I am grateful to those who offered me kindness or assistance in the course of my research: Angie Abbatecola; Barbara Goto; Nick Hopper; Lena Lau-Stewart; Heather Levien; Gordon Lyon; Deirdre Mulligan; Audrey Sillers; David Wagner; Philipp Winter, whose CensorBib is an invaluable resource; the Tor Project and the tor-dev and tor-qa mailing lists; OONI; the traffic-obf mailing list; the Open Technology Fund and the Freedom2Connect Foundation; and the SecML, BLUES, and censorship research groups at UC Berkeley. Thank you.

The opinions expressed herein are solely those of the author and do not necessarily represent any other person or organization.

Availability

Source code and information related to this document are available at https://www.bamsoftware.com/papers/thesis

Chapter 1
Introduction

1.1 Scope

Censorship is a big topic, and even adding the “Internet” qualifier makes it hardly less so. In order to deal with the subject in detail, I must limit the scope. The subject of this work is an important special case of censorship, which I call the “border firewall.” See Figure 1.1.

A client resides within a network that is entirely controlled by a censor. Within the controlled network, the censor may observe, modify, inject, or block any communication along any link. The client’s computer, however, is trustworthy and not controlled by the censor. The censor tries to prevent some subset of the client’s communication with the wider Internet, for instance by blocking those that discuss certain topics, that are destined to certain network addresses, or that use certain protocols. The client’s goal is to evade the censor’s controls and communicate with some destination that lies outside the censor’s network; successfully doing so is called circumvention. Circumvention means somehow safely traversing a hostile network, eluding detection and blocking. The censor does not control the network outside its border; it may send messages to the outside world, but it cannot control them after they have traversed the border.

This abstract model is a good starting point, but it is not the whole story. We will have to adapt it to fit different situations, sometimes relaxing and sometimes strengthening assumptions. For example, the censor may be weaker than assumed: it may observe only the links that cross the border, not those that lie wholly inside; it may not be able to fully inspect every packet; or there may be deficiencies or dysfunctions in its detection capabilities. Or the censor may be stronger: while not fully controlling outside networks, it may perhaps exert outside influence to discourage network operators from assisting in circumvention. The client may be limited, for technical or social reasons, in the software and hardware they can use. The destination may knowingly cooperate with the client’s circumvention effort, or may not. There are many possible complications, reflecting the messiness and diversity of dealing with real censors. Adjusting the basic model to reflect real-world actors’ motivations and capabilities is the heart of threat modeling. In particular, what makes circumvention possible at all is the censor’s motivation to block only some, but not all, of the incoming and outgoing communications—this assumption will be a major focus of the next chapter.

It is not hard to see how the border firewall model relates to censorship in practice. In a common case, the censor is the government of a country, and the limits of its controlled network correspond to the country’s borders. A government typically has the power to enforce laws and control network infrastructure inside its borders, but not outside. However this is not the only case: the boundaries of censorship do not always correspond to the border of a country. Content restrictions may vary across geographic locations, even within the same country—Wright et al. [202] identified some reasons why this might be. A good model for some places is not a single unified regime, but rather several autonomous service providers, each controlling and censoring its own portion of the network, perhaps coordinating with others about what to block and perhaps not. Another important case is that of a university or corporate network, in which the only outside network access is through a single gateway router, which tries to enforce a policy on what is acceptable and what is not. These smaller networks often differ from national- or ISP-level networks in interesting ways, for instance with regard to the amount of overblocking they are willing to tolerate, or the amount of computation they can afford to spend on each communication.

Here are examples of forms of censorship that are in scope:

• blocking IP addresses
• blocking specific network protocols
• blocking DNS resolution for certain domains
• blocking keywords in URLs
• parsing application-layer data (“deep packet inspection”)
• statistical and probabilistic traffic classification
• bandwidth throttling
• active scanning to discover the use of circumvention

Some other censorship-related topics that are not in scope include:

• domain takedowns (affecting all clients globally)
• server-side blocking (servers that refuse to serve certain clients)
• forum moderation and deletion of social media posts
• anything that takes place entirely within the censor’s network and does not cross the border
• deletion-resistant publishing in the vein of the Eternity Service [10] (what Köpsell and Hillig call “censorship resistant publishing systems” [120 §1]), except insofar as access to such services may be blocked

Parts of the abstract model are deliberately left unspecified, to allow for the many variations that arise in practice. The precise nature of “blocking” can take many forms, from packet dropping, to injection of false responses, to softer forms of disruption such as bandwidth throttling. Detection does not have to be purely passive. The censor may to do work outside the context of a single connection; for example, it may compute aggregate statistics over many connections, make lists of suspected IP addresses, and defer some analysis for offline processing. The client may cooperate with other parties inside and outside the censor’s network, and indeed almost all circumvention will require the assistance of a collaborator on the outside.

It is a fair criticism that the term “Internet censorship” in the title overreaches, given that I am talking only about one specific manifestation of censorship, albeit an important one. I am sympathetic to this view, and I acknowledge that far more topics could fit under the umbrella of Internet censorship. Nevertheless, for consistency and ease of exposition, in this document I will continue to use “Internet censorship” without further qualification to mean the border firewall case.

Chapter 2
Principles of circumvention

Chapter 3
Understanding censors

• blocking of specific IP addresses and ports
• control of default DNS servers
• blocking DNS queries
• injection of false DNS responses
• injection of TCP RSTs
• keyword filtering in unencrypted contents
• application protocol parsing (“deep packet inspection”)
• participation in a circumvention system as a client
• scanning to discover proxies
• throttling connections
• temporary total shutdowns

Chapter 4
Active probing

4.2 Types of probes

Our experiments confirmed the existence of known probe types from prior research, and new types that had not been documented before. Our observations of the known probe types were consistent with previous reports, with only minor differences in some details. We found, at varying times, these kinds of probes:

Tor

We found probing of the Tor protocol, as expected. The probes we observed in 2015, however, differed from those Wilde described in 2011, which proceeded as far as building a circuit. The ones we saw used less of the Tor protocol: after the TLS handshake they only queried the server’s version and disconnected. Also, in contrast to what Winter and Lindskog found in 2012, the probes were sent immediately after a connection, not batched to a multiple of 15 minutes.

obfs2

The obfs2 protocol is meant to look like a random stream, but it has a weakness that makes it trivial to identify, passively and retroactively, needing only the first 20 bytes sent by the client. We turned the weakness of obfs2 to our advantage. It allowed us to distinguish obfs2 from other random-looking payloads, isolating a set of connections that could belong only to legitimate circumventors or to active probers.

obfs3

The obfs3 protocol is also meant to look like a random stream; but unlike obfs2, it is not trivially identifiable passively. It is not possible to retroactively recognize obfs3 connections (from, say, a packet capture) with certainty: sure classification requires active participation in the protocol. In some of our experiments, we ran an obfs3 server that was able to participate in the handshake and so confirm that the protocol really was obfs3. In the passive log analysis, we labeled “obfs3” any probes that looked random but were not obfs2.

SoftEther

We unexpectedly found evidence of probe types other than Tor-related ones. One of these was an HTTPS request:

POST /vpnsvc/connect.cgi HTTP/1.1
Connection: Keep-Alive
Content-Length: 1972
Content-Type: image/jpeg

GIF89a...

Both the path “/vpnsvc/connect.cgi”, and the body being a GIF image despite having a Content-Type of “image/jpeg”, are characteristic of the client handshake of the SoftEther VPN software that underlies the VPN Gate circumvention system [144].

AppSpot

This type of probe is also an HTTPS request:

GET / HTTP/1.1
Accept-Encoding: identity
Connection: close
Host: webncsproxyXX.appspot.com
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36

where the ‘XX’ is a number that varies. The intent of this probe seems to be the discovery of servers that are capable of domain fronting for Google services, including Google App Engine, which runs at appspot.com. (See Chapter 6 for more on domain fronting.) At one time, there were simple proxies running at webncsproxyXX.appspot.com.

urllib

This probe type is new since our 2015 paper. I discovered it while re-analyzing my server logs in order to update Figure 4.3. It is a particular request that was sent over both HTTP and HTTPS:

GET / HTTP/1.1
Accept-Encoding: identity
Host: 69.164.193.231
Connection: close
User-Agent: Python-urllib/2.7

The urllib requests are unremarkable except for having been sent from an IP address that at some other time send another kind of active probe. The User-Agent “Python-urllib/2.7” and appears many other places in my logs, not in an active probing context. I cannot guess what this probe’s purpose may be, except to observe that Nobori and Shinjo also caught a “Python-urllib” client scraping the VPN Gate server list [144 §6.3].

These probe types are not necessarily exhaustive. The purpose of the random “garbage” probes is still not known; they were not obfs2 and were too early to be obfs3, so they must have had some other purpose.

Most of our experiments were designed around exploring known Tor-related probe types: plain Tor, obfs2, and obfs3. The server log analysis, however, unexpectedly turned up the other probe types. The server log data set consisted of application-layer logs from my personal web and mail server, which was also a Tor bridge. Application-layer logs lack much of the fidelity you would normally want in a measurement experiment; they do not have precise timestamps or transport-layer headers, for example, and web server logs truncate the client’s payload at the first ‘\0’ or ‘\n’ byte. But they make up for that with time coverage. Figure 4.3 shows the history of probes received at my server since 2013 (there were no probes before that, though the logs go back to 2010). We began by searching the logs for definite probes: those that were classifiable as obfs2 or otherwise looked like random garbage. Then we looked for what else appeared in the logs for the IP addresses that had, at any time, sent a probe. In a small fraction of cases, the other logs lines appeared to be genuine HTTP requests from legitimate clients; but usually they were other probe-like payloads. We continued this process, adding new classifiers for likely probes, until reaching a fixed point with the probe types described above.

4.3 Probing infrastructure

The most striking feature of active probes is the large number of source addresses from which they are sent, or appear to be sent. The 13,089 probes received by the HTTP and HTTPS ports of my server came from 11,907 distinct IP addresses, representing 47 /8 networks and 26 autonomous systems. 96% of the addresses appeared only once. There is one extreme outlier, the address 202.108.181.70, which by itself accounted for 2% of the probes. (Even this substantial fraction stands in contrast to previous studies, where that single IP address accounted for roughly half the probes [199 §4.5.1].) Among the address ranges are ones belonging to residential ISPs.

Despite the many source addresses, the probes seems to be managed by only a few underlying processes. The evidence for this lies in shared patterns in metadata: TCP initial sequence numbers and TCP timestamps. Figure 4.4 shows clear patterns in TCP timestamps, from about six months during which we ran a full packet capture on my web server, in addition to application-layer logging.

We tried connecting back to the source address of probes. Immediately after receiving a probe, the probing IP address would be completely unresponsive to any stimulus we could think to apply. In some cases though, within an hour the address became responsive. The responsive hosts looked like what you would expect to find if you scanned such address ranges, with a variety of operating systems and open ports.

Chapter 5
Time delays in censors’ reactions

5.2 Results from China

We had access to probe sites in China for just over a year, from December 2015 to January 2017. Due to the difficulty of getting access to hosts in China, we used four different IP addresses (all in the same autonomous system) at different points in time. The times during which we had control of each IP address partially overlap, but there is a 21-day gap in the measurements during August 2016.

Our observations in China turned up several interesting behaviors of the censor. Throughout this section, refer to Figure 5.2, which shows the timeline of reachability of every bridge, in context with dates related to tickets and releases. Circled references in the text (ⓐ, ⓑ, etc.) refer to marked points in the figure. A “batch” is a set of Tor Browser releases that all contained the same default bridges.

The most significant single event—covered in detail in Section 5.2.7—was a change in the censor’s detection and blocking strategy in October 2016. Before that date, blocking was port-specific and happened only after the “public release” stage. After, bridges began to be blocked on all ports simultaneously, and were blocked soon after the “ticket merged” stage. We believe that this change reflects a shift in how the censor discovered bridges, a shift from running the finished software to see what addresses it accesses, to extracting the addresses from source code. More details and evidence appear in the following subsections.

5.2.1 Per-port blocking

In the first few release batches, the censor blocked individual ports, not an entire IP address. For example, see point ⓐ in Figure 5.2: after ndnop3:24215 was blocked, we opened ndnop3:10527 on the same IP address. The alternate port remained reachable until it, too, was blocked in the next release batch. We used this technique of rotating ports in several release batches.

Per-port blocking is also evident in the continued reachability of non-bridge ports. For example, many of the bridges had an SSH port open, in addition to their obfs4 ports. After riemann:443 (obfs4) was blocked (point ⓒ in Figure 5.2), riemann:22 (SSH) remained reachable for a further nine months, until it was finally blocked at point ⓜ. Per-port blocking would give way to whole-IP blocking in October 2016.

5.2.2 Blocking only after public release

In the first six batches, blocking occurred only after public release—despite the fact that the censor could potentially have learned about and blocked the bridges in an earlier stage. In the 5.5.5/6.0a5/6.0 batch, the censor even seems to have missed the 5.5.5 and 6.0a5 releases (point ⓔin Figure 5.2), only blocking after the 6.0 release, 36 days later. This observation hints that, before October 2016 anyway, the censor was somehow extracting bridge addresses from the release packages themselves. In subsections 5.2.3 and 5.2.6 we present more evidence that supports the hypothesis that the censor extracted bridge addresses only from public releases, not reacting at any earlier phase.

An evident change in blocking technique occurred around October 2016 with the 6.0.6/6.5a4 batch, when for the first time bridge were blocked before a public or testing release was available. The changed technique is the subject of Section 5.2.7.

5.2.3 Simultaneous blocking of all bridges in a batch

The first five blocking incidents were single events: when a batch contained more than one bridge, all were blocked at the same time; that is, within one of our 20-minute probing periods. These incidents appear as crisp vertical columns of blocking icons in Figure 5.2, for example at point ⓒ. This fact supports the idea that the censor discovered bridges by examining released executables directly, and did not, for example, detect bridges one by one by examining network traffic.

The 6.0.5/6.5a3 batch is an exception to the pattern of simultaneous blocking. In that batch, one bridge (LeifEricson:50000) was already blocked, three were blocked simultaneously as in the previous batches, but two others (GreenBelt:5881 and Azadi:4319) were temporarily unscathed. At the time, GreenBelt:5881 was experiencing a temporary outage—which could explain why it was not blocked—but Azadi:4319 was operational. This specific case is discussed further in Section 5.2.6.

