ru   Russia (TSPU / Roskomnadzor)

NATA requires no endpoint compromise, no Tor-browser modification, and no payload decryption; it operates solely from (1) an upstream gateway controlling Tor TCP connections via standard Linux tc/wondershaper rate-limiting and (2) one or more adversary-controlled exit relays passively recording packet traces. The shaper identifies Tor connections using flow-level metadata (client IP, relay IP, port, transport protocol), meaning the adversary needs only ISP or AS-level vantage, not host-level access.

2026-fan-activeflowmark-assessing-tor §III-A, §IV-A detection

CensorLess's threat model explicitly relies on a rational-censor assumption: the censor will not block entire cloud-provider IP ranges or domain namespaces because the collateral damage to legitimate business services would be politically and economically unacceptable. AWS Lambda's inherent IP-address ephemerality (new IPs on each invocation, function lifetime up to 15 minutes) means even censors willing to attempt enumeration face a continuously shifting target distributed across the cloud provider's global address space.

2026-kang-censorless-serverless §4.2 defense

Russia's Ministry of Digital Development issued guidelines effective April 15, 2026 requiring popular apps to detect and restrict access from VPN-using devices. RKS Global's analysis of 30 popular Russian Android apps found that 22 of 30 implement VPN detection, and 19 of those transmit the detected VPN status to their servers. This represents a shift from network-layer blocking (TSPU) to app-layer enforcement as an additional censorship vector.

2026-rks-russian-apps-vpn-detection §3, §4 policy

Banking apps from major Russian institutions (Sber, T-Bank, VTB, Alfa-Bank) combine VPN detection with behavioral biometrics — screen pressure, touch coordinates, and gesture timing — enabling cross-account re-identification of users behind proxies. 11 apps received a "RED" (maximum surveillance) rating. T-Bank, Yandex services, and MAX additionally deploy active anti-analysis features that detect research tooling on the device (rooted devices, emulators, Frida, etc.).

2026-rks-russian-apps-vpn-detection §5, §6 detection

The RKS Global report documents a two-tier Russian censorship architecture: TSPU network-layer blocking (documented by Xue et al. 2024) at the ISP level, now supplemented by mandated app-layer VPN detection in the 30 most popular Russian Android apps. This layered approach means a circumvention tool that successfully bypasses TSPU at the network layer can still be detected and reported by the app layer, closing the gap that network-only circumvention leaves open.

2026-rks-russian-apps-vpn-detection §2, §7 deployment

A Russian user ran a self-built snowflake-proxy from inside the censored country using the 'random-and-mimic' fingerprint option, successfully serving Iranian, Turkmen, Russian, and German Tor users, demonstrating that the blocking is unidirectional (targeting client DTLS hellos) and that snowflake-broker and rendezvous domains (snowflake-broker.torproject.net, snowflake-01/02.torproject.net) remained accessible behind the .net SNI — only the DTLS data channel was filtered.

2026-wkrp-snowflake-targeted-dtls-filtering kad09 original report, Issue #422 comment evaluation

An experimental 'random-and-mimic' option in snowflake-proxy produced a DTLS ClientHello fingerprint distinct from any observed standard fingerprint and was not blocked by the Russian filter. The covert-dtls library under development by the Tor Anti-Censorship team systematically randomizes the DTLS ClientHello handshake to defeat JA3/JA4-based classification.

2026-wkrp-snowflake-targeted-dtls-filtering kad09 report + abstract team notes defense

PCAP analysis from inside Russia confirmed the filter is fingerprint-based, not IP-based: every failed DTLS connection shared the same JA3/JA4 fingerprint, while a single connection with a different JA3/JA4 fingerprint succeeded and sustained full-speed data transfer, eliminating the hypothesis that censors had enumerated the large proxy IP space.

2026-wkrp-snowflake-targeted-dtls-filtering kad09 original report, Issue #422 comment (Apr 5 2026) detection

Russia (TSPU/Roskomnadzor) began blocking Snowflake on 2026-03-30 by detecting DTLS ClientHello messages with specific JA3/JA4 fingerprints after a small delay. The block caused Snowflake to drop from ~100% connection success (measured from November 2025 through March 29) to near-total failure for standard proxies overnight.

2026-wkrp-snowflake-targeted-dtls-filtering Issue #603 opening comment (wkrp, Apr 6 2026) detection

Fragmenting large server responses across multiple independent TCP connections each below the ≈15–20 KB threshold circumvents the freeze, but at severe cost: downloading a 50 MB file requires approximately 2,560 separate TCP connections, which is operationally suspicious and significantly degrades throughput.

2025-hyperion-cs-censor-has-new Notes defense

The freezing threshold is packet-count-based rather than strictly byte-based: the censor typically freezes after 25 packets have been sent in either direction (incoming or outgoing), which averages approximately 16 KB of payload. The limit applies to both TCP and UDP flows, and varies slightly by ISP.

2025-hyperion-cs-censor-has-new upd5 detection

The Russian DPI maintains two whitelists that exempt flows from the freeze: (1) a SNI-based whitelist covering select domains (visible in the TLS ClientHello), and (2) a CIDR-based whitelist of IP subnets for trusted destination servers. The SNI whitelist can be exploited by VLESS+Reality clients using an allowed SNI value as the apparent destination; the CIDR whitelist requires routing through an IP from a whitelisted prefix, making circumvention 'extremely difficult' without an intermediate node in a whitelisted subnet.

