dmcdev + research   185

Iranian Censorship Strategy Shows Increasing Political Sophistication, Research Reveals
"Just after his supporters scored a victory in Iran’s 2016 midterm elections, an emboldened President Hassan Rouhani publicly broke a ban on saying the name of a reformist former president. State television muted the broadcast of Rouhani’s speech. The absurd spectacle of a national leader silenced by his own government reflects the conflicted state of information policy in Iran. Rouhani has battled hardliners appointed by the Supreme Leader over blanket bans on Telegram, WhatsApp, and numerous websites. Meanwhile, more targeted information controls have continued and even intensified under his leadership. The 2016 elections were a time of particularly acute contradiction, as Rouhani campaigned for a more liberal Internet policy while his government continue to censor digital content. Research by the Citizen Lab’s Ron Deibert, Joshua Oliver, and Adam Senft shines a light on one aspect of this complex picture. “Censors Get Smart: Evidence from Psiphon in Iran,” published by the Review of Policy Research, takes a deep dive into data provided by the circumvention tool Psiphon to reveal Iran’s increasingly sophisticated Internet blocking strategy around elections. These findings connect to ongoing research on the global trend of innovation and improvement in the tactics and techniques employed by government censors, presenting new challenges to those fighting for freedom of information." - Ron Deibert, Joshua Oliver, and Adam Senft, Citizen Lab
iran  censorship  psiphon  research  mena  citizenlab 
9 days ago by dmcdev
Despots and Disruptions: Five Dimensions of Internet Shutdowns in Africa - @cipesaug
In 2019, so far, six countries in Africa have experienced internet shutdowns, contributing to a total of 22 countries experiencing internet disruptions in the past five years, according to a new report from the Collaboration on International ICT Policy for East and Southern Africa (CIPESA). Algeria, the Democratic Republic of Congo (DR Congo), Chad, Gabon, Sudan, and Zimbabwe are the six countries where internet blackouts have occurred in 2019 in response to "elections, protests against government policies, and, what seemed like a coup attempt [in Gabon]." CIPESA predicts that "with several nations set to conduct elections during the course of 2019, many more shutdowns could be witnessed."

In the report, CIPESA highlights five trends observed from their study of internet shutdowns in Africa; 1) authoritarian states are more likely to shut down the internet, 2) the longer the head of state holds power, the more likely a shutdown will occur; 3) internet disruptions are costly and cause economic losses even after access is restored; 4) shutdowns tend to occur during politically sensitive times, and with "at least 20 African states" due to hold elections in 2019, there could be plenty more on the horizon in the near term; and 5) the governments and ISPs responsible for shutdowns have been more transparent about ordering service disruptions.

For more, read the full report (pdf):
otf  africa  cipesa  shutdown  research  blackout 
4 weeks ago by dmcdev
Yemeni War Emphasizes Importance of Internet Control in Statecraft and Conflict
Recorded Future looks at the role of information controls and internet access in Yemen amid the country's ongoing conflict, and how the tactics at play there are part of a broader, worldwide trend of states "manipulating the internet access of their citizens." In Yemen, Recorded Future says, "...factions vie for control of internet infrastructure and use clever threat vectors in a few ways to control information entering and leaving their territories. The severing of or restrictions on internet use has become a norm in a wider trend of internet restrictions or blackout activity."

Drawing from additional recent examples of internet censorship and shutdowns in Venezuela, Bangladesh, India, and Sudan, Recorded Future notes the rising trend of internet censorship and its downsides: "Censorship at these levels is not limited to the countries above, but internet control has become a tool being used more and more by countries as part of their statecraft. Government censorship is not a new trend, but outside parties are increasingly reporting on such incidents. States that implement such measures take a risk — they may maintain control over their populations, but these actions will also likely be detrimental to their domestic economies and stifle business opportunities. Countries that implement digital censorship tend to slow their own technological growth and business innovation."
yemen  censorship  mena  control  research 
5 weeks ago by dmcdev
OTF-supported @wechatscope reviews a year in censorship on #WeChat, "China's most powerful social media platform"
WeChatscope is a project (supported by OTF that scans popular Chinese social media app WeChat for censored posts, tracking thousands of public accounts for messages that have been removed. In this article for Global Voices, WeChatscope discusses a high-level view of what they saw in 2018, including the most contentious topics ripe for censorship and the four most common official reasons the company gives to explain why a post was removed:

"Our team tracked more than 4,000 public accounts covering daily news through our computer program which visits (and periodically revisits) published articles and records the contents. When the system sees that a post has disappeared, it is detected as censored. A copy of the post is then restored in the database and made available for public access. By the end of 2018, a total of more than 1.04 million articles were included. Out of these, roughly 11,000 have been removed by the internet censorship system...

"After a post is removed from WeChat, the company issues an official explanation of the removal to its authors and readers. The company typically offers one of four different reasons: 'This content has been deleted by the publisher' (8,092 articles)...'This content is unavailable for violation of related law and regulations' (2,950 articles)...'This account was blocked' (406 articles)...'This content has been reported by multiple people, and the related content is unable to be shown' (206 articles)...Upon examining our full 2018 data set, the research team found that the scope of topics censored on WeChat has expanded from domestic policies and social unrest to less politically sensitive topics, in what seems to be an effort to support China’s international political image as a 'great power'."

WeChatscope will feature the ten most censored topics of the year in forthcoming publications.
otf  wechat  wechatscope  research  censorship  china  asia  gfw 
9 weeks ago by dmcdev
New @BKCHarvard report: Internet Censorship and the Intraregional Geopolitical Conflicts in the Middle East and North Africa
"This report investigates how adversarial relationships between states in the Middle East and North Africa (MENA) translate into Internet censorship practices. Based on analysis of Internet censorship data collected from 16 countries, the study finds that it is becoming increasingly common for governments in the MENA region to block content that originates from or is affiliated with rival states in the region. The study finds that blocked content often contains messaging that opposes the censoring government’s own narrative of the conflicts, and that governments block content that could potentially spark internal dissent. For example, Saudi Arabia, UAE, Bahrain, and Egypt block Iranian websites that promote Iran’s official narrative on local and foreign policies and that are critical of Saudi policies towards Iran and the region. On the other side of the conflict, Iran blocks content originating from Saudi Arabia, Bahrain, UAE, and Egypt." - Helmi Noman, Berkman Klein Center. The full report is available on Berkman's Internet Monitor blog here.
otf  mena  berkman  research  censorship 
january 2019 by dmcdev
Crimea Has a Website Ban List Additional to Russia-Wide List, a Research Proves
New research by Digital Security Lab Ukraine finds that Crimean ISPs are blocking "at least eight Ukrainian websites" related to news and human rights which are "not officially banned" by Russian federal censor Roskomnadzor. After analyzing data gathered by running OONI [an OTF-supported technology] connectivity tests,  the Lab found that these websites were blocked "by the providers," suggesting that there may be "an additional non-public list of websites banned [in Crimea] which is different from [the] Russia-wide list." More information, including the full dataset and a guideline for contributing to Crimea censorship testing, can be found in the blog post linked to above.        
otf  crimea  censorship  ukraine  russia  Roskomnadzor  research  ooni 
september 2018 by dmcdev
Research: "Don't @ Me: Hunting Twitter Bots at Scale"
New research from Duo Labs focusing on identifying Twitter bots at scale discusses ways of effectively identifying bots on Twitter, with Duo researchers applying their approach in a "case study" analysis focusing on a botnet spreading a cryptocurrency scam. Duo first identified a dataset of 88 million public Twitter accounts for the study, and then utilized "practical data science techniques" to find the bot networks.  Duo says that "by monitoring the botnet over time, we discover ways the bots evolve to evade detection," adding that "after finding initial bots using the tools and techniques described in this paper, a thread can be followed that can result in the discovery and unraveling of an entire botnet." Duo notes that their research is focused purely on identifying automated Twitter accounts, as opposed to automated accounts that are "necessarily malicious."

Duo made the data collection code they used open source; it's available on GitHub.

Read the full technical paper (pdf) here.
research  twitter  social  bot  botnet  bots  duo 
august 2018 by dmcdev
Research: "Chinese Cyberespionage Originating From Tsinghua University Infrastructure"
New analysis by Recorded Future's Insikt Group takes a look at malware targeting the Tibetan community, finding "a novel Linux backdoor called 'ext4' deployed against the same Tibetan victim group" identified by Recorded Future in a previous report, which focused on a series of espionage campaigns dubbed "RedAlpha." Recorded Future found after analyzing the "highly sophisticated" backdoor that the campaigns were emanating from an IP address associated with Tsinghua University infrastructure that was engaged in "targeting many geopolitical organizations" abroad, in both the public and private sectors. The campaigns appear to coincide with relevant political events, such as protests in Tibet and changes in trade relations between China and other countries, such as Kenya, Brazil, and the US (specifically, the state of Alaska).