5.2.4 Variable delays before blocking

During the time when the censor was blocking bridges simultaneously after a public release, we found no pattern in the length of time between the release and the blocking event. The blocking events did not seem to occur after a fixed length of time, nor did they occur on the same day of the week or at the same time of day. The delays were 7, 2, 18, 10, 35, and 6 days after a batch’s first public release—up to 57 days after the filing of the first ticket. Recall from Section 4.3 that the firewall was even at that time capable of detecting and blocking secret bridges within minutes. Delays of days or weeks stand out in contrast.

5.2.5 Inconsistent blocking and failures of blocking

There is a conspicuous on–off pattern in the reachability of certain bridges from China, for example in ndnop3:24215 throughout February, March, and April 2016 (point ⓑ in Figure 5.2). Although the censor no doubt intended to block the bridge fully, 47% of connection attempts were successful during that time. On closer inspection, we find that the pattern is roughly periodic with a period of 24 hours. The pattern may come and go, for example in riemann:443 before and after March 27, 2016. The predictable daily variation in reachability rates makes us think that, at least at the times under question, the Great Firewall’s effectiveness was dependent on load—varying load at different times of day leads to varying bridge reachability.

Beyond the temporary reachability of individual bridges, we also see what are apparent temporary failures of firewall, making all bridges reachable for hours or days at a time. Point ⓓ in Figure 5.2marks such a failure. All the bridges under test, including those that had already been blocked, became available between 10:00 and 18:00 UTC on March 27, 2016. Further evidence that these results indicate a failure of the firewall come from a press report [101] that Google services—normally blocked in China—were also unexpectedly available on the same day, from about 15:30 to 17:15 UTC.A similar pattern appears across all bridges for nine hours starting on June 28, 2016 at 17:40 UTC.

After the switch to whole-IP blocking, there are further instances of spotty and inconsistent censorship, though of a different nature. Several cases are visible near point ⓙ in Figure 5.2. It is noteworthy that not all ports on a single host are affected equally. For example, the blocking of GreenBelt is inconsistent on ports 5881 and 12166, but it is solidly blocked on ports 80, 443, 7013, and 60873. Similarly, Mosaddegh’s ports 1984 and 15937 are intermittently reachable, in the exact same pattern, while ports 80, 443, 2934, and 9332 remain blocked. These observations lead us to suspect a model of two-tiered blocking: one tier for per-port blocking, and a separate tier for whole-IP blocking. If there were a temporary failure of the whole-IP tier, any port not specifically handled by the per-port tier would become reachable.

5.2.6 Failure to block all new bridges in a batch

The 6.0.5/6.5a2 release batch was noteworthy in several ways. Its six new bridges were all fresh ports on already-used IP addresses. For the first time, not all bridges were blocked simultaneously. Only three of the bridges—Mosaddegh:2934, MaBishomarim:2413, and JonbesheSabz:1894—were blocked in a way consistent with previous release batches. Of the other three:

• LeifEricson:50000 had been blocked since we began measuring it. The LeifEricson IP address is one of the oldest in the browser. We suspect the entire IP address had been blocked at some point. We will have more to say about LeifEricson in Section 5.2.8.
• GreenBelt:5881 (point ⓕ) was offline at the time when other bridges in the batch were blocked. We confirmed this fact by talking with the bridge operator and through control measurements: the narrow band in Figure 5.2 shows that connection attempts were timing out not only from China, but also from the U.S. The bridge became reachable again from China as soon as it came back online.
• Azadi:4319 (point ⓖ), in contrast, was fully operational at the time of the other bridges’ blocking, and the censor nevertheless failed to block it.

We take from the failure to block GreenBelt:5881 and Azadi:5881 that the censor, as late as September 2016, was most likely not discovering bridges by inspecting the bridge configuration file in the source code, because if it had been, it would not have missed two of the bridges in the list. Rather, we suspect that the censor used some kind of network-level analysis—perhaps running a release of Tor Browser in a black-box fashion, and making a record of all addresses it connected to. This would explain why GreenBelt:5881 was not blocked (it couldn’t be connected to while the censor was harvesting bridge addresses) and could also explain why Azadi:4319 was not blocked (Tor does not try every bridge simultaneously, so it simply may not have tried to connect to Azadi:4319 in the time the censors allotted for the test). It is consistent with the observation that bridges were not blocked before a release: the censor’s discovery process needed a runnable executable.

Azadi:4319 remained unblocked even after an additional port on the same host was blocked in the next release batch. This tidbit will enable us, in the next section, to fairly narrowly locate the onset of bridge discovery based on parsing the bridge configuration file in October 2016.

5.2.7 A switch to blocking before release

The 6.0.6/6.5a4 release batch marked two major changes in the censor’s behavior:

1. For the first time, newly added bridges were blocked before a release. (Not counting LeifEricson, an old bridge which we had never been able to reach from China.)
2. For the first time, new blocks affected more than one port. (Again not counting LeifEricson.)

The 6.0.6/6.5a4 batch contained eight new bridges. Six were new ports on previously used IP addresses (including LeifEricson:50001, which we expected to be already blocked, but included for completeness). The other two—Lisbeth:443 and NX01:443—were fresh IP addresses. However one of the new bridges, NX01:443, had a twist: we left it commented out in the bridge configuration file, thus:

pref(..., "obfs4 192.95.36.142:443 ...");
// Not used yet
// pref(..., "obfs4 85.17.30.79:443 ...");

Six of the bridges—all but the exceptional LeifEricson:50000 and NX01:443—were blocked, not quite simultaneously, but within 13 hours of each other (see point ⓗ in Figure 5.2). The blocks happened 14 days (or 22 days in the case of Lisbeth:443 and NX01:443) after ticket merge, and 27 days before the next public release.

We hypothesize that this blocking event indicates a change in the censor’s technique, and that in October 2016 the Great Firewall began to discover bridge addresses either by examining newly filed tickets, or by inspecting the bridge configuration file in the source code. A first piece of evidence for the hypothesis is that the bridges were blocked at a time when they were present in the bridge configuration file, but had not yet appeared in a release. The presence of the never-before-seen Lisbeth:443 in the blocked set removes the possibility that the censor spontaneously decided to block additional ports on IP addresses it already knew about, as does the continued reachability of certain blocked bridges on further additional ports.

A second piece of evidence comes from a careful scrutiny of the timelines of the Azadi:4319 and Azadi:6041 bridges. As noted in Section 5.2.6, Azadi:4316 had unexpectedly been left unblocked in the previous release batch, and it remained so, even after Azadi:6041 was blocked in this batch.

7	September	Azadi:4319 enters the source code
16	September	Azadi:4319 appears in public release 6.0.5
6	October	Azadi:4319 is deleted from the source code, and Azadi:6041 is added
20	October	Azadi:6041 (among others) is blocked
15	November	Azadi:6041 appears in public release 6.0.6

The same ticket that removed Azadi:4319 on October 6 also added Azadi:6041. On October 20 when the bridges were blocked, Azadi:4319 was gone from the bridge configuration file, having been replaced by Azadi:6041. It appears that the yet-unused Azadi:6041 was blocked merely because it appeared in the bridge configuration file, even though it would have been more beneficial to the censor to instead block the existing Azadi:4319, which was still in active use.

The Azadi timeline enables us to locate fairly narrowly the change in bridge discovery techniques. It must have happened during the two weeks between October 6 and October 20, 2016. It cannot have happened before October 6, because at that time Azadi:4319 was still listed, which would have gotten it blocked. And it cannot have happened after October 20, because that is when bridges listed in the file were first blocked.

A third piece of evidence supporting the hypothesis that the censor began to discover bridges through the bridge configuration file is its treatment of the commented-out bridge NX01:443. The bridge was commented out in the 6.0.6/6.5a4 batch, in which it remained unblocked, and uncommented in the following 6.0.8/6.5a6 batch. The bridge was blocked four days after the ticket uncommenting it was merged, which was still 11 days before the public release in which it was to have become active (see point ⓘ in Figure 5.2).

5.2.8 The onset of whole-IP blocking

The blocking event of October 20, 2016 was noteworthy not only because it occurred before a release, but also because it affected more than one port on some bridges. See point ⓗ in Figure 5.2. When GreenBelt:7013 was blocked, so were GreenBelt:5881 (which had escaped blocking in the previous batch) and GreenBelt:12166 (which was awaiting deployment in the next batch). Similarly, when MaBishomarim:7920 and JonbesheSabz:4148 were blocked, so were the Orbot-reserved MaBishomarim:1984 and JonbesheSabz:1984 (point ⓚ), ending an eight-month unblocked streak.

The blocking of Mosaddegh:9332 and Azadi:6041 also affected other ports, though after a delay of some days. We do not have an explanation for why some multiple-port blocks took effect faster than others. The SSH port riemann:22 was blocked at about the same time (point ⓜ), 10 months after the corresponding obfs4 port riemann:443 had been blocked; there had been no changes to the riemann host in all that time. We suspected that the Great Firewall might employ a threshold scheme: once a certain number of individual ports on a particular IP address have been blocked, go ahead and block the entire IP address. But riemann with its single obfs4 port is a counterexample to that idea.

The Great Firewall has been repeatedly documented to block individual ports (or small ranges of ports), for example in 2006 by Clayton et al. [31 §6.1], in 2012 by Winter and Lindskog [199 §4.1], and in 2015 by Ensafi et al. [60 §4.2]. The onset of all-ports blocking is therefore somewhat surprising. Worth nothing, though, is that Wang et al. [189 §7.3], in another test of active probing in May 2017, also found that newly probed bridges became blocked on all ports. The change we saw in October 2016 may therefore be a sign of a more general change in tactics.

This was the first time we saw blocking of multiple ports on bridges that had been introduced during our measurements. LeifEricson may be an example of the same phenomenon happening in the past, before we even began our experiment. The host LeifEricson had, since February 2014, been running bridges on multiple ports, and obfs4 on port 41213 since October 2014. LeifEricson:41213 remained blocked (except intermittently) throughout the entire experiment (see point ⓛ in Figure 5.2). We asked its operator to open additional obfs4 ports so we could rotate through them in successive releases; when we began testing them on August 30, 2016, they were all already blocked. To confirm, on October 4 we asked the operator privately to open additional, randomly selected ports, and they too were blocked, as was the SSH port 22.

In Section 5.2.5, we observed that ports that had been caught up in whole-IP blocking exhibited different patterns of intermittent reachability after blocking, than did those ports that had been blocked individually. We suspected that a two-tiered system made certain ports double-blocked—blocked both by port and by IP address—which would make their blocking robust to a failure of one of the tiers. The same pattern seems to happen with LeifEricson. The newly opened ports 50000, 50001, and 50002 share brief periods of reachability in September and October 2016, but port 41213 during the same time remained solidly down.

5.2.9 No discovery of Orbot bridges

Orbot, the version of Tor for Android, also includes default bridges. It has its own bridge configuration file, similar to Tor Browser’s, but in a different format. Most of Orbot’s bridges are borrowed from Tor Browser, so when a bridge gets blocked, it is blocked for users of both Orbot and Tor Browser.

There were, however, a few bridges that were used only by Orbot (see the “Orbot bridges” batch in Figure 5.2). They were only alternate ports on IP addresses that were already used by Tor Browser, but they remained unblocked for over eight months, even as the ports used by Tor Browser were blocked one by one. The Orbot-only bridges were finally blocked—see point ⓚ in Figure 5.2—as a side effect of the whole-IP blocking that began in October 2016 (Section 5.2.8). (All of the Orbot bridges suffered outages, as Figure 5.2 shows, but they were the result of temporary misconfigurations, not blocking. They were unreachable during those outages from the control site as well.)

These results show that whatever mechanism the censor had for discovering and blocking the default bridges of Tor Browser, it lacked for discovering and blocking those of Orbot. Again we have a case of our assumptions not matching reality—blocking that should be easy to do, and yet is not done. A lesson is that there is a benefit to some degree of compartmentalization between sets of default bridges. Even though they are all, in theory, equally easy to discover, in practice the censor has to build separate automation for each set.

5.2.10 Continued blocking of established bridges

We monitored some bridges that were already established and had been distributed before we began our experiments. As expected, they were already blocked at the beginning, and remained so (point ⓛin Figure 5.2).

5.2.11 No blocking of unused bridges

As a control measure, we reserved a bridge in secret. ndnop4:27668 (see point ⓝ in Figure 5.2) was not published, neither in Tor Browser’s bridge configuration file, nor in BridgeDB. As expected, it was never blocked.

5.3 Results from Iran

We had a probe site in Iran from December 2015 to June 2016, a virtual private server, which a personal contact could only provide for us for a limited time.

In contrast to the situation in China, in Iran we found no evidence of blocking. See Figure 5.3. Although there were timeouts and refused connections, they were the result of failures at the bridge side, as confirmed by a comparison with control measurements. This, despite the fact that Iran is a notorious censor [14], and has in the past blocked Tor directory authorities [7].

It seems that Iran has overlooked the blocking of default bridges. Tor Metrics shows thousands of simultaneous bridge users in Iran since 2014 [178], so it is unlikely that the bridges were simply blocked in a way that our probing script could not detect. However, in Kazakhstan we did find such situation, with bridges being effectively blocked despite the firewall allowing TCP connections to them.

5.4 Results from Kazakhstan

We had a single probe site in Kazakhstan between December 2016 and May 2017. It was a VPN node with IP address 185.120.77.110 . It was in AS 203087, which belongs to GoHost.kz, a Kazakh hosting provider. The flaky VPN connection left us with two extended gaps in measurements.

The bridge blocking in Kazakhstan had a different nature than that which we observed in China. Refer to Figure 5.4: every measurement agreed with the control site, with the sole exception of LeifEricson:41213 (not shown), which was blocked as it had been in China. However there had been reports of the blocking of Tor and pluggable transports since June 2016 [88 §obfs blocking]. The reports stated that the TCP handshake would succeed, but the connection would stall (with no packets received from the bridge) a short time after the connection was underway.