2025-hyperion-cs-censor-has-new upd3, upd4 detection

Russia's mobile operators (MTS, Beeline, MegaFon, Yota) deployed a TCP connection-freezing technique in mid-2025 that silently halts packet delivery after approximately 15–20 KB of server-to-client data within a single TCP connection, without sending RST packets, causing clients to stall until timeout. The trigger requires: (1) TLS 1.3 or TLS 1.2 over TCP, (2) destination IP located in a foreign datacenter ASN (e.g., Hetzner, DigitalOcean), and (3) cumulative in-connection payload exceeding the threshold.

2025-hyperion-cs-censor-has-new Problem description detection

Only SSH/SFTP and sometimes RDP are observed to pass through the Russian mobile network freeze without data-size limitations; raw TCP transfers without TLS and all common TLS-based proxy protocols (VLESS, Reality, Trojan, Shadowsocks) are subject to the 15–20 KB per-connection cap. This suggests the censor's DPI whitelist is protocol-specific and SSH's wire format is recognized as exempt.

2025-hyperion-cs-censor-has-new upd2 detection

DNS censorship leaks geographically: Russia's neighbors show materially elevated censorship rates despite low independent censorship of their own — Lithuania 21.73%, Norway 12.04%, Finland 12.03% — compared to Russia itself at 43.59%, consistent with DNS queries from those countries transiting Russian infrastructure and being hit by Russian DNS injection.

2025-lipphardt-1-800-censorship §4.1, Table 1 evaluation

Russian transit censorship propagates to ASNs outside Russia: ASN 216071 (Netherlands) shows 38 top-10k URLs with 59% confirmed blockpage rate, ASN 6939 (Sweden) shows 4 URLs at 75%, and ASN 3214 (Germany) shows 4 URLs at 75%, all attributable to peering with Russian ASNs known to employ transit censorship.

2025-lipphardt-1-800-censorship §4.2, Table 2 evaluation

Among the most commonly transit-censored popular URLs (top-10k rank, ≥90% confirmed blockpage rate from Russian transit ASNs, not blocked elsewhere in those countries), turbovpn.com appears alongside Russian opposition news and social-media pages, demonstrating that Russia's VPN-blocking lists propagate into foreign transit ASNs.

2025-lipphardt-1-800-censorship Table 5, §4.2 evaluation

Chrome and Firefox send GREASE ECH extensions in every ClientHello message, meaning a censor that blocks all ECH-containing ClientHellos would block all Chrome and Firefox TLS traffic. Cloudflare's static outer SNI "cloudflare-ech.com" in all its ECH configurations makes real ECH connections trivially distinguishable from GREASE ECH — censors can block real ECH connections to Cloudflare without triggering GREASE collateral damage. Cloudflare rejects ECH handshakes with omitted or invalidated outer SNI values; non-Cloudflare ECH deployments accept missing and invalid outer SNIs.

2025-niere-encrypted §2.1, §4.1, §6 detection

Russian TSPU devices directly block ECH by dropping ClientHello messages that contain both an ECH extension and the outer SNI hostname "cloudflare-ech.com" — the static outer SNI Cloudflare advertises in all its ECH configurations. Blocking affects both TLS and QUIC. ECH connections to servers with Cloudflare ECH support but outside Cloudflare's official IP ranges are NOT blocked. TCP segmentation alone or TLS record fragmentation alone did NOT bypass TSPU ECH blocking, but combining both techniques did circumvent it. TSPU has also added TCP reassembly capabilities that defeat previously effective fragmentation-only bypasses.

2025-niere-encrypted §5, Figure 5 detection

Active mid-connection bandwidth throttling (e.g., 100 Mbps → 50 Mbps) cleanly separates BBR from Hysteria and TCP-Brutal: BBR converges to the new rate within a few probing cycles, while Hysteria and Brutal interpret reduced bandwidth as increased packet loss and raise their sending rate further. This active probing technique resolves the BBR ambiguity that passive measurement alone cannot.

2025-wang-custom §4.4 detection

Cross-layer RTT discrepancy (RTTdiff) is a protocol-agnostic fingerprint that exploits an inherent architectural property of all proxy setups: transport-layer sessions terminate at the proxy while application-layer sessions remain end-to-end. Evaluation across 10 proxy protocols—including VMess, Shadowsocks, VLESS, Trojan, XTLS-Vision, and obfs4-wrapped SOCKS—shows near-identical detection rates for all except obfs4, confirming the fingerprint is not tied to any specific obfuscation scheme. At FPR=0.01, per-website detection rates exceed 70% across all tested client and proxy location combinations.

2025-xue-discriminative §I, §VI-C detection

WATER (WebAssembly Transport Executables at Runtime) defines a pluggable-transport architecture in which the transport logic is compiled to a WASM module that is loaded and executed at runtime by a thin Go host process. This separates the stable host ABI (dial, accept, read, write) from the rapidly-evolving transport logic, allowing new or updated transports to be delivered as small WASM binaries without recompiling or redeploying the host application.