Read the full analysis (pdf) here.
tibet  china  asia  malware  security  gfw  research 
august 2018 by dmcdev
.@certfalab research analyzes PushIran.DL malware, a "botnet of fraudulent advertising in Iran" affecting million of Android devices
A new report by CERTFA (Computer Emergency Response Team in Farsi) analyzes PushIran.DL, a malware group that "has in effect created a major advertising botnet that can be distributed and used in various ways to exploit users" in Iran. These criminal activities "are costing Iranian smartphone users billions of Iranian Rials (millions of US dollars) each year," the group says, noting that the PushIran.DL malware is "largely" detectable via well-known commercial anti-virus software platforms. CERTFA estimates that "more than 10 million" Iran-based Android devices are infected and notes that while the malware has been utilized to serve up ads to users, there exists the potential for more malicious uses in the future.   

CERTFA describes the malware family as "a family of fake and destructive Android apps which are distributed across Iran’s mobile network — whether through Telegram Messenger or other Android malware — by playing different tricks, including distributing downloaders and adult apps, and by sending text messages and deceptive notification ads in other mobile apps...No accurate data about the full extent of infection of mobile devices by PushIran.DL is available, but we believe that more than 10 million Android devices in Iran have been infected...The developers of these malwares have used this data for advertisement but in the near future, it is very possible that they will use it for more destructive purposes, such as the implementation of phishing attacks, the release of ransomware and as cryptocurrency extractors."

- In other buggy news, NYU researchers suggest that if you want to hide the real bugs, try adding a whole bunch of fake bugs (Motherboard). Galaxy brain!
otf  iran  malware  security  research  mena  android  certfa 
august 2018 by dmcdev
Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces - @CitizenLab
A new Citizen Lab report analyzes the “Resurfaced Campaign,” a sophisticated malware campaign that operated between January and March 2018 and which was aimed at Tibetan activists, journalists, members of the Tibetan Parliament in exile, and the Central Tibetan Administration (Tibet's India-based exile government). The report includes an investigation of a compromised Tibet-focused NGO targeted by the malware, a look at the challenges involved with investigating "closed espionage ecosystems," and connects the dots between this campaign and previous, similar ones also targeting Tibetan groups.

From the report: "In January 2018, a Tibetan activist received a mundane-looking email purporting to be program updates from a human rights NGO. Attached to the message were a PowerPoint presentation and a document. The activist, like many in the Tibetan diaspora, had grown wary of unsolicited emails with attachments, and instead of opening the documents, shared the files with Citizen Lab researchers. The suspicion was warranted: the attachments were malicious. If clicked, the files would run recent exploits to infect Windows computers with custom malware. This email was the start of a malware campaign active between January to March 2018 that targeted Tibetan activists, journalists, members of the Tibetan Parliament in exile, and the Central Tibetan Administration. We worked closely with the targeted groups to collect the malicious messages, and also engaged in incident response with a compromised organization. This collaboration enabled us to gain further insights into the tactics, techniques, and procedures used by the operators."

- In a Council on Foreign Relations Net Politics blog post, Citizen Lab fellow Lennart Maschmeyer discusses the report within the broader context of how civil society organizations are particularly susceptible to nation-state level threats, as they "lack resources to build up resilience and enlist outside help, rendering them highly vulnerable."
otf  tibet  china  asia  citizenlab  research  malware  cso  CivilSociety  awareness  security 
august 2018 by dmcdev
Access to uncensored media changes Chinese views, if they seek it
In a recent study, researchers David Y. Yang (Stanford University) and Yuyu Chen (Peking University) explored Beijing university students' use of censorship circumvention tools and the factors that make their use more or less likely. Specifically, in the study, "two-thirds of the students were offered tools to bypass government censorship, which usually costs $25 a month, and the other half were offered nothing," writes Dan Kopf for Quartz in a summary of the study. "A portion" of the students were "encouraged" to evade censors and read materials that were otherwise made inaccessible by censorship, while the others were not encouraged to do so.

The research found that the positive encouragement made a difference, as opposed to just offering the use of a tool: "The researchers found that simply offering the tool did little to change behavior or beliefs, as there doesn’t appears to be much natural demand for the material that the government considers off-limits. But the tool had a big impact on those who were encouraged to use it. On average, this led those students to become more knowledgable about current events, more pessimistic about the Chinese economy and political leaders, and more likely to want to study abroad."

Reacting to the study, Stanford economist Matthew Gentzkow remarked that the study "is some of the best evidence we have to date on the impact of censorship on citizens’ attitudes and beliefs, and on the underlying economic forces that make it successful. It’s tempting to take it as given that control of the media is a powerful tool. But how and to what extent it is effective is far from clear. At one extreme, people in places like China might naively swallow whatever state-controlled media feeds them. At the other, they might be sophisticated and skeptical, partly or entirely neutralizing censorship by recognizing it for what it is."

Read "The Impact of Media Censorship: Evidence from a Field Experiment in China" in full (pdf) here.
otf  china  asia  censorship  access  research  media 
august 2018 by dmcdev
New tool helps users control which countries their internet traffic goes through
A new study conducted by researchers at Princeton University focuses on the path internet traffic from several countries (including Brazil, India and Kenya) takes en route to the world's top 100 websites, finding that "a large fraction of internet routing paths from [these three countries] passed through the United States or Europe." The study, funded by DoD and NSF, introduces RAN (Region-Aware Networking), a tool "that allows users to reroute traffic to avoid going through a particular country by diverting traffic through intermediate points." RAN can potentially aid users in evading surveillance and censorship, notes lead author Anne Edmundson, with the added benefit that the tool "could also improve connection speeds and lower costs."

From a Princeton blog post explaining the study: "The researchers found that Region-Aware Networking was more successful in avoiding some countries than others. In particular, many popular websites are hosted only on servers in the United States or Europe. Other sites provide global access through contracts with content distribution networks, which often host websites in only a few countries...The study found that more than half of all routing paths originating in other countries passed through the United States. Brazil showed the highest dependence, with 84 percent of traffic transiting the United States...The researchers also assessed the prevalence of 'tromboning' paths that start and end in the same country but traverse a foreign country en route. Internet paths from Brazil and the Netherlands to popular websites often tromboned through the United States...

'The internet grew up without borders, but now people who care about privacy and freedom of expression are starting to be concerned about where their internet traffic goes,' said Jedidiah Crandall, a computer scientist at the University of New Mexico who was not involved in the research. 'At the same time, nation-states are developing their own ideas about borders on the internet. Where the borders actually are today is an important scientific question that this paper makes impressive progress towards answering.'"

The study, "Nation-State Hegemony in Internet Routing," is available via the ACM Digital Library here.
otf  research  RAN  traffic 
august 2018 by dmcdev
Pew Research: Social Media Use Continues to Rise in Developing Countries
A new Pew Research study finds that Internet and smartphone use are on the rise globally, with social media use in developing markets quickly approaching those of more developed countries. In fact, Pew's research found that "among people who use the internet, those in developing countries often turn out to be more likely than their counterparts in advanced economies to network via platforms like Facebook and Twitter." However, large gaps remain in terms of gender (men more likely than women to access the Internet), income, and age.

Other highlights: "There has been a steady increase in internet use over the past five years among the 19 emerging and developing economies surveyed. Between 2013 and 2014, a median of 42% across these countries said they accessed the internet at least occasionally or owned a smartphone. By 2017, a median of 64% were online...A similar story is seen in smartphone use. In 2013-14, about a quarter of people in emerging and developing economies reported owning a smartphone, i.e., a mobile phone that can access the internet and apps. By 2017, that share had risen to 42%...Despite growing internet use and smartphone ownership, the world remains digitally divided. It is still the case, for example, that people in wealthier countries have higher rates of internet use and smartphone ownership. However, among people who use the internet, those in developing countries often turn out to be more likely than their counterparts in advanced economies to network via platforms like Facebook and Twitter. Within countries, too, digital divides persist. Age, education, income and in some cases gender still differentiate who uses the internet and who does not, who is active on social media and who is inactive."

Access the full report (pdf) here.
otf  social  connectivity  access  research 
june 2018 by dmcdev
Study reveals extent of Awami Workers political party website block in Pakistan: @netblocks
A study by NetBlocks (a previously OTF-supported project) conducted in coordination with the Pakistan-based Digital Rights Foundation shows evidence of the website of the left-leaning Awami Workers Party being blocked as the country gears up for its upcoming general elections, scheduled for July 25th.

From the NetBlocks blog: "The extensive study conducted on Sunday 3 June 2018, spanning 73 autonomous networks and comprising some 10,000 measurements using network digital forensic techniques reveals that the political party’s website has been blocked by most, but not all, Pakistani internet service providers throughout the country. Both the TLS-secured https edition and standard http edition of the party’s website were found to be affected. Providers implementing the block, which has been criticised on human rights grounds as a violation of the right to free expression and right to political speech during the pre-election period, include national provider PCTL, Wateen and Nayatel...The measurements were made using the NetBlocks web probes measurement technique, which uses the vantage points of volunteers based inside and outside the country to build a comprehensive view of reachability of online properties."
otf  pakistan  netblocks  measurement  research  southasia  asia  election  censorship 
june 2018 by dmcdev
Disconnected: A Human Rights-Based Approach to Network Disruptions #research
A new report on state-mandated Internet shutdowns analyzes over 100 instances of network disruptions around the world in 2017. The report is by Google policy fellow Jan Rydzak, who worked out of the Global Network Initiative (GNI) while authoring the report.

