Do You See What I See? Differential Treatment of Anonymous Users - - PowerPoint PPT Presentation

do you see what i see differential treatment of anonymous
SMART_READER_LITE
LIVE PREVIEW

Do You See What I See? Differential Treatment of Anonymous Users - - PowerPoint PPT Presentation

Nov 17, 2022 50 likes •544 views

Do You See What I See? Differential Treatment of Anonymous Users Sheharbano Khattak (University of Cambridge) David Fifield (UC Berkeley) Sadia Afroz (ICSI) Mobin Javed (UC Berkeley) Srikanth Sundaresan (ICSI) Vern Paxson (UC Berkeley,

slide-1
SLIDE 1

Do You See What I See? Differential Treatment of Anonymous Users

Sheharbano Khattak (University of Cambridge) David Fifield (UC Berkeley) Sadia Afroz (ICSI) Mobin Javed (UC Berkeley) Srikanth Sundaresan (ICSI) Vern Paxson (UC Berkeley, ICSI) Steven J. Murdoch (University College London) Damon McCoy (ICSI)

Modified from “Humanist Night” by Munguia

slide-2
SLIDE 2

abc.com

How Regular Users See the Web

slide-3
SLIDE 3

abc.com

How Tor Users See the Web

slide-4
SLIDE 4

Internet User-side Censorship abc.com

Difference w/ Traditional Censorship

slide-5
SLIDE 5

Internet Internet User-side Censorship Publisher-side Censorship abc.com abc.com

Difference w/ Traditional Censorship

slide-6
SLIDE 6

How Do Websites Block Tor?

abc.com

Entry Middle Exit

slide-7
SLIDE 7

How Do Websites Block Tor?

abc.com

Entry Middle Exit Publicly known

slide-8
SLIDE 8

Measuring Tor Blocking by the Web

  • Network layer blocking
  • Application layer blocking
slide-9
SLIDE 9

Network-layer Discrimination

slide-10
SLIDE 10

Does An IP Address Block Tor?

SYN (port 80) SYN (port 80) SYN-ACK RESET / NO RESPONSE

slide-11
SLIDE 11

Measuring Tor Blocking at Scale

Tor Exit Node Control Node Scan IPv4 Scan IPv4

  • IPv4 ~ over 3 billion addrs
  • 4 Tor Exit Nodes (USA, 


Romania, Netherlands)

  • 3 Control Nodes (Michigan,


Cambridge, Berkeley)

slide-12
SLIDE 12

..But What is The Web?

  • Web Footprint—a set of IP addresses that respond

successfully to our control scans on port 80 Web Footprint

Fraction that blocks Tor

slide-13
SLIDE 13

Challenges in Defining The Web

  • What if a probe or response is lost?

✤ Redundant probing

  • Temporal and spatial churn in the Web Footprint:

✤ Lax Web Footprint: IP addresses for which all control

nodes see a response at least once (~96% of Web Footprint)

✤ Strict Web Footprint: IP addresses for which all control

nodes received a successful response on all days (~50%

  • f Web Footprint)
slide-14
SLIDE 14

Challenges in Defining The Web

  • What if a probe or response is lost?

✤ Redundant probing

  • Temporal and spatial churn in the Web Footprint:

✤ Lax Web Footprint: IP addresses for which all control

nodes see a response at least once (~96% of Web Footprint)

✤ Strict Web Footprint: IP addresses for which all control

nodes receive a successful response on all days (~50%

  • f Web Footprint)
slide-15
SLIDE 15

At least 1.2% of the Web blocks Tor

slide-16
SLIDE 16

AS distribution of Top 5 Tor Blockers (Lax Footprint)

slide-17
SLIDE 17

AS distribution of Top 5 Tor Blockers (Strict Footprint)

slide-18
SLIDE 18

Geo Distribution of Top 5 ASes that do wholesale Tor blocking

slide-19
SLIDE 19

Application-layer Discrimination

slide-20
SLIDE 20

Does a Website Block Tor?

HTTP GET HTTP GET

slide-21
SLIDE 21

Does a Website Block Tor?

HTTP GET HTTP GET 200 OK Not 200

slide-22
SLIDE 22

Does a Website Block Tor?