2017-frolov-water-pluggable §2–3 defense

Snowflake has been deployed in Tor Browser and Orbot for several years and served as a significant circumvention tool during the Russia 2021 network disruptions and Iran 2022 protests. The paper documents a history of deployment and blocking attempts, providing empirical evidence that the ephemeral WebRTC proxy design has sustained availability under real censor pressure across multiple high-profile events.

2024-bocovich-snowflake §1, §6 deployment

Snowflake's blocking resistance rests on a large, constantly changing pool of volunteer WebRTC proxies implemented as lightweight JavaScript browser extensions or web pages. Because the proxy population is in constant churn and new addresses appear faster than censors can enumerate and block them, IP-list blocking is structurally ineffective. The system is designed so that when an in-use proxy goes offline, the client seamlessly migrates to another with no disruption to upper network layers.

2024-bocovich-snowflake §1, §2 defense

Majority-vote ML inference (OCSVM + IF) over OONI data uncovered at least 5 previously undocumented DNS injection IPs active in Russia (e.g., 195.19.90.226, 95.167.13.51, 61.95.167.13.50, 188.19.132.154, 144.85.142.29.248) absent from OONI's existing blocking-fingerprints database, along with novel fingerprints in Italy, Czech Republic, and the UK. Records with fewer than 50 instances were excluded as a conservative false-positive filter.

2024-calle-toward §4.3, Table 5 detection

Traditional circumvention tool development and deployment is slow because new strategies must be developed, integrated into each tool separately, and then distributed via platform app-stores. WATER's WASM module architecture specifically addresses this asymmetry: censors evolve blocking techniques quickly, while circumventors are bottlenecked by binary release cycles. The paper argues that dynamic WATM delivery breaks this bottleneck by decoupling transport updates from application releases.

2024-chi-just §1 defense

HTTP Request Smuggling—a web-security vulnerability that exploits CL/TE header parsing ambiguities between a front-end (censor) and back-end (web server)—can be systematically repurposed as a censorship circumvention technique. By hiding a censored Host in the body of a benign outer request, the censor parses only the uncensored outer request while the destination server processes both, successfully bypassing HTTP censorship in China (19 vectors), Iran (254 vectors), and Russia (all 2,015 vectors) from the evaluated vantage points.

2024-m-ller-turning §3 / §8 defense

Russia's censor (at the Moscow/ASN-50867 vantage point) inspects only the first HTTP packet of the first TCP segment per TCP stream and never analyzes subsequent HTTP requests—whether in the same TCP packet or a later one. This caused all 2,015 accepted test vectors to successfully evade censorship, and the bypass is achievable with standard-compliant HTTP (e.g., whitespace or case variations in header names, which HTTP/1.1 explicitly permits).

2024-m-ller-turning §5.2 / §5.3 detection

HTTP request smuggling (HRS) vectors that exploit CL/TE header parsing divergence between a censor-as-middlebox and a destination web server can circumvent HTTP censorship in China, Iran, and Russia. Of 4,488 test vectors derived from prior HRS research, 2,015 (44.9%) were accepted by at least one web server; CL*/TE vectors achieved a 99.0% web-server acceptance rate while TE/CL* vectors achieved 0%.

2024-niere-http-smuggling §3, §5.1, Table 1 defense

The Russian censor at the tested Moscow vantage point (ASN 50867, China Unicom-equivalent private ISP) inspects only the first HTTP packet of the first TCP segment in a TCP stream and never blocks a second HTTP request, whether coalesced in the same TCP packet or sent in a subsequent one. All 2,015 web-server-accepted test vectors evaded Russian censorship, including standard-compliant whitespace-injection vectors (e.g., 'Content-Length\x20: <len>\x20').

2024-niere-http-smuggling §5.2 (Russia paragraph) detection

TLS-Attacker implements more than 330 cipher suites, including uncommon GOST and SM cipher suites specified by the Russian and Chinese authorities, covering SSL 3.0 through TLS 1.3 as well as DTLS 1.0 and DTLS 1.2. This breadth lets researchers test whether authority-mandated or jurisdiction-specific cipher suite selections alter TLS fingerprint classification by censors in those countries.

2024-niere-tls-attacker §2 Development evaluation

The SQS rendezvous method was deployed in Snowflake v2.9.0 / Tor Browser 13.0.10 (February 2024) and as of 2024-06-22 had served over 14,808 client connections from over 20 countries including Iran, China, the United States, and Russia, while remaining within the AWS Free Tier limit of 1 million requests per month and incurring no monetary cost.

2024-pu-exploring §4 deployment

TSPU devices perform in-line packet manipulation — they can inject RST packets, drop traffic, and throttle connections — rather than routing traffic to an out-of-band sniffer that votes to block. The inline placement means TSPU can act on the first-packet payload and impose latency on all matching flows, not only on those selected by sampling. Blocking decisions are therefore applied with high recall at the ISP edge, and circumvention tools that rely on short observation windows (e.g. only obfuscating the first N bytes) are vulnerable to continued inline inspection of subsequent traffic.

2024-xue-tspu-russia §3–§4 detection

Russia's TSPU ("Средства противодействия угрозам") system is deployed inline at individual ISP edges rather than at centralized internet exchange points, producing substantial per-ISP heterogeneity: some providers apply layer-7 SNI/Host filtering while others rely primarily on IP-prefix blocklists, and QUIC/HTTP3 is blocked at several major providers. Rollout timing and enforcement depth vary measurably across autonomous systems, meaning a single "Russia passes/fails" test fixture systematically underestimates blocking coverage.

