Censorship & Privacy Tech

EECS 598-12 Tu/Th 4:30–6:30

Professor:

Roya Ensafi 

Office hours: Tue/Thu 6:30–7:00 PM, 4745 Beyster, or by appointment

Credits:

4.   This course counts towards meeting system quals requirements.

Prerequisites: 

This course is open to advanced undergraduate students with EECS 388, EECS 489 Networking (recommended), or grad standing.

Lectures:

Tue/Thu 4:30–6:30, 3150 DOW

Communication:

ensafi@umich.edu or use our class Piazza for the class-related discussion

Network technologies have revolutionized the way people interact with each other, with corporations, and with government. Yet a range of network interference techniques, including censorship, surveillance, online tracking, content manipulation, throttling, and net neutrality violations, pose increasing threats to users’ security and privacy.

In this course, we’ll study the latest research in detecting and resisting these threats, including systems for censorship detection and circumvention, web tracking and traffic analysis countermeasures, anonymous communication systems such as Tor, and other privacy enhancing technologies (PETs). Student groups will be expected to complete original research projects on topics in this area.

Course Structure

This course will include reading 3-4 papers per week, with written reviews and in-class discussion on the topics. You must complete a final group project related to Internet censorship and Privacy enhancing technologies. We’ll aim for submitting our final projects to technical conferences and workshops. There will be no exams. Instead, your grade will be based on the following:

Class Participation (15%) — In each class, we read and discuss  1-2 research papers. You should read the assigned papers before coming to each class and be fully prepared to talk about them.

Paper Reviews (20%) — You are required to write a 400 word review for each assigned paper.  A good review often consists of four parts: a concise description of the problem the paper tries to solve, summary of key contributions, evaluation of the paper’s strengths and weaknesses, and discussion on open questions.  Your review should project that you carefully read the paper and have thought about the research problem and the solution space. Please send these to ensafi@umich.edu with the subject "598 reading", and include your review as inline text in the email.

Paper reviews are due by 1 pm on the day of each class through HotCRP.

In-class Presentation (15%) — Working with a partner, pick a new or controversial topic related to censorship and privacy enhancing technologies (PETs). Read blogs, news, and research papers, and prepare a 20 minute presentation to present to the class. Send an email to ensafi@umich.edu with your top 2 choices and who your partner will be before the class on Tuesday, Oct. 1st.

Research Project (50%) — You need to complete an original research project in a small groups of 3 or 4 on topics related to the course. This project should address important, interesting open problems related to censorship and privacy enhancing technologies (PETs).  While I am happy to discuss and recommend projects, it is ultimately your task to choose the topic. Final project consists of four parts:

Ethics, Law, and University Policies

Please review ITS’s policies on responsible use of technology resources and CAEN’s policy documents for guidelines concerning proper use of information technology at U-M, as well as the Engineering Honor Code. As members of the university, you are required to abide by these policies.

Topics and Reading

Topic: Censorship Measurement

Week 1

Sep 3

Sep 5

Censorship Overview

A Bestiary of Blocking: The Motivations and Modes behind Website Unavailability

Censorship: Targeted Studies

Inferring Mechanics of Web Censorship Around the World

Analyzing Web Censorship Mechanisms in India

High-Fidelity Detection of Microblog Post Deletions

Chat program censorship and surveillance in China
The Case of Greece, China, Iran, Pakistan

Week 2

Sep 10

Sep 12

Censorship: Censored Topics

An Empirical Analysis of Web Censorship Lists 

Automatically Generating a Large...Blocklist for China
Measuring Decentralization of Chinese Keyword Censorship via Mobile Games 

FilteredWeb: A Framework for the Automated Search-Based Discovery of Blocked URLs

Censorship: Ethics

The Menlo Report: Ethical Principles

Networked Systems Ethics - Guidelines

Ethical Concerns for Censorship Measurement

Forgive Us our SYNs: Technical and Ethical Considerations for Measuring Internet Filtering

Week 3

Sep 17

Sep 19

Censorship: Measurement Techniques

Augur: Internet-Wide Detection of Connectivity Disruptions

Global Measurement of DNS Manipulation

Quack: Scalable Remote Measurement of Application-Layer Censorship

Censorship: Measurement Techniques

Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests

ICLab: A Global Longitudinal Internet Censorship Measurement Platform

Satellite: Joint Analysis of CDNs and Network-Level Interference

Topic: Censorship Circumvention

Week 4

Sep 24

Sep 26

Circumvention overview

SoK: Making Sense of Censorship Resistance Systems

SoK: Towards Grounding Censorship Circumvention
Network Traffic Obfuscation & Automated Censorship

Circumvention: Tor + Attacks on Tor

Tor: The Second-Generation Onion

Users Get Routed: Traffic Correlation on Tor

How NSA Attacks Tor Users w/ QUANTUM & FOXACID

Judge Confirms ... Feds Hired CMU to Break Tor

Week 5

Oct 1

Oct 3

In-class Presentation

Circumvention: Obfuscation

SkypeMorph: Protocol Obfuscation for Tor Bridges

Scramblesuit
Protocol Misidentification Made Easy with FTE

Week 6

Oct 8

Oct 10

Circumvention: Attack against obfuscation

The Parrot is Dead: Observing Unobservable Network Communications

In class, work on projects. No review due.

Week 7

Oct 15

Oct 17

Fall Break

Pre-Proposal Presentation

Week 8

Oct 22

Oct 24

Circumvention: Clever protocols

Telex: Anti Censorship in the Network Infrastructure

TapDance: End-to-Middle Anticensorship

An ISP-Scale Deployment of TapDance

Circumvention: Clever protocols

Blocking-resistant Communication Through Domain Fronting 

Evading Censorship with Browser-Based Proxies

Week 9

Oct 29

Oct 31

No class, work on projects. No review due.

Circumvention: Censors against Tor

How the GFW Discovers Hidden Circumvention Servers

Censors' Delay in Blocking Circumvention Proxies

Week 10

Nov 5

Nov 7

Circumvention: VPNs

Analysis of current VPN technologies

An Empirical Analysis of the Commercial VPN Ecosystem

An Analysis of the S&P Risks of VPN Apps

Written proposals due via email

Circumvention: Reality Check

A Large-scale Analysis of...Open HTTP Proxies

Dissecting Tor Bridges

Here Be Web proxies

Topic: Privacy Tech

Week 11

Nov 12

Nov 14

Privacy

Why Privacy Matters Even if You Have 'Nothing to Hide’ 

The Transparent Society 

Privacy Policy

Private communication
Off-the-Record Communication, or, Why Not to Use PGP.

SoK: Secure Messaging

Week 12

Nov 19

Nov 21

Web Tracking

Third-party web tracking: Policy and technology

Online Tracking: A 1M Measurement and Analysis

Project checkpoint due via email

Web Tracking

The Web Never Forgets: Persistent Tracking Mechanisms

Diffusion of User Tracking Data in the Online Ad Ecosystem

A Comprehensive Evaluation of Third-Party Cookie Policies

Week 13

Nov 26

Nov 28

Web Tracking: Browser Fingerprinting

How Unique Is Your Web Browser?

FPDetective: Dusting the Web for Fingerprinters

Pixel Perfect

https://amiunique.org/links

Thanksgiving Break

Week 14

Dec 3

Dec 5

Project Presentations

Project Presentations

Dec 19

Final Paper Due