measurement-platform   Censorship measurement platform

'Resource Inaccessible' was the most frequently reported issue (61% of 119 submitted reports) during a month of naturalistic Tor Browser browsing, followed by CAPTCHAs (18%), Broken Content (17%), Other Issues (13%), and Timeouts (5%). These categories document the operational failure modes that degrade everyday Tor Browser usability beyond protocol-level censorship.

2026-micallef-reportor-facilitating-user §6.1, Figure 3 evaluation

The privacy properties of Tor Browser structurally preclude automated telemetry collection, creating a persistent blind spot for diagnosing user experience failures at scale. ReporTor demonstrates that anonymous voluntary in-situ reporting — transmitted over the Tor network and stored in a password-protected onion-service database — can substitute for telemetry: 119 reports over one month from five expert users sufficed to reproduce approximately half of reported issues exactly and identify root causes for most of the remainder.

2026-micallef-reportor-facilitating-user §1, §7.1 evaluation

A compiled blocklist dataset documents 43,083 apex domains blocked via DNS filtering across 6 Indian ISPs, representing one of the largest systematic inventories of Indian DNS censorship scope published to date.

2026-qurbat-list-domains-blocked compiled_blocklist.csv (main dataset) evaluation

The dataset incorporates Tranco popularity rankings for blocked domains (derived from the 'Poisoned Wells' research), enabling measurement of how DNS blocking in India intersects with high-traffic websites rather than being confined to obscure domains.

2026-qurbat-list-domains-blocked Abstract (Tranco ranking annotation) evaluation

The blocklist spans 6 distinct Indian ISPs, enabling cross-ISP consistency analysis; the multi-ISP scope reflects that DNS-based blocking in India is implemented heterogeneously at the ISP level rather than via a single national chokepoint.

2026-qurbat-list-domains-blocked Abstract / dataset metadata evaluation

The largest single source of censored domains in the GNL is MESA lab's SNI monitoring dataset (E21-SNI-Top200w.txt) containing 57,362 censored domains, and E21-SNI-Top120W-20221020.txt with 36,467 domains—totaling over 93K domains from network tap data alone for a single country (E21 = Ethiopia per InterSecLab attribution). A separate Xinjiang dataset (XJ-CUCC-SNI-Top200w.txt) contains 13,604 domains. These datasets "do not seem to come from popular domain lists, and instead appear to be gathered from network taps," confirming that Geedge builds censorship target lists directly from passive traffic observation.

2026-sheffey-geedge §4.2, Table 3 detection

Of 6,915,266 domains extracted from the 572 GiB Geedge Networks Leak (GNL), 298,955 censored domains (93.7% of all GNL-censored domains) appear in neither Tranco top-1M nor CitizenLab test lists. Measurements across China (Guangzhou/Nanjing), Myanmar, Pakistan, and Algeria confirmed censorship via DNS injection and SNI-based TLS connection termination. The GNL covers 25–62% of Tranco-censored domains across countries, showing substantial but incomplete overlap. This vendor-side ground truth reveals a censorship surface roughly two orders of magnitude larger than curated academic test lists.

2026-sheffey-geedge §4.1, Table 2 detection

IODA Active Probing shows Iran's global Internet connectivity dropped to approximately 3% on February 28, 2026, and had not recovered as of the report date (59+ days). This matches the near-3% floor seen during the January 2026 protests shutdown, establishing a repeatable operational baseline for the regime's tiered blocking posture.

2026-wkrp-internet-pro-tiered IODA Data: The Discrepancy in the Signals evaluation

IODA telescope and Google Product signals, corroborated by Cloudflare Radar and Kentik traffic data, show selective whitelist restoration: Google Search and Images are accessible via the NIN while Google Maps is not, and IranCell (AS44244) shows a slight diurnal Telescope traffic increase consistent with 'Internet Pro' access—demonstrating that selective per-service and per-ASN whitelisting is operationally active.

2026-wkrp-internet-pro-tiered IODA Data: The Discrepancy in the Signals deployment

During the June 2025 Israel-Iran war, IODA observed that BGP routing announcements remained largely intact while Active Probing and Telescope signals showed a near-total Internet blackout—a 'stealth blackout' technique that hides shutdown actions behind maintained routing infrastructure. This pattern was replicated in the February 28, 2026 shutdown, where Active Probing dropped to ~3% while BGP remained stable.

2026-wkrp-internet-pro-tiered The New Normal in Comparative Perspective detection

CensorAlert aggregates censorship signals from heterogeneous open sources — including OONI, Cloudflare Radar, NetBlocks, GitHub Issues of circumvention tools (Hysteria, Xray), Net4People BBS, NTC Party forum, Mastodon, X, Telegram channels, and arXiv — normalizing each item into a common schema preserving timestamp, source, raw data, and provenance with a link to the original content.

2026-zohaib-extended §2 (Data Sources) deployment

Systematic measurement platforms (OONI, Censored Planet, Cloudflare Radar, NetBlocks) have inherent blind spots due to geographic coverage and protocol-specific test constraints; critical censorship discoveries — including GFW fully-encrypted protocol blocking and regional Chinese censorship — were first surfaced by user reports on forums and GitHub issue pages of circumvention tools, not by automated measurement infrastructure.

2026-zohaib-extended §1 evaluation

CensorAlert generates text embeddings (OpenAI text-embedding-3-small) from each item's summary, title, and tags to cluster semantically similar reports within configurable time windows; near-duplicates such as reposts, copied headlines, and translations are collapsed into a single canonical post that preserves all original source URLs and metadata.

2026-zohaib-extended §2 (AI-based Scoring) deployment

CensorAlert's LLM agent scores each ingested item 0–5 on five independent dimensions — credibility, novelty, impact, timeliness, and verifiability — then computes a normalized significance score (0–10) from these components; items are processed every two hours using OpenAI GPT-5 Thinking (hosted on Azure) constrained to return structured JSON output.

2026-zohaib-extended §2 (AI-based Scoring) deployment

The Ahmia search engine provided the most onion addresses (18,069 in a single day, ranging 18,000–22,000 week-to-week), outperforming five other sources combined (36,028 total across six engines). However, Ahmia's intentional exclusion blacklist contains 46,000+ hashed addresses, and crawling onion services for 20 days yielded 48,745 unique v3 addresses, 11,809 of which were on Ahmia's blacklist — meaning any index-based collection systematically misses a significant share of the onion ecosystem by design.

2025-h-ller-evaluating §4.1, §4.3 evaluation

Combining six onion search engines/repositories plus clearnet search engines, Tor2web-style DNS leakage, and 20 days of self-run crawling (2.9 million pages), the authors assembled 482,614 unique v3 onion addresses — the largest known collection. Verifying against HSDir blinded public keys showed the collected addresses accounted for 25% of observed blinded keys but were responsible for 66% of all successful service descriptor downloads, confirming a heavy-tailed usage distribution.

2025-h-ller-evaluating §4, §5 evaluation

152 of 5,478 crawled domains (approximately 2.8%) deployed active bot-detection measures—captcha delivery or perimeter protection—that blocked automated OpenWPM crawling entirely. The authors note this disproportionately excludes untrustworthy sites, biasing the training dataset toward well-resourced trustworthy outlets and limiting recall on the untrustworthy class.

2025-sivan-sevilla-probing §4 Limitations evaluation

Scanning 0.91B unique SANs extracted from 3.7B certificates across 17 CT logs revealed 3,330 unique .onion addresses configured by 26,937 domains. After six months, only 2,101 onions (63%) remained reachable, of which 1,505 (72%) had matching clearnet index pages, constituting the effectively enumerable target set for a targeted OLF adversary.

2025-syverson-onion-location-measurements-fingerprinting §4.1 evaluation

Wrana et al. systematically assess how well existing surveillance and censorship mechanisms can target users of Future Internet Architectures (FIAs) — including NDN, SCION, XIA, and MobilityFirst — finding that DPI and flow-correlation techniques from the current internet map onto FIA traffic with moderate adaptation. The paper identifies that FIA naming/addressing schemes introduce new censorship attack surfaces (e.g., content-name-based filtering in NDN) not present in IP-based architectures.

2025-wrana-sok-surveillance §4, §5 evaluation

The paper proposes a black-box methodology for detecting censorship bias in LLMs by comparing responses to identical prompts in Simplified vs. Traditional Chinese — scripts for the same spoken language — controlling for translation quality while exploiting that Simplified Chinese training data is disproportionately sourced from mainland China's censored internet. Each prompt is repeated ten times and scored for similarity to censored text using an XLM-RoBERTa classifier fine-tuned on Baidu Baike (censored) vs. Chinese Wikipedia (uncensored) with scores from 0 to 1.

2024-ahmed-extended §2 / §2.4 evaluation

Majority-vote ML inference (OCSVM + IF) over OONI data uncovered at least 5 previously undocumented DNS injection IPs active in Russia (e.g., 195.19.90.226, 95.167.13.51, 61.95.167.13.50, 188.19.132.154, 144.85.142.29.248) absent from OONI's existing blocking-fingerprints database, along with novel fingerprints in Italy, Czech Republic, and the UK. Records with fewer than 50 instances were excluded as a conservative false-positive filter.

2024-calle-toward §4.3, Table 5 detection

XGBoost trained on a single month of OONI data achieves near-optimal performance; expanding the training window to 24 months produces deviations of only 0–5 percentage points for FNR, 0.07 PP for FPR, and 0.10 PP for accuracy — suggesting that larger windows introduce noise and overfitting rather than improving detection. Isolation Forest performance degrades more sharply, with accuracy dropping ~5 PP as training data grows beyond 6 months.

2024-calle-toward §4.2, Figure 3 evaluation

For the Isolation Forest model, resolver ASN (SHAP importance 0.237) and probe ASN (0.220) are the two most predictive features for DNS tampering, reflecting that censorship is topologically concentrated at specific network vantage points. For XGBoost, headers_match dominates (0.317), followed by asn_control_match (0.177), indicating that supervised models rely more on cross-layer consistency signals. DNS tampering represents only 0.5–0.8% of all OONI measurements across 2022–2023 (Figure 2), creating severe class imbalance in any training set.

2024-calle-toward §4.1, Table 4, Figure 2 detection

XGBoost achieves a False Positive Rate of 0.0005, True Positive Rate of 0.9403, and overall accuracy of 0.9991 on OONI global DNS measurement data (2.5% stratified sample), vastly outperforming unsupervised alternatives: Isolation Forest achieves FPR 0.1321 / ACC 0.8699, and One-Class SVM degrades to FPR 0.9711 / ACC 0.0598, making OCSVM effectively unusable for this task.

2024-calle-toward §4.1, Table 3 evaluation

A decade of ZMap-based studies has produced documented operational norms including blocklist hygiene (organizations can opt out of scans via ZBlocklist) and ethical rate-limiting practices. The same blocklist infrastructure that protects opt-out organizations also provides a model for reducing proxy infrastructure visibility.

2024-durumeric-ten-years-zmap Abstract — operational practices / ZBlocklist tool evaluation

Cloud-hosted services represent an open measurement problem for ZMap because IPs are shared, ephemeral, and behind CDN layers, making traditional IP-to-service attribution unreliable. The paper identifies reconciling scan-based observation with cloud infrastructure as a key challenge for the next decade.

2024-durumeric-ten-years-zmap Abstract — open problems evaluation

A decade of Internet-wide scanning practice has established that cloud-hosted services present a fundamental measurement ambiguity: IP ownership is ephemeral and shared, making per-IP findings unreliable and complicating the attribution of services to specific operators or censors.