2024-xue-tspu-russia §4–§5 deployment

Protocol fingerprinting — including DPI-based identification of VPNs, circumvention tools, and E2EE messengers — was active in only 6% of countries during the measurement period (13% all-time), but all confirmed instances came from focused individual studies, not from mass measurement platforms like OONI or Censored Planet. The authors flag encrypted traffic analysis (ETA) tools and next-generation firewalls (NGFWs) capable of blocking Signal or Tor Browser as an emerging threat to freedom of expression.

2023-master-worldwide §4.3 detection

AS201776 (Miranda-Media Ltd) is responsible for the largest volume of Russian transit censorship by destination IP count, affecting approximately 16,000 IP addresses in Ukraine from US and Sydney vantage points. AS3216 (PJSC Vimpelcom) has the widest geographic reach—delivering blockpages for traffic destined to 8 countries—but impacts no more than 1,000 IP addresses per country from any single vantage point.

2023-ortwein-towards §5 Preliminary Results / Table 1 evaluation

The authors' blockpage-based methodology cannot detect transit censorship implemented via TCP RST injection or packet drops, because distinguishing these from transient network errors requires identifying their location on the routing path. As a result, the 8-country, 6-AS finding is explicitly characterized as a lower bound on the true extent of Russian transit censorship.

2023-ortwein-towards §4.1 Gathering Blockpages / §6 Conclusion evaluation

Scanning the IP address spaces of 18 countries surrounding Russia, the authors identify Russian transit censorship affecting at least 8 countries (Afghanistan, Azerbaijan, Kyrgyzstan, Kazakhstan, Lithuania, South Korea, Tajikistan, and Ukraine), attributable to at least 6 Russian ASes. Only 2 of these 8 countries (Kyrgyzstan and Kazakhstan) had been reported in prior work, and the collateral damage is characterized as a lower bound due to the study's blockpage-only methodology.

2023-ortwein-towards §5 Preliminary Results evaluation

The study's three vantage points (US university, AWS Sydney, AWS Tokyo) produce substantially different transit censorship observations: the US vantage point detects blockpages in all 8 affected countries, while Sydney and Tokyo detect transit censorship only in Kazakhstan and Ukraine. This variance is attributed to routing path differences across vantage points, confirming that transit censorship coverage is highly path-dependent.

2023-ortwein-towards §5 Preliminary Results evaluation

AS60299 (Mezhdugorodnyaya Mezhdunarodnaya Telefonnaya Stanciya Ltd) and AS201776 (Miranda-Media Ltd) deploy commercial DPI technology manufactured by Russian company VAS Experts to perform transit censorship. Ukraine is subject to transit censorship by the most Russian ASes (at least 5: AS3216, AS25227, AS35816, AS47203, AS201776), likely due to post-2022 re-routing of Ukrainian Internet traffic through Russian telecommunications infrastructure.

2023-ortwein-towards §5 Preliminary Results deployment

CERTainty identifies DNS manipulation by attempting a full TLS handshake with the IP returned by a remote resolver and inspecting whether the resulting certificate belongs to the legitimate origin or to an injected blockpage destination. This certificate-based ground truth substantially reduces false positives compared to prior DNS measurement systems that could not distinguish intentional manipulation from CDN geo-DNS or captive portals.

2023-ramesh-certainty Abstract / §1 evaluation

CERTainty measured DNS manipulation across thousands of resolvers in 102 countries, identifying state-level censorship in China, Iran, and Russia, among others. The breadth of coverage — both resolver count and country count — demonstrates that TLS certificate validation scales to Internet-wide vantage-point studies.

2023-ramesh-certainty Abstract / §5 evaluation

CERTainty demonstrates that state-level DNS censorship in China, Iran, and Russia operates through resolver-level injection: queries sent to in-country resolvers return IPs whose TLS certificates do not correspond to the queried domain, revealing blockpage or sinkhole destinations. This pattern is distinguishable from CDN or geographic DNS behavior precisely because blockpage servers cannot present a valid certificate for the censored hostname.

2023-ramesh-certainty Abstract / §5–6 evaluation

Following the invasion, Psiphon user counts and VPN usage in Russia increased many-fold and correlated with specific censorship events, while multiple access paths to Tor (direct connections, bridges, pluggable transports) were progressively blocked. Despite this surge, circumvention tools reached only a small fraction of all Russian Internet users, indicating that aggressive multi-vector blocking and lack of user awareness left most people unable to access censored resources.

2023-ramesh-network §6 evaluation

Of the Tranco top-10K domains, 286 (3.26%) returned geoblocking signatures for all Russian vantage points in May 2022, with CDN-mediated blocking dominant: 87 domains via Cloudflare and 57 via Akamai. DNS-level geoblocking alone affected 68 domains, and 29 domains implemented both DNS and TCP geoblocking simultaneously, rendering public-resolver circumvention of DNS blocks ineffective for those targets.