We deployed an additional probing script in Kazakhstan. This one tried not only to make a TCP connection, but also establish a full obfs4 connection and build a Tor circuit. Tor reports its connection progress as a “bootstrap” percentage: progression from 0% to 100% involves first making an obfs4 connection, then downloading directory information and the consensus, and finally building a circuit. Figure 5.5 shows the results of the tests. What we found was consistent with reports: despite being reachable at the TCP layer, some bridges would fail bootstrapping at 10% (e.g., Mosaddegh:80 and GreenBelt:80) or 25% (e.g., Mosaddegh:443 and GreenBelt:443). For three of the bridges (Mosaddegh:9332, Lisbeth:443, and NX01:443) we caught the approximate moment of blocking. Initially they bootstrapped to 100% and agreed with the control, but later they reached only 25% and disagreed with the control. Incidentally, these results suggest that Kazakhstan, too, blocks on a per-port basis, because for a time Mosaddegh:80 and Mosaddegh:443 were blocked while Mosaddegh:9332 was unblocked. Two more bridges (cymrubridge31:80 and cymrubridge33:80) remained unblocked.

ndnop3:10527 and ndnop5:13764, in the 5.5/6.0a1 batch, are a special case. Their varying bootstrap percentages were caused by a misconfiguration on the bridge itself (a file descriptor limit was set too low). Even from the control site in the U.S., connections would fail to bootstrap to 100% about 35% of the time. Still, it appears that both bridges were also blocked in Kazakhstan, because from the control site the bootstrap percentage would oscillate between 10% and 100%; while from Kazakhstan it would oscillate between 10% to 25%.

The bridges in the 6.0.6/6.5a4 and 6.0.8/6.5a6 batches were blocked on or around January 26, 2017. This sets the blocking delay at either 71 or 43 days after public release, depending on which release you compare against.

Chapter 6
Domain fronting

• the DNS query
• the client’s TLS Server Name Indication (SNI) extension [59 §3]
• the server’s TLS certificate [42 §7.4.2]

• the HTTP Host header [65 §5.4]

6.2 A pluggable transport for Tor

I am the main author and maintainer of meek, a pluggable transport for Tor based on domain fronting. meek uses domain-fronted HTTP POST requests as the primitive operation to send or receive chunks of data up to a few kilobytes in size. The intermediate CDN receives domain-fronted requests and forwards them to a Tor bridge. Auxiliary programs on the client and the bridge convert the sequence of HTTP requests to the byte stream expected by Tor. The Tor processes at either end are oblivious to the domain-fronted that is going on between them. Figure 6.2 shows how the components and protocol layers interact.

When the client has something to send, it issues a POST request with data in the body; the server sends data back in the body of its responses. HTTP/1.1 does not provide a way for a server to preemptively push data to a client, so the meek server buffers its outgoing data until it receives a request, then includes the buffered data in the body of the HTTP response. The client must poll the server periodically, even when it has nothing to send, to give the server an opportunity to send back whatever buffered data it may have. The meek server must handle multiple simultaneous clients. Each client, at the beginning of a session, generates a random session identifier string and sends it with its requests in a special X-Session-Id HTTP header. The server maintains separate connections to the local Tor process for each session identifier. Figure 6.3 shows a sequence of requests and responses.

meek client		meek server
POST / HTTP/1.1 Host: forbidden.example X-Session-Id: cbIzfhx1Hn+ Content-Length: 517 \x16\x03\x01\x02...	→
	←	HTTP/1.1 200 OK Content-Length: 739 \x16\x03\x03\x00...
POST / HTTP/1.1 Host: forbidden.example X-Session-Id: cbIzfhx1Hn+ Content-Length: 0	→
	←	HTTP/1.1 200 OK Content-Length: 75 \x14\x03\x03\x00...

Even with domain fronting to hide the destination request, a censor may try to distinguish circumventing HTTPS connections by their TLS fingerprint. TLS implementations have a lot of latitude in composing their handshake messages, enough that it is possible to distinguish different TLS implementations through passive observation. For example, the Great Firewall used Tor’s TLS fingerprint for detection as early as 2011 [48]. For this reason, meek strives to make its TLS fingerprint look like that of a browser. It does this by relaying its HTTPS requests through a local headless browser (which is completely separate from the browser that the user interacts with).

meek first appeared in Tor Browser in October 2014 [153], and continues in operation to the present. It is Tor’s second-most-used transport (behind obfs4) [176]. The next section is a detailed history of its deployment.

6.3 An unvarnished history of meek deployment

Fielding a circumvention system and keeping it running is full of unexpected challenges. At the time of the publication of the domain fronting paper [89] in 2015, meek had been deployed for only a year and a half. Here I will recount the history of the project from its inception to the present, a period of four years. As the main developer and project leader, I have a unique perspective that I hope to share. As backdrops to the narrative, Figure 6.4 shows the estimated concurrent number of users of meek over its existence, and Table 6.5 shows the monthly cost to run it.

		Google	Amazon	Azure	total
2014	Jan	$0.00	—	—	$0.00
	Feb	$0.09	—	—	$0.09
	Mar	$0.00	—	—	$0.00
	Apr	$0.73	—	—	$0.73
	May	$0.69	—	—	$0.69
	Jun	$0.65	—	—	$0.65
	Jul	$0.56	$0.00	—	$0.56
	Aug	$1.56	$3.10	—	$4.66
	Sep	$4.02	$4.59	$0.00	$8.61
	Oct	$40.85	$130.29	$0.00	$171.14
	Nov	$224.67	$362.60	$0.00	$587.27
	Dec	$326.81	$417.31	$0.00	$744.12
2014	total	$600.63	$917.89	$0.00	$1,518.52
		Google	Amazon	Azure	total
2015	Jan	$464.37	$669.02	$0.00	$1,133.39
	Feb	$650.53	$604.83	$0.00	$1,255.36
	Mar	$690.29	$815.68	$0.00	$1,505.97
	Apr	$886.43	$785.37	$0.00	$1,671.80
	May	$871.64	$896.39	$0.00	$1,768.03
	Jun	$601.83	$820.00	$0.00	$1,421.83
	Jul	$732.01	$837.08	$0.00	$1,569.09
	Aug	$656.76	$819.59	$154.89	$1,631.24
	Sep	$617.08	$710.75	$490.58	$1,818.41
	Oct	$672.01	$110.72	$300.64	$1,083.37
	Nov	$602.35	$474.13	$174.18	$1,250.66
	Dec	$561.29	$603.27	$172.60	$1,337.16
2015	total	$8,006.59	$8,146.83	$1,292.89	$17,446.31
		Google	Amazon	Azure	total
2016	Jan	$771.17	$1,581.88	$329.10	$2,682.15
	Feb	$986.39	$977.85	$445.83	$2,410.07
	Mar	$1,079.49	$865.06	$534.71	$2,479.26
	Apr	$1,169.23	$1,074.25	$508.93	$2,752.41
	May	$525.46	$1,097.46	$513.56	$2,136.48
	Jun	—	$1,117.67	$575.50	$1,693.17
	Jul	—	$1,121.71	$592.47	$1,714.18
	Aug	—	$1,038.62	$607.13	$1,645.75
	Sep	—	$932.22	$592.92	$1,525.14
	Oct	—	$1,259.19	$646.00	$1,905.19
	Nov	—	$1,613.00	$597.76	$2,210.76
	Dec	—	$1,569.84	$1,416.10	$2,985.94
2016	total	$4,531.74	$14,248.75	$7,360.01	$26,140.50
		Google	Amazon	Azure	total
2017	Jan	—	$1,550.19	$1,196.28	$2,746.47
	Feb	—	$1,454.68	$960.01	$2,414.69
	Mar	—	$2,298.75	?	$2,298.75+
	Apr	—	?	?	?
	May	—	?	?	?
	Jun	—	?	?	?
	Jul	—	?	?	?
	Aug	—	?	?	?
	Sep	—	?	?	?
	Oct	—	?	?	?
	Nov	—	?	?	?
2017	total	—	$5,303.62+	$2,156.29+	$7,459.91+
grand total		$13,138.96	$28,617.09+	$10,809.19+	$52,565.24+

2013: Precursors; prototypes

The prehistory of meek begins in 2013 with flash proxy [84], a circumvention system built around web browser–based proxies. Flash proxy clients need a secure rendezvous, a way to register their address to a central facilitator, so that flash proxies may connect back to them. Initially there were only two means of registration: flashproxy-reg-http, which sent client registrations as HTTP requests; and flashproxy-reg-email, which sent client registrations to a distinguished email address. We knew that flashproxy-reg-http was easily blockable; flashproxy-reg-email had good blocking resistance but was somewhat slow and complicated, requiring a server to poll for new messages. At some point, Jacob Appelbaum showed me an example of using domain fronting—though we didn’t have a name for it then—to access a simple HTML-rewriting proxy based on Google App Engine. I eventually realized that the same trick would work for flash proxy rendezvous. I proposed a design [21] in May 2013 and within a month Arlo Breault had written flashproxy-reg-appspot, which worked just like flashproxy-reg-http, except that it fronted through www.google.com rather than contacting the registration server directly. The fronting-based registration became flash proxy’s preferred registration method, being faster and simpler than the email-based one.

The development of domain fronting, from a simple rendezvous technique to a full-fledged bidirectional transport, seems slow in retrospect. All the pieces were there; it was a matter of putting them together. I did not immediately appreciate the potential of domain fronting when I first saw it. Even after the introduction of flashproxy-reg-appspot, months passed before the beginning of meek. The whole idea behind flash proxy rendezvous is that the registration channel can be of low quality—unidirectional, low-bandwidth, and high-latency—because it is only used to bootstrap into a more capable channel (WebSocket, in flash proxy’s case). Email fits this model well: not good for a general-purpose channel, but just good enough for rendezvous. The fronting-based HTTP channel, however, was more capable than needed for rendezvous, being bidirectional and reasonably high-performance. Rather than handing off the client to a flash proxy, it should be possible to carry all the client’s traffic through the same domain-fronted channel. It was around this time that I first became aware of the circumvention system GoAgent through the “Collateral Freedom” [163] report of Robinson et al. GoAgent used an early form of domain fronting, issuing HTTP requests directly from a Google App Engine server. According to the report, GoAgent was the most used circumvention tool among a group of users in China. I read the source code of GoAgent in October 2013 and wrote ideas about writing a similar pluggable transport [73], which would become meek.

I dithered for a while over what to call the system I was developing. Naming things is the worst part of software engineering. My main criteria were that the name should not sound macho, and that it should be easier to pronounce than “obfs.” I was self-conscious that the idea at the core of the system, domain fronting was a simple one and easy to implement. Not wanting to oversell it, I settled on the name “meek,” in small letters for extra meekness.

I lost time in the premature optimization of meek’s network performance. I was thinking about the request–response nature of HTTP, and how requests and responses could conceivably arrive out of order (even if reordering was unlikely to occur in practice, because of keepalive connections and HTTP pipelining). I made several attempts at a TCP-like reliability and sequencing layer, none of which were satisfactory. I wrote a simplified experimental prototype called “meeker,” which simply prepended an HTTP header before the client and server streams, but meeker only worked for direct connections, not through an HTTP-aware intermediary like App Engine. When I explained these difficulties to George Kadianakis in December 2013, he advised me to forget the complexity and implement the simplest thing that could work, which was good advice. I started implementing a version that strictly serialized HTTP requests and responses.

2014: Development; collaboration; deployment

According to the Git revision history, I started working on the source code of meek proper on January 26, 2014. I made the first public announcement on January 31, 2014, in a post to the tor-dev mailing list titled “A simple HTTP transport and big ideas” [66]. (If the development time seems short, it’s only because months of prototypes and false starts cleared the way.) In the post, I linked to the source code, described the protocol, and explained how to try it, using an App Engine instance I set up shortly before. At this time there was no web browser TLS camouflage, and only App Engine was supported. I was not yet using the term “domain fronting.” The big ideas of the title were as follows: we could run one big public bridge rather than relying on multiple smaller bridges as other transports did; a web server with a PHP “reflector” script could take the place of a CDN, providing a diversity of access points even without domain fronting; we could combine meek with authentication and serve a 404 to unauthenticated users; and Cloudflare and other CDNs are alternatives to App Engine. We did end up running a public bridge for public benefit (and later worrying over how to pay for it), and deploying on platforms other than App Engine (with Tor we use other CDNs, but not Cloudflare specifically). Arlo Breault would write a PHP reflector, though there was never a repository of public meek reflectors as there were for other types of Tor bridges. Combining meek with authentication never happened; it was never needed for our public domain-fronted instances because active probing doesn’t help the censor in those cases anyway.

During the spring 2014 semester (January–May) I was enrolled in Vern Paxson’s Internet/Network Security course along with fellow student Chang Lan. We made the development and security evaluation of meek our course project. During this time we built browser TLS camouflage extensions, tested and polished the code, and ran performance tests. Our final report, “Blocking-resistant communication through high-value web services,” became the kernel of our later research paper.

I began the process of getting meek integrated into Tor Browser in February 2014 [85]. The initial integration would be completed in August 2014. In the intervening time, along with much testing and debugging, Chang Lan and I wrote browser extensions for Chrome and Firefox in order to hide the TLS fingerprint of the base meek client. I placed meek’s code in the public domain (Creative Commons CC0 [34]) on February 8, 2014. The choice of (non-)license was a strategic decision to encourage adoption by projects other than Tor.

In March 2014, I met some developers of Lantern at a one-day hackathon sponsored by OpenITP [24]. Lantern developer Percy Wegmann and I realized that the meek code I had been working on could act as a glue layer between Tor and the HTTP proxy exposed by Lantern, in effect allowing you to use Lantern as a pluggable transport for Tor. We worked out a prototype and wrote a summary of the process [75]. In that specific application, we used meek not for its domain-fronting properties but for its HTTP-tunneling properties; but the early contact with other circumvention developers was valuable.

June 2014 brought a surprise: the Great Firewall of China blocked all Google services [4, 96]. It would be vain to think that it was in response to the nascent deployment of meek on App Engine; a much more likely cause was Google’s decision to begin using HTTPS for web searches, which would foil keyword-based URL filtering. Nevertheless, the blocking cast doubt on the feasibility of domain fronting: I had believed that blocking all of Google would be too costly in terms of collateral damage to be sustained for long by any censor, even the Great Firewall, and that belief was wrong. In any case, we now needed fronts other than Google in order to have any claim of effective circumvention in China. I set up additional backends: Amazon CloudFront and Microsoft Azure. When meek made its debut in Tor Browser, it would offer three modes: meek-google, meek-amazon, and meek-azure.