2024-durumeric-ten-years-zmap Abstract (open problems) evaluation

IPv6 measurement remains an open problem for ZMap because the address space is too large for exhaustive single-packet enumeration, unlike IPv4. This asymmetry means IPv6-addressed infrastructure is structurally harder to enumerate via blocklisting.

2024-durumeric-ten-years-zmap Abstract — open problems evaluation

LZR, built on top of ZMap, can identify 99% of unexpected Internet services in five handshakes by acting as a shim between ZMap and ZGrab. This gives censors and researchers alike an efficient active-probing primitive to fingerprint proxy protocols at scale.

2024-durumeric-ten-years-zmap LZR tool description detection

ZMap can scan the entire public IPv4 address space on a single port in under 45 minutes on a gigabit connection; with a 10 GigE connection and PF_RING, the same scan completes in 5 minutes. This makes Internet-wide enumeration of proxy infrastructure operationally trivial for any well-resourced actor.

2024-durumeric-ten-years-zmap Project overview evaluation

ZMap can scan the entire public IPv4 address space on a single port in under 45 minutes on a 1 Gbps connection; with a 10 GigE connection and PF_RING, the full IPv4 address space scan completes in 5 minutes. This throughput enables near-real-time Internet-wide enumeration of any service listening on a given port.

2024-durumeric-ten-years-zmap ZMap tool description evaluation

After a decade of ZMap-based measurement, the authors identify IPv6 scanning as an unresolved open problem: the vastly larger IPv6 address space makes exhaustive scanning infeasible, fundamentally changing the threat model for service discovery compared to IPv4.

2024-durumeric-ten-years-zmap Abstract (open problems) evaluation

CenDTect (Tsai et al., NDSS 2024) uses decision trees and a novel clustering method on Censored Planet plus OONI data to identify blocking policies and provide interpretable insights at local and country levels. A separate approach (Duncan & Chen, 2023) applies sequence-to-sequence models and CNN image classification — treating network reachability data as grayscale images — to distinguish censored from uncensored content.

2024-gao-extended §2 Related Works evaluation

Brown et al. (2023) combined supervised ML models trained on expert-labeled data with unsupervised models establishing a baseline of 'normal' behavior to detect DNS-based censorship from Satellite and OONI datasets, achieving high true-positive rates for both known and new DNS censorship instances. The hybrid supervised/unsupervised approach is proposed as a template for the LLM-based system.

2024-gao-extended §2 Related Works evaluation

The proposed LLM-based censorship detection system plans to use ICLab as the primary dataset for its semantic richness across all network-stack levels, then cross-reference with OONI and Censored Planet to reduce false negatives. The paper explicitly notes ICLab lacks the scale and geographic coverage of OONI/Censored Planet but offers richer per-measurement context suited to LLM feature learning.

2024-gao-extended §4 Proposed Future Works evaluation

The daily volume of network reachability data collected by censorship monitoring platforms such as ICLab, OONI, and Censored Planet surpasses the 16 GB Books Corpus and English Wikipedia that BERT was trained on. This scale mismatch motivates applying LLMs — which thrive on large unlabeled corpora — to censorship measurement data rather than hand-labeling for rule-based systems.

2024-gao-extended §2 Related Works evaluation

Rule-based censorship detection systems rely on predefined regular expressions designed by human experts and fail to adapt to evolving censor techniques, leading to false negatives and poor scalability as data volume grows. In contrast, learning-based models are described as thriving on large data volumes and offering contextual understanding that rule-based systems lack.

2024-gao-extended §1 Introduction evaluation

DNS-based blocking was the dominant EU sanctions enforcement mechanism: 87% of the 125 OONI vantage points implementing blocks chose DNS, and RIPE Atlas measurements found 50% of blocking ISPs return DNS error responses. Coverage dropped with each new sanctions package—45% of vantage points blocked first-round domains versus only 17% for fourth-round additions.

2024-kristoff-internet §4.1, §4.2 evaluation

TLS-Scanner, a subproject of the TLS-Attacker suite, automates handshake probes across deployed TLS hosts and has been used in published IPv4-wide scanning studies. It surfaces supported protocol versions, enabled extensions, and known vulnerabilities, providing a ready-made audit tool for circumvention infrastructure operators.

2024-niere-tls-attacker §2 Impact (Academic Perspective) evaluation

The automated probe list generation system discovered 45.79 potentially blocked domains per 1,000 domains crawled, compared to 4.11 for FilteredWeb — over 10× higher efficacy. It uncovered 1,490 potentially blocked domains in crawls of just 71,960 URLs, versus 1,255 blocked domains found by Hounsel et al. in crawls of 1,000,000 URLs, with 1,473 of the 1,490 domains not overlapping with prior work.

2024-tang-automatic §5.5 evaluation

Only 36.66% of the 139,957 source list URLs (51,313) survived sanitization as live, meaningful pages, with 18,911 URLs removed for lack of content and many more for dead links — underscoring how rapidly manually curated probe lists decay. In Beijing and Shanghai, over 20% of known domains were consistently inaccessible, versus fewer than 4.5% at all other vantage points, and over 68% of known domains remained blocked, suggesting censored topics stay sensitive even as URLs go stale.

2024-tang-automatic §3.1, §5.2 evaluation

Among inaccessible URLs that also triggered OONI anomalies, approximately 58% were generated by the Top2Vec-Trends pipeline (combining Top2Vec topic modeling with Google Trends keyword expansion), while LDA-TFIDF and Top2Vec alone each accounted for only 13–14%. BERTopic-generated pages were least effective at producing censored candidates.

2024-tang-automatic §5.4 evaluation

VPS-based vantage points in Singapore and India detected censorship patterns similar to 'free' locations, failing to observe blocking known to be enforced by local ISPs following government directives. This occurred because ISP-level censorship is implemented per-carrier rather than centrally, and the VPS provider's ISP did not enforce those blocks — confirmed by re-testing from a residential IP that did observe the expected blocks.

2024-tang-automatic §6.2 detection

CenDTect, an unsupervised decision-tree system using iterative parallel DBSCAN, analyzed more than 70 billion Censored Planet data points (January 2019 – December 2022) and discovered 15,360 HTTP(S) censorship event clusters across 192 countries and 1,166 DNS event clusters across 77 countries. Manual validation against 38 known censorship events from news reports confirmed all human-identified events were recoverable from CenDTect's output. The system additionally identified more than 100 ASes in 32 countries with persistent ISP-level blocking and 11 temporary blocking events in 2022 correlated with elections, protests, and armed conflict.

2024-tsai-modeling Abstract, §5, §6 evaluation

CenDTect uses cross-classification accuracy — how well a decision tree trained on one domain's blocking pattern predicts another domain's blocking — as a distance metric to cluster domains that share the same blocking policy. This metric outperforms prior time-series approaches because it is interpretable (the resulting decision tree directly reveals the blocking mechanism: which ISP, which port, which protocol) rather than producing opaque anomaly scores. The approach scales to planetary-measurement volumes without requiring labelled training data.

2024-tsai-modeling §3 (CenDTect Design), §5.3 evaluation

Circumvention tools circulate through word-of-mouth and underground distribution networks rather than official app stores, making the ecosystem opaque and creating a supply-chain attack surface: adversarially-operated tools (including, per prior work, apps linked to the People's Liberation Army) reach users through the same channels as legitimate tools. The survey documents that providers are aware of misbehaving players but lack coordinated mechanisms to flag or exclude them.

2024-xue-bridging §1, §4.3, §6 evaluation

The first multi-perspective study of the circumvention-tool ecosystem surveyed 12 leading CT providers collectively serving over 100 million users, plus CT users in Russia and China. Beyond technical blocking challenges, the study found that funding constraints, usability problems, misconceptions (users and providers hold inaccurate beliefs about each other's capabilities), and misbehaving players (tools operated by adversarial actors) are equally significant threats to the ecosystem's health — and are largely unaddressed by the academic research community.

2024-xue-bridging Abstract, §4, §6 evaluation

Across all years of the KIO dataset (2016–2021), a large majority of events involved full-network shutdowns and their count grew significantly from 2016 to 2019 with no significant decline observed through 2021. Censors are also increasingly employing app-specific bans and throttling alongside full shutdowns, with all three restriction categories non-mutually exclusive and rising over the period.

2023-bischof-destination §3.2, Figure 2 policy

Using merged IODA and KIO data across 155 countries (Jan 2018–Aug 2021), elections increase the daily probability of an Internet shutdown by a factor of 16, coups by a factor of roughly 300, and protests by a factor of 9. These political mobilization events do not increase the probability of spontaneous outages, providing a discriminating signal between intentional and unintentional disruptions.

2023-bischof-destination §5.2, Table 4 policy

The merged KIO-IODA dataset (Jan 2018–Aug 2021) documents 219 national-scale Internet shutdowns across 35 countries and 714 spontaneous outages across 150 countries; the 35 shutdown-affected countries collectively represent more than 1 billion estimated Internet users. Myanmar (53 IODA events), Syria (52), and Iraq (38) are the most frequently affected countries in the shutdown dataset.

2023-bischof-destination §4, Table 2 evaluation

Countries where state-owned providers originate more than 50% of domestic address space show significantly higher shutdown prevalence; this state-ownership factor predicts shutdowns but shows no discernible difference for spontaneous outages. Countries with shutdowns have a median V-Dem liberal democracy score of 0.151 (maximum 0.481), compared to 0.279 for countries with spontaneous outages and 0.465 for countries with neither.

2023-bischof-destination §5.1.1, Figures 8–9 policy

Over 55% of government-ordered shutdowns last a multiple of 30 minutes (vs. 15% of spontaneous outages), and 45% last precisely 4.5, 5.5, 8, or 10 hours (vs. <1% of spontaneous outages). The median recurrence interval between successive shutdown events within the same country is 1 day versus 39 days for spontaneous outages, with 67.7% of shutdowns falling exactly on 1-, 2-, 3-, or 4-day intervals versus 0.17% of outages.

2023-bischof-destination §5.3, Figures 10–11 evaluation

By mapping ML-predicted censored probes back to their DNS response IPs, the authors discovered 748 forged IP addresses used by China's GFW as DNS blocking signatures that OONI's heuristics missed; supervised and unsupervised models also identified several ISP-specific injected IPs absent from even GFWatch's comprehensive signature list, demonstrating that static signature lists substantially undercount active GFW DNS censorship.

2023-brown-augmenting §4.2, Table 4 evaluation

OONI and Satellite (Censored Planet) agree on roughly 75% of tested Chinese domains as uncensored, but DNS anomaly agreement is poor: each platform flags fewer than 0.5% of domains as anomalous in any given biweekly window, and the two platforms frequently disagree on which domains are censored because China's GFW uses dynamic fake-IP injection that defeats static rule-based heuristics.

2023-brown-augmenting §2.2, Figure 1 evaluation

XGBoost supervised models trained on DNS probe features achieve TPRs of 100% (Satellite) and 99.8% (OONI) at FPRs of 0.0% and 0.2% respectively when using platform-native anomaly labels; cross-source training with GFWatch labels applied to the same records yields 99.4% TPR for Satellite and 86.7% TPR for OONI, with SHAP analysis confirming that ASN and organization name of the returned DNS response IPs are the dominant predictive signal.

2023-brown-augmenting §4.1, Table 2 evaluation

In a survey of 2,415 young Chinese online gamers, 73.9% (1,786) were affected by addiction prevention systems (APS) while minors, and 37.7% (674) of those successfully evaded the APS. 15 of 35 interview participants also actively evaded the GFW at interview time (verified by Twitter live-post retrieval), supporting the hypothesis that mandatory APS evasion for trivial gaming activities normalizes and desensitizes minors to GFW circumvention.