From GNI's summary: "Counting daily disruptions in each country cumulatively, Rydzak finds that access to digital communication was disrupted on more than 2,500 days last year. The report presents a wealth of data relevant to both researchers and activists and encourages them to engage more broadly with different stakeholders. Informed by interviews with a variety of experts and practitioners, Rydzak shines a light on the effects of network disruptions on marginalized ethnic groups, immigrants, women, and girls as he explores an alarming trend and its human rights’ impacts, particularly on vulnerable populations. The report offers an opportunity to start wider conversations about the unexplored ramifications of network disruptions on civil and political rights, as well as economic, social and cultural rights, in line with recommendations made by others, including the UN Special Rapporteur on freedom of expression."

Check out the full report (pdf) here:
otf  research  shutdown  access 
june 2018 by dmcdev
When governments censor websites and block messaging apps like Telegram, here's where to turn for proof
OONI (Open Observatory of Network Interference), an OTF-supported project, is used to detect and measure Internet disruptions - allowing anyone to track and record censorship events worldwide. So when a government bans or otherwise blocks access to a certain website or tool, such as with Telegram in Iran, OONI can come in handy: providing hard evidence of such events, complementing and corroborating what users on the ground are saying.

Matthew Braga reports for CBC: "[OONI] collects evidence of internet censorship in more than 200 countries, with help from as many as 50,000 volunteers — often activists and human rights defenders but also regular citizens — who run OONI's internet measurement testing apps each month. The tests look for telltale signs of what people in the digital rights community call 'information controls' — the myriad techniques used to block websites and apps or make them so slow to load they become impossible to use. During the Iran protests, having that data 'was really valuable to show what the government was doing,' said [researcher Mahsa] Alimardani, who leads some Iranian digital rights programs for the advocacy organization ARTICLE 19...As network filtering and censorship technology become easier to obtain and use — and incidents of blocking, filtering, or full internet shutdowns increase — data collected by OONI is playing an increasingly important role in holding governments to account. The goal, says Arturo Filasto, the project's lead and founder, is to complement the on-the-ground work of local partners with some 'solid technical, undeniable evidence that these sorts of controls are in place'...All of the data collected by OONI's measurement software — called probes — is stored in a publicly accessible database, where anyone can go to understand what's being blocked, filtered, or throttled in a particular country, and how. That data can be used to track the evolution of information controls over time or link censorship with political events like elections and protests."
otf  ooni  research  censorship  measurement  iran  telegram 
may 2018 by dmcdev
Facebook looks at internet shutdowns impact on Africa's informal economy
When the Internet gets turend off, how much does it cost? That is the question behind a new Facebook-backed study conducted by Kenya's Strathmore University. The research looks "to go beyond measuring the impact of internet shutdowns on the formal economy and measure the impact of internet cut-offs on “shadow economies,” namely economic activities that circumvent government regulation, oversight, and taxation," Abdi Latif Dahir reports for Quartz.

"The researchers at Strathmore University’s Center for Intellectual Property and Information Technology Law (CIPIT) in Kenya used a 2013 estimate by the economist Friedrich Schneider which showed the average unrecorded economic activity in 49 African countries stood at 37.6%. As such, their study showed that informal economies account for 30% of direct costs to internet disruptions—amplifying the previous estimates of loss percentages and their direct socio-economic impact...As internet blackouts increase and become more sophisticated across Africa, experts are not only looking to improve the cost methodology but also create ways of better monitoring and detecting shutdowns—whether they are intentional or accidental. The [OTF-supported] Open Observatory of Network Interference, an organization that documents internet censorship, is currently developing a new system that would better determine when a shutdown occurs or when certain social media platforms are switched off like in the recent case of Chad. Robert Muthuri, one of the study’s co-authors at Strathmore, says there’s “more granularity needed” when assessing the impact of internet disruptions on economies, and how much other applications like Viber and Telegram are affected."
otf  shutdown  research  access  africa 
may 2018 by dmcdev
Generative Models for Spear Phishing Posts on Social Media (pdf) #research
Machine learning can be effectively used for offensive purposes (if you're a bad guy, that is) when it comes to security, researchers John Seymour of Salesforce and Philip Tully of ZeroFOX find in this study. Seymour and Tully look specifically at social media as a potential vector for spreading malicious, machine-generated content, finding ways to tap into users' preferences and styles to increase the likelihood of engagement (that is, infection).

From the abstract: " Social networks, with their access to extensive personal data, bot-friendly APIs, colloquial syntax, and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content. We aim to discover what capabilities an adversary might utilize in such a domain...The model is trained with word vector representations of social media posts, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from the target’s timeline...We augment the model with clustering to triage high value targets based on their level of social engagement, and measure success of the [a long short-term memory network]'s phishing expedition using click-rates of IP-tracked links. We achieve state of the art success rates, tripling those of historic email attack campaigns, and outperform humans manually performing the same task."
otf  research  security 
february 2018 by dmcdev
OONI: I have hands, how can I mine OONI data?
Another way to dig through OONI data: OONI's censorship and network disruption research platform makes all data publicly available through OONI Explorer and the OONI API. OONI here posts an explainer on how you can also obtain OONI data through Amazon S3 buckets. If you're a researcher interested in censorship detection worldwide and better understanding available options to explore OONI's gathered data, this blog may be of interest.
otf  ooni  research 
february 2018 by dmcdev
Facebook invites submissions for “Secure the Internet Grants”
As part of its pledge to offer $1 million in defense research, Facebook is accepting proposals to "Secure the Internet," Facebook Chief Security Officer Alex Stamos announced in a blog post yesterday. Proposals can get up to $100k each and are open to academia, NGOs, and non-profits, with the goal "to spur development of technology that may be applied in practice, rather than pure research." Focus areas include "anti-phishing," "abuse detection and reporting," and "security for users in emerging markets," among others. Proposals are due by March 30, 2018, with the winners announced at Black Hat USA 2018.

