Conjure's initial registration step requires the client to connect to an overt website hosted outside the censor's jurisdiction before deriving the unused IP address for actual decoy routing, but CDN traffic localization means this bootstrap connection frequently terminates at a local front-end and never crosses the border. The paper finds that for India's Alexa top-100 sites, only 23 websites had any parallel (leaf) HTTP connections terminating outside the country, with a median of just 3 such external leaf connections per site.

Anycast CDN architecture dominates popular web content delivery: in the US, 59% of Alexa top-1k websites use anycast CDNs vs. 19% DNS-based; in Saudi Arabia, 57% use anycast CDNs. IP geolocation databases such as Maxmind are severely inaccurate for anycast infrastructure — reporting only <15% of Saudi Alexa websites as in-country vs. 90% measured by RTT-based multilateration — causing prior research to incorrectly attribute "nation-state hegemony" over developing-country Internet traffic.

§4.4, §6.3, Table 1 evaluation

CacheBrowser and CDNReaper require clients to contact foreign CDN front-end IPs directly, but this only works for DNS-based CDNs; anycast CDNs use the same IP globally, so bypassing local DNS still routes the client to a local front-end. Only approximately 11% of Alexa top-1k websites use DNS-based CDNs across the five tested countries, and for potentially blocked sites (Citizen Lab lists), CacheBrowser can access only ~18% of 2,769 blocked URLs in Brazil.

§5.2, Table 1, Fig. 14 evaluation

CDN infrastructure causes 61%–92% of country-specific Alexa top-1k websites to be hosted within the client's own country across India, Iran, Saudi Arabia, Brazil, and the US, as measured by the authors' R-CBG multilateration technique achieving >89% accuracy. This traffic localization means web requests to popular sites rarely cross national borders, undermining the foundational assumption of decoy routing, domain fronting, CacheBrowser, and CovertCast.

§4.2, §5.2 evaluation

Domain fronting is undermined when CDN front-ends are located within the censor's jurisdiction because the censor can coerce the CDN provider to disable domain fronting on those front-ends. Russia coerced Google, Amazon, and Microsoft to halt Telegram's use of domain fronting; the paper's measurements confirm that CDN front-ends for popular services (YouTube, Facebook, Instagram) are hosted within all five tested countries.

§5.2 evaluation

'Resource Inaccessible' was the most frequently reported issue (61% of 119 submitted reports) during a month of naturalistic Tor Browser browsing, followed by CAPTCHAs (18%), Broken Content (17%), Other Issues (13%), and Timeouts (5%). These categories document the operational failure modes that degrade everyday Tor Browser usability beyond protocol-level censorship.

2026-micallef-reportor-facilitating-user §6.1, Figure 3 ip-blockingmeasurement-platform

The privacy properties of Tor Browser structurally preclude automated telemetry collection, creating a persistent blind spot for diagnosing user experience failures at scale. ReporTor demonstrates that anonymous voluntary in-situ reporting — transmitted over the Tor network and stored in a password-protected onion-service database — can substitute for telemetry: 119 reports over one month from five expert users sufficed to reproduce approximately half of reported issues exactly and identify root causes for most of the remainder.

2026-micallef-reportor-facilitating-user §1, §7.1 measurement-platform

The largest single source of censored domains in the GNL is MESA lab's SNI monitoring dataset (E21-SNI-Top200w.txt) containing 57,362 censored domains, and E21-SNI-Top120W-20221020.txt with 36,467 domains—totaling over 93K domains from network tap data alone for a single country (E21 = Ethiopia per InterSecLab attribution). A separate Xinjiang dataset (XJ-CUCC-SNI-Top200w.txt) contains 13,604 domains. These datasets "do not seem to come from popular domain lists, and instead appear to be gathered from network taps," confirming that Geedge builds censorship target lists directly from passive traffic observation.

2026-sheffey-geedge §4.2, Table 3 dpisni-blockingmeasurement-platform

Of 6,915,266 domains extracted from the 572 GiB Geedge Networks Leak (GNL), 298,955 censored domains (93.7% of all GNL-censored domains) appear in neither Tranco top-1M nor CitizenLab test lists. Measurements across China (Guangzhou/Nanjing), Myanmar, Pakistan, and Algeria confirmed censorship via DNS injection and SNI-based TLS connection termination. The GNL covers 25–62% of Tranco-censored domains across countries, showing substantial but incomplete overlap. This vendor-side ground truth reveals a censorship surface roughly two orders of magnitude larger than curated academic test lists.

2026-sheffey-geedge §4.1, Table 2 dpisni-blockingdns-poisoningmeasurement-platform

CensorAlert aggregates censorship signals from heterogeneous open sources — including OONI, Cloudflare Radar, NetBlocks, GitHub Issues of circumvention tools (Hysteria, Xray), Net4People BBS, NTC Party forum, Mastodon, X, Telegram channels, and arXiv — normalizing each item into a common schema preserving timestamp, source, raw data, and provenance with a link to the original content.

2026-zohaib-extended §2 (Data Sources) measurement-platform

Systematic measurement platforms (OONI, Censored Planet, Cloudflare Radar, NetBlocks) have inherent blind spots due to geographic coverage and protocol-specific test constraints; critical censorship discoveries — including GFW fully-encrypted protocol blocking and regional Chinese censorship — were first surfaced by user reports on forums and GitHub issue pages of circumvention tools, not by automated measurement infrastructure.

2026-zohaib-extended §1 measurement-platformfully-encrypted-detect