2023-feng-study §5, §9.2 evaluation

Across 7,336 websites analyzed comparatively across 71 ASes, blocklist sizes ranged from roughly 3,000 to 7,000 websites per AS, with differences between ISPs as large as 2,000 websites out of ~8,000 analyzed. Within single ASes, further blocklist variation was observed, suggesting misconfiguration or non-uniform middlebox deployment. Only 6,787 of 7,336 sites were blocked by at least one AS.

2023-katira-censorwatch §5.2, Appendix A evaluation

Censoring middleboxes' TCP non-compliance — specifically, their willingness to censor bidirectionally without completing the three-way handshake — enables external vantage points outside a censoring country to trigger and measure censorship without any local endpoint participation. The approach requires only a confirmed censored domain per AS, evidence of bidirectional censorship, and minimal residual censorship.

2023-nourin-detecting §2 evaluation

Geneva — originally designed to evolve censorship-evasion packet sequences — was repurposed by inverting its fitness function to discover censorship-triggering packet sequences instead. Training against non-responsive IP addresses allows Geneva to attribute all responses to middleboxes, enabling fully automated discovery of triggering strategies without any endpoint cooperation.

2023-nourin-detecting §2 evaluation

The endpoint-free methodology fails when bidirectional censorship is absent or when residual censorship is pervasive: experiments in Burundi, Equatorial Guinea, Myanmar, and Kyrgyzstan could not confirm bidirectional censorship, rendering automated triggering-and-measurement inapplicable. Residual censorship causes false positives by making innocuous domains appear blocked following a censored query.

2023-nourin-detecting §3 evaluation

The paper introduces TMC, a remote measurement tool that infers domain-blocking status across DNS, HTTP, and HTTPS without requiring in-country vantage points, using only 38% Internet penetration in a country of 6 million people. TMC enabled the largest Turkmenistan censorship measurement to date by exploiting middlebox reflection properties observable from outside the country.

2023-nourin-measuring §TMC evaluation

The authors' blockpage-based methodology cannot detect transit censorship implemented via TCP RST injection or packet drops, because distinguishing these from transient network errors requires identifying their location on the routing path. As a result, the 8-country, 6-AS finding is explicitly characterized as a lower bound on the true extent of Russian transit censorship.

2023-ortwein-towards §4.1 Gathering Blockpages / §6 Conclusion evaluation

Scanning the IP address spaces of 18 countries surrounding Russia, the authors identify Russian transit censorship affecting at least 8 countries (Afghanistan, Azerbaijan, Kyrgyzstan, Kazakhstan, Lithuania, South Korea, Tajikistan, and Ukraine), attributable to at least 6 Russian ASes. Only 2 of these 8 countries (Kyrgyzstan and Kazakhstan) had been reported in prior work, and the collateral damage is characterized as a lower bound due to the study's blockpage-only methodology.

2023-ortwein-towards §5 Preliminary Results evaluation

The study's three vantage points (US university, AWS Sydney, AWS Tokyo) produce substantially different transit censorship observations: the US vantage point detects blockpages in all 8 affected countries, while Sydney and Tokyo detect transit censorship only in Kazakhstan and Ukraine. This variance is attributed to routing path differences across vantage points, confirming that transit censorship coverage is highly path-dependent.

2023-ortwein-towards §5 Preliminary Results evaluation

During the Belarus Internet shutdown of August 9, 2020, Censored Planet Echo measurements showed an increase of two orders of magnitude in test measurements failing at the TCP connection stage on the first day of the shutdown, alongside an order of magnitude increase in failed control measurements on the same day. Without comparing test measurements against control measurements that are expected to succeed regardless of content, these failures are indistinguishable from targeted website-level censorship.

2023-raman-advancing §4.2 evaluation

The Censored Planet data analysis pipeline matched more than 60.89% of all HTTP-response data across four years of measurements to either a known blockpage fingerprint or a confirmed non-censorship fingerprint. Over 60 million individual measurements were specifically classified as expected Akamai CDN behavior—responses that previous work had routinely misclassified as censorship because Akamai's edge configuration returns connection timeouts or HTTP 301 redirects when the test domain and vantage-point server are both Akamai-hosted.

2023-raman-advancing §4.2 evaluation

Sampling 1-in-10,000 TCP connections at Cloudflare's 285+ PoPs (serving ~17–20% of the Internet's websites, handling 45M HTTP requests/second at average load) over two weeks in January 2023 revealed that 25.7% of all sampled connections were 'possibly tampered.' The passive technique requires no vantage points inside censored networks, covering cellular, enterprise, and low-penetration-country networks that active measurement cannot reach.

2023-raman-global §3.2, Abstract evaluation

Passive measurement of real user connections demonstrates that published active-measurement test lists (Citizen Lab, Herdict, GreatFire, Berkman Klein, and top-K lists) miss a considerable fraction of domains that are actively being tampered with, as confirmed in §5.5. Because passive measurement is driven by real user requests rather than an a priori domain list, it can discover blocked domains that were never included in any test list and has no dependency on volunteers providing ground truth.

2023-raman-global §5.5, §2.2 evaluation

CERTainty identifies DNS manipulation by attempting a full TLS handshake with the IP returned by a remote resolver and inspecting whether the resulting certificate belongs to the legitimate origin or to an injected blockpage destination. This certificate-based ground truth substantially reduces false positives compared to prior DNS measurement systems that could not distinguish intentional manipulation from CDN geo-DNS or captive portals.

2023-ramesh-certainty Abstract / §1 evaluation

Prior DNS-manipulation measurement systems suffered from high false-positive rates because DNS anomalies are also produced by benign infrastructure (CDNs, geo-DNS, captive portals). CERTainty's TLS certificate inspection step disambiguates these cases, establishing that certificate validation is a necessary complement to DNS-response comparison for reliable censor classification.

2023-ramesh-certainty Abstract / §3 detection

CERTainty measured DNS manipulation across thousands of resolvers in 102 countries, identifying state-level censorship in China, Iran, and Russia, among others. The breadth of coverage — both resolver count and country count — demonstrates that TLS certificate validation scales to Internet-wide vantage-point studies.

2023-ramesh-certainty Abstract / §5 evaluation

ChatGPT correctly identified missing sentences in a partially censored translation and correctly judged a complete translation as complete in a control condition, demonstrating that LLMs are a viable complementary detection method. The paper notes that having multiple independent detection approaches (NLP alignment, bitext mining, LLM-based reasoning) improves overall robustness by enabling cross-validation.

2023-streisand-where §4 Discussion / Appendix C detection

The paper proposes detecting translation censorship by back-translating the Chinese text to English via Google Translate, embedding each paragraph with distiluse-base-multilingual-cased-v1, and solving a linear-sum-assignment bipartite matching weighted by negated cosine similarity. Paragraphs below a similarity threshold are flagged as cut; matched paragraphs are recursively compared at sentence level to detect alterations.

2023-streisand-where §2 Methodology detection

The system is designed to protect crowdsourced volunteer privacy by storing only AS-level granularity alongside randomized short-lived client identifiers, explicitly discarding source IP addresses and any browser-identifying information. AS-level resolution is sufficient for server-side evasion because strategies are evolved per-censor-ASN rather than per-user.

2023-tran-crowdsourcing §3 Design — Protecting Users defense

Combining all three active probing attacks in an Internet-wide scan of 30 million HTTPS servers identified approximately 15,000 hosts (0.05%) behaving like ShadowTLS relays; of these only 6,000 presented TLS certificates for Alexa Top 1000 domains. The scan successfully discovered all four researcher-operated ShadowTLS relays planted as ground truth.

2023-wang-chasing §3.2, Table 2 evaluation

Hong Kong Twitter users are 33% more likely than a random control sample to have protected their accounts, and over 247% more likely to have deleted past Tweets, after enactment of the June 2020 national security law (NSL). These differences are statistically significant at p ≤ 1.74e-48 for all account-protection and Tweet-deletion metrics.

2023-wang-self-censorship §4.1 / Table 2 policy

Hong Kong Twitter discussion of COVID-19 continued declining after mid-2020 and did not resurge during Hong Kong's large March 2022 COVID wave, unlike the control group whose COVID discussion tracked local transmission rates. The authors interpret this anomalous pattern as a generalized chilling effect: NSL legal risk suppressed even politically ambiguous health discussion that mainland China had censored but that may not clearly fall under the NSL.

2023-wang-self-censorship §4.2 / Figure 2c policy

Of inaccessible Tweets from 2019, those containing NSL-sensitive political keywords are disproportionately deleted or protected by both Hong Kong users (36.38% inaccessibility) and Taipei users (34.89%), compared to New York City (29.45%) and Tokyo (30.80%). This suggests that NSL legal exposure — which extends extraterritorially under Article 38 — may be chilling speech even among users outside Hong Kong who transit or have ties to mainland China.

2023-wang-self-censorship §4.1 / Table 3 policy

While Hong Kong users sharply reduced discussion of NSL-sensitive political topics after July 2020, their rate of Tweeting about non-sensitive topics (travel, food, art, media) remained stable and mirrored control-group trends. This targeted suppression — rather than a general withdrawal from Twitter — confirms the NSL produced specific self-censorship of covered speech rather than platform abandonment.

2023-wang-self-censorship §4.2 / Figure 2b policy

After the NSL entered into force in July 2020, the proportion of Hong Kong Tweets containing NSL-sensitive political keywords declined steadily and never returned to prior levels. By contrast, the control group's equivalent keyword usage rebounded (e.g., surging around the August 2021 Taliban takeover and March 2022 Ukraine invasion), indicating the Hong Kong decline is attributable to legal chilling rather than global topic cycles.

2023-wang-self-censorship §4.2 / Figure 2a policy

Over 7 months of Hyperquack measurements across 5,555,298 probes targeting 1,632 unique ASes, only a small number of ASes actively interfered with HTTPS connections to FCM endpoints. The majority of blocking incidents occurred in China during September 22–30, 2022, coinciding with the Party's National Congress, when nearly all measurements failed with TCP reset.

2023-xue-use §5.1, Figure 4 evaluation

In a 75-domain, 492-destination experiment, domains that showed small-scale routing-induced censorship changes — where some (source IP, source port) combinations bypassed censorship while others did not — were exclusively domains first censored within the last 2 years, indicating inconsistent GFW censorship-node configuration during rollout.

2022-bhaskar-many §5.4 evaluation

Routing-induced censorship variation is persistent across time: packet retries do not resolve observed differences, and manual re-measurement days later yielded identical censorship outcomes for the same (source IP, source port, destination IP) tuples across 12 iterative experiment rounds, ruling out transient packet loss or short-term routing fluctuations.

2022-bhaskar-many §4.5, §5.2 evaluation

The lowest 3 bits of the source IP nearly double the number of destinations experiencing censorship measurement changes, consistent with routers XOR-ing low-order bits of source and destination IPs for load-balancing decisions. Varying source IPs produced a mean of 89 routing nodes and 134 distinct paths, versus 55 nodes and 110 paths when varying only source ports.

2022-bhaskar-many §5.3 evaluation

Across 10,000 destination IPs in China, 37% showed some change in censorship behavior depending on source IP and source port, spanning 56% of measured ASes. The dominant form of variation (95% of cases) was all-or-nothing: a given (source IP, source port) pair either experienced no censorship or 'expected' censorship, with no intermediate states.