2023-ramesh-network §5.1 evaluation

On March 28, 2022, Russian ISP RTComm (AS8342) hijacked Twitter's IPv4 prefix 104.244.42.0/24 for approximately 45 minutes (12:05–12:50 UTC) and announced it to the global Internet as a blocking measure. The hijack was blunted because Twitter had preemptively registered RPKI route origin authorizations (ROAs) for its prefixes, causing RPKI-validating ASes worldwide to reject the hijacked route.

2023-ramesh-network §4.3 detection

OONI data shows anomaly rates in Russia's top five ASes (including Rostelecom AS12389, Vimpelcom AS8402) rose from roughly 7–11% in January and early February 2022 to 12–21% in mid-March 2022, with social-media and news domains such as Facebook, Twitter, Instagram, and BBC going from available to near-completely blocked after the invasion.

2023-ramesh-network §4.1 evaluation

136 Russian government domains (25.09% of 542 accessible ones) blocked access to all tested countries outside Russia, and a further 112 (20.66%) were accessible only from Russian and Kazakhstani vantage points. Geoblocking was implemented via heterogeneous, uncoordinated mechanisms—DNS timeouts, TCP timeouts, HTTP 403 Forbidden responses, and explicit blockpages—across different domains, indicating an ad hoc emergency response with no central policy.

2023-ramesh-network §4.2 deployment

DNS manipulation is widespread across China (305 domains via local resolvers, 300 via public resolvers) and Russia (251 local, 205 public), but simply switching to a public DNS resolver already evades local-resolver-only filtering for many domains, reducing apparent censorship at the public-resolver layer. On-path filtering systems that poison queries to public resolvers represent a harder threat class requiring encrypted DNS.

2022-hoang-measuring §4.1, Table 2 evaluation

Using DoH plus ESNI, DNEye successfully unblocked 130/230 (56%) of DNS-filtered domains in China and 53/56 (95%) in Russia, but 0/49 (0%) in Iran. The primary failure mode in China (84 domains) and Iran (47 domains) was SNI-based filtering at the TLS layer for domains that do not support ESNI, which remains visible in the ClientHello.

2022-hoang-measuring §4.3, Table 3 evaluation

Only 1.5–2.25% of domains from TLD zone files have a valid ESNI key, with 15.4K of the top 100K and 143.3K of the top 1M popular domains supporting ESNI. All ESNI-supported domains are hosted by Cloudflare, making ESNI-enabled connections trivially distinguishable from the vast majority of TLS traffic and a low-collateral-damage blocking target for censors.

2022-hoang-measuring §4.2 evaluation

China's GFW blocks all ESNI traffic via RST packet injection following a TLS ClientHello with an encrypted SNI field, confirmed since July 2020. Russia blocks ESNI in a decentralized, ISP-level fashion across at least three identified ASes (AS28890, AS52207, AS41754), each injecting RST packets independently.

2022-hoang-measuring §4.2 detection

Internet-wide IPv4 scanning found 386,187 IP addresses yielding amplification factors ≥ 100× via TCP middlebox reflection, with 82.9% of responses from the top 1 million IPs confirmed as originating from on-path middleboxes rather than endpoints. Nation-state censorship infrastructure dominates: China's GFW alone accounts for approximately 154 million responding IP addresses sharing a 3× RST+ACK (54 bytes each) fingerprint.

2021-bock-weaponizing §5.3, §5.5, Table 4 evaluation

Nation-state censors produce characteristic TCP response fingerprints: China's GFW sends 3× RST+ACK (54 bytes each) from ~170 million IPs; Iran's infrastructure sends 402–405-byte FIN+PSH+ACK plus 54-byte RST+PSH+ACK from 8.6 million IPs (75.7% of responsive Iranian addresses); Saudi Arabia sends a 97-byte PSH+ACK plus 2× 1,354-byte PSH+ACKs at 18.9× amplification from 400,000+ IPs. Most nation-state censors produce less than 4× amplification due to compact block pages.

2021-bock-weaponizing §5.5, Table 4 detection

Routing loops within censoring infrastructure create effectively infinite TCP amplification: 53,041 of the top 1 million responding IP addresses showed routing loop behavior spanning 2,763 /24 prefixes. Two Russian ISP censorship systems with infinite routing loops continuously sent amplified traffic for approximately 6 days after a single 2-packet trigger sequence, and 6 GFW IP addresses in China sent data indefinitely.

2021-bock-weaponizing §5.6, §6 evaluation

Domain fronting is undermined when CDN front-ends are located within the censor's jurisdiction because the censor can coerce the CDN provider to disable domain fronting on those front-ends. Russia coerced Google, Amazon, and Microsoft to halt Telegram's use of domain fronting; the paper's measurements confirm that CDN front-ends for popular services (YouTube, Facebook, Instagram) are hosted within all five tested countries.

2021-gosain-too §5.2 evaluation

Protozoa's encoded media tunneling achieves an AUC of 0.59 against a state-of-the-art ML traffic classifier using packet-size and inter-arrival-time features—near the 0.5 random-guessing baseline—compared to >99% detection rates for prior tools such as Facet and DeltaShaper. To block 80% of Protozoa flows (TPR=0.8), a censor would erroneously flag approximately 60% of legitimate WebRTC flows (FPR=0.6). This resistance holds across trace durations from 10–60 seconds (AUC range 0.56–0.61) and across RTT, bandwidth, and packet-loss variations.

