2016-scott-satellite
findings extracted from this paper
-
Naive interference measurement systematically misclassifies CDN geographic routing as blocking (and vice versa): when China or Russia resolves twitter.com to a non-US IP, a naive detector must decide whether that is a CDN point of presence or interference. Joint iterative analysis of DomainSimilarity and IPTrust scores is required to separate authentic CDN footprints from block-page redirections.
-
The top 10 CDNs collectively host nearly 20% of the Alexa top 10,000 domains (1,967 domains); CloudFlare alone accounts for ~10% of those sites (726 domains) and operates across 75 ASes with 107,008 IP addresses. CDN-hosted domains receive disproportionate interference relative to their 20% share, suggesting censors target popular shared-infrastructure sites as a high-leverage blocking strategy.
-
Censors can evade external DNS measurement systems like Satellite by injecting spoofed DNS responses only for resolvers located within the censored country, returning correct answers to external probes. This targeted injection would be 'much less visible to Satellite' while remaining fully effective against in-country users; the paper flags this as a fundamental limitation of single-vantage external measurement.
-
Satellite detected a spike in anomalous DNS resolutions across Iranian ISPs in the second half of 2015, correlating with Iranian authorities' public statements about beginning a 'second phase of filtering,' followed by additional newly inaccessible domains in the lead-up to the February 2016 elections — demonstrating longitudinal DNS measurement can detect and time censor policy escalations.
-
Satellite's single-node measurement methodology, probing 1/10th of 12 million discovered open DNS resolvers across 20,000 ASes and 169 countries, detected 4,819 instances of ISP-level DNS hijacking across 117 countries while measuring 10,000 domains with weekly precision from a single external vantage point.