2022-bhaskar-many §5.2 evaluation

DNS manipulation is widespread across China (305 domains via local resolvers, 300 via public resolvers) and Russia (251 local, 205 public), but simply switching to a public DNS resolver already evades local-resolver-only filtering for many domains, reducing apparent censorship at the public-resolver layer. On-path filtering systems that poison queries to public resolvers represent a harder threat class requiring encrypted DNS.

2022-hoang-measuring §4.1, Table 2 evaluation

VPNalyzer is the first study to measure DNS leaks during tunnel failure, discovering that 8 VPN providers — including TunnelBear and Private Internet Access — allow DNS queries to bypass their kill switch or firewall rules, exposing users' ISP IP addresses and queried domain names to their ISP and DNS resolvers outside the tunnel.

2022-ramesh-vpnalyzer §VI-B evaluation

Only 11 of 80 tested VPN providers supported IPv6 connectivity; 5 providers — Astrill VPN, Norton Secure VPN, Turbo VPN, SurfEasy VPN, and a university VPN — failed to block IPv6 traffic when the VPN tunnel did not support it, silently leaking all IPv6 data directly to the user's ISP even when IPv4 was fully tunneled.

2022-ramesh-vpnalyzer §VI-A evaluation

Among 80 tested VPN providers, 26 leaked user traffic during tunnel failure: 18 exhibited a missing or broken kill switch leaking all traffic types, and 8 additional providers leaked only DNS traffic. In a case study of 39 top providers with all security settings explicitly enabled ('custom secure mode'), 10 still leaked traffic, with 6 leaking even with the 'kill switch' feature activated.

2022-ramesh-vpnalyzer §VI-B, §VI-H evaluation

29 of 80 VPN providers — including paid services — configure clients to resolve DNS through third-party public resolvers (Google Public DNS, Cloudflare, OpenDNS, Quad9) rather than provider-operated infrastructure. Three self-hosted solutions (Algo, Streisand, Outline) hardcode public DNS with no easy override, causing connection failures in regions where those services are blocked.

2022-ramesh-vpnalyzer §VI (Fig. 5) evaluation

D-LDA detected event-driven shifts in Indian censorship without prior knowledge: the word 'violence' disappeared from the 'Riots in India' topic cluster between months 6 and 14 of the measurement period, and 'killing' did not appear until month 16, consistent with the absence of actual riots during that window. Similarly, the 'Danish cartoonist' topic shifted from cartoon-focused discourse to broader Islamic-rights framing ('freedom,' 'speech') approximately 18 months in.

2022-waheed-darwin-s §3.2, Figure 3 evaluation

Data gaps severely degrade D-LDA accuracy: erasing every other month reduced the corpus from 4,577 to 1,919 documents and caused the model to lose detection of 'Religion-motivated killing,' 'Religious websites,' 'Muslim Violence,' and 'Homicide' topics entirely. Erasing one in three months (1,479 documents) caused further topic loss, and even removing one random month altered topic evolution trajectories. For 25% of pages, the gap between Wayback Machine snapshots and ICLab observations exceeds one year.

2022-waheed-darwin-s §3.3, Figures 4–5, Tables 2–3 evaluation

Dynamic LDA applied to ICLab longitudinal data for India (2016–2020) successfully identified 14 distinct censored topic clusters—including religious conflict, piracy, educational fraud, and political dissent—from 677 overtly-censored URLs out of 6,012 tested (11.3% overtly censored at least once). The model required monthly time-slice granularity; daily and weekly granularities produced unstable results due to wild swings in document counts.

2022-waheed-darwin-s §3.1, Table 1 evaluation

India's censorship apparatus, while less aggressive than China's, legally mandates ISP-level blocking capability and has deployed it regularly. Of 6,012 URLs in ICLab's India test list observed since 2016, only 677 (11.3%) were ever overtly censored (block-page redirect); the majority of anomalies were covert (connection disruption mimicking network faults) and excluded from analysis due to ambiguity. Censorship topics include not only political dissent but copyright enforcement, indicating infrastructure originally deployed for political control is routinely repurposed.

2022-waheed-darwin-s §2, §3.1 policy

Internet-wide IPv4 scanning found 386,187 IP addresses yielding amplification factors ≥ 100× via TCP middlebox reflection, with 82.9% of responses from the top 1 million IPs confirmed as originating from on-path middleboxes rather than endpoints. Nation-state censorship infrastructure dominates: China's GFW alone accounts for approximately 154 million responding IP addresses sharing a 3× RST+ACK (54 bytes each) fingerprint.

2021-bock-weaponizing §5.3, §5.5, Table 4 evaluation

Only approximately 5% of domains from the combined Citizen Lab and Tranco Top-4000 test lists supported QUIC in early 2021, heavily skewing the measurable set toward large global .com domains (e.g., Google properties). This bias means the study predominantly captures censorship of internationally targeted sites rather than country-specific domains.

2021-elmenhorst-web §4.3 evaluation

Anycast CDN architecture dominates popular web content delivery: in the US, 59% of Alexa top-1k websites use anycast CDNs vs. 19% DNS-based; in Saudi Arabia, 57% use anycast CDNs. IP geolocation databases such as Maxmind are severely inaccurate for anycast infrastructure — reporting only <15% of Saudi Alexa websites as in-country vs. 90% measured by RTT-based multilateration — causing prior research to incorrectly attribute "nation-state hegemony" over developing-country Internet traffic.

2021-gosain-too §4.4, §6.3, Table 1 evaluation

CDN infrastructure causes 61%–92% of country-specific Alexa top-1k websites to be hosted within the client's own country across India, Iran, Saudi Arabia, Brazil, and the US, as measured by the authors' R-CBG multilateration technique achieving >89% accuracy. This traffic localization means web requests to popular sites rarely cross national borders, undermining the foundational assumption of decoy routing, domain fronting, CacheBrowser, and CovertCast.

2021-gosain-too §4.2, §5.2 evaluation

Conjure's initial registration step requires the client to connect to an overt website hosted outside the censor's jurisdiction before deriving the unused IP address for actual decoy routing, but CDN traffic localization means this bootstrap connection frequently terminates at a local front-end and never crosses the border. The paper finds that for India's Alexa top-100 sites, only 23 websites had any parallel (leaf) HTTP connections terminating outside the country, with a median of just 3 such external leaf connections per site.

2021-gosain-too §5.2, §6.2 evaluation

GFWatch tested 534M distinct domains over 9 months (averaging 411M/day) and detected 311K censored domains, the largest such measurement in the literature. Of 138.7K base domains, only 1.3% appear in the top 100K most popular domains, confirming the GFW targets large numbers of obscure and unpopular domains far beyond well-known sites like Facebook or Twitter.

2021-hoang-great §4, Figure 3 evaluation

Cellular data restrictions imposed from Mar. 15, 2021 were invisible to IODA (which uses BGP routing data, active probing, and darknet traffic) because cellular networks commonly use Carrier Grade NAT. Kentik's AS-level NetFlow aggregates clearly showed the cellular traffic drop, with all four major cellular ASes (MPT AS9988, Mytel AS136255, Telenor AS133385, Ooredoo AS132167) experiencing sustained traffic reductions while fixed-line providers only showed nightly dips.

2021-padmanabhan-multi-perspective §3.2 evaluation

Beginning Feb. 14, 2021, country-wide Internet outages affected Myanmar for 72 consecutive nights until Apr. 28, starting at 18:30 UTC (01:00 local time) and lasting 8 hours each night. These nightly curfews were highly synchronized across most ISPs—identical start and end times—in stark contrast to the haphazard, mis-timed outages on the day of the coup.

2021-padmanabhan-multi-perspective §3.2 deployment

The authors developed 'Aladdin,' a 10-step OONI-based measurement experiment that isolates SNI-based blocking (step 1), Host-header blocking (step 2), DNS injection (step 3), system-resolver vs. DoH discrepancy (steps 4–5), TLS interception (steps 6–8), and TLSv1.3-specific SNI dependency (step 10); this methodology exposed Vodafone's Allot TLS interception that OONI's Web Connectivity test had recorded only as a generic certificate error.

2021-ververis-understanding §3.8 evaluation

Analyzing over 3 million OONI network measurements (2016–2020) from 17 ASes covering 98.45% of broadband and 90.94% of mobile subscribers in Spain, the study detected 16 unique blockpages, 2 DPI vendors (Fortinet/Fortigate in Telefonica; Allot in Vodafone), and 78 blocked websites across copyright, political, civil-rights, and referendum categories.

2021-ververis-understanding §3, §4 evaluation

The authors' ISP Tap dataset yielded 129,000 unique response sets across 433,286 endpoints while ZMap's 1.5 million endpoints produced only 31,000 unique sets — with over 42% of ZMap endpoints behaving identically (infinite timeout, no data) due to firewall chaff. This vantage-point bias means the effective false-positive rate a censor faces when targeting ISP-observed traffic is ~28× lower than against random scans (0.02% vs 0.56% for MTProto), making ISP-scale active probing far more actionable than Internet-wide scanning alone.

2020-frolov-detecting §III-B, §V-D, Fig. 2 evaluation

ICLab's semi-automated block page discovery — combining HTML tag-frequency vector clustering with locality-sensitive hashing (LSH) of page text — identified 48 previously unknown block page signatures from 13 countries: 15 via structural clustering across 5 countries and 33 via textual similarity clustering across 8 countries. The system seeds from 308 manually verified regular expressions and uses a URL-to-country ratio sort (largest ratio discovered: 286) to prioritize candidates for manual review, eliminating reliance on brittle hand-maintained regex lists alone.

2020-niaki-iclab §IV-C detection

Between January 2017 and September 2018, ICLab conducted 53,906,532 measurements of 45,565 URLs across 62 countries and 234 ASes, detecting blocking of 3,602 unique URLs in 60 countries via DNS manipulation, TCP packet injection, and block page delivery. Iran blocked 20–30% of Alexa top-500 URLs — more than any other monitored country — while Saudi Arabia consistently blocked roughly 10%. The global trend in detected censorship shows a steady decrease, which the authors attribute to rising adoption of TLS and circumvention tools.

2020-niaki-iclab §V evaluation

ICLab's longitudinal monitoring detected censorship shifts coinciding with political events weeks before press coverage: Turkey's filtering rate rose from roughly 3% to 5% in late April 2017 — with blocked content shifting from pornography to news and political sites — ahead of a June 2017 constitutional referendum. India's censorship dropped from roughly 2% to 0.8% following a net neutrality announcement in late 2017, then partially recovered to roughly 1.5% after mid-2018 regulations clarified that illegal-content filtering would continue. Within the same country, different blocking techniques were applied to different content categories simultaneously (e.g., Turkey used DNS manipulation for illegal/streaming URLs but block pages for pornography and news).

2020-niaki-iclab §V-C, Table III evaluation

ICLab's commercial VPN vantage points reside in data-center ('content') ASes for 41% of monitored networks, which may experience less aggressive censorship than residential ISPs, making VPN-based measurements a systematic lower bound on blocking rates faced by ordinary users. In countries where both VPN and volunteer-operated device (VOD) vantages coexist, identical block pages were observed from both AS types, indicating similar overt blocking policies, but covert IP-based or RST-injection blocking may still differ by AS class.

2020-niaki-iclab §III-B evaluation

Censored Planet collected 21.8 billion measurements over 20 months from more than 95,000 vantage points in 221 countries, covering 66–173 more countries than OONI and ICLab, with a median of 8 ASes per country versus OONI's 4 and ICLab's 1. In March 2020, it achieved coverage of 9,014 ASes compared to OONI's 1,915. Censored Planet and OONI together covered all 21 countries rated 'Not Free' by Freedom House, while ICLab reached only 4.