HTTP GET HTTP GET 200 OK Not 200 Berkeley All Tor Exits (~900) Alexa Top 1000

slide-23
SLIDE 23

3.67% of Alexa Top 1k block Tor

slide-24
SLIDE 24
  • “You don’t have permission to 


access this website”

  • Shows CAPTCHA

3.67% of Alexa Top 1k block Tor

slide-25
SLIDE 25
slide-26
SLIDE 26
slide-27
SLIDE 27
slide-28
SLIDE 28
slide-29
SLIDE 29
slide-30
SLIDE 30
slide-31
SLIDE 31

How many of the ~900 Tor exits
 are blocked?

slide-32
SLIDE 32

pantip.com

  • lx.com.br

sears.com lowes.com jcpenney.com naukri.com gamespot.com milanuncios.com adme.ru e−hentai.org jumia.com.ng match.com wayfair.com target.com flickr.com hilton.com pinterest.com groupon.com r10.net 2ch.net neobux.com urdupoint.com kinogo.co elmogaz.com bomb01.com hclips.com hdfcbank.com hespress.com crunchyroll.com leagueoflegends.com likes.com conservativetribune.com subscene.com what−character−are−you.com clixsense.com almasryalyoum.com youm7.com yallakora.com primewire.ag 4chan.org feedly.com tubecup.com nmisr.com statcounter.com gfycat.com thepiratebay.mn elance.com thepiratebay.gd meetup.com sabq.org ashleymadison.com elaosboa.com 2ch−c.net ashleyrnadison.com vetogate.com change.org prntscr.com wikiwiki.jp glassdoor.com thepiratebay.la elwatannews.com el−balad.com gamepedia.com albawabhnews.com masrawy.com ijreview.com ptt01.cc elfagr.org agar.io topix.com infusionsoft.com extratorrent.cc upwork.com lapatilla.com zendesk.com buzzfil.net macys.com redfin.com barnesandnoble.com avito.ru foxnews.com bestbuy.com staples.com www.nike.com zara.com expedia.com craigslist.org asos.com airbnb.com ticketmaster.com adcash.com zappos.com 6pm.com retailmenot.com nordstrom.com kohls.com mercadolibre.com.ve trulia.com yelp.com

~20 of Alexa top 1k websites 
 block > 50% of the exits ~60 of Alexa top 1k websites 
 block < 25% of the exits

slide-33
SLIDE 33
  • Two flavours:

✤ Web services use Tor specific blacklist ✤ Block all the Tor exits ✤ Web services use abuse-based blocking ✤ Block only exits with high abuse rate

Why do exits get blocked?

slide-34
SLIDE 34

Which exits are likely to have high abuse rate?

  • Our hypothesis: high bandwidth and old age
slide-35
SLIDE 35

Which exits are likely to have high abuse rate?

  • Our hypothesis: high bandwidth and old age
  • No statistically significant effect!

✤ Except for few …

slide-36
SLIDE 36

Which exits are blocked? Old and high bandwidth

0% 3% 6% 9% 1% 0.01% 0.0001%

Exit probability Fraction of webpages blocked

Tor blocked by 4chan.org

slide-37
SLIDE 37

Which exits are blocked? Old and high bandwidth

0% 3% 6% 9% 1% 0.01% 0.0001%

Exit probability Fraction of webpages blocked

Tor blocked by change.org

slide-38
SLIDE 38

Akamai blocks most exits

0% 3% 6% 9% 1% 0.01% 0.0001%

Exit probability Fraction of webpages blocked

Tor blocked by bestbuy.com

slide-39
SLIDE 39
  • Google homepage was never blocked but searching

was blocked from 23-40% of the ~900 exits.

  • Homepage unblocked but blocked

activity

Response to https://www.google.com/#q=hello

slide-40
SLIDE 40
  • 42 exits were never blocked
  • Exits that were never blocked
slide-41
SLIDE 41
  • 42 exits were never blocked
  • Exits that were never blocked

Uptime of one of the 42 exits

slide-42
SLIDE 42

Historical Tor Blocking

  • Open Observatory Network Interference (OONI)

✤ Studies censorship in different countries ✤ Visits website through Tor and without Tor ✤ Over 2300 websites visited (Sep’14-Aug’15) explorer.ooni.io

slide-43
SLIDE 43

6.8% of 2300 websites blocked Tor

1% 2% 3% 4% Oct 2014 Nov Dec Jan 2015 Feb Mar Apr May Jun Jul Aug

Fraction of blocked requests

timeout CloudFlare all others

Tor blocking rate over time

slide-44
SLIDE 44
  • Convio: Not Implemented Tor IP not allowed
  • ezinearticles.com

Sites that explicitly block Tor

slide-45
SLIDE 45

Meanwhile at CloudFlare..

slide-46
SLIDE 46

Solution?

abc.com

  • Contextual awareness

  • Redesigning anonymity


networks

slide-47
SLIDE 47

Solution?

abc.com

  • Anonymous blacklisting

  • Redesigning automated 


abuse-based blocking

  • Contextual awareness

  • Redesigning anonymity


networks

slide-48
SLIDE 48
  • At least 1.2% of the Web block Tor (n/w)
  • At least 3.67% of Alexa top 1k sites block Tor (app)
  • Fine-grained discrimination?
  • Who else is subject to this kind of discrimination?

Summary

slide-49
SLIDE 49

Thanks

Q&A

  • Sheharbano.Khattak@cl.cam.ac.uk

sadia.afroz@berkeley.edu