2020-barradas-poking §6.2, Table 1, Figure 8 evaluation

Protozoa successfully bypassed censorship in China, Russia, and India using whereby.com as a carrier. Despite several WebRTC services being blocked in China (appr.tc, discordapp.com, hangouts.google.com, messenger.com), at least seven alternatives remained reachable (aws.amazon.com/chime, coderpad.io, gotomeeting.com, slack.com, whereby.com, and others), ensuring carrier availability. Covert sessions over the alternative services coderpad.io and appr.tc achieved AUCs of 0.58 and 0.60, respectively, and average throughput of 1388–1420 Kbps.

2020-barradas-poking §7.2, Table 3 evaluation

Protozoa uses the economic and social indispensability of popular WebRTC conferencing services as a censorship deterrent: blocking all WebRTC traffic imposes prohibitive collateral damage on legitimate commerce and communication. This 'parasitism' strategy means the circumvention tool inherits the blocking immunity of the carrier without requiring any protocol mimicry at the network level. Protozoa requires only one reachable WebRTC service to function, and Table 3 confirms at least five services remained unblocked in China during testing.

2020-barradas-poking §3, §7.2 defense

Anonymization and circumvention tools (VPNs, Tor, etc.) are among the three most commonly blocked content categories across all commercial filters surveyed, alongside pornography and gambling. This holds across diverse products including Fortinet, Cisco, and government-deployed firewalls in Iran, Saudi Arabia, and Bahrain.

2020-raman-measuring §V-A-1, Fig. 7 evaluation

FilterMap identified 90 blockpage clusters from 90 vendors and actors across 103 countries using 374 million measurements from ~45,000 vantage points against 18,736 sensitive domains; 87 of these signatures were previously unknown. Commercial filters were detected in 36 out of 48 countries rated 'Not Free' or 'Partly Free' by Freedom House, with Fortinet alone present in at least 60 countries.

2020-raman-measuring §V deployment

Russia operates the most fragmented ISP-level filtering infrastructure in the dataset: FilterMap detected 41 distinct ISPs deploying blockpage-injecting filters, and 38 out of 49 filter clusters identified by Quack were deployed in Russian ISPs. All 41 Russian blockpages explicitly cited Federal Law as the reason for blocking.

2020-raman-measuring §V-A-3 deployment

Of 44,797 CDN-served domains on the April 2019 Roskomnadzor blocklist, 99.6% (44,615) were hosted on Cloudflare—attributable to Cloudflare's free tier with minimal vetting enabling rapid mirror-domain creation by blocked operators; the blocklist also contained 1,769 responsive circumvention-related domains, confirming that circumvention infrastructure is an active and documented blocklist target.

2020-ramesh-decentralized §V-B, Table III–IV deployment

Seven years of Roskomnadzor blocklist history (Nov 2012–April 2019) show the list grew to 132,798 unique domains and 324,695 unique IPs, with a dramatic spike in 2018 when Russia blocked Telegram by adding subnets covering approximately 16 million IP addresses—producing major collateral damage to co-hosted Google and Amazon services and illustrating that subnet-level blocking is the blunt instrument of last resort for CDN-hosted targets.

2020-ramesh-decentralized §VI-A, §II-B evaluation

Data center VPSes predominantly experienced TCP connection timeouts and resets—with the highest-blocking VPS censoring 96.8% of tested domains—while residential ISPs were substantially more likely to inject explicit blockpages citing Roskomnadzor's registry, confirming that blocking mechanism varies significantly by network tier even when blocking rates are similar.

2020-ramesh-decentralized §VI-B evaluation

Despite Russia's decentralized ISP ecosystem, 9 of 14 residential probes observed more than 90% of 98,098 tested blocklist domains blocked, and all 14 probes observed at least 49% blocked—demonstrating that coordinated nationwide censorship without centralized choke-points is achievable through legal mandates and commodity equipment alone.

2020-ramesh-decentralized §VI-B evaluation

Quack (which probes censorship on port 7/echo servers) detected substantially less blocking than Satellite (DNS-based): approximately 50% of Quack vantage points observed no blocking and ~90% observed only minor blocking, whereas Satellite observed major interference at most vantage points; the authors attribute this gap to Russian ISPs applying filtering predominantly on ports 80 and 443, leaving non-standard ports largely unfiltered.

2020-ramesh-decentralized §VI-B-3 evaluation

Frolov and Wustrow show that every major TLS-based circumvention tool (Tor Browser, Lantern, OpenVPN, Psiphon, etc.) produces a TLS ClientHello fingerprint that is statistically distinguishable from real Chrome or Firefox: differences include cipher-suite ordering, extension set, extension ordering, ALPN values, and curve preferences. A passive observer with a classifier over ClientHello fields can identify the tool with high precision without decrypting any traffic.

2015-frolov-the-use-of-tls §3–4 detection

Beyond the ClientHello, circumvention tools diverge from real browsers in TLS record-layer behavior: Go's crypto/tls splits the first application-data write differently than NSS or BoringSSL, and Go does not send a TLS ChangeCipherSpec in the same byte sequence as Chrome. These post-handshake divergences are detectable even when the ClientHello has been patched with uTLS, requiring record-layer mimicry in addition to hello-field mimicry for full fingerprint resistance.