2020-raman-censored §6.1, §6.2 evaluation

Of 21.8 billion raw measurements, approximately 7% (1.5 billion) were initially flagged as blocked; iterative HTML clustering and DBSCAN image clustering then removed ~500 million false positives, leaving ~1 billion confirmed blocked measurements. The clustering process formed 457 new response clusters, of which 308 were confirmed blockpages and 149 were false positives, with Cloudflare bot-checks being a notable source of false positives in HTTPS measurements.

2020-raman-censored §5.1.3, §5.1.4 evaluation

Mann-Kendall trend analysis at 99% significance on 20 months of data found increasing censorship activity in more than 100 countries, driven primarily by DNS and HTTPS blocking methods, and identified 11 website categories facing rising censorship including human rights content, news media, and provocative attire. Countries such as Norway (ranked #1 in press freedom) showed aggressive DNS blocking across 25 ASes targeting more than 50 domains in at least 6 categories including hrw.org.

2020-raman-censored §7.2, §7.1.2 evaluation

Censored Planet achieves 93% /24 vantage-point continuity and 99.01% AS continuity between weekly scans, versus ICLab's 64% and OONI's 36% AS continuity. Applying bitmap-based anomaly detection on the resulting longitudinal time series detected 15 prominent censorship events over 20 months, two-thirds of which had not been previously reported, while OONI data showed no corresponding increase for most newly discovered events due to sparse volunteer measurements.

2020-raman-censored §5.3, §6.1, §7.1 evaluation

During the Sri Lanka social-media block following the April 21, 2019 bombings, Censored Planet measured HTTP(S) censorship jumping from 0.1% to 2% in one week and discovered 22 blocked domains versus the 7 reported by NetBlocks and AccessNow; 5 of those extra domains were only present in the Alexa top-sites list, not the Citizen Lab Global Test List. Blocking remained elevated through May 12, 2019, contradicting public reports that the ban was lifted by May 1st.

2020-raman-censored §7.1.1 evaluation

In HTTP tests, more than 50% of filter responses that indicated censorship contained an injected HTML blockpage; the remainder used TCP RST injection or connection timeout. In HTTPS measurements, canonical template matching had a failure rate of only 1.9%, and 95% of Hyperquack measurements completed within 3.5 hours across ~45,000 vantage points.

2020-raman-measuring §III-A, §IV evaluation

Quack (which probes censorship on port 7/echo servers) detected substantially less blocking than Satellite (DNS-based): approximately 50% of Quack vantage points observed no blocking and ~90% observed only minor blocking, whereas Satellite observed major interference at most vantage points; the authors attribute this gap to Russian ISPs applying filtering predominantly on ports 80 and 443, leaving non-standard ports largely unfiltered.

2020-ramesh-decentralized §VI-B-3 evaluation

A proposed HTTP censorship detection algorithm combining status-code comparison, response-length Z-score, HTML TF-vector cosine similarity, and redirect-hostname matching achieves F1 scores of 0.83 (censored) and 0.77 (uncensored), outperforming OONI (0.80 / 0.70), length-difference methods (0.70 / 0.66), and HTML-similarity methods (0.52 / 0.34) on a manually annotated set of 3,000 responses across six Indian ISPs.

2020-singh-india §4.3, Table 1 evaluation

Across six ISPs covering 98.82% of Indian internet subscribers, only 1,115 out of 4,033 tested blocked websites (27.64%) are blocked by all six ISPs simultaneously. ACT blocks 3,721 websites while Airtel blocks only 1,892, and 215 websites are blocked by exactly one ISP with no apparent legal basis.

2020-singh-india §5.2, Table 3 evaluation

A measurement infrastructure built on VPN Gate's 192K volunteer-operated residential vantage points (3.5K ASes, 181 countries) detected I2P blocking events that were missed entirely by both OONI—which had no test data for four of the five affected countries—and ICLab—which had vantage points in only two of the five countries and obtained only intermittent connections there. Residential vantage points reveal filtering policies invisible from datacenter-hosted probes, with ISP-level granularity confirming partial national blocking (one of six Kuwaiti ASes, heterogeneous Chinese AS behavior) that aggregate measurements would miss.

2019-hoang-measuring §5.4, §7 evaluation

The component-aware binary splitting algorithm (CompAwareBinSplit) requires on average 35.47 messages per article to isolate a sensitive keyword combination — 10.3% as many as the 342.72 required by the previously used algorithm — and is the only evaluated algorithm that correctly handles overlapping keyword components and multiple co-occurring combinations.

2019-xiong-efficient §5.4, §6, Table 1 evaluation

The previously used bisection algorithm required an average of 342.72 messages per news article to isolate a triggering keyword combination, and produced incorrect results in 44% of test cases — primarily because the Unilateral Elimination Flaw caused it to miss components that appeared multiple times in an article.

2019-xiong-efficient §4, §6 evaluation

Server-side keyword enumeration on Chinese platforms has become increasingly uneconomical: platforms now require non-virtual phone numbers for account registration, and test accounts are banned after sending a threshold volume of sensitive content. The paper's 5,521-article dataset and 1,956 confirmed keyword combinations were collected via sample testing between September 2017 and October 2018, with registration costs being the primary limiting factor for research scale.

2019-xiong-efficient §1, §7 deployment

Multi-word Chinese phrases as search seeds discover qualitatively different censored sites than individual English words: the phrase 'Chinese human rights violation' surfaces Chinese activist homepages and culture-specific outlets, while individual constituent words return only well-known Western media. TF-IDF scoring against a Chinese corpus ranks culturally rare phrases (e.g., '自由亚洲电台' / Radio Free Asia) as high-signal seeds and discards common filler phrases.

2018-hounsel-automatically §3.1–3.2 evaluation

Using NLP phrase extraction on Chinese-language censored pages, the system discovered 1,125 new censored domains not present on any publicly available blocklist, producing a list 12.5× larger than the standard Citizen Lab list (220 web pages, 85 domains). Across three evaluations (unigrams, bigrams, trigrams, each capped at 1,000,000 URLs), only 3 of the top 50 discovered domains overlapped with FilteredWeb's top 50.

2018-hounsel-automatically §5.1, Table 1 evaluation

The paper enumerates at least eight distinct non-censorship motivations for server-side geo-blocking — economic sanctions, third-party liability (SESTA), copyright, GDPR compliance, security/fraud concerns, hosting costs, revenue optimization, and misconfiguration — each of which can produce the same observable signals (403 blockpages, DNS failures, TCP resets) as government censorship. Naive measurement methods that treat all location-based unavailability as censorship will produce systematic false positives.

2018-tschantz-bestiary §2, Table 1 policy

Quack's echo-server technique achieves vantage-point coverage of 4,458 autonomous systems across 184 countries — nearly an order of magnitude more than OONI's 678 ASes in 113 countries — while processing over 500 domain-server pairs per second from a single measurement machine. The public IPv4 space contains over 50,000 active echo servers daily, with 47,276 stable over 24 hours.

2018-vandersloot-quack §5.4, Figure 7 evaluation

32 of 108 identified censoring ASes leak their censorship policies to other ASes, and 18 leak to other countries. Sweden's AS1299 leaked censorship to 9 countries including the United States, Ukraine, and Singapore; China's AS4812 leaked to 5 countries. Censorship leakage occurs when a transit AS implements filtering that affects traffic for users outside the censor's jurisdiction.

2017-cho-churn §3.3, §4, Table 3 evaluation

Network-level path churn is critical for censor localization: 25%, 30%, 38%, and 67% of ICLab source-destination pairs observe distinct AS-level path changes over periods of one day, week, month, and year respectively. Without path churn, nearly 90% of constructed CNFs return five or more solutions (ambiguous), compared to less than 2% when multiple distinct paths are included.

2017-cho-churn §4 evaluation

Combining boolean network tomography with BGP path churn from the ICLab platform identifies 108 censoring ASes located in 49 countries across 4.9M measurements, reducing the candidate set of potential censoring ASes by 97% on average. 97.9% of constructed SAT CNFs return exactly one solution enabling exact AS-level censor identification, with less than 0.7% returning no solution.

2017-cho-churn Abstract, §4 evaluation

Splitting measurement data by individual URL and time granularity (day, week, month) is necessary for SAT solvability: coarser time granularity reduces solvability because censorship policies change and noise accumulates, producing unsolvable CNFs. The authors solved 34,298 CNFs in total, each averaging 43 clauses and 17.41ms to solve using an off-the-shelf SAT solver (picosat).

2017-cho-churn §3.1, §4 evaluation

Sending DNS queries to eight non-DNS IP addresses within the Chinese IP range reliably detects GFW DNS poisoning: any response indicates the censor intercepted and replied to the query, since a legitimate non-DNS server would not respond. This external vantage-point technique discovers poisoned domains without in-country volunteers or local infrastructure.

2017-darer-filteredweb §IV-C evaluation

FilteredWeb discovered 1,355 DNS-poisoned domains and 115,337 filtered URLs in China through 54,000 web searches by February 2017 — 30 times more poisoned domains than the most widely-used published filter list (Citizen Lab, which identified 44 domains). Of the 1,355 domains, 759 fell outside the Alexa Top 1,000, demonstrating that automated search-based discovery surfaces obscure filtered content missed by manual and volunteer-driven lists.

2017-darer-filteredweb §V-A, Table I, Table II evaluation

Four OR ports (443, 8443, 444, 9001) account for 82% of all active public bridge fingerprints as of April 2016, down from 95% in March 2013 but still concentrated. Scanning just three of these ports (443, 8443, 9001) is sufficient to deanonymize 71% of all active public bridges. Additionally, CollecTor's published per-bridge usage statistics allow a censor to rank bridges by client count per country and identify the highest-impact OR ports to scan next.

2017-matic-dissecting §V-D, Figure 6, Table IV detection

Aggregate measurements across nearly 180 countries over 17 days found that 60% of reflectors experienced some degree of connectivity disruption; the bias of detected blocks toward Citizen Lab Block List sites held for both inbound and outbound filtering, and temporal variability corroborated documented censorship events around political timelines.

2017-pearce-augur §VI-B evaluation

Of 2,134 tested sites, 229 (10.7%) were invalid for inbound blocking detection due to ingress filtering or network-origin discrimination; 431 additional sites were invalid for outbound blocking detection, of which 75% were Cloudflare-hosted and 7% Fastly-hosted because anycast topology prevents RST packets from returning to the originating anycast node.

2017-pearce-augur §V-E evaluation

Validation against the Citizen Lab Block List (CLBL) showed that for 99% of reflectors, more than 56.7% of detected inbound-blocked sites were CLBL-listed (vs. 56.7% CLBL composition of the input dataset); 95% of reflectors showed the same directional bias for outbound filtering, confirming the method detects real censorship rather than measurement noise.

2017-pearce-augur §VI-A, Figure 5 evaluation

Augur's Internet-wide ZMap scan found 22.7 million hosts (of 140 million reachable) using shared monotonically-increasing IP ID counters across 234 countries (median 1,667 reflectors per country); filtering to ethical infrastructure via CAIDA Ark reduced this to 53,130 reflectors in 179 countries (median 15 per country), representing 4,214 ASes.

2017-pearce-augur §V-B, Table I evaluation

Using sequential hypothesis testing (SHT) with false positive and false negative rates both set to 10^-5, more than 90% of reflectors required 40 or fewer experiment trials to reach a blocking decision; over 17 days the system collected 207.6 million runs across 47 trials spanning 2,134 sites and 2,050 reflectors.