Learn more about the program at link above or access more details and the application here.
otf  facebook  funders  alt  research  security 
january 2018 by dmcdev
Iran Protests: OONI data confirms censorship events
A new OONI report confirms the blocking of Telegram, Instagram, and Facebook Messenger amid ongoing protests in Iran, in addition to the numerous sites and tools blocked prior to the protests. The OONI data, gathered from Web Connectivity tests, breaks down when and how different ISPs in Iran started blocking access to these sites. In the cases of Telegram and Instagram, most blocking started on December 31st, while Facebook Messenger appears to have been inaccessible even before the protests, while WhatsApp appeared to still be accessible (data here: Data from Tor Metrics also suggests that Iranian ISPs started blocking access to the Tor network, as Tor traffic from Iran spiked during the protests then dropped suddenly. Shortly thereafter there was a big jump in Tor Bridges traffic, suggesting users sought out Bridges to get around the increased blockages. To circumvent the blocking of mobile apps like Telegram or FB Messenger, OONI suggests Android users "an try enabling bridges and the VPN mode of Orbot which enables all apps on their device to run through the Tor network."
otf  iran  ooni  iranprotest  research  censorship  mena 
january 2018 by dmcdev
Threat modeling and circumvention of Internet censorship (pdf) #research
Developing a good circumvention tool and researching internet censorship requires a solid understanding of how and why censors do what they do, but this is an area that could be better understood. "A censor model should be understood not just as a set of capabilities—such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations," writes David Fifield of UC Berkeley, who addresses this issue by building "an abstract model of the circumvention problem and examin[ing] how to adapt it to concrete censorship challenges...I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor’s reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements. Rather, let us state the assumptions about censor behavior atop which we build circumvention designs, and let those assumptions be based on an informed understanding of censor behavior."
otf  research  censorship  circumvention 
january 2018 by dmcdev
A New Type of Computer Could Render Many Software Hacks Obsolete
DARPA is hoping to build an "unhackable computer" through a project called MORPHEUS, undertaken by the University of Michigan and funded to the tune of $3.6 million. The project aims to improve upon the way computer security functions as present, known to some as the "patch and pray" model. Instead of scrambling from patch to patch, DARPA wants to bake security into the hardware itself: "The MORPHEUS system will supposedly render [common] software exploits ineffective using computer circuits that are designed to randomly shuffle data around a computer system. This way, even if an attacker finds a bug and tries to exploit it, the location of that software bug, as well as the location of any valuable data (such as passwords) will constantly be changing." - Article by Daniel Oberhaus for Motherboard. Read the University of Michigan/DARPA announcement here:
otf  darpa  security  research  exploit  software  hardware 
december 2017 by dmcdev
Accessing Google Scholar under Extreme Internet Censorship: A Legal Avenue (pdf) #research
In China, sometimes sites may be ok to access in terms of legality, but end up inaccessible regardless due to a sort of collateral censorship. Google Scholar is one such example, as it is blocked along with the rest of Google's services, and accessing such sites is "a critical problem," say a group of researchers from Chinese and American institutions. They explore how such sites are accessed, and propose a new technological solution to circumvent censors and access Google Scholar: ". In this paper, we conduct a case study on how scholars from a major university of China access Google Scholar through a variety of middleware. We characterize the common solutions (including VPN, Tor, and Shadowsocks) by measuring and analyzing their performance, overhead, and robustness to censorship. Guided by the study, we deploy a novel solution (called ScholarCloud) to help Chinese scholars access Google Scholar with high performance, ease of use, and low overhead. This work provides an insider’s view of China’s Internet censorship and offers a legal avenue for coexistence with censorship." - Zhen Lu, Zhenhua Li, and Jian Yang of Tsinghua University, Tianyin Xu of UCSD, Ennan Zhai of Yale University, Yao Liu of SUNY Binghamton, and Christo Wilson of Northeastern University
otf  china  access  google  googlescholar  circumvention  gfw  asia  research 
december 2017 by dmcdev
Man-in-the-Middle Flaw in Major Banking, VPN Apps Exposes Millions
New research from the University of Birmingham finds a serious encryption flaw affecting tens of millions of users, potentially exposing them to man-in-the-middle (MitM) style attacks. Among the affected apps are popular VPN service TunnelBear and those of the Bank of America and HSBC banks. "'Our tests find that apps from some of the world's largest banks contain the flaw, which if exploited, could enable an attacker to decrypt, view and modify traffic - including log-in credentials - from the users of the app,' write Chris Mcmahon Stone, Tom Chothia, and Flavio Garcia of University of Birmingham, who detailed the discovery...The findings came as part of a study involving a new blackbox automated-testing mechanism the team came up with to find applications that implement TLS certificate-pinning but fail to verify the hostname, leaving them open to MitM attacks. Dubbed Spinner, the tool uses the Censys Internet scanning engine to scale up what has in the past been a costly, manual process to check." - Ericka Chickowski, Dark Reading. Read the research here:
otf  spinner  mitm  vuln  research  security  vpn 
december 2017 by dmcdev
Managing the Message: What you can’t say about the 19th National Communist Party Congress on WeChat - @CitizenLab
A new Citizen Lab report analyzes censorship in China prior to and during the 19th National Communist Party Congress. Among the report's findings: "We tested samples of keywords extracted from news articles reporting on the Congress and documented which of them triggered censorship on WeChat’s group chat feature. We found keywords blocked over a year prior to the Congress and tracked censorship updates as it approached. A broad range of content was censored including criticism and general speculation around the Congress, leaders, and power struggles. In the weeks leading up to the Congress we found blocked keywords that referenced central government policies such as the Belt and Road Initiative, and core ideological concepts like 'Socialism with Chinese Characteristics'." - Masashi Crete-Nishihata, Lotus Ruan, Jakub Dalek, and Jeffrey Knockel, Citizen Lab
otf  china  asia  gfw  censorship  citizenlab  research 
november 2017 by dmcdev
Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship (pdf) #research
This research conducts "the most extensive" measurement of TCP-level Great Firewall evasion techniques to date. "Understanding the behaviors of, and evading state-level Internetscale censorship systems such as the Great Firewall (GFW) of China, has emerged as a research problem of great interest. One line of evasion is the development of techniques that leverage the possibility that the TCP state maintained on the GFW may not represent the state at end-hosts. In this paper we undertake, arguably, the most extensive measurement study on TCP-level GFW evasion techniques, with several vantage points within and outside China, and with clients subscribed to multiple ISPs. We find that the state-of-the art evasion techniques are no longer very effective on the GFW." - Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy of University of California, Riverside
otf  china  research 
november 2017 by dmcdev
“Combosquatting” Attack Hides in Plain Sight to Trick Computer Users
Georgia Tech research explores "combosquatting," an attack method that relies on similar-looking URLs to trick users. "To guard against unknowingly visiting malicious websites, computer users have been taught to double-check website URLs before they click on a link. But attackers are now taking advantage of that practice to trick users into visiting website domains that contain familiar trademarks — but with additional words that change the destination to an attack site.

For example, attackers might register www.familiarbankname-security[.]com or[.]com. Unwary users see the familiar bank name in the URL, but the additional hyphenated word means the destination is very different from what was expected. The result could be counterfeit merchandise, stolen credentials, a malware infection – or another computer conscripted into a botnet attack."
otf  research  combosquatting 
october 2017 by dmcdev
lib- erate, (n) : A library for exposing (traffic-classification) rules and avoiding them efficiently (pdf) #research
"This paper presents the design and implementation of lib·erate, a tool for automatically identifying middlebox policies, reverseengineering their implementations, and adaptively deploying custom circumvention techniques. Unlike previous work, our approach is application-agnostic, can be deployed unilaterally (i.e., only at one endpoint) on unmodified applications via a linked library or transparent proxy, and can adapt to changes to classifiers at runtime. We implemented a lib·erate prototype as a transparent proxy and evaluate it both in a testbed environment and in operational networks that throttle or block traffic based on DPI-based classifier rules, and show that our approach is effective across a wide range of middlebox deployments." - Researchers Fangfan Li, Arash Molavi Kakhki, David Choffnes, and Alan Mislove of Northeastern University; Abbas Razaghpanah, and Arian Akhavan Niaki of Stony Brook University; and Phillipa Gill of University of Massachusetts Amherst
otf  research  middlebox  circumvention  censorship 
october 2017 by dmcdev
Investigate internet censorship with OONI data - @ddjournalism
This Data Driven Journalism article highlights how the Open Observatory of Network Interference (OONI) data can be useful for investigative journalists in determining or confirming instances of internet disruption worldwide. Article written by OONI's own Maria Xynou.
otf  ooni  data  journalism  media  research  measurement 
october 2017 by dmcdev
Researchers explore use of personal items as 2FA tokens
"What else could be used to prove your identity along with a pass phrase that's easy to use and carried around with you? It's right under your nose.

Pixie, a research project described in last month's Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, demonstrates that the camera in mobile and wearable devices can be used for two-factor authentication without any extra special hardware.

