Censorship & Privacy Tech

EECS 598-12 Tu/Th 4:30–6:30

Professor:

Roya Ensafi 

Office hours: Tue/Thu 6:30–7:00 PM, 4745 Beyster, or by appointment

Credits:

4.   This course counts towards meeting system quals requirements.

Prerequisites: 

This course is open to advanced undergraduate students with EECS 388, EECS 489 Networking (recommended), or grad standing.

Lectures:

Tue/Thu 4:30–6:30, 3150 DOW

Communication:

ensafi@umich.edu or use our class Piazza for the class-related discussion

Network technologies have revolutionized the way people interact with each other, with corporations, and with government. Yet a range of network interference techniques, including censorship, surveillance, online tracking, content manipulation, throttling, and net neutrality violations, pose increasing threats to users’ security and privacy.

In this course, we’ll study the latest research in detecting and resisting these threats, including systems for censorship detection and circumvention, web tracking and traffic analysis countermeasures, anonymous communication systems such as Tor, and other privacy enhancing technologies (PETs). Student groups will be expected to complete original research projects on topics in this area.

Course Structure

This course will include reading 3-4 papers per week, with written reviews and in-class discussion on the topics. You must complete a final group project related to Internet censorship and Privacy enhancing technologies. We’ll aim for submitting our final projects to technical conferences and workshops. There will be no exams. Instead, your grade will be based on the following:

Class Participation (15%) — In each class, we read and discuss  1-2 research papers. You should read the assigned papers before coming to each class and be fully prepared to talk about them.

Paper Reviews (20%) — You are required to write a 400 word review for each assigned paper.  A good review often consists of four parts: a concise description of the problem the paper tries to solve, summary of key contributions, evaluation of the paper’s strengths and weaknesses, and discussion on open questions.  Your review should project that you carefully read the paper and have thought about the research problem and the solution space. Please send these to ensafi@umich.edu with the subject "598 reading", and include your review as inline text in the email.

Paper reviews are due by 1 pm on the day of each class through HotCRP.

In-class Presentation (15%) — Working with a partner, pick a new or controversial topic related to censorship and privacy enhancing technologies (PETs). Read blogs, news, and research papers, and prepare a 20 minute presentation to present to the class. Send an email to ensafi@umich.edu with your top 2 choices and who your partner will be before the class on Tuesday, Oct. 1st.

Research Project (50%) — You need to complete an original research project in a small groups of 3 or 4 on topics related to the course. This project should address important, interesting open problems related to censorship and privacy enhancing technologies (PETs).  While I am happy to discuss and recommend projects, it is ultimately your task to choose the topic. Final project consists of four parts:

Ethics, Law, and University Policies

Please review ITS’s policies on responsible use of technology resources and CAEN’s policy documents for guidelines concerning proper use of information technology at U-M, as well as the Engineering Honor Code. As members of the university, you are required to abide by these policies.

Topics and Reading

Topic: Censorship Measurement

Week 1

Sep 3

Sep 5

Censorship Overview

A Bestiary of Blocking: The Motivations and Modes behind Website Unavailability

Censorship: Targeted Studies

Inferring Mechanics of Web Censorship Around the World

Analyzing Web Censorship Mechanisms in India

High-Fidelity Detection of Microblog Post Deletions

Chat program censorship and surveillance in China
The Case of Greece, China, Iran, Pakistan

Week 2

Sep 10

Sep 12

Censorship: Censored Topics

An Empirical Analysis of Web Censorship Lists 

Automatically Generating a Large...Blocklist for China
Measuring Decentralization of Chinese Keyword Censorship via Mobile Games 

FilteredWeb: A Framework for the Automated Search-Based Discovery of Blocked URLs

Censorship: Ethics

The Menlo Report: Ethical Principles

Networked Systems Ethics - Guidelines

Ethical Concerns for Censorship Measurement

Forgive Us our SYNs: Technical and Ethical Considerations for Measuring Internet Filtering

Week 3

Sep 17

Sep 19

Censorship: Measurement Techniques

Augur: Internet-Wide Detection of Connectivity Disruptions

Global Measurement of DNS Manipulation

Quack: Scalable Remote Measurement of Application-Layer Censorship

Censorship: Measurement Techniques

Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests

ICLab: A Global Longitudinal Internet Censorship Measurement Platform

Satellite: Joint Analysis of CDNs and Network-Level Interference

Topic: Censorship Circumvention

Week 4

Sep 24

Sep 26

Circumvention overview

SoK: Making Sense of Censorship Resistance Systems

SoK: Towards Grounding Censorship Circumvention
Network Traffic Obfuscation & Automated Censorship

Circumvention: Tor + Attacks on Tor

Tor: The Second-Generation Onion

Users Get Routed: Traffic Correlation on Tor

How NSA Attacks Tor Users w/ QUANTUM & FOXACID

Judge Confirms ... Feds Hired CMU to Break Tor

Week 5

Oct 1

Oct 3

In-class Presentation

Circumvention: Obfuscation

SkypeMorph: Protocol Obfuscation for Tor Bridges

Scramblesuit
Protocol Misidentification Made Easy with FTE

Week 6

Oct 8

Oct 10

In class, work on projects. No review due.

In class, work on projects. No review due.

Week 7

Oct 15

Oct 17

Fall Break

Pre-Proposal Presentation

Week 8

Oct 22

Oct 24

Circumvention: Attack against obfuscation

The Parrot is Dead: Observing Unobservable Network Communications

Circumvention: VPNs

A Glance through the VPN Looking Glass

An Empirical Analysis of the Commercial VPN Ecosystem

An Analysis of the S&P Risks of VPN Apps

Week 9

Oct 29

Oct 31

No class, work on projects. No review due.

Circumvention: Reality Check

A Large-scale Analysis of...Open HTTP Proxies

Here Be Web proxies

Dissecting Tor Bridges

Week 10

Nov 5

Nov 7

Circumvention: Clever protocols

Blocking-resistant Communication Through Domain Fronting 

https://www.bamsoftware.com/papers/thesis/#sec:meek-history

Evading Censorship with Browser-Based Proxies

Circumvention: Clever protocols

Telex: Anti Censorship in the Network Infrastructure

TapDance: End-to-Middle Anticensorship

An ISP-Scale Deployment of TapDance

Written proposals due via email

Topic: Privacy Tech

Week 11

Nov 12

Nov 14

Privacy

Why Privacy Matters Even if You Have 'Nothing to Hide’ 

The Transparent Society 

Privacy Policy



No class, work on projects. No review due.

Week 12

Nov 19

Nov 21

Web Tracking

The Web Never Forgets: Persistent Tracking Mechanisms

How Unique Is Your Web Browser?

Web Tracking

Online Tracking: A 1M Measurement and Analysis
Diffusion of User Tracking Data in the Online Ad Ecosystem

Third-party web tracking: Policy and technology

Week 13

Nov 26

Nov 28

Surveillance

 Surveillance Giants: how the business model of google and facebook threatens human rights

Thanksgiving Break

Week 14

Dec 3

Dec 5

Private communication
Off-the-Record Communication, or, Why Not to Use PGP.

SoK: Secure Messaging

Project Presentations

Dec 19

Final Paper Due