2017-pearce-augur §IV-C, §V-D, Figure 4 evaluation

Among Iris's DNS manipulation detection metrics, AS-level consistency was most effective, classifying 90% of DNS responses as unmanipulated. IP-address identity matching flagged approximately 80% of correct responses, while HTTPS certificate validation improved from 38% to 55% accuracy when SNI was included in follow-up TLS probes.

2017-pearce-global §5.1, Figure 3 evaluation

Iris filtered 4.2 million open DNS resolvers down to 6,564 infrastructure resolvers by retaining only those with PTR records matching ns[0-9]+ or nameserver[0-9]*, achieving coverage across 157 countries with a median of 6 resolvers per country. The ethical constraint of excluding end-user home routers reduced usable resolvers by 99.8% but preserved global geographic breadth sufficient to detect country-level DNS manipulation at scale.

2017-pearce-global §3.3, §4.1, Table 1 evaluation

Survival analysis of 423,265 pages with Wayback Machine histories shows pages on politically controversial topics have substantially shorter lifetimes than those on uncontroversial topics; topic change — not just page deletion — must be treated as 'death' for probe-list purposes, since a page that switches topic no longer contains the sensitive material that made it censorship-relevant.

2017-weinberg-topics §6.1 evaluation

Analysis of 758,191 URLs across 22 probe lists found near-zero URL-level Jaccard similarity between nearly all list pairs (most < 0.01), including between country blacklists; even at hostname level, blacklists share little with each other or with researcher-curated lists like ONI's 12,107-URL list, indicating that any single probe list systematically misses large portions of what is actually censored.

2017-weinberg-topics §3.3, Tables 1–2 evaluation

Naive interference measurement systematically misclassifies CDN geographic routing as blocking (and vice versa): when China or Russia resolves twitter.com to a non-US IP, a naive detector must decide whether that is a CDN point of presence or interference. Joint iterative analysis of DomainSimilarity and IPTrust scores is required to separate authentic CDN footprints from block-page redirections.

2016-scott-satellite §1, §2.4, §2.4.1 detection

Censors can evade external DNS measurement systems like Satellite by injecting spoofed DNS responses only for resolvers located within the censored country, returning correct answers to external probes. This targeted injection would be 'much less visible to Satellite' while remaining fully effective against in-country users; the paper flags this as a fundamental limitation of single-vantage external measurement.

2016-scott-satellite §4.3 detection

Satellite detected a spike in anomalous DNS resolutions across Iranian ISPs in the second half of 2015, correlating with Iranian authorities' public statements about beginning a 'second phase of filtering,' followed by additional newly inaccessible domains in the lead-up to the February 2016 elections — demonstrating longitudinal DNS measurement can detect and time censor policy escalations.

2016-scott-satellite §4.4, Figure 12 evaluation

Satellite's single-node measurement methodology, probing 1/10th of 12 million discovered open DNS resolvers across 20,000 ASes and 169 countries, detected 4,819 instances of ISP-level DNS hijacking across 117 countries while measuring 10,000 domains with weekly precision from a single external vantage point.

2016-scott-satellite §1 Abstract, §2.2 evaluation

Domestic mesh traceroutes (both source and destination inside the target country) uncovered 5,562 new AS edges not present in standard BGP table–derived topology datasets, far exceeding the 647 new edges found by inside-out/outside-in traceroutes using up to 25 probes. Russia, the US, France, the UK, and Ukraine gained the most new edges.

2016-singh-politics §2.2, Table 1 evaluation

A decision tree with linear regression at leaves (DTLR) trained on AS-topology features for 168 countries predicts Freedom House freedom category (Free/Partly Free/Not Free) with 95% accuracy. Average FPI prediction error was 3.47%, and prediction error remained ≤8 points (on a 0–100 scale) 90% of the time under leave-one-out cross-validation.

2016-singh-politics §3.3 evaluation

IP density (number of IP addresses per person) is the single most predictive feature of a country's Freedom of Press Index. A normalized IP density value of ≥0.167 reliably predicts high freedom of expression, while normalized maximum BGP policy-compliant path length ≥0.643 reliably predicts low freedom.

2016-singh-politics §4, Figure 2 evaluation

Singapore's AS topology — 257 domestic ASes with 3,022 international connections — resembles that of high-freedom countries, yet its Freedom of Press Index is 33 (Partly Free), making it a structural outlier where rich international BGP connectivity coexists with enforced information controls. Our DTLR model predicts Singapore's FPI should be ≥70 (Free).

2016-singh-politics §5 evaluation

UBICA's crowdsourced measurement campaign across 31 countries deployed 200+ probes (47 GUI clients, 188 headless clients, 16 BISmark routers) and tested more than 16,000 targets (~15,000 hostnames) over 4 months. Its content-size ratio algorithm detects blockpage substitution by comparing average resource size per country against a global baseline, using a threshold of 0.3 (midpoint between the two observed distribution modes minus a 0.2 guard interval) without requiring a pre-existing uncensored ground truth.

2015-aceto-monitoring §2, §3 evaluation

Chrome's non-standard behavior of firing an onload event for any HTTP 200 OK response regardless of MIME type—combined with its enforcement of X-Content-Type-Options: nosniff—allows the script tag to probe reachability of arbitrary non-image URLs, a measurement capability unavailable in other browsers that attempt to execute fetched content as JavaScript and thus pose an XSS risk.

2015-burnett-encore §4.3.2, Table 1 evaluation

Over 60% of the 178 tested target domains host images ≤1 KB (fitting in a single TCP packet), enabling domain-level filtering detection via cross-origin image embedding for more than half of domains; however, Encore can measure fewer than 10% of individual URLs when limiting iframe page loads to 100 KB, confirming that detecting per-URL filtering is an order of magnitude harder than domain-level detection.

2015-burnett-encore §6.1 evaluation

Applying a regional binomial hypothesis test (p=0.7, significance 0.05) to Encore measurements independently confirmed censorship of youtube.com in Pakistan, Iran, and China, and of twitter.com and facebook.com in China and Iran, validating passive cross-origin measurement against prior independent reports of filtering.

2015-burnett-encore §7.2 evaluation

In 8,573 controlled testbed measurements across image, stylesheet, and script task types, Encore produced zero false negatives and a ~5% false positive rate in India (attributed to unreliable network connectivity rather than filtering), establishing that cross-origin browser probes reliably detect DNS, IP, and HTTP filtering under stable network conditions but require aggregation to control noise.

2015-burnett-encore §7.1 evaluation

Encore collected 141,626 measurements from 88,260 distinct IPs in 170 countries over seven months (May 2014–January 2015) using as few as 17 volunteer webmaster deployments, demonstrating that passive cross-origin measurement can achieve broader geographic vantage-point coverage than custom-software deployments without recruiting individual end-users.

2015-burnett-encore §7 evaluation

The fragment cache side channel is the most widely applicable TCP/IP side channel, capable of eliciting responses even from hosts behind host firewalls because it operates at Layer 3 (IP fragments). When combined with a Layer 4 technique such as the SYN backlog scan, it can distinguish censorship implemented at Layer 3 versus Layer 4, though fragment cache implementations vary widely across OSes and devices.

2015-crandall-forgive §3.3, Table 1 evaluation

Approximately 1% of the IPv4 address space has globally incrementing IP ID counters, making IPID idle scans viable for Internet-scale censorship detection at roughly 5 packets per second. The technique is well-understood in terms of noise properties but is difficult to apply in IPv6 because the fragment ID field appears only in fragments.

2015-crandall-forgive §3.3, Table 1 evaluation

Over more than 10 years of ONI client-side measurements conducted in 77 countries—of which 42 were found to implement some form of filtering—no participating user was ever arrested, apprehended, pressured, or intimidated by authorities. However, HTTP GET requests to sensitive URLs are made without obfuscation or anonymization, and in countries with restrictive legal frameworks this activity could be viewed as subversive by authorities sensitive to exposure of censorship infrastructure.

2015-crandall-forgive §2.1, §2.2 evaluation

To reduce risk to human subjects in side-channel censorship measurements, researchers can substitute gateway routers near the target client in place of the client machine itself—the approach used by Censored Planet—or perform measurements across entire /24 subnets so that no individual can be incorrectly associated with the measurement traffic. For the ICMP rate-limit side channel, the 'client' can be an unresponsive IP address, measuring the gateway router rather than any end-user machine.

2015-crandall-forgive §3.4 policy

The SYN backlog side channel can detect censorship for any Internet host with an open port at approximately 5 packets per second without causing denial of service, provided only one measurement machine targets any given server at a time. Updated implementations require only that the backlog be half full rather than requiring full exhaustion, eliminating the earlier DoS requirement.

2015-crandall-forgive §3.3, Table 1 evaluation

The hybrid idle scan technique converts approximately 1% of the total IPv4 address space into passive measurement vantage points without requiring control of either the censored client or the destination server, enabling full bipartite connectivity measurements across 161 geographically stratified Chinese clients and 176 servers over 27 days. After data pruning for quality, 36% of raw measurements were usable; ARMA modeling was sufficient (over Hidden Markov Models) because only level-shift detection was needed.

2015-ensafi-analyzing §2.3, §3.2.1, §4 evaluation

Residential ISP vantage points detect 36% more blocking than academic networks: of 1,947,691 matched URL tests, 72,454 non-academic tests were classified as blocking versus 52,921 academic tests. Averaged across 10 countries, the Jaccard similarity between blocked-URL sets in academic vs. non-academic networks is 0.59, indicating substantial divergence.

2015-gill-characterizing §5.3, Fig. 12 evaluation

The authors argue that it is almost certainly impossible to eliminate — or even definitively quantify — the risk to users who perform censorship measurements, because surveillance system capabilities are rapidly evolving and in some cases unknowable; retribution in adversarial environments may not follow due process. The paper explicitly states that its techniques had not been deployed on real networks as of writing because "a better consideration of the associated risks is warranted."

2015-jones-can §6–§7 policy

Surveillance systems are fundamentally more selective than censorship systems due to storage constraints: as of 2009 the NSA could store only 7.5% of received traffic across 592 tapped 10 Gbps links with only 69 10 Gbps backhaul links, and the authors' campus network retains non-alert metadata for ~36 hours and IDS alerts for ~1 year. Censorship systems by contrast are transaction-focused and retain only enough data to process real-time requests. This asymmetry creates an exploitable gap: traffic that does not stand out from the population is discarded before reaching human analysts.

2015-jones-can §2.1–§2.2 evaluation

Analysis of two days of leaked censorship log files from Syria shows that 1.57% of the population accessed at least one censored site — a proportion the authors argue is far too large for a user-focused surveillance system to pursue individually. This implies that simply flagging all users who access censored content is not a feasible targeting strategy for surveillance.

2015-jones-can §2.2 evaluation

Requiring consent from device owners for co-opted censorship measurements reduces coverage and continuity, and may paradoxically increase danger: soliciting consent signals intent to participants and draws attention, whereas the prevalence of malware and third-party trackers provides plausible deniability for unwitting device owners. The authors note that more widespread co-opted measurements collectively provide greater individual protection by normalizing unexplained outbound traffic.

2015-jones-ethical §2 Measurements from Co-Opted Devices policy

The Encore technique uses cross-origin HTTP requests to induce a visiting user's browser to silently fetch a censorship target URL, enabling passive measurement of web filtering for sites including Facebook, YouTube, and Twitter. The ethical argument for deployment rests on the observation that nearly all major websites already embed content from these platforms, so the additional traffic is indistinguishable from normal browsing behavior.