Google sponsored a summit of circumvention researchers in June 2014, at which I presented domain fronting. (By this time I had started using the term “domain fronting,” realizing that what I had been working on needed a specific name. I have tried to the idea “domain fronting” separate from the implementation “meek,” but the two terms have sometimes gotten confused.) Developers from Lantern and Psiphon where there—I was pleased to learn that Psiphon had already implemented and deployed domain fronting after reading my mailing list posts. The meeting started a fruitful collaboration between the developers of Tor, Lantern, and Psiphon.

Chang, Vern, and I submitted a paper on domain fronting to the Network and Distributed System Security Symposium in August 2014, whence it was rejected. One reviewer said the technique was already well known; the others generally wanted to see more on the experience of deployment, and a deeper investigation into resistance against traffic analysis attacks based on packet sizes and timing.

The first public release of Tor Browser that had a built-in easy-to-use meek client was version 4.0-alpha-1 on August 12, 2014 [29]. This was an alpha release, used by fewer users than the stable release. I made a blog post explaining how to use it a few days later [74]. The release and blog post had a positive effect on the number of users, however the absolute numbers from around this time are uncertain, because of a mistake I made in configuring the meek bridge. I was running the meek bridge and the flash proxy bridge on the same instance of Tor; and because of how Tor’s statistics are aggregated, the counts of the two transports were spuriously correlated [78]. I switched the meek bridge to a separate instance of Tor on September 15; numbers after that date are more trustworthy. In any case, the usage before this first release was tiny: the App Engine  bill, at a rate of $0.12/GB with one GB free each day, was less than $1.00 per month for the first seven months of 2014 [137 §Costs]. In August, the cost began to be nonzero every day, and would continue to rise from there. See Table 6.5 for a history of monthly costs.

Tor Browser 4.0 [153] was released on October 15, 2014. It was the first stable (not alpha) release to have meek, and it had an immediate effect on the number of users: which jumped from 50 to 500 within a week. (The increase was partially conflated with a failure of the meek-amazon bridge to publish statistics before that date, but the other bridge, servicing both meek-google and meek-azure, individually showed the same increase.) It was a lesson in user behavior: although meek had been available in an alpha release for two months already, evidently a large number of users did not know of it or chose not to try it until the first stable release. At that time, the other transports available were obfs3, FTE, ScrambleSuit, and flash proxy.

2015: Growth; restraints; outages

Through the first part of 2015, the estimated number of simultaneous users continued to grow, reaching about 2,000, as we fixed bugs and Tor Browser had further releases. The first release of Orbot that included meek appeared in February [93].

We submitted a revised version of the domain fronting paper [89], now with contributions from Psiphon and Lantern, to the Privacy Enhancing Technologies Symposium, where it was accepted and appeared on June 30 at the symposium.

The increasing use of domain fronting by various circumvention tools began to attract more attention. A March 2015 article by Eva Dou and Alistair Barr in The Wall Street Journal [53] described domain fronting and “collateral freedom” in general, depicting cloud service providers as being caught in the crossfire between censors and circumventors. The journalists contacted me but I declined to be interviewed; I thought it was not the right time for extra publicity, and anyway personally did not want to deal with doing an interview. Shortly thereafter, GreatFire, an anticensorship organization that was mentioned in the article, experienced a new type of denial-of-service attack [171], caused by a Chinese network attack system later known as the Great Cannon [129]. They blamed the attack on the attention brought by the news article. As further fallout, Cloudflare, a CDN which Lantern used for fronting and whose CEO was quoted in the article, stopped supporting domain fronting [155], by beginning to enforce a match between the SNI and the Host header

Since its first deployment, the Azure backend had been slower, with fewer users, than the other two options, App Engine and CloudFront. For months I had chalked it up to limitations of the platform. In April 2015, though, I found the real source of the problem: the component I wrote that runs on Azure, receives domain-fronted HTTP requests and forwards them to the meek bridge, was not reusing TCP connections. For every outgoing request, the code was doing a fresh TCP and TLS handshake—causing a bottleneck at the bridge as its CPU tried to cope with all the incoming TLS. When I fixed the code to reuse connections [67], the number of users (overall, not only for Azure) had a sudden jump, increasing from 2,000 to reaching 6,000 in two weeks. Evidently, we had been leaving users on the table by having one of the backends not run as fast as possible.

The deployment of domain fronting was being partly supported by a $500/month grant from Google. Already in February 2015, the monthly cost for App Engine alone began to exceed that amount [137 §Costs]. In an effort to control costs, in May 2015 we began to rate-limit the App Engine and CloudFront bridges, deliberately slowing the service so that fewer would use it. Until October 2015, the Azure bridge was on a research grant provided by Microsoft, so we allowed it to run as fast as possible. When the grant expired, we rate-limited the Azure bridge as well. This rate-limiting explains the relative flatness of the user graph from May to the end of 2015.

Google changed the terms of service governing App Engine in 2015. (I received a message announcing the change in May, but it seems the changes had been changed online since March.) The updated terms included a paragraph that seemed to prohibit running a proxy service [97]:

Networking. Customer will not, and will not allow third parties under its control to: (i) use the Services to provide a service, Application, or functionality of network transport or transmission (including, but not limited to, IP transit, virtual private networks, or content delivery networks); or (ii) sell bandwidth from the Services.

This was a stressful time: we seemed to have Google’s support, but the terms of service said otherwise. I contacted Google to ask for clarification or guidance, in the meantime leaving meek-google running; however I never got an answer to my questions. The point became moot a year later, when Google shut down our App Engine project, for another reason altogether; see below.

By this time we had not received reports of any attempts to block domain fronting. We did, however, suffer a few accidental outages (which are just as bad as blocking, from a client’s point of view). Between July 20 and August 14, an account transition error left the Azure configuration broken [77]. I set up another configuration on Azure and published instructions on how to use it, but it would not be available to the majority of users until the next release of Tor Browser, which happened on August 11. Between September 30 and October 9, the CloudFront bridge was effectively down because of an expired TLS certificate. When it rebooted on October 9, an administrative oversight caused its Tor relay identity fingerprint to change—meaning that clients expecting the former fingerprint refused to connect to it [87]. The situation was not fully resolved until November 4 with the next release of Tor Browser: cascading failures led to over a month of downtime.

In October 2015 there appeared a couple of research papers that investigated meek’s susceptibility to detection via side channels. Tan et al. [174] used Kullback–Leibler divergence to quantify the differences between protocols, with respect to packet size and interarrival time distributions. Their paper is written in Chinese; I read it in machine translation. Wang et al. [186] published a more comprehensive report on detecting meek (and other protocols), emphasizing practicality and precision. They showed that some previously proposed classifiers would have untenable false-positive rates, and constructed a classifier for meek based on entropy and timing features. It’s worth noting that since the first reported efforts to block meek in 2016, censors have preferred, as far as we can tell, to use techniques other than those described in these papers.

A side benefit of building a circumvention system atop Tor is easy integration with Tor Metrics—the source of the user number estimates in this section. Since the beginning of meek’s deployment, we had known about a problem with the way it integrates with Tor Metrics. Tor pluggable transports geolocate the client’s IP address in order to aggregate statistics by country. But when a meek bridge receives a connection, the “client IP address” it sees is not that of the true client, but rather that of some cloud server, the intermediary through which the client’s domain-fronted traffic passes. So the total user counts were fine, but the per-country counts were meaningless. For example, because App Engine’s servers were located in the U.S., every meek-google connection was being counted as if it belonged to a client in the U.S. By the end of 2015, meek users were a large enough fraction (about 20%) of all bridge users that they were skewing the overall per-country counts. I wrote a patch [90] to have the client’s true IP address forwarded through the network intermediary in a special HTTP header, which fixed the per-country counts from then on.

2016: Taking off the reins; misuse; blocking efforts

In mid-January 2016 the Tor Project asked me to raise the rate limits on the meek bridges, in anticipation of rumored attempts to block Tor in Egypt. I asked the bridge operators raise the limits from approximately 1 MB/s to 3 MB/s. The effect of the relaxed rate limits was immediate: the count shot up as high 15,000 simultaneous users, briefly making meek Tor’s most-used pluggable transport, before settling in at around 10,000.

The first action that may have been a deliberate attempt to block domain fronting came on January 29, 2016, when the Great Firewall of China blocked one of the edge servers of the Azure CDN. The blocking was by IP address, a severe method: not only the domain name we were using for fronting, but thousands of other names became inaccessible. The block lasted about four days. On February 2, the server changed its IP address (simply incrementing the final octet from .200 to .201), causing it to become unblocked. I am aware of no other incidents of edge server blocking.

The next surprise was on May 13, 2016. meek’s App Engine backend stopped working and I got a notice:

We’ve recently detected some activity on your Google Cloud Platform/API Project ID meek-reflect that appears to violate our Terms of Service. Please take a moment to review the Google Cloud Platform Terms of Service or the applicable Terms of Service for the specific Google API you are using.

Your project is being suspended for committing a general terms of service violation.

We will delete your project unless you correct the violation by filling in the appeals form available on the project page of Developers Console to get in touch with our team so that we can provide you with more details.

My first thought—which turned out to be wrong—was that it was because of the changes to the terms of service that had been announced the previous year. I tried repeatedly to contact Google  and learn the nature of the violation, But none of my inquiries received even an acknowledgement. It was not until June 18 that I got some insight, through an unofficial channel, about what happened. Some botnet had apparently been misusing meek for command and control purposes. Its operators had not even bothered to set up their own App Engine project; they were free-riding on the service we had been operating for the public. Although we may have been able to reinstate the meek-google service, seeing as the suspension was the result of someone else’s actions, not ours, with the existing uncertainty around the terms of service I didn’t have the heart to pursue it. meek-google remained off, and users migrated to meek-amazon or meek-azure. It turned out, later, that it had been no common botnet misusing meek-google, but an organized political hacker group, known as Cozy Bear or APT29. The group’s malware would install a backdoor that operated over a Tor onion service, and used meek for camouflage. Dunwoody and Carr presented these findings at DerbyCon in September 2016 [56], and in a blog post [55] in March 2017 (which is where I learned of it).

The year 2016 brought the first reports of efforts to block meek. These efforts all had in common that they used TLS fingerprinting in conjunction with SNI inspection. In May, a Tor user reported that Cyberoam, a firewall company, had released an update that enabled detection and blocking of meek, among other Tor pluggable transports [109]. Through experiments we determined that the firewall was detecting meek whenever it saw a combination of two features: a specific client TLS fingerprint, and an SNI containing any of our three front domains: www.google.com, a0.awsstatic.com, orajax.aspnetcdn.com [69]. We verified that changing either the TLS fingerprint or the front domain was sufficient to escape detection. Requiring both features to be present was a clever move by the firewall to limit collateral damage: it did not block those domains for all clients, but only for the subset having a particular TLS fingerprint. I admit that I had not considered the possibility of using TLS and SNI together to make a more precise classifier. We had known since the beginning of the possibility of TLS fingerprinting, which is why we took the trouble to implement browser-based TLS camouflage. The camouflage was performing as intended: even an ordinary Firefox 38 (the basis of Tor Browser, and what meek camouflaged itself as) would be blocked by the firewall when accessing one of the three listed domains. However, Firefox 38 was by that time a year old. I found a source [69] saying that at that time, Firefox 38 made up only 0.38% of desktop browsers, compared to 10.69% for the then-latest Firefox 45 My guess is that the firewall makers considered the small amount of collateral blocking of genuine Firefox 38 users to be acceptable.

In July I received a report of similar behavior by a FortiGuard firewall [72] from Tor user Kanwaljeet Singh Channey. The situation was virtually the same as in the Cyberoam case: the firewall would block connections having a specific TLS fingerprint and a specific SNI. This time, the TLS fingerprint was that of Firefox 45 (which by then Tor Browser had upgraded to); and the specific SNIs were two, not three, omitting www.google.com. As in the previous case, changing either the TLS fingerprint or the front domain was sufficient to get through the firewall.

For reasons not directly related to domain fronting or meek, I had been interested in the blocking situation in Kazakhstan, ever since Tor Metrics reported a sudden drop in the number of users in that country in June 2016 [88]. (See Section 5.4 for other results from Kazakhstan.) I worked with an anonymous collaborator, who reported that meek was blocked in the country since October 2016 or earlier. According to them, changing the front domain would evade the block, but changing the TLS fingerprint didn’t help. I did not independently confirm these reports. Kazakhstan remains the only case of country-level blocking of meek that I am aware of.

Starting in July 2016, there was a months-long increase in the number of meek users reported from Brazil [177]. The estimated count went from around 100 to almost 5,000, peaking in September 2016 before declining again. During parts of this time, over half of all reported meek users were from Brazil. We never got to the bottom of why there should be so many users reported from Brazil in particular. The explanation may be some kind of anomaly; for instance some third-party software that happened to use meek, or a malware infection like the one that caused the shutdown of meek-google. The count of users from Brazil dropped suddenly, from 1,500 almost to zero, on March 3, 2017, which happened also to be the day that I shut down meek-azure pending a migration to new infrastructure. The Brazil count would remain low until rising again in June 2017.

In September 2016, I began mentoring Katherine Li in writing GAEuploader [122], a program to simplify and automate the process of setting up domain fronting. The program automatically uploads the necessary code to Google App Engine, then outputs a bridge specification ready to be pasted into Tor Browser or Orbot. We hoped also that the code would be useful to other projects, like XX-Net [205], that require users to perform the complicated task of uploading code to App Engine. GAEuploader had beta releases in January [121] and November [123] 2017; however the effect on the number of users has so far not been substantial.

Between October 19 and November 10, 2016, the number of meek users decreased globally by about a third [86]. Initially I suspected a censorship event, but the other details didn’t add up: the numbers decreased and later recovered simultaneously across many countries, including ones not known for censorship. Discussion with other developers revealed the likely cause: a botched release of Orbot that left some users unable to use the program [79]. Once a fixed release was available, user numbers recovered. As an side effect of this event, we learned that a majority of meek users were using Orbot rather than Tor Browser.

