NDSS

Measuring the Deployment of Network Censorship Filters at Global Scale

Ram Sundara Raman (University of Michigan), Adrian Stoll (University of Michigan), Jakub Dalek (Citizen Lab, University of Toronto), Armin Sarabi (University of Michigan), Reethika Ramesh (University of Michigan), Will Scott (Independent), Roya Ensafi (University of Michigan)

Deep packet inspection (DPI) filtering products are often used for Internet censorship, but even as DPI technology has become cheaper and easier to deploy, the censorship measurement community lacks a systematic approach to monitoring its proliferation. Past research has focused on a handful of specific DPI products, each of which required cumbersome manual detective work to identify. Researchers and policymakers require a more comprehensive picture of the state and evolution of DPI-based censorship in order to establish effective policies that protect Internet freedom.

In this work, we present DFinder, a novel approach that can scalably monitor DPI-based filtering worldwide. DFinder first compiles in-network and new remote censorship measurement techniques to detect DPI deployments. We then show how observed block pages can be clustered, generating fingerprints for longitudinal tracking. By collecting and analyzing 379 million measurements from 45,000 vantage points against more than 18,000 sensitive test domains, we are able to generate fingerprints for 90 DPI products (87 of which have not been previously fingerprinted) and observe filtering in 103 countries. Identifying these filtering devices highlights policy and corporate social responsibility issues, and adds accountability to manufacturers. Our continued publication of DFinder data will help the international community track the scope, scale and evolution of DPI-based censorship.