The researchers – Mozhgan Azimpourkivi, a PhD candidate at Florida International University (FIU); Umut Topkara, an NLP researcher at Bloomberg; and Bogdan Carbunar, assistant computer science professor at FIU – contend: 'Pixie can complement existing authentication solutions by providing a fast alternative that does not expose sensitive user information.'" - Thomas Claburn, The Register
otf  2fa  research  security 
october 2017 by dmcdev
The Devil's in The Details: Placing Decoy Routers in the Internet #research (pdf)
"Decoy Routing, the use of routers (rather than end hosts) as proxies, is a new direction in anti-censorship research. Decoy Routers (DRs), placed in Autonomous Systems, proxy traffic from users; so the adversary, e.g. a censorious government, attempts to avoid them. It is quite difficult to place DRs so the adversary cannot route around them..In this paper, we consider a different approach...Our first question is – How many ASes are required for installing DRs to intercept a large fraction of paths from e.g. China to the topn websites (as per Alexa)? How does this number grow with n ? To our surprise, the same few (≈ 30) ASes intercept over 90% of paths to the top n sites worldwide, for n = 10, 20...200 and also to other destinations...the details of DR placement: not just in which ASes DRs should be placed to intercept traffic, but exactly where in each AS. We find that even with our small number of ASes, we still need a total of about 11, 700 DRs. We conclude that, even though a DR system involves far fewer ASes than previously thought, it is still a major undertaking." - Devashish Gosain, Anshika Agarwal, and Sambuddho Chakravarty, IIIT Delhi, India, and H. B. Acharya, Rochester Inst. of Tech
otf  decoy  routing  research  censorship  detection 
october 2017 by dmcdev
PacketLab: A Universal Measurement Endpoint Interface #research (pdf)
Network measurement research analyzes a new endpoint interface called "PacketLab." "PacketLab is built on two key ideas: It moves the measurement logic out of the endpoint to a separate experiment control server, making each endpoint a lightweight packet source/sink. At the same time, it provides a way to delegate access to measurement endpoints while retaining fine-grained control over how one’s endpoints are used by others, allowing research groups to share measurement infrastructure with each other with little overhead. By making the endpoint interface simple, we also make it easier to deploy measurement endpoints on any device anywhere, for any period of time the owner chooses. We offer PacketLab as a candidate measurement interface that can accommodate the research community’s demand for future global-scale Internet measurement."
otf  research  measurement  endpoint 
october 2017 by dmcdev
Detecting Censor Detection (pdf) #research
Research by David Fifield, Lynn Tsai, and Qi Zhong of UC Berkeley studies how censors in countries like China, Iran, and Kazakhstan react and adapt to the introduction of new, censorship-circumventing proxy servers. From the abstract: "We examine a specific case, that of obfuscated Tor bridges, and conduct experiments designed to discover how long it takes censors to block them (if they do block at all). Through a year’s worth of active measurements from China, Iran, Kazakhstan, and other countries, we learn when bridges become blocked. In China we found the most interesting behavior, including long and varying delays before blocking, frequent failures during which blocked bridges became reachable, and an advancement in blocking technique midway through the experiment. Throughout, we observed surprising behavior by censors, not in accordance with what we would have predicted, calling into question our assumptions and suggesting potential untapped avenues for circumvention."
otf  research  tor  torbridges  bridges  china  iran  Kazakhstan 
october 2017 by dmcdev
Research Methods Workshop for Internet Policy & Advocacy in Africa
"The Annenberg School for Communication’s Internet Policy Observatory has teamed up with the Collaboration on International ICT Policy in East and Southern Africa (CIPESA), Research ICT Africa, Kenya ICT Action Network (KICTANet), Unwanted Witness, Paradigm Initiative, and YoungICTAdvocates to organize the fourth regional Research Methods Workshop for Internet Policy and Advocacy in Africa. The workshop, taking place from Feb 26 to March 3 in Kampala, seeks applications from young scholars, activists, lawyers, and technologists working across Africa for an intensive practicum on using methodologically rigorous, data-driven, and contextually appropriate research for advocacy." Find more information and how to apply at the link above. The deadline is November 10, 2017.
otf  africa  research 
september 2017 by dmcdev
The Waterfall of Liberty: Decoy Routing Circumvention that Resists Routing Attacks (pdf) #research
Researchers from UMass Amherst assess the practicality of decoy routing systems, applying what they term "downstream-only" decoy routing. From the abstract: "Decoy routing is an emerging approach for censorship circumvention in which circumvention is implemented with help from a number of volunteer Internet autonomous systems, called decoy ASes. Recent studies on decoy routing consider all decoy routing systems to be susceptible to a fundamental attack —regardless of their specific designs—in which the censors re-route traffic around decoy ASes, thereby preventing censored users from using such systems. In this paper, we propose a new architecture for decoy routing that, by design, is significantly stronger to rerouting attacks compared to all previous designs. Unlike previous designs, our new architecture operates decoy routers only on the downstream traffic of the censored users; therefore we call it downstream-only decoy routing."
otf  research  decoy  routing 
september 2017 by dmcdev
South Korean parental apps found to be insecure - @citizenlab
"Researchers from Citizen Lab, Cure53, and OpenNet Korea conducted a series of security audits on Cyber Security Zone and Smart Dream, two parental monitoring apps for mobile devices. Their findings show that the children who use them are at risk of having their messages intercepted, personal data compromised, and even communication records falsified." Read the full article at link above or in graphic form from OTF-supported Net Alert here:
otf  southkorea  asia  privacy  research 
september 2017 by dmcdev
Remote usability testing with InVision and Google Forms - @meedan
A guide to remote UX testing by Chris Blow, interaction designer at Meedan. The post provides illustrated, step-by-step instructions on how to design and implement an easy but effective usability test for whatever it is you are building.
otf  ux  research  meedan 
september 2017 by dmcdev
New @OpenObservatory report - Measuring Internet Censorship in Cuba's ParkNets
A new report by the Open Observatory of Network Interference (OONI) analyzes censorship on Cuba's public WiFi hotspots, dubbed "ParkNets" by OONI. Among the key findings: 41 websites were blocked, including websites of or for an independent news outlet, a resource for journalists and independent writers, pro-democracy sites, Freedom House, and an online discussion forum. "Most of the blocked sites have one main thing in common: they express criticism towards the Castro regime, directly or indirectly," OONI reports.
otf  cuba  ooni  research 
august 2017 by dmcdev
Packets Lost in the Wild: An Analysis of Empirical Approaches to Measure Internet Censorship #research
Research by Mohammad Taha Khan of the University of Illinois at Chicago "provides a background of the primary motivations behind Internet censorship and the various technical mechanisms used by censors to implement it. It then presents a detailed survey and evaluation of the systems developed by researchers to detect and quantify censorship. Finally, we provide summary insights as well as suggestive directions of focus to aid researchers in developing more accurate and robust measurement systems." The author of this paper just recently started as an Information Controls fellow with OTF, analyizing the commercial VPN ecosystem.
otf  research 
august 2017 by dmcdev
Take a survey to help improve the usability of Tor and onion services
A project looking to improve the UX of Tor and Tor onion services could use your help. Researchers are in need of Tor users to take a survey in order to better understand users' habits and perceptions. "In this research project, we are trying to understand how users deal with these differences by administering a survey to Tor users. A sound understanding of how users interact with onion services will allow privacy engineers to both improve onion service usability and better protect Tor users from surveillance, censorship, and other attacks." Access the survey: or learn more about the project here:
otf  onion  tor  research  anonymity 
august 2017 by dmcdev
Autosonda: Discovering Rules and Triggers of Censorship Devices #research
"This paper presents Autosonda, a tool for discovering and studying decision models of censorship devices. Through network traffic alone, Autosonda fingerprints censorship devices by discovering their models and mechanisms for how they enforce rule sets. The strength of Autosonda is demonstrated in a study that we present of 76 web filters currently in use in the New York City metropolitan area. In our study we encounter a great variety of behavior and implementation techniques for blocking prohibited web content. Not only does Autosonda help us to find implementation flaws and rule sets, it also allows us to find circumvention paths for 100% of our test subjects. Being able to perform this type of detailed analysis automatically and at scale is a large contribution for understanding censorship and how device behavior can be classified." - Jill Jermyn, Columbia University, and Nicholas Weaver, International Computer Science Institute, University of California at Berkeley
otf  research  censorship  autosonda 
august 2017 by dmcdev
How to make Tor less vulnerable to RAPTOR attacks
"'Tor is vulnerable to traffic-correlation attacks,' write Princeton University researchers Yixin Sun [an OTF ICFP fellow while conducting this research], Anne Edmundson, Nick Feamster, Mung Chiang, and Prateek Mittal in their paper Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks. 'An adversary [or Autonomous System (AS)] who can observe the traffic at both ends of the communications path—between the Tor client and the entry guard relay, and between the exit relay and the destination server—can perform traffic analysis on packet size and timing to deanonymize Tor users.'

The authors are particularly concerned about RAPTOR (Routing Attacks on Privacy in TOR) attacks, where quirks in BGP routing allow attackers to increase the number of AS-level adversaries observing traffic entering and exiting the Tor network.

'As the internet gets bigger and more dynamic, more organizations have the ability to observe users' traffic,' says research team member Yixin Sun...'We want to understand possible ways these organizations could identify users and provide Tor with the means to defend itself against these attacks and help preserve online privacy.'" - Michael Kassner, TechRepublic. Read the research paper here:
otf  research  tor  raptor  icfp  yixinsun  fellowship  security 
august 2017 by dmcdev
The Internet Policymaking Landscape in Pakistan
A new report from the Internet Policy Observatory looks at policymaking, the telecom industry, legal framework, and censorship in Pakistan. "This is the first study focused on Pakistan that attempts to map the country’s internet policymaking process, identify its stakeholders, and analyse the strengths and shortcomings of each...Via interviews with key stakeholders, this study reveals Pakistan’s ad-hoc, reactionary, internet policymaking, as well as a state apparatus, including the bureaucracy, politicians, and the judiciary, that has little technological understanding and hence mandates orders that are ineffective, undemocratic, and draconian. The blockages of Facebook in 2010, and of YouTube in 2008 and from 2013 to 2016 are testimony to the government’s tendency toward knee-jerk reactions to perceived challenges online." - Internet Policy Observatory
otf  pakistan  research  policy  southasia 
august 2017 by dmcdev
More is Less: How Group Chats Weaken the Security of Instant Messengers Signal, WhatsApp, and Threema #research
From the abstract: "In this paper, we investigate group communication security mechanisms of three main SIM applications: Signal, WhatsApp, and Threema. We first provide a comprehensive and realistic attacker model for analyzing group SIM protocols regarding security and reliability. We then describe and analyze the group protocols used in Signal, WhatsApp, and Threema. By applying our model, we reveal multiple weaknesses, and propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected." - Paul Rösler, Christian Mainka and Jörg Schwenk
otf  research  messaging  security 
july 2017 by dmcdev
On the anatomy of social engineering attacks—A literature-based dissection of successful attacks #research
From the abstract: "The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps, containing single interactions between offender and target. For each attack step, persuasion principles were identified. The main findings are that (a) persuasion principles are often used in social engineering attacks, (b) authority (1 of the 6 persuasion principles) is used considerably more often than others, and (c) single-principle attack steps occur more often than multiple-principle ones." - Jan-Willem Hendrik Bullée, Lorena Montoya, Wolter Pieters, Marianne Junger, and Pieter Hartel
otf  research  social  socialengineering  attack  hack  security  awareness 
july 2017 by dmcdev
The Onion Name System: Tor-powered Decentralized DNS for Tor Onion Services (pdf) #research
From the recent 2017 PETS Symposium - Jesse Victors, Ming Li, and Xinwen Fu co-author this paper looking at Tor onion services a.k.a. hidden services, which "...are anonymous servers of unknown location and ownership that can be accessed through any Torenabled client. They have gained popularity over the years, but since their introduction in 2002 still suffer from major usability challenges primarily due to their cryptographically-generated non-memorable addresses. In response to this difficulty, in this work we introduce the Onion Name System (OnioNS), a privacy-enhanced decentralized name resolution service. OnioNS allows Tor users to reference an onion service by a meaningful globally-unique verifiable domain name chosen by the onion service administrator. We construct OnioNS as an optional backwards-compatible plugin for Tor, simplify our design and threat model by embedding OnioNS within the Tor network, and provide mechanisms for authenticated denial-of-existence with minimal networking costs. We introduce a lottery-like system to reduce the threat of land rushes and domain squatting. Finally, we provide a security analysis, integrate our software with the Tor Browser, and conduct performance tests of our prototype."
otf  tor  research  PETS  onion 
july 2017 by dmcdev
VPN crackdown 'unthinkable' trial by firewall for China's research world
"Like most academics, biology ­researcher Dr Jose Pastor-Pareja relies heavily on Google's search engine, using it 'every 10 minutes', he says.