2017: Long-term support

In January 2017, a grant I had been using to pay meek-azure’s bandwidth bills ran out. Lacking the means to keep it running, I announced my intention to shut it down [76]. Shortly thereafter, Team Cymru offered to set up their own instances and pay the CDN fees, and so we made plans to migrate meek-azure to the new setup in the next releases. For cost reasons, though, I still had to shut down the old configuration before the new releases of Tor Browser and Orbot were fully ready. I shut down my configuration on March 3. The next release of Tor Browser was on March 7, and the next release of Orbot was on March 22: so there was a period of days or weeks during which meek-azure was non-functional. It would have been better to allow the two configurations to run concurrently for a time, so that users of the old would be able to transparently upgrade to the new—but for cost reasons it was not possible. Perhaps not coincidentally, the surge of users from Brazil, which had started in July 2016, ceased on March 3, the same day I shut down meek-azure before its migration. Handing over control of the infrastructure was a relief to me. I had managed to make sure the monthly bills got paid, but it took more care and attention than I liked. A negative side effect of the migration was that I stopped writing monthly summaries of costs, because I was no longer receiving bills.

Also in January 2017, I became aware of the firewall company Allot Communications, thanks to my anonymous collaborator in the work Kazakhstan work. Allot’s marketing materials advertised support for detection of a wide variety of circumvention protocols, including Tor pluggable transports, Psiphon, and various VPN services [81]. They claimed detection of “Psiphon CDN (Meek mode)” going back to January 2015, and of “TOR (CDN meek)” going back to April 2015. We did not have any Allot devices to experiment with, and I do not know how (or how well) their detectors worked.

In June 2017, the estimated user count from Brazil began to increase again [177], similarly to how it had between July 2016 and March 2017. Just as before, we did not find an explanation for the increase.

The rest of 2017 was fairly quiet. Starting in October, there were reports from China of the disruption of look-like-nothing transports such as obfs4 and Shadowsocks [80], perhaps related to the National Congress of the Communist Party of China that was then about to take place. The disruption did not affect meek or other systems based on domain fronting; in fact the number of meek users in China roughly doubled during that time.

Chapter 7
Snowflake

7.1 Design

There are three main components of the Snowflake system. Refer to Figure 7.1.

• many snowflake proxies, which communicate with clients over WebRTC and forward their traffic to the bridge
• many clients, responsible for initially requesting service and then establishing peer-to-peer connections with snowflake proxies
• a broker, an online database that serves to match clients with snowflake proxies
• a bridge (so called to distinguish it from the snowflake proxies), a full-featured proxy capable of connecting to any destination

The architecture of the system is influenced by the requirement that proxies run in a browser, and the nature of WebRTC connection establishment, which uses a bidirectional handshake. In our implementation, the bridge is really a Tor bridge. Even though a Tor circuit consists of multiple hops, that fact is abstracted away from the Tor client’s perspective; Snowflake does not inherently depend on Tor.

A Snowflake connection happens in multiple steps. In the first phase, called rendezvous, the client and snowflake exchange information necessary for a WebRTC connection.

1. The client registers its need for service by sending a message to the broker. The message, called an offer [166], contains the client’s IP address and other metadata needed to establish a WebRTC connection. How the client sends its offer is further explained below.
2. At some point, a snowflake proxy comes online and polls the broker. The broker hands the client’s offer to the snowflake proxy, which sends back its answer [166], containing its IP address and other connection metadata the client will need to know.
3. The broker sends back to the client the snowflake’s answer message.

At this point rendezvous is finished. The snowflake has the client’s offer, and the client has the snowflake’s answer, so they have all the information needed to establish a WebRTC connection to each other.

4. The client and snowflake proxy connect to each other using WebRTC.
5. The snowflake proxy connects to the bridge (using WebSocket, though the specific type of channel does not matter for this step).

The snowflake proxy then copies data back and forth between client and bridge until it is terminated. The client’s communication with the bridge is encrypted and authenticated end-to-end through the WebRTC tunnel, so the proxy cannot interfere with it. When the snowflake proxy terminates, the client may request a new one. Various optimizations are possible, such as having the client maintain a pool of proxies in order to bridge gaps in connectivity, but we have not implemented and tested them sufficiently to state their effects.

The rendezvous phase bears further explanation. Steps 1, 2, and 3 actually happen synchronously, using interleaved HTTP requests and responses: see Figure 7.2. The client’s single request uses domain fronting, but the requests of the snowflake proxies are direct. In Step 1, the client sends a request containing its offer. The broker holds the connection open but does not immediately respond. In Step 2, a snowflake proxy makes a polling request (“do you have any clients for me?”) and the broker responds with the client’s offer. The snowflake composes its answer and sends it back to the broker in a second HTTP request (linked to the first by a random token). In Step 3, the broker finally responds to the client’s initial request by passing on the snowflake proxy’s answer. From the client’s point of view, it has sent a single request (containing an offer) and received a single response (containing an answer). If no proxy arrives within a time threshold of the client sending its offer, the broker replies with an error message instead. We learned from the experience of running flash proxy that it is not difficult to achieve a proxy arrival rate of several per second, so timeouts ought to be exceptional.

One may ask, if the domain-fronted rendezvous channel is bidirectional and already assumed to be difficult to block, doesn’t it suffice for circumvention on its own? The answer is that it does suffice—that’s the idea behind meek (Section 6.3). The disadvantage of building a system exclusively on domain fronting, though, is high monetary cost (see Table 6.5). Snowflake offloads the bulk of data transfer onto WebRTC, and uses expensive domain fronting only for rendezvous.

There are two reasons why the snowflake proxies forward client traffic to a separate bridge, rather than connecting directly to the client’s desired destination. The first is generality: a browser-based proxy can only do the things a browser can do; it can fetch web pages but cannot, for example, open sockets to arbitrary destinations. The second is privacy: the proxies are operated by untrusted, potentially malicious strangers. If they were to exit client traffic directly, they would be able to tamper with it. Furthermore, a malicious client could cause a well-meaning proxy to connect to suspicious destinations, potentially getting its operator in trouble. This “many proxies, one bridge” model is essentially untrusted messenger delivery [63], proposed by Feamster et al. in 2003.

WebRTC offers two features that are necessary for Snowflake: 1. it is supported in web browsers, and 2. it deals with NAT. In other respects, though, WebRTC is a nuisance. Its close coupling with browser code makes it difficult to use as a library outside of a browser; a big part of the Snowflake project was to extract the code into a reusable library, go-webrtc [22]. WebRTC comes with a lot of baggage around audio and video codecs, which is useful for some of its intended use cases, but which we would prefer not to have to deal with. Working within a browser environment limits our flexibility, because we cannot access the network directly, but only at arm’s length through some API. This has implications for detection by content, as discussed in the next section.

Bibliography

1

Nicholas Aase, Jedidiah R. Crandall, Álvaro Díaz, Jeffrey Knockel, Jorge Ocaña Molinero, Jared Saia, Dan Wallach, and Tao Zhu. “Whiskey, Weed, and Wukan on the World Wide Web: On Measuring Censors’ Resources and Motivations”. In: Free and Open Communications on the Internet. USENIX, 2012. https://www.usenix.org/system/files/conference/foci12/foci12-final17.pdf (cit. in ¶141).

2

Giuseppe Aceto, Alessio Botta, Antonio Pescapè, M. Faheem Awan, Tahir Ahmad, and Saad Qaisar. “Analyzing Internet Censorship in Pakistan”. In: Research and Technologies for Society and Industry. IEEE, 2016. http://wpage.unina.it/giuseppe.aceto/pub/aceto2016analyzing.pdf (cit. in ¶84).

3

Giuseppe Aceto, Alessio Botta, Antonio Pescapè, Nick Feamster, M. Faheem Awan, Tahir Ahmad, and Saad Qaisar. “Monitoring Internet Censorship with UBICA”. In: Traffic Monitoring and Analysis. Springer, 2015. http://wpage.unina.it/giuseppe.aceto/pub/aceto2015monitoring_TMA.pdf (cit. in ¶90).

4

Percy Alpha. Google disrupted prior to Tiananmen Anniversary; Mirror sites enable uncensored access to information. June 2014. https://en.greatfire.org/blog/2014/jun/google-disrupted-prior-tiananmen-anniversary-mirror-sites-enable-uncensored-access (cit. in ¶232).

5

Harald Alvestrand. Overview: Real Time Protocols for Browser-based Applications. IETF, Nov. 2017. https://tools.ietf.org/html/draft-ietf-rtcweb-overview-19 (cit. in ¶267, ¶287).

6

Collin Anderson. Dimming the Internet: Detecting Throttling as a Mechanism of Censorship in Iran. Tech. rep. University of Pennsylvania, 2013. https://arxiv.org/abs/1306.4361v1 (cit. in ¶82).

7

Collin Anderson, Roger Dingledine, Nima Fatemi, harmony, and mttp. Vanilla Tor Connectivity Issues In Iran -- Directory Authorities Blocked? July 2014. https://bugs.torproject.org/12727 (cit. in ¶196).

8

Collin Anderson, Philipp Winter, and Roya. “Global Network Interference Detection over the RIPE Atlas Network”. In: Free and Open Communications on the Internet. USENIX, 2014. https://www.usenix.org/system/files/conference/foci14/foci14-anderson.pdf (cit. in ¶91).

9

Daniel Anderson. “Splinternet Behind the Great Firewall of China”. In: ACM Queue 10.11 (2012), p. 40. https://queue.acm.org/detail.cfm?id=2405036 (cit. in ¶62, ¶79).

10

Ross J. Anderson. “The Eternity Service”. In: Theory and Applications of Cryptology. CTU Publishing House, 1996, pp. 242–253. https://www.cl.cam.ac.uk/~rja14/Papers/eternity.pdf(cit. in ¶16).

11

Flemming Andreasen, Mark Baugher, and Dan Wing. Session Description Protocol (SDP) Security Descriptions for Media Streams. IETF, July 2006. https://tools.ietf.org/html/rfc4568 (cit. in ¶289).

12

Anonymous. “Towards a Comprehensive Picture of the Great Firewall’s DNS Censorship”. In: Free and Open Communications on the Internet. USENIX, 2014. https://www.usenix.org/system/files/conference/foci14/foci14-anonymous.pdf (cit. in ¶78).

13

Anonymous, David Fifield, Georg Koppen, Mark Smith, and Yawning Angel. Remove Flashproxy from Tor Browser. Oct. 2015. https://bugs.torproject.org/17428 (cit. in ¶266).

14

Simurgh Aryan, Homa Aryan, and J. Alex Halderman. “Internet Censorship in Iran: A First Look”. In: Free and Open Communications on the Internet. USENIX, 2013. https://censorbib.nymity.ch/pdf/Aryan2013a.pdf (cit. in ¶82, ¶196).

15

Geremie R. Barme and Ye Sang. “The Great Firewall of China”. In: Wired (June 1997). https://archive.wired.com/wired/archive/5.06/china_pr.html (cit. in ¶64).

16

Mark Baugher, David McGrew, Mats Naslund, Elisabetta Carrara, and Karl Norrman. The Secure Real-time Transport Protocol (SRTP). IETF, Mar. 2004. https://tools.ietf.org/html/rfc3711 (cit. in ¶289).

17

Bryce Boe. Bypassing Gogo’s Inflight Internet Authentication. Mar. 2012. http://bryceboe.com/2012/03/12/bypassing-gogos-inflight-internet-authentication/ (cit. in ¶214).

18

David Borman, Bob Braden, Van Jacobson, and Richard Scheffenegger. TCP Extensions for High Performance. IETF, Sep. 2014. https://tools.ietf.org/html/rfc7323 (cit. in Figure 4.3).

19

BreakWa11. ShadowSocks协议的弱点分析和改进. Aug. 2015. https://web.archive.org/web/20160829052958/https://github.com/breakwa11/shadowsocks-rss/issues/38 (cit. in Table 4.2, ¶110).

20

Arlo Breault, David Fifield, and Mia Gil Epner. Snowflake/Fingerprinting. Tor Bug Tracker & Wiki. https://trac.torproject.org/projects/tor/wiki/doc/Snowflake/Fingerprinting (cit. in ¶285).

21

Arlo Breault, David Fifield, and George Kadianakis. Registration over App Engine. May 2013. https://bugs.torproject.org/8860 (cit. in ¶224).

22

Arlo Breault and Serene Han. go-webrtc. https://github.com/keroserene/go-webrtc (cit. in ¶282).

23

Chad Brubaker, Amir Houmansadr, and Vitaly Shmatikov. “CloudTransport: Using Cloud Storage for Censorship-Resistant Networking”. In: Privacy Enhancing Technologies Symposium. Springer, 2014. https://petsymposium.org/2014/papers/paper_68.pdf (cit. in ¶34, ¶40, ¶216).

24

Willow Brugh. San Francisco Hackathon/DiscoTech (+ RightsCon + Responsible Data Forum). Mar. 2014. http://codesign.mit.edu/2014/03/sfdiscotech/ (cit. in ¶231).

25

Sam Burnett, Nick Feamster, and Santosh Vempala. “Chipping Away at Censorship Firewalls with User-Generated Content”. In: USENIX Security Symposium. USENIX, 2010. https://www.usenix.org/event/sec10/tech/full_papers/Burnett.pdf (cit. in ¶34).

26

Cormac Callanan, Hein Dries-Ziekenheiner, Alberto Escudero-Pascual, and Robert Guerra. Leaping Over the Firewall: A Review of Censorship Circumvention Tools. Tech. rep. Freedom House, 2011. https://freedomhouse.org/report/special-reports/leaping-over-firewall-review-censorship-circumvention-tools (cit. in ¶94).

27

Abdelberi Chaabane, Terence Chen, Mathieu Cunche, Emiliano De Cristofaro, Arik Friedman, and Mohamed Ali Kaafar. “Censorship in the Wild: Analyzing Internet Filtering in Syria”. In: Internet Measurement Conference. ACM, 2014. http://conferences2.sigcomm.org/imc/2014/papers/p285.pdf (cit. in ¶87).

28

The Citizen Lab. Psiphon. Oct. 2006. https://web.archive.org/web/20061026081356/http://psiphon.civisec.org/ (cit. in ¶64).

29

Erinn Clark. Tor Browser 3.6.4 and 4.0-alpha-1 are released. Aug. 2014. The Tor Blog. https://blog.torproject.org/tor-browser-364-and-40-alpha-1-are-released (cit. in ¶43, ¶235).