2015-frolov-the-use-of-tls §4.3 detection

The paper introduces the uTLS library, which allows a Go TLS client to impersonate a specific browser's TLS fingerprint by replaying a recorded ClientHello template (including exact cipher suites, extensions, and GREASE bytes) rather than constructing one from Go's crypto/tls. Using a Chrome 70 uTLS template reduces fingerprint-distinctiveness to near zero against a passive classifier trained on real Chrome traffic.

2015-frolov-the-use-of-tls §5 defense

32 of 108 identified censoring ASes leak their censorship policies to other ASes, and 18 leak to other countries. Sweden's AS1299 leaked censorship to 9 countries including the United States, Ukraine, and Singapore; China's AS4812 leaked to 5 countries. Censorship leakage occurs when a transit AS implements filtering that affects traffic for users outside the censor's jurisdiction.

2017-cho-churn §3.3, §4, Table 3 evaluation

Censors in Russia, Iran, and India implement all three measured censorship techniques simultaneously: block pages, RST injection, and TTL anomalies. Iran and Cyprus censoring ASes censor content across many URL categories (including General News, Internet Services, Pornography, Gambling), while most other censoring ASes restrict only a few category types.

2017-cho-churn §4, Table 2 detection

The 30 key ASes computed from globally popular sites also intercept over 90% of paths to country-specific popular sites in nine censorious nations (China, Venezuela, Russia, Syria, Bahrain, Pakistan, Saudi Arabia, Egypt, Iran), covering 93.3% of paths to the top-50 country-specific sites. The same key AS set remained stable across repeated experiments conducted four months apart, suggesting durability over time.

2017-gosain-devil-s §6.1–6.2, Figure 8 evaluation

Never-once avoidance succeeds for 75% of source-destination pairs that do not already terminate in the US (a highly routing-central country) at δ=0.5, and for nearly all pairs avoiding less central countries. Russia is the hardest case at ~35% success (δ=0.5) due to proximity to the dense European node cluster. The median successful source-destination pair has over 1,000 valid DeTor circuits when avoiding the US and 500 when avoiding China.

2017-li-detor §6.2.1, §6.2.4 evaluation

Naive interference measurement systematically misclassifies CDN geographic routing as blocking (and vice versa): when China or Russia resolves twitter.com to a non-US IP, a naive detector must decide whether that is a CDN point of presence or interference. Joint iterative analysis of DomainSimilarity and IPTrust scores is required to separate authentic CDN footprints from block-page redirections.

2016-scott-satellite §1, §2.4, §2.4.1 detection

Domain fronting exploits the fact that major CDN providers (Google, Amazon CloudFront, Akamai, Microsoft Azure) terminate TLS at the edge before inspecting the Host header, so the SNI visible to a censor names a permitted CDN domain (e.g., www.google.com) while the inner HTTP Host header routes the request to a blocked destination. Blocking the fronted service requires blocking the entire CDN, creating collateral damage that most censors are unwilling to accept for major providers.

2015-fifield-blocking-resistant §2 defense

The paper formally characterizes the censor's visibility gap: the SNI field in the TLS ClientHello and the HTTP Host header inside the tunnel are the two places that reveal destination, and CDNs that terminate TLS before forwarding HTTP requests prevent censors from correlating them. Any censor capable of correlating SNI to inner-Host (e.g., through CDN cooperation or plaintext HTTP/2 framing) can defeat domain fronting without CDN blocking.

2015-fifield-blocking-resistant §3 detection

Monitoring Twitter, YouTube, Tor, and Google Public DNS across 10 Atlas probes spanning 9 ASNs cost 19,200 credits per day (under 1 probe-day equivalent), and Atlas's external queuing allowed measurement scheduling to begin within hours of reported blocks. The platform documented 6 distinct shifts in Turkey's filtering strategy and identified private-sector cooperation in Russia that would have been missed by platforms limited to DNS and HTTP measurements.

2014-anderson-global §3.2, Table 3 evaluation

Rostelecom (AS12389) performed network-layer redirection of blacklisted traffic rather than DPI-based filtering: 40 of 343 Russian probes returned SSL certificates attributed to Russian ISPs (State Institute of Information Technologies, Rostelecom, Electron Telecom Network). The interference affected all protocols and ports holistically across Rostelecom's downstream peers, consistent with BGP-level false advertisements or forwarding rules rather than application-layer classification.

2014-anderson-global §4.2 detection

LiveJournal cooperated with Russian authorities (Roskomnadzor) to segregate censored content by altering DNS A records for blacklisted blogs to a special host (208.93.0.190) that came online between February 10–17, 2014. Only 5 of 1,462 LiveJournal subdomains in Alexa's Top 1 million resolved to this address, all of which had been publicly declared in violation of Russian media law.

2014-anderson-global §4.2 detection

In four of five incidents (all except Syria), spam accounts were registered in temporally clustered blocks while legitimate accounts were not; in Russia and Mexico, multiple distinct registration bursts were observed. Across all five incidents, spam account usernames were automatically generated, with China'12 and Mexico accounts following a {name}{name}{number} pattern padded to exactly 15 characters (Twitter's maximum), making algorithmic reverse-engineering feasible.