But access to this resource is not guaranteed as he works at Tsinghua University in China – where the government has been tightening what are already among the strictest controls over the internet in the world...Its push in recent years to further limit people's abilities to circumvent controls on the internet have forced academics such as Pastor-Pareja to depend on tools such as virtual private networks (VPNs), which redirect users to offshore servers to bypass the censors. His personal VPN subscription, paid for out of his own pocket, allows him to access Google, monitor his Twitter feed for the latest scientific literature, and connect with the wider scientific community via social media." - Sarah Zheng, South China Morning Post
otf  china  asia  gfw  censorship  vpn  access  academia  research 
july 2017 by dmcdev
Social Network Censorship: Topics, Techniques, and Impacts (pdf) #research
Rice University doctoral thesis by Rima S. Tanash focuses on analyzing censorship to include "western social media, with an explicit focus on Turkish censorship of Twitter, while showing evidence of how aggregating users' data from public APIs can lead to privacy leaks of users' political affiliations."
otf  research  social  twitter  turkey 
july 2017 by dmcdev
Topics of Controversy: An Empirical Analysis of Web Censorship Lists (pdf) #research
"Studies of Internet censorship rely on an experimental technique called probing. From a client within each country under investigation, the experimenter attempts to access network resources that are suspected to be censored, and records what happens. The set of resources to be probed is a crucial, but often neglected, element of the experimental design. We analyze the content and longevity of 758,191 webpages drawn from 22 different probe lists, of which 15 are alleged to be actual blacklists of censored webpages in particular countries, three were compiled using a priori criteria for selecting pages with an elevated chance of being censored, and four are controls. We find that the lists have very little overlap in terms of specific pages. Mechanically assigning a topic to each page, however, reveals common themes, and suggests that handcurated probe lists may be neglecting certain frequentlycensored topics. We also find that pages on controversial topics tend to have much shorter lifetimes than pages on uncontroversial topics. Hence, probe lists need to be continuously updated to be useful." - Zachary Weinberg, Mahmood Sharif, Janos Szurdi, and Nicolas Christin, Carnegie Mellon University
otf  research  censorship  probing 
july 2017 by dmcdev
The road not taken: Secure asymmetry and deployabilityfor decoy routing systems #research
From the abstract: "Censorship circumvention is often characterized as an arms race between a nation-state censor and the developers of censorship resistance systems. Decoy routing systems offer a solution to censorship resistance that has the potential to tilt this arms race in the favour of the censorship resistor...Although decoy routing systems that lessen the burden on participating routers and accommodate asymmetric flows have been proposed, these arguably more deployable systems suffer from security vulnerabilities that put their users at risk of discovery. In this paper, we propose two different techniques for supporting route asymmetry in previously symmetric decoy routing systems. The resulting asymmetric solutions are more secure than previous asymmetric proposals and provide an option for tiered deployment, allowing more cautious ASes to deploy a lightweight, non-blocking relay station that aids in defending against routing-capable adversaries. We also provide an experimental evaluation of relay station performance on off-the-shelf hardware and additional security improvements to recently proposed systems." - Cecylia Bocovich and Ian Goldberg, University of Waterloo
otf  research  router  decoy  censorship  circumvention 
july 2017 by dmcdev
National human rights institutions in digital spaces - @APC_News
This new paper from the Association for Progressive Communications looks at "the ways ICTs and the internet create new and promising spaces where [national human rights institutions (NHRIs)] can improve the way they function and reach out to stakeholders in previously unimaginable ways. It also makes a call to NHRIs to remind governments that their obligation to protect, promote and fulfil all human rights includes providing meaningful access to the internet to all people."
otf  apc  humanrights  research  ict  foe 
july 2017 by dmcdev
Limits to Internet Freedoms: Being Heard in an Increasingly Authoritarian World (pdf) #research
From the Abstract: "ŒIn this paper, we present research into the use of social media for free speech in Turkey, Mongolia, and Zambia as a basis for discussing the limits of Internet freedoms. We discuss the actors, adversaries, social and technological limits, as well as limitations of existing tools for the free exchange of ideas on-line. We conclude with a discussion of how design and development choices for technology can a‚ffect marginalized communities, as well as the ethical and technical considerations for developing tools and applications that support Internet freedoms." - Elizabeth Belding and Michael Nekrasov, UC Santa Barbara, and Lisa Parks, MIT
otf  research  access  turkey  mongolia  zambia  speech  social  foe 
july 2017 by dmcdev
Internet Censorship in #Thailand: User Practices and Potential Threats (pdf) #research
Surveying 229 and interviewing 13 internet users in Thailand to assess their current practices and threat awareness, researchers find "existing circumvention tools were adequate for respondents to access blocked information; that respondents relied to some extent on risky tool selection and inaccurate assessment of blocked content; and that attempts to take action with sensitive content on social media led to the most concrete threats with the least available technical defenses." - Genevieve Gebhart, EFF and the University of Washington, Tadayoshi Kohno of the University of Washhington, and an anonymous author.
otf  thailand  research  censorship  access  foe  social  threat  awareness 
july 2017 by dmcdev
Global Measurement of DNS Manipulation #research
From the abstract: "Despite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Understanding the scope, scale, and evolution of Internet censorship requires global measurements, performed at regular intervals. Unfortunately, the state of the art relies on techniques that, by and large, require users to directly participate in gathering these measurements, drastically limiting their coverage and inhibiting regular data collection. To facilitate large-scale measurements that can fill this gap in understanding, we develop Iris, a scalable, accurate, and ethical method to measure global manipulation of DNS resolutions. Iris reveals widespread DNS manipulation of many domain names; our findings both confirm anecdotal or limited results from previous work and reveal new patterns in DNS manipulation." - Paul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Feamster, Nick Weaver, and Vern Paxson. All researchers from either UC Berkeley or Princeton.
otf  research  dns  censorship  measurement  measure  awareness 
july 2017 by dmcdev
New @BKCHarvard @thenetmonitor study examines global internet censorship
"A sharp increase in web encryption and a worldwide shift away from standalone websites in favor of social media and online publishing platforms has altered the practice of state-level internet censorship and in some cases led to broader crackdowns, a new study by the Berkman Klein Center for Internet & Society at Harvard University finds.