30

Richard Clayton. “Failures in a Hybrid Content Blocking System”. In: Privacy Enhancing Technologies. Springer, 2006, pp. 78–92. https://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf(cit. in ¶76).

31

Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson. “Ignoring the Great Firewall of China”. In: Privacy Enhancing Technologies. Springer, 2006, pp. 20–35. https://www.cl.cam.ac.uk/~rnc1/ignoring.pdf (cit. in ¶59, ¶77, ¶187).

32

Jedidiah R. Crandall, Masashi Crete-Nishihata, and Jeffrey Knockel. “Forgive Us our SYNs: Technical and Ethical Considerations for Measuring Internet Filtering”. In: Ethics in Networked Systems Research. ACM, 2015. https://censorbib.nymity.ch/pdf/Crandall2015a.pdf (cit. in ¶72).

33

Jedidiah R. Crandall, Daniel Zinn, Michael Byrd, Earl Barr, and Rich East. “ConceptDoppler: A Weather Tracker for Internet Censorship”. In: Computer and Communications Security. ACM, 2007, pp. 352–365. http://www.csd.uoc.gr/~hy558/papers/conceptdoppler.pdf(cit. in ¶62, ¶79).

34

Creative Commons. CC0 1.0 Universal. https://creativecommons.org/publicdomain/zero/1.0/ (cit. in ¶230).

35

Elena Cresci. “How to get around Turkey’s Twitter ban”. In: The Guardian (Mar. 2014). https://www.theguardian.com/world/2014/mar/21/how-to-get-around-turkeys-twitter-ban(cit. in ¶66).

36

Eric Cronin, Micah Sherr, and Matt Blaze. The Eavesdropper’s Dilemma. Tech. rep. MS-CIS-05-24. Department of Computer and Information Science, University of Pennsylvania, 2005. http://www.crypto.com/papers/internet-tap.pdf (cit. in ¶61).

37

Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C. Claffy, Marco Chiesa, Michele Russo, and Antonio Pescapè. “Analysis of Country-wide Internet Outages Caused by Censorship”. In: Internet Measurement Conference. ACM, 2011, pp. 1–18. http://conferences.sigcomm.org/imc/2011/docs/p1.pdf (cit. in ¶80).

38

Jakub Dalek, Bennett Haselton, Helmi Noman, Adam Senft, Masashi Crete-Nishihata, Phillipa Gill, and Ronald J. Deibert. “A Method for Identifying and Confirming the Use of URL Filtering Products for Censorship”. In: Internet Measurement Conference. ACM, 2013. http://conferences.sigcomm.org/imc/2013/papers/imc112s-dalekA.pdf (cit. in ¶87).

39

Jakub Dalek, Adam Senft, Masashi Crete-Nishihata, and Ron Deibert. O Pakistan, We Stand on Guard for Thee: An Analysis of Canada-based Netsweeper’s Role in Pakistan’s Censorship Regime. Citizen Lab, June 2013. https://citizenlab.ca/2013/06/o-pakistan/(cit. in ¶87).

40

Deloitte. The economic impact of disruptions to Internet connectivity. Oct. 2016. https://globalnetworkinitiative.org/sites/default/files/The-Economic-Impact-of-Disruptions-to-Internet-Connectivity-Deloitte.pdf (cit. in ¶35).

41

denverroot, Roger Dingledine, Aaron Gibson, hrimfaxi, George Kadianakis, Andrew Lewman, OlgieD, Mike Perry, Fabio Pietrosanti, and quick-dudley. Bridge easily detected by GFW. Oct. 2011. https://bugs.torproject.org/4185 (cit. in Table 4.2, ¶105).

42

Tim Dierks and Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. IETF, Aug. 2008. https://tools.ietf.org/html/rfc5246 (cit. in ¶205).

43

Roger Dingledine. Obfsproxy: the next step in the censorship arms race. Feb. 2012. The Tor Blog. https://blog.torproject.org/obfsproxy-next-step-censorship-arms-race (cit. in ¶43, Table 4.2, ¶107, ¶145).

44

Roger Dingledine. Please run a bridge relay! (was Re: Tor 0.2.0.13-alpha is out). Dec. 2007. tor-talk mailing list. https://lists.torproject.org/pipermail/tor-talk/2007-December/003854.html (cit. in ¶51).

45

Roger Dingledine. Strategies for getting more bridge addresses. Tech. rep. 2011-05-001. The Tor Project, May 2011. https://research.torproject.org/techreports/strategies-getting-more-bridge-addresses-2011-05-13.pdf (cit. in ¶51).

46

Roger Dingledine. Ten ways to discover Tor bridges. Tech. rep. 2011-10-002. The Tor Project, Oct. 2011. https://research.torproject.org/techreports/ten-ways-discover-tor-bridges-2011-10-31.pdf (cit. in ¶51, ¶54, ¶99).

47

Roger Dingledine, David Fifield, George Kadianakis, Lunar, Runa Sandvik, and Philipp Winter. GFW actively probes obfs2 bridges. Mar. 2013. https://bugs.torproject.org/8591 (cit. in Table 4.2, ¶107).

48

Roger Dingledine, Arturo Filastò, George Kadianakis, Nick Mathewson, and Philipp Winter. GFW probes based on Tor’s SSL cipher list. Dec. 2011. https://bugs.torproject.org/4744(cit. in Table 4.2, ¶105, ¶221).

49

Roger Dingledine and Nick Mathewson. Design of a blocking-resistant anonymity system. Tech. rep. 2006-11-001. The Tor Project, Nov. 2006. https://research.torproject.org/techreports/blocking-2006-11.pdf (cit. in ¶49, ¶51, ¶54, ¶65, ¶99, ¶138).

50

Roger Dingledine and Nick Mathewson. Tor Protocol Specification. Sep. 2017. https://spec.torproject.org/tor-spec (cit. in ¶132).

51

Bill Dong. A report about national DNS spoofing in China on Sept. 28th. Oct. 2002. https://web.archive.org/web/20021015121616/http://www.dit-inc.us/hj-09-02.html (cit. in ¶74).

52

Maximillian Dornseif. “Government mandated blocking of foreign Web content”. In: DFN-Arbeitstagung über Kommunikationsnetze. Gesellschaft für Informatik, 2003, pp. 617–647. https://censorbib.nymity.ch/pdf/Dornseif2003a.pdf (cit. in ¶74).

53

Eva Dou and Alistair Barr. U.S. Cloud Providers Face Backlash From China’s Censors. Mar. 2015. The Wall Street Journal. https://www.wsj.com/articles/u-s-cloud-providers-face-backlash-from-chinas-censors-1426541126 (cit. in ¶239).

54

Frederick Douglas, Rorshach, Weiyang Pan, and Matthew Caesar. “Salmon: Robust Proxy Distribution for Censorship Circumvention”. In: Privacy Enhancing Technologies 2016.4 (2016), pp. 4–20. https://www.degruyter.com/downloadpdf/j/popets.2016.2016.issue-4/popets-2016-0026/popets-2016-0026.xml (cit. in ¶52).

55

Matthew Dunwoody. APT29 Domain Fronting With TOR. Mar. 2017. FireEye Threat Research Blog. https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html(cit. in ¶254).

56

Matthew Dunwoody and Nick Carr. No Easy Breach. Sep. 2016. DerbyCon. https://www.slideshare.net/MatthewDunwoody1/no-easy-breach-derby-con-2016 (cit. in ¶254).

57

Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. “ZMap: Fast Internet-Wide Scanning and its Security Applications”. In: USENIX Security Symposium. USENIX, 2013. https://zmap.io/paper.pdf (cit. in ¶54, ¶99).

58

Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. “Protocol Misidentification Made Easy with Format-Transforming Encryption”. In: Computer and Communications Security. ACM, 2013. https://eprint.iacr.org/2012/494.pdf (cit. in ¶41).

59

Don Eastlake. Transport Layer Security (TLS) Extensions: Extension Definitions. IETF, Jan. 2011. https://tools.ietf.org/html/rfc6066 (cit. in ¶205).

60

Roya Ensafi, David Fifield, Philipp Winter, Nick Feamster, Nicholas Weaver, and Vern Paxson. “Examining How the Great Firewall Discovers Hidden Circumvention Servers”. In: Internet Measurement Conference. ACM, 2015. http://conferences2.sigcomm.org/imc/2015/papers/p445.pdf (cit. in ¶81, Table 4.2, ¶107, ¶111, Figure 4.3, ¶187).

61

Roya Ensafi, Philipp Winter, Abdullah Mueen, and Jedidiah R. Crandall. “Analyzing the Great Firewall of China Over Space and Time”. In: Privacy Enhancing Technologies 2015.1 (2015). https://censorbib.nymity.ch/pdf/Ensafi2015a.pdf (cit. in ¶85, ¶92).

62

Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, and David Karger. “Infranet: Circumventing Web Censorship and Surveillance”. In: USENIX Security Symposium. USENIX, 2002. http://wind.lcs.mit.edu/papers/usenixsec2002.pdf (cit. in ¶41, ¶66).

63

Nick Feamster, Magdalena Balazinska, Winston Wang, Hari Balakrishnan, and David Karger. “Thwarting Web Censorship with Untrusted Messenger Discovery”. In: Privacy Enhancing Technologies. Springer, 2003, pp. 125–140. http://nms.csail.mit.edu/papers/disc-pet2003.pdf (cit. in ¶281).

64

Ian Fette and Alexey Melnikov. The WebSocket Protocol. IETF, Dec. 2011. https://tools.ietf.org/html/rfc6455 (cit. in ¶266).

65

Roy Fielding and Julian Reschke. Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing. IETF, June 2014. https://tools.ietf.org/html/rfc7230 (cit. in ¶207).

66

David Fifield. A simple HTTP transport and big ideas. Jan. 2014. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2014-January/006159.html (cit. in ¶228).

67

David Fifield. Big performance improvement for meek-azure. Apr. 2015. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2015-April/008637.html (cit. in ¶240).

68

David Fifield. Combined flash proxy + pyobfsproxy browser bundles. Jan. 2013. The Tor Blog. https://blog.torproject.org/combined-flash-proxy-pyobfsproxy-browser-bundles(cit. in Table 4.2, ¶107, ¶266).

69

David Fifield. Cyberoam firewall blocks meek by TLS signature. May 2016. Network Traffic Obfuscation mailing list. https://groups.google.com/d/topic/traffic-obf/BpFSCVgi5rs(cit. in ¶255).

70

David Fifield. Estimating censorship lag by obfs4 blocking. Feb. 2015. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2015-February/008222.html (cit. in ¶145).

71

David Fifield. Flash proxy howto. Mar. 2014. Tor Bug Tracker & Wiki. https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/FlashProxy/Howto(cit. in ¶266).

72

David Fifield. FortiGuard firewall blocks meek by TLS signature. July 2016. Network Traffic Obfuscation mailing list. https://groups.google.com/d/topic/traffic-obf/fwAN-WWz2Bk(cit. in ¶256).

73

David Fifield. GoAgent: Further notes on App Engine and speculation about a pluggable transport. Oct. 2013. Tor Bug Tracker & Wiki. https://trac.torproject.org/projects/tor/wiki/doc/GoAgent?action=diff&version=2&old_version=1 (cit. in ¶225).

74

David Fifield. How to use the “meek” pluggable transport. Aug. 2015. The Tor Blog. https://blog.torproject.org/how-use-meek-pluggable-transport (cit. in ¶235).

75

David Fifield. HOWTO use Lantern as a pluggable transport. Mar. 2014. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2014-March/006356.html (cit. in ¶231).

76

David Fifield. meek-azure funding has run out. Jan. 2017. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-project/2017-January/000881.html (cit. in ¶261).

77

David Fifield. Outage of meek-azure. Aug. 2015. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-talk/2015-August/038780.html (cit. in ¶245).

78

David Fifield. Why the seeming correlation between flash proxy and meek on metrics graphs? Sep. 2014. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2014-September/007484.html (cit. in ¶235).

79

David Fifield, Adam Fisk, Nathan Freitas, and Percy Wegmann. meek seems blocked in China since 2016-10-19. Oct. 2016. Network Traffic Obfuscation mailing list. https://groups.google.com/d/topic/traffic-obf/CSJLt3t-_OI (cit. in ¶260).

80

David Fifield, Vinicius Fortuna, Sergey Frolov, b.l. masters, Will Scott, Tom (hexuxin), and Brandon Wiley. Reports of China disrupting shadowsocks. Oct. 2017. https://groups.google.com/d/msg/traffic-obf/dqw6CQLR944/StgigdK0BAAJ (cit. in ¶264).

81

David Fifield, Vinicius Fortuna, Philipp Winter, and Eric Wustrow. Allot Communications. Jan. 2017. Network Traffic Obfuscation mailing list. https://groups.google.com/d/topic/traffic-obf/yzxlLpFyXLI (cit. in ¶262).

82

David Fifield and Mia Gil Epner. DTLS-fingerprint. May 2016. https://github.com/miagilepner/DTLS-fingerprint/ (cit. in ¶293).

83

David Fifield and Mia Gil Epner. Fingerprintability of WebRTC. Tech. rep.May 2016. https://arxiv.org/pdf/1605.08805v1.pdf (cit. in ¶285).

84

David Fifield, Nate Hardison, Jonathan Ellithorpe, Emily Stark, Roger Dingledine, Phillip Porras, and Dan Boneh. “Evading Censorship with Browser-Based Proxies”. In: Privacy Enhancing Technologies Symposium. Springer, 2012, pp. 239–258. https://www.bamsoftware.com/papers/flashproxy.pdf (cit. in ¶55, ¶224, ¶266).

85

David Fifield, George Kadianakis, Georg Koppen, and Mark Smith. Make bundles featuring meek. Feb. 2014. https://bugs.torproject.org/10935 (cit. in ¶230).

86

David Fifield and Georg Koppen. Unexplained drop in meek users, 2016-10-19 to 2016-11-10. Oct. 2016. https://bugs.torproject.org/20495 (cit. in ¶260).

87

David Fifield, Georg Koppen, and Klaus Layer. Update the meek-amazon fingerprint to B9E7141C594AF25699E0079C1F0146F409495296. Oct. 2015. https://bugs.torproject.org/17473(cit. in ¶245).