2015-jones-ethical §3 Questions and Considerations evaluation

University IRBs are not equipped to evaluate censorship measurement research because it falls outside the formal definition of 'human subjects' research (which requires direct intervention with individuals to collect individualized data). Despite this, the work poses real and potentially serious risks to people, leaving a governance gap with no clear institutional oversight body.

2015-jones-ethical §2 Measurements from Co-Opted Devices policy

The legality of a measurement method within a given country does not equate to safety for implicated subjects: authoritarian regimes may assess network logs based on ulterior motives unrelated to technical specifics, or may lack sufficient technical understanding to distinguish measurement traffic from deliberate access. Subjects may additionally face privacy hazards such as being falsely implicated in accessing illegal content.

2015-jones-ethical §2 Measurements from Co-Opted Devices policy

Three approaches to gathering censorship measurements exist: deploying researchers with software (snapshot coverage, researcher safety risk), deploying software to at-risk citizens (continuous but endangers locals), and co-opting existing deployed software (continuous, widespread coverage, but raises consent issues since device owners may be unwittingly implicated). The third approach offers substantially greater measurement capabilities but introduces the most unresolved ethical risk.

2015-jones-ethical §1 Introduction policy

The Encore system collected censorship measurements from 88,260 distinct IP addresses across 170 countries over seven months via installations by at least 17 volunteer website operators. China, India, the United Kingdom, and Brazil each contributed at least 1,000 measurements; Egypt, South Korea, Iran, Pakistan, Turkey, and Saudi Arabia each contributed more than 100.

2015-narayanan-no Introduction evaluation

The paper identifies a structural conflict between Internet research's scalability imperative — where a project processing millions of devices is considered superior — and human-subjects ethics frameworks designed to minimize the number of people exposed to risk. Under U.S. law, Encore is compliant because it exploits known, intentional web functionality (the same-origin policy's cross-origin request mechanism) and provides an opt-out mechanism, but the authors note this compliance does not transfer to all jurisdictions where measurements occur.

2015-narayanan-no Legal Compliance / Discussion policy

ACM SIGCOMM 2015's program committee accepted the Encore paper with an unprecedented 'signing statement' after heated ethical debate. The committee's core objections were: (1) users accessing censored URLs might face repercussions in regimes without due process; (2) most users under censorship would be unlikely to consent to the measurements; and (3) unlike ad-tracker third-party requests, Encore requests do not reflect any user intent.

2015-narayanan-no Ethical Oversight by Program Committees policy

To mitigate harm, Encore restricted its URL list to Twitter, Facebook, and YouTube on the grounds that widgets from these domains appear in ordinary web browsing, making Encore-induced cross-origin requests statistically indistinguishable from normal traffic. The authors argued that this renders the risk comparable to baseline browsing, though the SIGCOMM committee disputed whether contextual equivalence with ad-tracking constitutes adequate ethical justification.

2015-narayanan-no Mitigating Harm policy

Encore's architecture turns ordinary web visitors into measurement vantage points, which the researchers argue prevents censors from detecting and disabling dedicated measurement probes. However, this benefit comes with the trade-off that the individuals whose browsers are co-opted face potential legal or physical risk that differs by country and by the specific censored content accessed.

2015-narayanan-no Background / Analysis policy

C-Saw's design demonstrates that coupling circumvention capability with censorship measurement creates a self-reinforcing incentive loop: users opt in for improved page load times, their participation grows the vantage-point pool, and richer measurements enable finer-grained technique selection per ISP and URL. The system avoids requiring a pre-populated URL list by building a blocked-URL database dynamically from user-initiated requests.

2015-nisar-case §1 / §3.3 / §4.2 defense

Monitoring Twitter, YouTube, Tor, and Google Public DNS across 10 Atlas probes spanning 9 ASNs cost 19,200 credits per day (under 1 probe-day equivalent), and Atlas's external queuing allowed measurement scheduling to begin within hours of reported blocks. The platform documented 6 distinct shifts in Turkey's filtering strategy and identified private-sector cooperation in Russia that would have been missed by platforms limited to DNS and HTTP measurements.

2014-anderson-global §3.2, Table 3 evaluation

Approximately 10% of China's IP addresses respond to IPID probes, and 13% of those exhibit globally incrementing IPIDs, meaning roughly 1% of China's total IP address space can serve as passive measurement vantage points with no cooperation from host owners. In contrast, Tor bridge blocking from Chinese clients was observed in 58.91% of server-to-client cases versus 0% for non-China Asia-Pacific clients.

2014-ensafi-detecting §5, Table 1 evaluation

Using TCP IPID side channels combined with SYN backlog state inference, the authors detect intentional packet drops between two arbitrary Internet hosts without controlling either host. The only requirements are a client with a globally incrementing IPID (~1% of IP space) and a server with an open port; an ARMA model handles autocorrelated noise.

2014-ensafi-detecting §2 evaluation

Page length comparison at a 30.19% size-difference threshold achieves a 95.03% true positive rate and 1.371% false positive rate for block page detection, outperforming DOM similarity (95.35% TP, 3.732% FP) on false positive rate and cosine similarity (97.94% TP, 1.938% FP, 74.23% precision) on precision. These metrics were evaluated via ten-fold cross-validation on the ONI dataset of ~500,000 entries from 49 countries spanning 2007–2012.

2014-jones-automated §4.2, Table 1 evaluation

Five commercial filtering products (FortiGuard, Squid, Netsweeper, Websense, WireFilter) were identified in 7 of 36 block-page clusters via copyright notices in HTML comments, HTTP header strings, or URL path patterns; the remaining 29 clusters contained no identifying markup. WireFilter was first detected in the wild in Saudi Arabia (AS 25019) in 2011, representing a newly deployed filtering product not previously observed in measurements.

2014-jones-automated §5.2, Table 2 detection

Within a single country mandate, different ISPs implement censorship with different filtering tools and mechanisms: Thailand's AS 9737 and AS 17552 use structurally distinct block-page templates (vector 17 is ~1,000 bytes using div layout; vector 8 is ~6,000 bytes using table layout). Both ISPs actively obfuscate their filtering product by reporting generic 'Server: Apache/2.2.9 (Debian)' or 'Server: Apache' HTTP headers instead of the actual product identifier.

2014-jones-automated §6 detection

Applying automated block-page detection to the ONI dataset (49 countries, 2007–2012) reveals that Burma's (AS 18399) censorship mechanism shifted from DNS redirection to a transparent proxy returning a custom block page in mid-2009, then block pages largely disappeared after Burma's late-2011 political liberalization. Saudi Arabia (AS 25019) shows a similar transition with WireFilter replacing an unidentified prior tool in 2011, with two concurrent block-page templates suggesting multiple simultaneous filtering devices.

2014-jones-automated §6 evaluation

Term frequency clustering of block pages achieves an F-1 measure of 0.98, correctly recovering manually identified block-page templates; page-length clustering performs far worse at F-1 of 0.64. Across the full ONI dataset, only 37 distinct term frequency vectors were found from five years of measurements, indicating that filtering vendors rarely change block-page HTML structure.

2014-jones-automated §5.1, §5.2 evaluation

Cascade-based censorship (ICM model) and uniform random deletion produce measurably different topological signatures: cascade removal causes greater increases in network diameter and radius as the censorship fraction γ increases and a substantial increase in assortativity at mid-removal levels (γ=0.2–0.5), whereas uniform deletion shows slower, more gradual changes across these same metrics.

2014-morrison-toward §4.1 evaluation

An SVM classifier using a 60-dimensional feature vector — 10 topological network metrics (assortativity, clustering coefficient, diameter, radius, betweenness centrality, degree distribution exponents) plus 50 Laplacian eigenvalues — can detect network-level censorship without any content analysis. The classifier successfully distinguishes censored from uncensored reply-graphs even at the lowest tested censorship level of γ=0.1 (10% edge removal), using 10-fold cross-validation repeated 10 times.

2014-morrison-toward §3–4 detection

In a 140-hour measurement, requests forwarded into a 10-node Darknet connected to the Opennet by a single bridge link succeeded only 0.08% of the time, versus 8.46% for Opennet-forwarded requests — a ~100× failure-rate gap caused by ID-space isolation between the two overlay segments.

2014-roos-measuring §4.3 evaluation

An 8-week measurement in June–August 2012 discovered 58,571 unique Freenet installations across 102,376 distinct IP addresses; approximately 25% were in the US and 12.5% in Germany, with Europe and North America collectively representing the vast majority — users from countries typically associated with Internet censorship were a small minority.

2014-roos-measuring §5.1 evaluation

Freenet's deployed Opennet topology uses uniformly random long-range contacts rather than Kleinberg-optimal distance-proportional selection, yielding an average routing length of 37.17 hops in simulation; adopting a 1/d distance distribution (r=1) reduces this to fewer than 13 hops — a 2.9× improvement achievable via a Kademlia-style bucket system.

2014-roos-measuring §4.2 evaluation

Freenet users exhibit a median session length of 95–99 minutes (p=0.975–0.99), substantially longer than all measured P2P file-sharing systems (1–60 minutes for Napster, Gnutella, FastTrack, Overnet, BitTorrent, KAD); ~2% of sessions exceeded 100 hours, and the distribution is best modeled by a lognormal fit (residual error 0.019) rather than Weibull or exponential.

2014-roos-measuring §5.2 evaluation

The FNPProbeRequest message, designed to return location and uptime of a node sampled via an 18-hop Metropolis-Hastings random walk, can be used to reliably track individual node online times — capturing >98% of online nodes per sampling interval — enabling intersection attacks on anonymity even though it cannot target a specific node by design.

2014-roos-measuring §5.2 detection

Throughput drops correlated directly with political mobilizations: the 2012-02-14 anniversary of political detentions registered a -102.9% weekly-minimum change relative to the two-month mean, and the October 2012 currency protests showed a -86.2% weekly minimum. Round-trip time did not increase proportionally during these drops, distinguishing them from ordinary congestion.

2013-anderson-dimming §5.1, Fig. 6 evaluation

Using M-Lab NDT measurements from Iran, the paper identifies two extended throttling periods: November 30, 2011 – August 15, 2012 (77% decrease in median download throughput) and October 4 – November 22, 2012 (69% decrease), plus 8–9 shorter-term disruptions. Weekly variance analysis yields even steeper figures of -98% and -82% for the two major events.

2013-anderson-dimming §5, §5.1 evaluation

In the August 2012 Bell-Dery BGP route leak, TTL analysis at per-prefix granularity revealed that two IP addresses within AS577 maintained constant TTLs and unaffected packet rates throughout the disruption, while 37 of 38 other active /16 prefixes experienced significant volume drops and TTL changes indicating rerouting through longer paths. This demonstrates that BGP route leaks can affect subnets within a single AS asymmetrically, and that TTL inspection can identify unaffected sub-AS paths.

2013-benson-gaining §IV-B evaluation

During the February 2012 Dodo-Telstra BGP route leak, AS1221 (Telstra) exhibited a 20-minute congestion phase in which γC and γ3 both dropped while η rose from approximately 3 to 5 seconds, followed by a complete outage during which zero darknet sources were observed from the AS. The congestion phase produced measurable packet loss before the full blackout, providing an early-warning window of roughly 20 minutes.

2013-benson-gaining §IV-A evaluation

Conficker-like traffic to TCP port 445 constitutes more than 40% of packets observed at the UCSD /8 Network Telescope and Windows XP/NT hosts consistently emit exactly 2-packet SYN flows; γC stayed within the narrow band 1.98–2.02 throughout an entire month (January 2012) with no large-scale outages. A second signal from default Windows 3-SYN flows (approximately 156 million flows/month from ~14K hosts/hour) provides a non-malware-specific validation stream with inter-packet times consistently between 3.09 and 3.37 seconds.

