 170–186.doi:10.1109/SP.2019.00011

    work page doi:10.1109/sp.2019.00011 2019

  62. [62]

    Examining How the Great Firewall Discovers Hidden Circumvention Servers,

    A. Molavi Kakhki, A. Razaghpanah, A. Li, H. Koo, R. Golani, D. Choffnes, P. Gill, and A. Mislove, “Identifying Traffic Differentiation in Mobile Networks,” inInternet Measurement Conference. ACM, 2015, pp. 239–251.doi:10.1145/2815675.2815691

    work page doi:10.1145/2815675.2815691 2015

  63. [63]

    The Anatomy of Web Censorship in Pakistan,

    Z. Nabi, “The Anatomy of Web Censorship in Pakistan,” inFree and Open Communications on the Internet. USENIX, 2013

    work page 2013

  64. [64]

    Incentivizing censorship measurements via circumvention,

    A. Nisar, A. Kashaf, I. A. Qazi, and Z. A. Uzmi, “Incentivizing censorship measurements via circumvention,” inSIGCOMM. ACM, 2018, pp. 533–

    work page 2018

  65. [65]

    doi:10.1145/3230543.3230568

    work page doi:10.1145/3230543.3230568

  66. [66]

    DNS consistency,

    OONI, “DNS consistency,” blog post, accessed 2018. url:https: //github.com/ooni/spec/blob/master/nettests/ts-002-dns-consistency.md

    work page 2018

  67. [67]

    Country Profiles: South Korea,

    OpenNet Initiative, “Country Profiles: South Korea,” 2012, accessed

    work page 2012

  68. [68]

    url:https://opennet.net/research/profiles/south-korea

    work page

  69. [69]

    Empirical study of a national-scale distributed intrusion detection system: Backbone-level filtering of HTML responses in China,

    J. C. Park and J. R. Crandall, “Empirical study of a national-scale distributed intrusion detection system: Backbone-level filtering of HTML responses in China,” inDistributed Computing Systems. IEEE, 2010, pp. 315–326.doi:10.1109/ICDCS.2010.46

    work page doi:10.1109/icdcs.2010.46 2010

  70. [70]

    Augur: Internet- Wide Detection of Connectivity Disruptions,

    P. Pearce, R. Ensafi, F. Li, N. Feamster, and V. Paxson, “Augur: Internet- Wide Detection of Connectivity Disruptions,” inSymposium on Security and Privacy. IEEE, 2017, pp. 427–443.doi:10.1109/SP.2017.55

    work page doi:10.1109/sp.2017.55 2017

  71. [71]

    Global Measurement of DNS Manipulation,

    P. Pearce, B. Jones, F. Li, R. Ensafi, N. Feamster, N. Weaver, and V. Paxson, “Global Measurement of DNS Manipulation,” inUSENIX Security Symposium. USENIX, 2017

    work page 2017

  72. [72]

    Transmission Control Protocol,

    J. Postel, “Transmission Control Protocol,” RFC 793, 1981.url:https: //tools.ietf.org/html/rfc793

    work page 1981

  73. [73]

    2018 world press freedom index

    Reporters Without Borders, “2018 world press freedom index.” url:https://rsf.org/en/ranking/2018

    work page 2018

  74. [74]

    RIPE Atlas: A Global Internet Measurement Network,

    RIPE NCC Staff, “RIPE Atlas: A Global Internet Measurement Network,”The Internet Protocol Journal, vol. 18, no. 3, pp. 2–26, 2015. url:http://ipj.dreamhosters.com/wp-content/uploads/2015/10/ipj18.3.pdf

    work page 2015

  75. [75]

    India net neutrality rules could be world’s strongest,

    P. K. Roy, “India net neutrality rules could be world’s strongest,” BBC News, accessed 2018.url:https://www.bbc.com/news/world-asia-india- 42162979

    work page 2018

  76. [76]

    An Empirical Analysis of the Commercial VPN Ecosystem,

    Q. Scheitle, O. Hohlfeld, J. Gamba, J. Jelten, T. Zimmermann, S. D. Strowes, and N. Vallina-Rodriguez, “A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists,” inInternet Measurement Conference. ACM, 2018, pp. 478–493.doi:10.1145/3278532.3278574

    work page doi:10.1145/3278532.3278574 2018

  77. [77]

    Satellite: Joint Analysis of CDNs and Network-Level Interference,

    W. Scott, T. Anderson, T. Kohno, and A. Krishnamurthy, “Satellite: Joint Analysis of CDNs and Network-Level Interference,” inUSENIX Annual Technical Conference. USENIX, 2016

    work page 2016

  78. [78]

    CensMon: A Web Censorship Monitor,

    A. Sfakianakis, E. Athanasopoulos, and S. Ioannidis, “CensMon: A Web Censorship Monitor,” inFree and Open Communications on the Internet. USENIX, 2011

    work page 2011

  79. [79]

    Inside Turkey’s war on Wikipedia,

    E. K. Sozeri, “Inside Turkey’s war on Wikipedia,”The Daily Dot, accessed

    work page

  80. [80]

    url:https://www.dailydot.com/layer8/turkey-bans-wikipedia-censorship/

    work page

Showing first 80 references.