88

David Fifield and kzblocked. Kazakhstan 2016–2017. June 2017. OONI Censorship Wiki. https://trac.torproject.org/projects/tor/wiki/doc/OONI/censorshipwiki/CensorshipByCountry/Kazakhstan#a20348(cit. in ¶199, ¶257).

89

David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. “Blocking-resistant communication through domain fronting”. In: Privacy Enhancing Technologies2015.2 (2015). https://www.bamsoftware.com/papers/fronting/ (cit. in ¶56, ¶217, ¶223, Figure 6.4, ¶238).

90

David Fifield, Karsten Loesing, Isis Agora Lovecruft, and Yawning Angel. meek’s reflector should forward the client’s IP address/port to the bridge. Sep. 2014. https://bugs.torproject.org/13171 (cit. in ¶247).

91

David Fifield and Lynn Tsai. “Censors’ Delay in Blocking Circumvention Proxies”. In: Free and Open Communications on the Internet. USENIX, 2016. https://www.usenix.org/conference/foci16/workshop-program/presentation/fifield (cit. in ¶140).

92

Arturo Filastò and Jacob Appelbaum. “OONI: Open Observatory of Network Interference”. In: Free and Open Communications on the Internet. USENIX, 2012. https://www.usenix.org/system/files/conference/foci12/foci12-final12.pdf (cit. in ¶90).

93

Nathan Freitas. Orbot v15-alpha-3 with VPN and Meek! Feb. 2015. guardian-dev mailing list. https://lists.mayfirst.org/pipermail/guardian-dev/2015-February/004243.html (cit. in ¶237).

94

Sergey Frolov, Fred Douglas, Will Scott, Allison McDonald, Benjamin VanderSloot, Rod Hynes, Adam Kruger, Michalis Kallitsis, David G. Robinson, Steve Schultze, Nikita Borisov, Alex Halderman, and Eric Wustrow. “An ISP-Scale Deployment of TapDance”. In: Free and Open Communications on the Internet. USENIX, 2017. https://www.usenix.org/system/files/conference/foci17/foci17-paper-frolov_0.pdf (cit. in ¶215).

95

John Geddes, Max Schuchard, and Nicholas Hopper. “Cover Your ACKs: Pitfalls of Covert Channel Censorship Circumvention”. In: Computer and Communications Security. ACM, 2013. https://www-users.cs.umn.edu/~hopper/ccs13-cya.pdf (cit. in ¶39).

96

Google. China, All Products, May 31, 2014–Present. July 2014. Google Transparency Report. https://www.google.com/transparencyreport/traffic/disruptions/124/ (cit. in ¶232).

97

Google Cloud Platform. Service Specific Terms. Mar. 2015. https://web.archive.org/web/20150326000133/https://cloud.google.com/terms/service-terms (cit. in ¶242).

98

Serene Han. Snowflake Technical Overview. Jan. 2017. https://keroserene.net/snowflake/technical/ (cit. in ¶266).

99

Bennett Haselton. Circumventor. Peacefire. http://peacefire.org/circumventor/ (cit. in ¶64).

100

Bennett Haselton. Peacefire Censorware Pages. Peacefire. http://www.peacefire.org/censorware/ (cit. in ¶63).

101

Huifeng He. Google breaks through China’s Great Firewall … but only for just over an hour. Mar. 2016. South China Morning Post. http://www.scmp.com/tech/china-tech/article/1931301/google-breaks-through-chinas-great-firewall-only-just-over-hour(cit. in ¶169).

102

hellofwy, Max Lv, Mygod, Rio, and Siyuan Ren. SIP007 - Per-session subkey. Jan. 2017. https://github.com/shadowsocks/shadowsocks-org/issues/42 (cit. in Table 4.2, ¶110).

103

Amir Houmansadr, Chad Brubaker, and Vitaly Shmatikov. “The Parrot is Dead: Observing Unobservable Network Communications”. In: Symposium on Security & Privacy. IEEE, 2013. https://people.cs.umass.edu/~amir/papers/parrot.pdf (cit. in ¶34, ¶39, ¶291).

104

Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, and Nikita Borisov. “Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability”. In: Computer and Communications Security. ACM, 2011, pp. 187–200. https://hatswitch.org/~nikita/papers/cirripede-ccs11.pdf (cit. in ¶34, ¶215).

105

Amir Houmansadr, Thomas Riedl, Nikita Borisov, and Andrew Singer. “I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention”. In: Network and Distributed System Security. The Internet Society, 2013. https://people.cs.umass.edu/~amir/papers/FreeWave.pdf (cit. in ¶34, ¶41).

106

Amir Houmansadr, Edmund L. Wong, and Vitaly Shmatikov. “No Direction Home: The True Cost of Routing Around Decoys”. In: Network and Distributed System Security. The Internet Society, 2014. http://dedis.cs.yale.edu/dissent/papers/nodirection.pdf (cit. in ¶56).

107

ICLab. https://iclab.org/ (cit. in ¶90).

108

Ben Jones, Roya Ensafi, Nick Feamster, Vern Paxson, and Nick Weaver. “Ethical Concerns for Censorship Measurement”. In: Ethics in Networked Systems Research. ACM, 2015. https://www.icir.org/vern/papers/censorship-meas.nsethics15.pdf (cit. in ¶72).

109

Justin. Pluggable Transports and DPI. May 2016. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-talk/2016-May/040898.html (cit. in ¶255).

110

George Kadianakis and Nick Mathewson. obfs2 (The Twobfuscator). Jan. 2011. https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs2/obfs2-protocol-spec.txt (cit. in ¶43).

111

George Kadianakis and Nick Mathewson. obfs3 (The Threebfuscator). Jan. 2013. https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt (cit. in ¶43).

112

Josh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David P. Mankins, and W. Timothy Strayer. “Decoy Routing: Toward Unblockable Internet Communication”. In: Free and Open Communications on the Internet. USENIX, 2011. https://www.usenix.org/legacy/events/foci11/tech/final_files/Karlin.pdf (cit. in ¶215).

113

Sheharbano Khattak, Tariq Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch, and Ian Goldberg. “SoK: Making Sense of Censorship Resistance Systems”. In: Privacy Enhancing Technologies 2016.4 (2016), pp. 37–61. https://www.degruyter.com/downloadpdf/j/popets.2016.2016.issue-4/popets-2016-0028/popets-2016-0028.xml (cit. in ¶26, ¶34, ¶40, ¶58).

114

Sheharbano Khattak, Mobin Javed, Philip D. Anderson, and Vern Paxson. “Towards Illuminating a Censorship Monitor’s Model to Facilitate Evasion”. In: Free and Open Communications on the Internet. USENIX, 2013. https://censorbib.nymity.ch/pdf/Khattak2013a.pdf (cit. in ¶62, ¶83).

115

Sheharbano Khattak, Mobin Javed, Syed Ali Khayam, Zartash Afzal Uzmi, and Vern Paxson. “A Look at the Consequences of Internet Censorship Through an ISP Lens”. In: Internet Measurement Conference. ACM, 2014. http://conferences2.sigcomm.org/imc/2014/papers/p271.pdf (cit. in ¶84).

116

Gary King, Jennifer Pan, and Margaret E. Roberts. “How Censorship in China Allows Government Criticism but Silences Collective Expression”. In: American Political Science Review (2012). https://gking.harvard.edu/files/censored.pdf (cit. in ¶142).

117

Jeffrey Knockel, Lotus Ruan, and Masashi Crete-Nishihata. “Measuring Decentralization of Chinese Keyword Censorship via Mobile Games”. In: Free and Open Communications on the Internet. USENIX, 2017. https://www.usenix.org/system/files/conference/foci17/foci17-paper-knockel.pdf (cit. in ¶141).

118

Stefan Köpsell and Ulf Hillig. “How to Achieve Blocking Resistance for Existing Systems Enabling Anonymous Web Surfing”. In: Workshop on Privacy in the Electronic Society. ACM, 2004, pp. 47–58. https://censorbib.nymity.ch/pdf/Koepsell2004a.pdf (cit. in ¶16, ¶26, ¶50, ¶214).

119

Lantern. https://getlantern.org/ (cit. in ¶217).

120

Bruce Leidl. obfuscated-openssh. 2009. https://github.com/brl/obfuscated-openssh (cit. in ¶42).

121

Katherine Li. GAEuploader. Jan. 2017. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2017-January/011812.html (cit. in ¶259).

122

Katherine Li. GAEuploader. https://github.com/katherinelitor/GAEuploader (cit. in ¶259).

123

Katherine Li. GAEuploader now supports Windows. Nov. 2017. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2017-November/012622.html (cit. in ¶259).

124

Karsten Loesing and Nick Mathewson. BridgeDB specification. Dec. 2013. https://spec.torproject.org/bridgedb-spec (cit. in ¶51).

125

Graham Lowe, Patrick Winters, and Michael L. Marcus. The Great DNS Wall of China. Tech. rep. New York University, 2007. https://censorbib.nymity.ch/pdf/Lowe2007a.pdf (cit. in ¶78).

126

Max Lv and Rio. AEAD Ciphers. https://shadowsocks.org/en/spec/AEAD-Ciphers.html(cit. in ¶102).

127

Rohan Mahy, Philip Matthews, and Jonathan Rosenberg. Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN). IETF, Apr. 2010. https://tools.ietf.org/html/rfc5766 (cit. in ¶288).

128

Marek Majkowski. Fun with The Great Firewall. July 2013. https://idea.popcount.org/2013-07-11-fun-with-the-great-firewall/ (cit. in Table 4.2, ¶108).

129

Bill Marczak, Nicholas Weaver, Jakub Dalek, Roya Ensafi, David Fifield, Sarah McKune, Arn Rey, John Scott-Railton, Ron Deibert, and Vern Paxson. “An Analysis of China’s ‘Great Cannon’”. In: Free and Open Communications on the Internet. USENIX, 2015. https://www.usenix.org/system/files/conference/foci15/foci15-paper-marczak.pdf (cit. in ¶86, ¶239).

130

Morgan Marquis-Boire, Jakub Dalek, and Sarah McKune. Planet Blue Coat: Mapping Global Censorship and Surveillance Tools. Citizen Lab, Jan. 2013. https://citizenlab.ca/2013/01/planet-blue-coat-mapping-global-censorship-and-surveillance-tools/ (cit. in ¶87).

131

James Marshall. CGIProxy. https://jmarshall.com/tools/cgiproxy/ (cit. in ¶64).

132

David Martin and Andrew Schulman. “Deanonymizing Users of the SafeWeb Anonymizing Service”. In: USENIX Security Symposium. USENIX, 2002. https://www.usenix.org/legacy/publications/library/proceedings/sec02/martin.html (cit. in ¶64).

133

Srdjan Matic, Carmela Troncoso, and Juan Caballero. “Dissecting Tor Bridges: a Security Evaluation of Their Private and Public Infrastructures”. In: Network and Distributed System Security. The Internet Society, 2017. https://software.imdea.org/~juanca/papers/torbridges_ndss17.pdf (cit. in ¶54, ¶99, ¶139).

134

Damon McCoy, Jose Andre Morales, and Kirill Levchenko. “Proximax: A Measurement Based System for Proxies Dissemination”. In: Financial Cryptography and Data Security. Springer, 2011. https://cseweb.ucsd.edu/~klevchen/mml-fc11.pdf (cit. in ¶52).

135

David McGrew and Eric Rescorla. Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP). IETF, May 2010. https://tools.ietf.org/html/rfc5764 (cit. in ¶289).

136

Jon McLachlan and Nicholas Hopper. “On the risks of serving whenever you surf: Vulnerabilities in Tor’s blocking resistance design”. In: Workshop on Privacy in the Electronic Society. ACM, 2009. https://www-users.cs.umn.edu/~hopper/surf_and_serve.pdf(cit. in ¶99).

137

meek. Tor Bug Tracker & Wiki. https://trac.torproject.org/projects/tor/wiki/doc/meek(cit. in Table 6.5, ¶235, ¶241).

138

Brock N. Meeks and Declan B. McCullagh. Jacking in from the “Keys to the Kingdom” Port. July 1996. CyberWire Dispatch. https://cyberwire.com/cwd/cwd.96.07.03.html (cit. in ¶63).

139

Hooman Mohajeri Moghaddam, Baiyu Li, Mohammad Derakhshani, and Ian Goldberg. “SkypeMorph: Protocol Obfuscation for Tor Bridges”. In: Computer and Communications Security. ACM, 2012. https://www.cypherpunks.ca/~iang/pubs/skypemorph-ccs.pdf (cit. in ¶41).

140

Rich Morin. “The Limits of Control”. In: Unix Review (June 1996). http://cfcl.com/rdm/Pubs/tin/P/199606.shtml (cit. in ¶65).

141

Zubair Nabi. “The Anatomy of Web Censorship in Pakistan”. In: Free and Open Communications on the Internet. USENIX, 2013. https://censorbib.nymity.ch/pdf/Nabi2013a.pdf (cit. in ¶84).

142

NetFreedom Pioneers. Toosheh. https://www.toosheh.org/en.html (cit. in ¶60).

143

Leif Nixon. Some observations on the Great Firewall of China. Nov. 2011. https://www.nsc.liu.se/~nixon/sshprobes.html (cit. in Table 4.2, ¶104).

144

Daiyuu Nobori and Yasushi Shinjo. “VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls”. In: Networked Systems Design and Implementation. USENIX, 2014. https://www.usenix.org/system/files/conference/nsdi14/nsdi14-paper-nobori.pdf (cit. in ¶53, ¶119, ¶125, ¶143).

145

OpenNet Initiative. Filtering by Domestic Blog Providers in China. Jan. 2005. https://opennet.net/bulletins/008/ (cit. in ¶88).

146

OpenNet Initiative. Internet Filtering in China in 2004-2005: A Country Study. https://opennet.net/studies/china (cit. in ¶88).

147

OpenNet Initiative. Probing Chinese search engine filtering. Aug. 2004. https://opennet.net/bulletins/005/ (cit. in ¶88).

148

Jong Chun Park and Jedidiah R. Crandall. “Empirical Study of a National-Scale Distributed Intrusion Detection System: Backbone-Level Filtering of HTML Responses in China”. In: Distributed Computing Systems. IEEE, 2010, pp. 315–326. https://www.cs.unm.edu/~crandall/icdcs2010.pdf (cit. in ¶62, ¶79).