2013-verkamp-five §4.1, Table 6, Figure 4 detection

In the Russia and Mexico incidents, spam tweets showed statistically significant spikes at fixed sub-hour intervals (5 and 15 minutes past the hour respectively), consistent with cron-job automation. Despite this automation, both campaigns deliberately mimicked human diurnal activity patterns — spam volume peaked at the same hours as legitimate traffic — to evade time-based anomaly detection.

2013-verkamp-five §3.2, Figures 2–3 detection

Default-profile usage was significantly elevated among spam accounts in China'11 (89.4% spam vs 51.2% non-spam), Russia (57.8% vs 34.7%), and China'12 (95.1% vs 47.8%); however, Mexico inverted this trend with only 1.7% of spam accounts using default profiles vs 27.0% of non-spam accounts, indicating that newer campaigns actively customize profiles to evade appearance-based detection.

2013-verkamp-five §4.2, Table 7 detection

Across five political spam incidents, spam constituted 62–73% of all tweets in the Russia, China'12, and Mexico incidents, while Syria had only 6% spam. In the China'12 incident, 1,700 spam accounts (14% of all accounts) generated 600,000 spam tweets (73% of total), with 10 individual accounts each producing over 5,000 tweets before shutdown; in Mexico, 50 accounts sustained 1,000 spam tweets per day throughout the incident.

2013-verkamp-five §2, Table 2 evaluation

Twitter's existing automated spam-filtering mechanisms caught only approximately 50% of politically motivated spam in the Russian parliamentary election incident, as reported by Thomas et al. (2012) and noted as the baseline for this study. Spammer behavior varied sufficiently across incidents (targeting strategy, URL usage, mention patterns, default-profile adoption) that supervised machine-learning classifiers trained on one incident are unlikely to generalize to others.

2013-verkamp-five §1, §5 evaluation

56% of logins tied to legitimate users discussing the Russian election originated from Russia, compared to only 1% of logins for the 25,860 spam accounts, with Japan accounting for 14% of spam logins. 39% of IP addresses used by the attackers appeared in the CBL blacklist for email spam and malware distribution, compared to 21% of IPs tied to legitimate users, confirming that the attack infrastructure was shared with conventional spam/malware operations.

2012-thomas-adapting §4.3 detection

Twitter's relevance-ranked search returned 53% fewer bot-generated tweets compared to real-time chronological search across 1.1 million queries during the attack; restricting analysis to the top 5 most-recently returned relevance results reduced spam by 64% versus real-time. Relevance ranking incorporates social-graph overlap and content popularity signals to demote mass-produced low-engagement content.

2012-thomas-adapting §5 evaluation

The attack demonstrates that spam-as-a-service markets built for commercial spam (fake reviews, URL advertising) were directly repurposed for political censorship without modification, using the same compromised-host pools (39% blacklisted IPs) and bulk account infrastructure. This convergence means technical defenses against commercial spam infrastructure simultaneously constrain politically-motivated censorship operations by actors who lack direct Internet-access control.

2012-thomas-adapting §6 policy

Researchers identified four distinct account-registration patterns using regular expressions on mail.ru email addresses and screenname naming conventions; these patterns flagged 975,283 spam accounts with only 4% false positives on manual validation of 150 accounts. The 25,860 accounts deployed in the attack represent just 3% of the flagged pool, indicating a centralized spam-as-a-service vendor provisioned accounts in bulk and sold access.

2012-thomas-adapting §4.2 evaluation

An unknown attacker leveraged 25,860 fraudulent Twitter accounts to send 440,793 tweets targeting 20 election-related hashtags, peaking at 1,846 tweets per minute, in an attempt to dilute political conversations following Russia's December 2011 parliamentary election. The accounts were drawn from a pool of approximately 975,283 fraudulent accounts identified by the researchers, 80% of which remained dormant with zero friends, followers, or tweets.

2012-thomas-adapting §1, §4.1 detection

Across 11 countries, censorship execution falls into at least six distinct categories: DNS redirect to localhost (Malaysia, Russia, Turkey), DNS redirect with warning page (South Korea), connection timeout with no notification (Bangladesh, India), spoofed TCP RST injection (China), spoofed HTTP 403 with warning page (Bahrain, Iran), HTTP 302 redirect (South Korea, Thailand), and spoofed HTTP 200 iframe response (Saudi Arabia). Four countries censor at DNS and eight at routers, with South Korea employing both layers simultaneously.

2012-verkamp-inferring Table 3 evaluation

Russia's high AS complexity (score 19.39, 2,346 ASes) enabled the Russian Business Network to hide malware-hosting ASes by chaining traffic through multiple intermediate legitimate-seeming ASes, making connections very difficult to trace and sever. The paper concludes that higher national AS complexity directly raises the operational cost of enumerating and cutting any given connection.

2011-roberts-mapping §IV, §VI defense

Eastern Asia averages 4.80 points of control and a complexity score of 1.54 across 510 million IP addresses, while Eastern Europe averages 19.10 PoC and a complexity score of 11.35 across 74 million IPs — nearly twice the complexity of any other region. Russia specifically has 2,346 autonomous systems and a complexity score of 19.39, versus China's 177 ASes and score of 0.11.

2011-roberts-mapping §II, Table II, Table III evaluation