'The Shifting Landscape of Global Internet Censorship', released today, documents the practice of internet censorship around the world through empirical testing in 45 countries of the availability of 2,046 of the world’s most-trafficked and influential websites, plus additional country-specific websites. The study finds evidence of filtering in 26 countries across four broad content themes: political, social, topics related to conflict and security, and internet tools (a term that includes censorship circumvention tools as well as social media platforms). The majority of countries that censor content do so across all four themes, although the depth of the filtering varies." - Berkman Klein Center for Internet & Society
otf  research  censorship  berkman 
june 2017 by dmcdev
An Analysis of Tor Pluggable Transports Under Adversarial Conditions (pdf) #research
"Tor Pluggable transports enable the users to overcome the adversaries which block access to the Tor network. Different pluggable transport systems use different mechanisms. Consequently, the adversaries adapt by using different approaches to identify Tor pluggable transport traffic. The deep packet inspection and the flow analysis are two of such approaches. To this end, we investigate how well pluggable transports can obfuscate user traffic under adversarial conditions. We represent the adversarial environments using the existing traffic analysis systems. Our results show that while some pluggable transports systems can hide the traffic well from adversaries, others cannot." - Khalid Shahbar and A. Nur Zincir-Heywood of Dalhousie University
otf  research  tor  pluggabletransport  security  privacy  access  circumvention 
june 2017 by dmcdev
Understanding and circumventing censorship on Chinese social media #research
"While previous research has explored the technology behind [Chinese] censorship mechanisms, little work has focused on the effects of censorship on online and offline behaviors. In this thesis, I bridge this gap by conducting a mixed-method study to gain a deeper understanding of these effects. The results of the mixed-method study show that censorship has strong off-platform effects, which are not detectable from usage logs. Users deliberately self-censor their speech out of caution, because they do not have a clear understanding of what content is being censored and what risks are associated with censorship on Chinese social media. Although on-platform effects of censorship are present on social media usage logs, they wear out over time. Informed by these results, I attempt to provide social media users a better understanding of how the censorship mechanism works and an effective censorship circumvention technique, both of which will lead to greater freedom of expression among social media users." - Chaya Hiruncharoenvate, doctoral student at Georgia Institute of Technology
otf  china  research  gfw  access  censorship  social  asia  speech  foe 
june 2017 by dmcdev
New research details challenges facing developers in closed spaces - @guardianproject
The report "explores some key challenges that developers in closed and closing spaces face when collaborating with international groups who support Human Rights and freedom (IHRFG). These groups include privacy and security software projects, civil society focused donors, and non-governmental organizations (NGOs)." The report is based off research conducted via both interviews (with 14 individuals from 11 different countries) and surveys (with 118 responses from developers in 28 different countries). Read the executive summary at link above or the full report (pdf) here:
otf  guardian  research 
june 2017 by dmcdev
Research identifies methods to protect against online privacy attacks
A writeup of ICFP fellow Yixin Sun's co-authored work on detecting and defending against attacks on Tor. In Yixin's words, from the Princeton release: “As the internet gets bigger and more dynamic, more organizations have the ability to observe users’ traffic,′ said Sun, a graduate student in computer science. “We wanted to understand possible ways that these organizations could identify users and to provide Tor with ways to defend itself against these attacks as a way to help preserve online privacy.”
otf  icfp  tor  research  princeton 
june 2017 by dmcdev
Study presented at @IEEESSP asks, "Why don't people use secure internet tools?"
"The researchers conducted in-depth interviews with users from across a variety of ages, skill levels and backgrounds to see what barriers existed to the adoption of privacy-oriented, cryptographically secured tools. Their findings have implications for the two major approaches to increasing secure tools adoption: user-interface improvements and training materials." - Cory Doctorow, Boing Boing
otf  research  usability  ux  privacy  security  adoption 
june 2017 by dmcdev
Measuring Pakistani Women's Experiences of Online Violence [pdf] - @DigitalRightsPK
"Over the course of 2016, Digital Rights Foundation trained close to 1,800 women
throughout the length and breadth of Pakistan. This report compiles together data
collected during the 17 sessions that had been conducted in Punjab, Sindh, Khyber
Pakhtunkhwa, Balochistan, and Gilgit, to create the first ever set of data around online
harassment and electronic violence against women [e-VAW] in Pakistan. The study will
map different aspects of online harassment and e-VAW, along with a look at how
women use digital tools on the whole." - Digital Rights Foundation
otf  pakistan  research  difp  nighat  nighatdad  violence  southasia  asia 
may 2017 by dmcdev
Analyzing Accessibility of Wikipedia Projects Around the World | @BKCHarvard
"This study, conducted by the Internet Monitor project at the Berkman Klein Center for Internet & Society, analyzes the scope of government-sponsored censorship of Wikimedia sites around the world. The study finds that, as of June 2016, China was likely censoring the Chinese language Wikipedia project, and Thailand and Uzbekistan were likely interfering intermittently with specific language projects of Wikipedia as well." Download the report at the link above.
otf  berkman  wikipedia  research  access  china  thailand  Uzbekistan 
may 2017 by dmcdev
.@PET_Symposium 2017 accepted papers now online
There are also stipends available to help get participants to Minneapolis, where PETS is being hosted this year from July 18-21. Info on stipends here:
otf  pets  privacy  event  academia  research 
may 2017 by dmcdev
FilteredWeb: A Framework for the Automated Search-Based Discovery of Blocked URLs #research
"We present a new framework for automating the process of discovering filtered resources through the use of adaptive queries to well-known search engines. Our system applies information retrieval algorithms to isolate characteristic linguistic patterns in known filtered web pages; these are then used as the basis for web search queries. The results of these queries are then checked for evidence of filtering, and newly discovered filtered resources are fed back into the system to detect further filtered content. Our implementation of this framework, applied to China as a case study, shows that this approach is demonstrably effective at detecting significant numbers of previously unknown filtered web pages, making a significant contribution to the ongoing detection of internet filtering as it develops." - Alexander Darer, Oliver Farnan, and Joss Wright, University of Oxford
otf  block  censor  china  asia  research  filteredweb  filter  analysis  networkanalysis  network 
april 2017 by dmcdev
Robust Smartphone App Identification Via Encrypted Network Traffic Analysis #research
"The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. Additionally, the presence or absence of particular apps on a smartphone can inform an adversary who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the network traffic that they send. Although SSL/TLS hides the payload of packets, sidechannel data such as packet size and direction is still leaked from encrypted connections." - Vincent F. Taylor, Riccardo Spolaor, Mauro Conti and Ivan Martinovic
otf  research  encryption  app  analysis  network  networkanalysis  privacy  awareness 
april 2017 by dmcdev
Internet Kill Switches Demystified #research
"Internet kill switches are possible in today’s Internet, but to date have been locally-scoped and self-inflicted. As more networks move towards centralized key architectures such as DNSSEC and BGPsec, adversarial kill switches become more powerful. We analyze the feasibility of and mechanisms for executing kill switches on remote DNSSEC- or BGPsec-enabled networks, finding that kill switches must be considered in the design of next generation Internet protocols. We also describe recovery procedures and properties intended to evaluate kill switch events, finding that recovering from a compromised key may take up to 48 hours." - Benjamin Rothenberger, Daniele E. Asoni, David Barrera, and Adrian Perrig, ETH Zurich
otf  research  dns  shutdown  network  internet 
april 2017 by dmcdev
Towards an Internet Free of Censorship II: Perspectives in Latin America #research
"In 2012 we [Centro de Estudios en Libertad de Expresión y Acceso a la Información] published our first Towards an Internet Free of Censorship, a compilation of articles written by renowned scholars and practitioners from Latin America and the United States. The objective was to identify the main issues under prospective regulation, offer different approaches towards them and contribute concrete recommendations for public policy in Latin America. This new compilation of articles addresses some of the most salient issues within the Latin American legislative and regulatory agenda towards the internet. These are complex and thorny issues that have generated intense debate among scholars, legislators, practitioners, engineers, companies and users." - Centro de Estudios en Libertad de Expresión y Acceso a la Información, Universidad de Palermo
otf  latinamerica  research  policy  awareness 
april 2017 by dmcdev
Optimal Backup Strategies Against Cyber Attacks (pdf) #research
"In this paper we introduce the new problem of finding the best way to protect a computer system against cyber and ransomware attacks by choosing an optimal backup scheme using k storage devices. While in standard backup schemes it is beneficial to backup as frequently as possible, in the case of sophisticated cyber attacks any attempt to connect a backup device to an already infected computer is likely to stealthily corrupt its data and thus make it unusable when the actual attack happens. Our formalization of the problem casts it as a special case of an online/offline optimization problem, in which the defender tries to minimize the maximal extra cost caused by his lack of knowledge about the time of the initial infection." Read the full paper in pdf form at the link above.
otf  research  shutdown  attack  backup 
april 2017 by dmcdev
An in-depth characterisation of Bots and Humans on Twitter (pdf) #research
"Recent research has shown a substantial active presence of bots in online social networks (OSNs). In this paper we utilise our past work on studying bots (Stweeler) to comparatively analyse the usage and impact of bots and humans on Twitter, one of the largest OSNs in the world." - Zafar Gilani, Liang Wang, and Jon Crowcroft, Computer Laboratory, University of Cambridge; Gareth Tyson, Institut Mines Telecom Paris; and Gareth Tyson, Queen Mary University of London
otf  social  twitter  bots  research 
april 2017 by dmcdev
Anomalous keys in Tor relays #research
"In its more than ten years of existence, the Tor network has seen hundreds of thousands of relays come and go. Each relay maintains several RSA keys, amounting to millions of keys, all archived by The Tor Project. In this paper, we analyze 3.7 million RSA public keys of Tor relays. We (i) check if any relays share prime factors or moduli, (ii) identify relays that use non-standard exponents, and (iii) characterize malicious relays that we discovered in the first two steps. Our experiments revealed that ten relays shared moduli, and 3,557 relays—almost all part of a research project— shared prime factors, allowing adversaries to reconstruct private keys. We further discovered 122 relays that used nonstandard RSA exponents, presumably in an attempt to attack onion services. By simulating how onion services are positioned in Tor’s distributed hash table, we identified four onion services that were likely targeted by these malicious relays." - George Kadianakis, Tor Project, and Claudia V. Roberts, Laura M. Roberts, and Philipp Winter, Princeton University
otf  tor  research  crypto  encryption  onion  RSA  anonymity  circumvention 
april 2017 by dmcdev
Shocking the Crowd: The Effect of Censorship Shocks on Chinese Wikipedia #research
"In this study, we examine changes in collaborative behavior of editors of Chinese Wikipedia that arise due to the 2005 government censorship in mainland China...We find that activity and conflict drop on articles that face a shock, whereas centralization increases. The impact of a shock on activity increases with shock level, whereas the impact on centralization and conflict is higher for moderate shock levels than for very small or very high shock levels. These findings provide support for threat rigidity theory – originally introduced in the organizational theory literature – in the context of large-scale collaborative crowds." - University of Michigan researchers
otf  research  china  asia  wiki  wikipedia  access  censorship  gfw 
april 2017 by dmcdev
The State of Internet Censorship in Myanmar - @OpenObservatory
"Out of 1,927 sites that were tested for censorship in six local vantage points in Myanmar, only five sites presented signs of TCP/IP and HTTP blocking, including the sites of the U.S. embassy in Myanmar and of the Organization of American States (OAS). The motivation and justification behind the potential blocking of these sites remains unclear. No block pages were detected as part of this study that can confirm cases of censorship...WhatsApp, Facebook Messenger, and the Tor network appeared to be accessible across all six networks in Myanmar where OONI tests were run." - OONI
otf  ooni  myanmar  burma  asia  seasia  censorship  access  research 
march 2017 by dmcdev
Augur: Internet-Wide Detection of Connectivity Disruptions #research
"Anecdotes, news reports, and policy briefings collectively suggest that Internet censorship practices are pervasive. The scale and diversity of Internet censorship practices makes it difficult to precisely monitor where, when, and how censorship occurs, as well as what is censored. The potential risks in performing the measurements make this problem even more challenging. As a result, many accounts of censorship begin—and end—with anecdotes or short-term studies from only a handful of vantage points. We seek to instead continuously monitor information about Internet reachability, to capture the onset or termination of censorship across regions and ISPs. To achieve this goal, we introduce Augur, a method and accompanying system that utilizes TCP/IP side channels to measure reachability between two Internet locations without directly controlling a measurement vantage point at either location. Using these side channels, coupled with techniques to ensure safety by not implicating individual users, we develop scalable, statistically robust methods to infer network-layer filtering, and implement a corresponding system capable of performing continuous monitoring of global censorship. We validate our measurements of Internet-wide disruption in nearly 180 countries over 17 days against sites known to be frequently blocked; we also identify the countries where connectivity disruption is most prevalent." - Paul Pearce, Frank Li, and Vern Paxson of UC Berkeley, and Roya Ensafi and Nick Feamster of Princeton University
otf  research  augur  shutdown  monitor  monitoring  awareness  access  censorship 
march 2017 by dmcdev
Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks #research
As an OTF ICFP fellow YIxin Sun researched ways to detect and deter vulnerabilities in the Tor network caused by BGP routing attacks, or RAPTOR attacks. From the abstract: "First, we present a new measurement study on the resilience of the Tor network to active BGP prefix attacks. We show that ASes with high Tor bandwidth can be less resilient to attacks than other ASes. Second, we present a new Tor guard relay selection algorithm that incorporates resilience of relays into consideration to proactively mitigate such attacks. We show that the algorithm successfully improves the security for Tor clients by up to 36% on average (up to 166% for certain clients). Finally, we build a live BGP monitoring system that can detect routing anomalies on the Tor network in real time by performing an AS origin check and novel detection analytics. Our monitoring system successfully detects simulated attacks that are modeled after multiple known attack types as well as a real-world hijack attack (performed by us), while having low false positive rates." - Yixin Sun, Anne Edmundson, Nick Feamster, Mung Chiang, Prateek Mittal, Princeton University. Read the paper in full here:
otf  icfp  raptor  tor  research  vuln  vulnerability  censorship  attack  threat  awareness  privacy  security 
march 2017 by dmcdev
New from @OpenObservatory: Examining internet blackouts through public data sources
"Over the last months we received many reports relating to internet blackouts in various countries around the world. In some of these countries we had probes running OONI tests, but merely asserting that an internet blackouts had occurred just because we stopped receiving measurements probably wouldn’t have been accurate. As such, we started to refer to other public data sources that could help us gain a better understanding of potential network disruptions in countries where internet blackouts were reported by locals.