2013-benson-gaining §II–III evaluation

IBR-derived metrics γ (average SYN retransmits per flow) and η (inter-packet time between retransmits) can distinguish packet-loss-induced outages from packet-filtering censorship: during Libya's 2011 packet-filtering phase γC remained near pre-censorship values despite reduced source counts, whereas BGP route leaks caused measurable γ decreases and η increases. This difference exists because filtering reduces the host population but preserves per-flow OS retransmit behavior, while congestion causes routers to drop individual packets mid-flow.

2013-benson-gaining §IV-C, §IV-D evaluation

In YemenNet (AS 12486), URL filtering was observed to be intermittently offline: proxy URLs accessible in one test run were blocked in others and vice versa. A prior ONI measurement found a Yemeni ISP running Websense whose filtering ceased entirely when concurrent user count exceeded the product's license capacity. This inconsistency required larger URL test sets and repeated measurement runs to establish blocking with high confidence.

2013-dalek-method §4.4 evaluation

URL filtering appliances are frequently misconfigured to be externally visible on the global Internet, enabling passive identification via Shodan keyword searches on product-specific HTTP headers and management console paths (e.g., 'cfru=' for Blue Coat, '8080/webadmin/' for Netsweeper). This technique discovered previously unknown installations in Finland, Sweden, Philippines, Thailand, Taiwan, Argentina, and Chile, as well as large U.S. ISPs including AT&T, Verizon, Bell South, Comcast, and Sprint.

2013-dalek-method §3, Figure 1 evaluation

The paper presents a repeatable method for confirming which specific URL filtering product is used for censorship: create test domains under researcher control, submit a subset to the vendor's public URL categorization interface, then retest within 3–5 days to observe whether submitted domains become blocked. This technique confirmed McAfee SmartFilter in UAE (Etisalat, AS 5384) and Saudi Arabia (Bayanat Al-Oula AS 48237, Nournet AS 29684), and Netsweeper in Qatar (Ooredoo AS 42298), UAE (Du AS 15802), and Yemen (YemenNet AS 12486).

2013-dalek-method §4.2, Table 3 evaluation

The study collected behavioral data from approximately 3.9 million Facebook users by instrumenting client-side JavaScript to detect composition-then-abandonment events, without capturing the suppressed text itself; this passive measurement approach allowed population-scale inference of suppression rates without content-level surveillance.

2013-das-self-censorship §2 Methods evaluation

In 80% of measured paths (72 PlanetLab VPs × 5,000 Alexa targets), at least one intermediate router returns the full IP packet in ICMP time-exceeded replies (RFC1812-compliant), enabling per-hop detection of packet modifications. The majority of these full-ICMP routers reside in the network core rather than the access segment.

2013-detal-revealing §3.2 evaluation

tracebox can estimate middlebox location with an error of ≤4 hops in 61% of cases; errors above 13 hops (the length of ~60% of paths) are each below 1% individually. Of MSS-modifying middleboxes detected, 52% were located in the network core and only 2.7% close to the source vantage point.

2013-detal-revealing §3.4 evaluation

High-speed Internet-wide scanning enables a censor or attacker to locate every publicly reachable host vulnerable to a newly disclosed flaw within hours of disclosure; in a concrete example, 3.4 million UPnP-vulnerable devices were identified in under 2 hours — faster than network operators could apply patches — with a 150-SLOC probe module written in approximately 4 hours.

2013-durumeric-zmap §4.3 detection

Comprehensive Internet-wide scanning enables cross-IP tracking of users and devices by correlating stable cryptographic identifiers — TLS certificates or SSH host keys presented by home routers and cable modems — with public geolocation data across DHCP lease changes, defeating the anonymity assumption behind dynamic IP addresses.

2013-durumeric-zmap §4.6 detection

By scanning ports 443 and 9001 and fingerprinting responses with Tor's TLS v1 cipher-suite handshake pattern, ZMap identified 79–86% of all allocated Tor bridge fingerprints in a single scan, demonstrating that bridges whose protocol is distinguishable are largely discoverable through comprehensive Internet-wide scanning even though their addresses are not publicly listed.

2013-durumeric-zmap §4.4 detection

ZMap completes a single-port scan of the entire public IPv4 address space in under 45 minutes from a commodity machine with a gigabit Ethernet connection, over 1,300 times faster than the most aggressive Nmap configuration. A single-probe scan achieves approximately 97.9% coverage of live hosts, rising to 98.8% with two probes and 99.4% with three probes.

2013-durumeric-zmap §3, §3.2, §3.4, Table 1 evaluation

The censorship arms race is highly asymmetric: circumvention tool developers such as Tor operate entirely in public (code, designs, and data), while censorship systems like the GFW are black boxes. This structural imbalance means censors systematically learn more from defenders than vice versa, motivating volunteer-based in-country measurement to reduce the defender's information deficit.

2013-winter-towards §1, §3 evaluation

Using open HTTP proxies distributed across 27 Iranian ASNs, the study confirmed 89% (24/27) of tested networks could reach the private filtering page (10.10.34.34) and 77% (21/27) could reach Imam Reza University's private IP. Of 15 proxies on RFC1918 addresses themselves, 13 (87%) could also reach the filtering page, confirming nationwide — not localized — private-space reachability.

2012-anderson-hidden §4.1 evaluation

OONI pairs client-submitted test reports with data independently collected at the OONIB backend TestHelper, providing both connection endpoints' viewpoints in a single unified report. The backend is designed to be run by anyone and exposed both over HTTPS and as Tor Hidden Services to resist simplistic denial-of-service and reduce fingerprint-ability of the reporting infrastructure.

2012-filast-ooni §5 Architecture evaluation

OONI's experiment-control methodology explicitly favors false positives over false negatives: it is preferable to generate more censorship candidate events for further investigation than to miss genuine interference. Mismatch between experiment and control data is not always a definitive signal of manipulation but is treated as sufficient cause for flagging, and data collection and analysis are treated as distinct phases.

2012-filast-ooni §4 Methodology evaluation

Unsolicited background radiation traffic to the UCSD network telescope—particularly Conficker worm scanning (TCP SYN, port 445, 48-byte packets)—dropped nearly simultaneously with Egyptian BGP route withdrawals on January 27, corroborating control-plane analysis with data-plane evidence. Crucially, some worm-infected hosts continued to generate outbound scanning traffic even after their prefixes were BGP-withdrawn, because packet filtering was absent; this asymmetry between inbound unreachability and outbound connectivity can distinguish pure BGP-based blocking from combined BGP-plus-filtering approaches.

2011-dainotti-analysis §4.3, §5.1 evaluation

Graduated censorship — limiting the suppression rate to remain within the typical weekly variance band — evades the weekly-interval detector entirely. The paper acknowledges that detecting slow-ramp blocking requires extending the observation window beyond seven days.

2011-danezis-anomaly-based §6 detection

Per-jurisdiction user counts are modeled as a Poisson process; the detector infers the 99.99th-percentile credible interval for the underlying rate λ from the observed count via a Gamma-Poisson approximation rather than a Gaussian assumption, correctly treating small-jurisdiction zero-user days as non-anomalous.

2011-danezis-anomaly-based §3–§4 defense

The detector constructs its 'typical ratio' baseline exclusively from the 50 largest jurisdictions, then discards outliers beyond four inter-quartile ranges of the median before fitting N(m,v). This ensures a jurisdiction undergoing active censorship cannot bias the global model and mask its own anomaly.

2011-danezis-anomaly-based §4 defense

A censor can defeat the anomaly detector without triggering an alert by replacing blocked user traffic with synthetic requests from adversary-controlled machines, keeping per-jurisdiction connection counts within the typical range. The paper explicitly identifies this as an unaddressed active-attack vector.

2011-danezis-anomaly-based §6 detection

The deployed system uses 7-day intervals and a baseline built from the 50 largest Tor jurisdictions; a jurisdiction's user-count ratio is flagged when it falls outside the 99.99th percentile of the fitted Normal distribution N(m,v), yielding an expected false-alarm rate of approximately 1 in 10,000 per jurisdiction-week.

2011-danezis-anomaly-based §5 evaluation

A maximum entropy named entity extraction (NEE) model trained on Chinese-language Wikipedia achieved 89.63% recall and 83.44% specificity for person names, 96.3% recall and 69.80% specificity for place names, and 87.56% recall and 88.40% specificity for organization names. Despite 0.42% precision for person names, the system reduces the number of words requiring censorship probes by nearly an order of magnitude while retaining nearly 90% of actual named entities.

2011-espinoza-automated §4.1 evaluation

The BBC's Geostats prototype (2010) detects censorship events by normalizing hourly traffic from two sources — a web-bug-based Livestats API and approximately 30GB/day of uncompressed Akamai streaming logs — alerting when traffic deviates ±60% from a rolling historical average keyed to hour-of-day and day-of-week. A key limitation identified is that CDN log files arrive up to 24 hours behind real-time, preventing timely detection of live blocking events.

2011-kathuria-bypassing §2.2–§2.3 evaluation

Over a 14-day evaluation in April 2011, CensMon tested 4,950 unique URLs from 2,500 domains across 174 agents in 33 countries, detecting 951 unique URLs from 193 domains as filtered. Manual verification of all 193 flagged domains found only 3 false positives, demonstrating high precision for an automated distributed monitor.

2011-sfakianakis-censmon §4.2 evaluation

The single Chinese PlanetLab node reported 176 censored domains — more than all other 173 agents combined. Turkey (6 domains), Jordan (5), and Hungary (1) were the only other countries with any detected filtering. 86% of agent nodes across 33 countries reported zero filtering events.

2011-sfakianakis-censmon §4.2, Table 2 evaluation

CensMon detected zero instances of partial web-page content filtering across 4,950 tested URLs during April 2011, indicating that censors at that time uniformly applied coarse-grained techniques — full URL block, IP blacklist, or DNS hijack — rather than inline content modification at the sub-page level.

2011-sfakianakis-censmon §4.2 evaluation

21% of all URLs that CensMon began tracking were found accessible on the very first re-probe, indicating initial inaccessibility was a transient network failure rather than censorship. The false-network-failure rate fell to near zero after 3 consecutive tracking attempts, providing a practical threshold for classifying persistent inaccessibility as filtering.

2011-sfakianakis-censmon §4.2, Figure 4 evaluation

Censorship mapping tools that detect filtering by probing blocked content create concentrated access patterns that are qualitatively different from normal user behavior, potentially exposing volunteers to scrutiny even in countries where individual access to filtered content would not ordinarily trigger enforcement action. The paper identifies this as a fundamental ethical tension intrinsic to any filtering measurement methodology.

2011-wright-fine-grained §5 policy

Latent semantic analysis applied to the Chinese-language Wikipedia (942,033 terms across 94,863 documents, k=600 rank reduction) discovered 122 previously unknown GFC-filtered keywords starting from only 12 seed concepts; each list of 2,500 candidate terms required 1.2–6.7 hours to probe, with an average of 3.5 hours.

2007-crandall-conceptdoppler §4.3 evaluation

Using a simple dialup connection, the CleanFeed oracle scan enumerated IP addresses at up to 98 addresses/second. At this rate, the ~8.3 million Russian IP addresses (the IWF reported 25% of known illegal sites were hosted in Russia) could be scanned in under 24 hours, and the full routable IPv4 space (32% of 2^32 addresses) in approximately 160 days. A suitable filtered dialup account was available for free, with phone costs under £15.

2006-clayton-failures §5.2 evaluation