149

Vern Paxson. “Bro: A System for Detecting Network Intruders in Real-Time”. In: Computer Networks 31.23-24 (Dec. 1999), pp. 2435–2463. https://www.icir.org/vern/papers/bro-CN99.pdf (cit. in ¶61).

150

Paul Pearce, Roya Ensafi, Frank Li, Nick Feamster, and Vern Paxson. “Augur: Internet-Wide Detection of Connectivity Disruptions”. In: Symposium on Security & Privacy. IEEE, 2017. https://www.ieee-security.org/TC/SP2017/papers/586.pdf (cit. in ¶92).

151

Paul Pearce, Ben Jones, Frank Li, Roya Ensafi, Nick Feamster, Nick Weaver, and Vern Paxson. “Global Measurement of DNS Manipulation”. In: USENIX Security Symposium. USENIX, 2017. https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-pearce.pdf (cit. in ¶92).

152

Mike Perry. Tor Browser 3.6 is released. Apr. 2014. The Tor Blog. https://blog.torproject.org/tor-browser-36-released (cit. in ¶43).

153

Mike Perry. Tor Browser 4.0 is released. Oct. 2014. The Tor Blog. https://blog.torproject.org/tor-browser-40-released (cit. in Table 4.2, ¶109, ¶222, ¶236).

154

Mike Perry. Tor Browser 4.5 is released. Apr. 2015. The Tor Blog. https://blog.torproject.org/tor-browser-45-released (cit. in ¶43, Table 4.2, ¶109).

155

Matthew Prince. “Thanks for the feedback. …”. Mar. 2015. Hacker News. https://news.ycombinator.com/item?id=9234367 (cit. in ¶239).

156

printempw. 为何 shadowsocks 要弃用一次性验证 (OTA). Feb. 2017. Blessing Studio. https://blessing.studio/why-do-shadowsocks-deprecate-ota/. English synopsis at https://groups.google.com/d/msg/traffic-obf/CWO0peBJLGc/Py-clLSTBwAJ (cit. in ¶102, Table 4.2, ¶110).

157

Psiphon. https://psiphon.ca/ (cit. in ¶217).

158

Thomas H. Ptacek and Timothy N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Tech. rep. Secure Networks, Inc., Jan. 1998. https://www.icir.org/vern/Ptacek-Newsham-Evasion-98.pdf (cit. in ¶61).

159

Abbas Razaghpanah, Anke Li, Arturo Filastò, Rishab Nithyanand, Vasilis Ververis, Will Scott, and Phillipa Gill. Exploring the Design Space of Longitudinal Censorship Measurement Platforms. Tech. rep.Oct. 2016. https://arxiv.org/pdf/1606.01979v2.pdf (cit. in ¶90).

160

Refraction Networking. https://refraction.network/ (cit. in ¶56).

161

Eric Rescorla and Nagendra Modadugu. Datagram Transport Layer Security Version 1.2. IETF, Jan. 2012. https://tools.ietf.org/html/rfc6347 (cit. in ¶289).

162

Hal Roberts, Ethan Zuckerman, and John Palfrey. 2011 Circumvention Tool Evaluation. Tech. rep. Berkman Center for Internet and Society, Aug. 2011. https://cyber.law.harvard.edu/publications/2011/2011_Circumvention_Tool_Evaluation (cit. in ¶94).

163

David Robinson, Harlan Yu, and Anne An. Collateral Freedom: A Snapshot of Chinese Internet Users Circumventing Censorship. Apr. 2013. https://www.opentech.fund/article/collateral-freedom-snapshot-chinese-users-circumventing-censorship (cit. in ¶225).

164

Jonathan Rosenberg. Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols. IETF, Apr. 2010. https://tools.ietf.org/html/rfc5245 (cit. in ¶269, ¶288).

165

Jonathan Rosenberg, Rohan Mahy, Philip Matthews, and Dan Wing. Session Traversal Utilities for NAT (STUN). IETF, Oct. 2008. https://tools.ietf.org/html/rfc5389 (cit. in ¶288).

166

Jonathan Rosenberg and Henning Schulzrinne. An Offer/Answer Model with the Session Description Protocol (SDP). IETF, June 2002. https://tools.ietf.org/html/rfc3264 (cit. in ¶275).

167

SafeWeb. TriangleBoy Whitepaper. http://www.webrant.com/safeweb_site/html/www/tboy_whitepaper.html (cit. in ¶57).

168

Max Schuchard, John Geddes, Christopher Thompson, and Nicholas Hopper. “Routing Around Decoys”. In: Computer and Communications Security. ACM, 2012. https://www-users.cs.umn.edu/~hopper/decoy-ccs12.pdf (cit. in ¶56).

169

Andreas Sfakianakis, Elias Athanasopoulos, and Sotiris Ioannidis. “CensMon: A Web Censorship Monitor”. In: Free and Open Communications on the Internet. USENIX, 2011. https://www.usenix.org/legacy/events/foci11/tech/final_files/Sfakianakis.pdf (cit. in ¶89).

170

Shadowsocks. https://shadowsocks.org/en/ (cit. in ¶42, ¶54).

171

Charlie Smith. We are under attack. Mar. 2015. GreatFire. https://en.greatfire.org/blog/2015/mar/we-are-under-attack (cit. in ¶239).

172

Rob Smits, Divam Jain, Sarah Pidcock, Ian Goldberg, and Urs Hengartner. “BridgeSPA: Improving Tor Bridges with Single Packet Authorization”. In: Workshop on Privacy in the Electronic Society. ACM, 2011. https://www.cypherpunks.ca/~iang/pubs/bridgespa-wpes.pdf (cit. in ¶131).

173

Snowflake. Tor Bug Tracker & Wiki. https://trac.torproject.org/projects/tor/wiki/doc/Snowflake (cit. in ¶266).

174

Qingfeng Tan, Jinqiao Shi, Binxing Fang, Li Guo, Wentao Zhang, Xuebin Wang, and Bingjie Wei. “Towards Measuring Unobservability in Anonymous Communcation Systems”. In: Journal of Computer Research and Development 52.10 (Oct. 2015). http://crad.ict.ac.cn/EN/10.7544/issn1000-1239.2015.20150562 (cit. in ¶218, ¶246).

175

Tokachu. “The Not-So-Great Firewall of China”. In: 2600 23.4 (2006 (cit. in ¶78).

176

Tor Metrics. Bridge users by transport. Nov. 2017. https://metrics.torproject.org/userstats-bridge-transport.html?start=2017-06-01&end=2017-11-30&transport=obfs3&transport=obfs4&transport=meek&transport=%3COR%3E (cit. in ¶222).

177

Tor Metrics. Bridge users by transport from Brazil. Nov. 2017. https://metrics.torproject.org/userstats-bridge-combined.html?start=2016-06-01&end=2017-11-30&country=br (cit. in ¶258, ¶263).

178

Tor Metrics. Bridge users from Iran. Nov. 2017. https://metrics.torproject.org/userstats-bridge-country.html?start=2014-01-01&end=2017-11-30&country=ir (cit. in ¶197).

179

Tor Metrics. Bridge users using Flash proxy/websocket. Dec. 2016. https://metrics.torproject.org/userstats-bridge-transport.html?start=2013-01-01&end=2016-12-31&transport=websocket (cit. in ¶266).

180

Tor Metrics. Tor Browser downloads and updates. Nov. 2017. https://metrics.torproject.org/webstats-tb.html?start=2017-09-01&end=2017-11-30. Source data that gives relative number of stable and alpha downloads is available from https://metrics.torproject.org/stats.html#webstats (cit. in ¶156).

181

The Tor Project. BridgeDB. https://bridges.torproject.org/ (cit. in ¶51, ¶157).

182

Michael Carl Tschantz, Sadia Afroz, Anonymous, and Vern Paxson. “SoK: Towards Grounding Censorship Circumvention in Empiricism”. In: Symposium on Security & Privacy. IEEE, 2016. https://internet-freedom-science.org/circumvention-survey/sp2016/ (cit. in ¶26, ¶38, ¶73, ¶94).

183

Vladislav Tsyrklevich. Internet-wide scanning for bridges. Dec. 2014. tor-dev mailing list. https://lists.torproject.org/pipermail/tor-dev/2014-December/007957.html (cit. in ¶99).

184

uProxy. https://www.uproxy.org/ (cit. in ¶49, ¶268).

185

John-Paul Verkamp and Minaxi Gupta. “Inferring Mechanics of Web Censorship Around the World”. In: Free and Open Communications on the Internet. USENIX, 2012. https://www.usenix.org/system/files/conference/foci12/foci12-final1.pdf (cit. in ¶89).

186

Liang Wang, Kevin P. Dyer, Aditya Akella, Thomas Ristenpart, and Thomas Shrimpton. “Seeing through Network-Protocol Obfuscation”. In: Computer and Communications Security. ACM, 2015. http://pages.cs.wisc.edu/~liangw/pub/ccsfp653-wangA.pdf (cit. in ¶39, ¶40, ¶218, ¶246).

187

Qiyan Wang, Xun Gong, Giang T. K. Nguyen, Amir Houmansadr, and Nikita Borisov. “CensorSpoofer: Asymmetric Communication using IP Spoofing for Censorship-Resistant Web Browsing”. In: Computer and Communications Security. ACM, 2012. https://hatswitch.org/~nikita/papers/censorspoofer.pdf (cit. in ¶57).

188

Qiyan Wang, Zi Lin, Nikita Borisov, and Nicholas J. Hopper. “rBridge: User Reputation based Tor Bridge Distribution with Privacy Preservation”. In: Network and Distributed System Security. The Internet Society, 2013. https://www-users.cs.umn.edu/~hopper/rbridge_ndss13.pdf (cit. in ¶52).

189

Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, and Srikanth V. Krishnamurthy. “Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship”. In: Internet Measurement Conference. ACM, 2017. http://www.cs.ucr.edu/~krish/imc17.pdf (cit. in ¶62, Table 4.2, ¶112, ¶187).

190

Zachary Weinberg, Jeffrey Wang, Vinod Yegneswaran, Linda Briesemeister, Steven Cheung, Frank Wang, and Dan Boneh. “StegoTorus: A Camouflage Proxy for the Tor Anonymity System”. In: Computer and Communications Security. ACM, 2012. https://www.frankwang.org/files/papers/ccs2012.pdf (cit. in ¶41).

191

Darrell M. West. Internet shutdowns cost countries $2.4 billion last year. Oct. 2016. https://www.brookings.edu/wp-content/uploads/2016/10/intenet-shutdowns-v-3.pdf(cit. in ¶35).

192

Tim Wilde. CN Prober IPs. Dec. 2011. https://gist.github.com/twilde/4320b75d398f2e1f074d(cit. in ¶105).

193

Tim Wilde. Great Firewall Tor Probing Circa 09 DEC 2011. Jan. 2012. https://gist.github.com/twilde/da3c7a9af01d74cd7de7 (cit. in Table 4.2, ¶105).

194

Tim Wilde. Knock Knock Knockin’ on Bridges’ Doors. Jan. 2012. The Tor Blog. https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors (cit. in Table 4.2, ¶105).

195

Brandon Wiley. Dust: A Blocking-Resistant Internet Transport Protocol. Tech. rep. University of Texas at Austin, 2011. http://blanu.net/Dust.pdf (cit. in ¶42).

196

Philipp Winter. brdgrd. 2012. https://github.com/NullHypothesis/brdgrd (cit. in ¶62, ¶106).

197

Philipp Winter. How the Great Firewall of China is Blocking Tor. https://www.cs.kau.se/philwint/static/gfc/ (cit. in ¶106).

198

Philipp Winter. “Measuring and circumventing Internet censorship”. PhD thesis. Karlstad University, 2014. https://nymity.ch/papers/pdf/winter2014b.pdf (cit. in ¶26).

199

Philipp Winter and Stefan Lindskog. “How the Great Firewall of China is Blocking Tor”. In: Free and Open Communications on the Internet. USENIX, 2012. https://www.usenix.org/system/files/conference/foci12/foci12-final2.pdf (cit. in ¶32, ¶62, ¶81, Table 4.2, ¶106, ¶128, ¶145, ¶187).

200

Philipp Winter, Tobias Pulls, and Juergen Fuss. “ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship”. In: Workshop on Privacy in the Electronic Society. ACM, 2013. https://censorbib.nymity.ch/pdf/Winter2013b.pdf (cit. in ¶43, ¶54, ¶102).

201

Sebastian Wolfgarten. Investigating large-scale Internet content filtering. Tech. rep. Dublin City University, 2006. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.133.5778&rep=rep1&type=pdf (cit. in ¶78).

202

Joss Wright, Tulio de Souza, and Ian Brown. “Fine-Grained Censorship Mapping: Information Sources, Legality and Ethics”. In: Free and Open Communications on the Internet. USENIX, 2011. https://www.usenix.org/legacy/events/foci11/tech/final_files/Wright.pdf (cit. in ¶12, ¶72, ¶144).

203

Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman. “Telex: Anticensorship in the Network Infrastructure”. In: USENIX Security Symposium. USENIX, 2011. https://www.usenix.org/event/sec11/tech/full_papers/Wustrow.pdf (cit. in ¶215).

204

Xueyang Xu, Z. Morley Mao, and J. Alex Halderman. “Internet Censorship in China: Where Does the Filtering Occur?” In: Passive and Active Measurement Conference. Springer, 2011, pp. 133–142. https://web.eecs.umich.edu/~zmao/Papers/china-censorship-pam11.pdf(cit. in ¶79).

205

XX-Net. https://github.com/XX-net/XX-Net (cit. in ¶259).

206

Yawning Angel and Philipp Winter. obfs4 (The obfourscator). May 2014. https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt(cit. in ¶43, ¶54, ¶102, ¶150).

207

Tao Zhu, David Phipps, Adam Pridgen, Jedidiah R. Crandall, and Dan S. Wallach. “The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions”. In: USENIX Security Symposium. USENIX, 2013. https://www.cs.unm.edu/~crandall/usenix13.pdf (cit. in ¶142).

208

Jonathan Zittrain and Benjamin G. Edelman. “Internet filtering in China”. In: IEEE Internet Computing 7.2 (Mar. 2003), pp. 70–77. https://dash.harvard.edu/bitstream/handle/1/9696319/Zittrain_InternetFilteringinChina.pdf(cit. in ¶75).

 

from  https://www.bamsoftware.com/papers/thesis