In this post we outline some basics from our methodology when examining internet blackouts through public data sources." - Maria Xynou, Arturo Filastò, OONI
otf  ooni  blackout  access  shutdown  research  opensource  opendata 
march 2017 by dmcdev
Networked Authoritarianism and the Geopolitics of Information: Understanding Russian Internet Policy | @MarechalUSC
"The paper begins by tracing the history of information controls within what is now the Russian Federation before discussing the role of information and internet policy in Russian foreign policy, drawing connections between the Russian government’s control and manipulation of information—including its internet policy—in the domestic and international arenas. Next, it discusses the spread of networked authoritarianism and suggests that a “geopolitics of information” will become increasingly necessary in the coming years. Just as networked authoritarianism establishes strategic infrastructures to control the message domestically and intervene in global media systems, liberal democracies need to rethink media and communication infrastructures to ensure they foster pluralist, rights-respecting societies that are resilient to authoritarianism and extremism. In doing so, they should resist the temptation to respond to this threat in ways that will erode democracy even further, such as expanded surveillance and limits on free expression." - Nathalie Maréchal, USC. Maréchal is a former OTF ICFP fellow.
otf  russia  research  censorship  controls  access  awareness  putin  policy 
march 2017 by dmcdev
k-Anonymously Private Search over Encrypted Data #research
In this paper we compare the performance of various homomorphic encryption methods on a private search scheme that can achieve k-anonymity privacy. To make our benchmarking fair, we use open sourced cryptographic libraries which are written by experts and well scrutinized. We find that Goldwasser-Micali encryption achieves good enough performance for practical use, whereas fully homomorphic encryptions are much slower than partial ones like Goldwasser-Micali and Paillier. - Shiyu Ji, Kun Wan, UC Santa Barbara
otf  research  encryption  anonymity  privacy 
march 2017 by dmcdev
Known Unknowns: An Analysis of Twitter Censorship in Turkey #research
"Twitter identifies Turkey as the country issuing the largest number of censorship requests, so we focused our attention there. Collecting over 20 million Turkish tweets from late 2014 to early 2015, we discovered over a quarter million censored tweets two orders of magnitude larger than what Twitter itself reports. We applied standard machine learning / clustering techniques, and found the vast bulk of censored tweets contained political content, often critical of the Turkish government. Our work establishes that Twitter radically under-reports censored tweets in Turkey, raising the possibility that similar trends hold for censored tweets from other countries as well. We also discuss the relative ease of working around Twitter’s censorship mechanisms, although we can not easily measure how many users take such steps." Read the full research paper published by Rice University here:
otf  turkey  research  twitter  social  censor  access  speech 
march 2017 by dmcdev
An Army of Me: Sockpuppets in Online Discussion Communities #research
"In online discussion communities, users can interact and share information and opinions on a wide variety of topics. However, some users may create multiple identities, or sockpuppets, and engage in undesired behavior by deceiving others or manipulating discussions. In this work, we study sockpuppetry across nine discussion communities, and show that sockpuppets differ from ordinary users in terms of their posting behavior, linguistic traits, as well as social network structure." Full article (pdf) here:
otf  research  sockpuppet  social  awareness  speech  censorship 
march 2017 by dmcdev
« earlier      
per page:    204080120160

related tags

0day  2fa  50centarmy  academia  access  activism  activist  adoption  advocacy  africa  akamai  alibaba  alt  analysis  analytics  android  anonymity  apc  app  apple  apps  art  asia  assembly  attack  augur  autosonda  awareness  backup  bangladesh  berkman  blackhat  blackout  block  bot  botnet  bots  bridges  browser  bug  burma  cdn  CDNbrowser  censor  censorship  certfa  cesnorship  cfr  chat  china  cipesa  circumvention  citizenlab  civilsociety  clsi  CLSI2016  clsi2017  code  collaboration  combosquatting  community  connectivity  control  controls  coup  crimea  crypto  cso  cuba  darpa  dashboard  data  database  ddos  decoy  detection  diebert  difp  digisec  digitalsecurity  dns  DRL  duo  economy  egypt  election  emissarypanda  encryption  endpoint  ethics  Ethiopia  event  exitmap  exitrelay  exploit  facebook  fellows  fellowship  filter  filteredweb  finfisher  foe  ford  freedomhouse  funders  gfw  google  googlescholar  guardian  guide  hack  hackingteam  hacktivism  hardware  harvard  HRDs  https  humanrights  icfp  ict  IF  ig  internet  InternetFF  internetfreedom  internetgovernance  internetmonitor  iot  iphone  iran  iranprotest  jobs  journalism  junta  Kazakhstan  latinamerica  law  legal  legislation  Libert  malware  marczak  measure  measurement  media  meedan  mena  messaging  mexico  middlebox  mitm  mobile  mongolia  monitor  monitoring  mozilla  myanmar  netblocks  netdata  netgain  network  networkanalysis  nighat  nighatdad  NIST  northkorea  onion  ooni  opendata  opensource  openweb  opsec  otf  ows  pakistan  pets  pew  phishing  pluggabletransport  policy  poll  princeton  privacy  privacyinternational  probing  propaganda  proxy  psiphon  putin  RAN  rangzen  raptor  relay  report  research  Roskomnadzor  router  routing  RSA  rumor  russia  russian  Saudi  schneier  seasia  security  securitykeys  selfcensorship  shutdown  signal  social  socialengineering  sockpuppet  software  SOI  Southamerica  southasia  southkorea  speech  spinner  spyware  state  statistics  summerinstitute  surveillance  survey  swaziland  sybilhunter  symantec  syria  tacticaltech  targeted  targeting  telegram  thailand  threat  tibet  tor  torbridges  toronto  traffic  troll  turkey  twitter  UAE  ucbrowser  Uganda  ukraine  un  unesco  usability  user  ux  Uzbekistan  venezuela  violence  vpn  vuln  vulnerability  wateringhole  wechat  wechatscope  weibo  wiki  wikipedia  yemen  yixinsun  zambia  zimbabwe 

Copy this bookmark: