DOCSLIB.ORG

Sok: Towards Grounding Censorship Circumvention in Empiricism

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

1 SoK: Towards Grounding Censorship Circumvention in Empiricism Michael Carl Tschantz∗, Sadia Afroz∗, Anonymousz, and Vern Paxson∗y ∗International Computer Science Institute yUniversity of California, Berkeley Abstract—Effective evaluations of approaches to circumventing approaches meeting their own evaluation criteria can succumb government Internet censorship require incorporating perspec- to vulnerabilities not considered by their evaluation (e.g., [1]). tives of how censors operate in practice. We undertake an extensive examination of real censors by surveying prior mea- Approach. To address this disconnect between evaluation and surement studies and analyzing field reports and bug tickets from the actual operating conditions of censorship circumvention practitioners. We assess both deployed circumvention approaches approaches, in this work we seek to ground the evaluation and research proposals to consider the criteria employed in their of circumvention approaches in empirical observations of real evaluations and compare these to the observed behaviors of real censors, identifying areas where evaluations could more faithfully censors. To do so, we systematically compare the behaviors of and effectively incorporate the practices of modern censors. These real censors to the evaluation criteria used by circumvention- observations lead to an agenda realigning research with the approach designers. predominant problems of today. Our work systematizes the evaluation of approaches for censorship circumvention in four ways: I. Introduction 1) We collect data on real-world attacks to show the current Censorship circumvention research seeks to develop ap- state of censorship practice (Sections II and IV), proaches for facilitating access to banned Internet resources, a 2) We survey circumvention approaches and their eval- domain with a fundamentally adversarial nature arising from uations to illuminate the current state of evaluation the ongoing interactions between circumventors and censors. (Sections V and VI, respectively), Both parties find themselves locked in an arms race where each 3) We compare the evaluations designed to assess the side must manage tradeoffs between efficacy and expenditure. difficulty of blocking an approach to the actual actions These tradeoffs continually evolve in subtle ways as new of real censors (Section VII), technologies change the costs of various approaches. 4) We point to open research problems whose resolution Given this complexity, undertaking sound evaluation of will improve evaluation (Section VIII). potential circumvention approaches proves both crucial and Scope. We focus our discussion on censorship by governments difficult. Sound evaluation is crucial since, due to limited attempting to prevent subjects from accessing particular web resources, the developers of circumvention approaches cannot resources outside the government’s jurisdiction. The censor implement and deploy every prospective approach; they need seeks to detect and disrupt banned traffic by placing monitors criteria for selecting the most promising. It is difficult, on the at the edges of their network—just as customs inspectors other hand, because unidentified weaknesses in an approach intercept and examine physical goods at international borders. offer potential openings to censors, but worst-case analyses We also limit the types of circumvention we consider that presume censors will necessarily exploit such vulnerabil- to channel-based approaches that (1) bypass country-level ities ignore the realities of censors who aim to avoid blocking censors that monitor network traffic between two end points, profitable traffic while staying within their budget constraints. (2) communicate with resources outside the censors’ borders, Soundly incorporating these realities into evaluations requires and (3) enable low-latency connections (roughly, fast enough grounding in empirical observations of real censors. for web browsing). Our scope excludes concerns such as While the evaluation sections of research papers provide internal censorship of newspapers or disruption of entirely some insight into the promise of a given circumvention ap- domestic communication. Even so, the remaining space of proach, each paper employs its own evaluation methodology, censor activity and circumvention approaches is large, with 55 typically selected with the capabilities of the approach in mind approaches or evaluations of approaches [2–56] falling within but often not balanced against realistic models of censors. Fur- our scope. Figure 1 shows a generic model of censorship and thermore, such approach-oriented evaluations make it difficult circumvention under the scope we use. to compare across different approaches, or to determine how well an evaluation predicts real-world performance. Prototyped Overview. We first take a detailed look at the arms race between Tor and China as an illustration of the cat-and-mouse z This coauthor chooses to forgo identification in protest of the IEEE nature of censorship and circumvention (Section II). After Security and Privacy Symposium’s acceptance of support from the US covering related work (Section III), we broaden our view by National Security Agency. While it pains us for his significant contributions to the work to go unrecognized here, we respect the heartfelt principles that examining censorship incidents involving other channel-based led him to his position. circumvention approaches (Section IV). Inside Outside used is too wide for any one list to cover all use cases, or Instructions for a single study to attempt to comprehensively rank them. Circumventor's website Rather, we hope to provide a systematic method of thinking 1 about evaluation that will guide evaluators of circumvention Identifiers 2 Circumvention service approaches in their selection of appropriate criteria on a case- by-case basis. Also, we do not intend for this work to discount the utility Monitor Forwarder Destination of forward-looking studies that anticipate the more advanced 3 censors of the future. Rather, we aim to make the tradeoffs User clear: some approaches considered by research are likely years ahead of the point where their overhead is justified Fig. 1. An illustration of the type of censorship we study. First, censored by actual censors effectively blocking less advanced methods; users within a censor’s jurisdiction gather information about how to use an meanwhile, censors block deployed approaches using simple approach, which may include a program download. Second, the users gain attacks. We hope this observation inspires the research com- various identifiers, such as IP addresses and passwords. Third, they run their traffic through a client-side program that applies various transformations to munity towards also providing tools for preventing simpler hide the true destination and content. In the case of a banned destination, the attacks, which would yield immediate benefits for many real approach sends the obscured traffic to some allowed destination that acts as users. a forwarder to the real destination. We make details and our database available at http://internet-freedom-science.org/circumvention-survey/ Next, we provide a survey of channel-based censorship circumvention (Section V) and its evaluation (Section VI). II. Illustrating the Problem Space: Unlike other surveys on circumvention [57–59], we do not Tor and the Great Firewall focus on comparing the approaches themselves, but rather on comparing their evaluations. We enumerate the criteria that The problem space we consider has both disparate aspects the developers of each approach used in their evaluations. We and a complicated arms-race-driven evolution. In this section find little commonality in the evaluation methods employed. we frame the space through the lens of the Tor anonymity While some diversity is to be expected given that approaches system and the “Great Firewall” (GFW), the primary national differ in goals and intended deployment environments, we censorship apparatus of China. The conflict between these two find no globally organizing principles guiding the selection actors is representative of the larger world of censorship and of evaluation criteria. circumvention, and offers us a way of introducing different notions and the associated terminology we will use in our We focus on the criteria related to detecting circumventing discussion, as well as providing some of the grounding in traffic and compare them to the actions of real censors (Sec- real-life censorship that underlies many of our perspectives. tion VII). We observe that system designers tend to emphasize censor capabilities that may become important in the future, Tor provides a convenient focus due to the relatively ex- but not seen in practice today, with little assessment on actual tensive documentation of its censorship and circumvention detection techniques used by current censors. In particular, we counter-responses. We mined blog posts, bug reports, and the identify three disconnects between practice and research: Tor Project’s public documentation to identify the censorship events that underlie our narrative. A progression emerges: Tor, 1) Real censors attack how users discover and set up which was not originally designed for circumvention, is used channels, whereas research often centers on channel to evade the GFW. The censor blocks the Tor website and the usage, servers that make up the anonymity network; Tor responds 2) Real censors prefer cheap passive monitoring or more with mirrors and secret entry servers.
Recommended publications
  • What Is Threat Hunting?

    What Is Threat Hunting?

    $whoami ◎ Apurv Singh Gautam (@ASG_Sc0rpi0n) ◎ Security Researcher, Threat Intel/Hunting ◎ Cybersecurity @ Georgia Tech ◎ Prior: Research Intern at ICSI, UC Berkeley ◎ Hobbies ◎ Contributing to the security community ◎ Gaming/Streaming (Rainbow 6 Siege) ◎ Hiking, Lockpicking ◎ Social ◎ Twitter - @ASG_Sc0rpi0n ◎ Website – https://apurvsinghgautam.me 2 Agenda ◎ Introduction to the Dark Web ◎ Why hunting on the Dark Web? ◎ Methods to hunt on the Dark Web ◎ Can the Dark Web hunting be automated? ◎ Overall Picture ◎ OpSec? What’s that? ◎ Conclusion 3 Clear Web? Deep Web? Dark Web? 5 Image Source: UC San Diego Library Accessing the Dark Web ◎ Tor /I2P/ZeroNet ◎ .onion domains/.i2p domains ◎ Traffic through relays Image Sources: Hotspot Shield, Tor Project, I2P Project, ZeroNet 6 What’s all the Hype? ◎ Hype ○ Vast and mysterious part of the Internet ○ Place for cybercriminals only ○ Illegal to access the Dark Web ◎ Reality ○ Few reachable onion domains ○ Uptime isn’t ideal ○ Useful for free expression in few countries ○ Popular sites like Facebook, NYTimes, etc. ○ Legal to access the Dark Web 7 Relevant site types? ◎ General Markets ◎ PII & PHI ◎ Credit Cards ◎ Digital identities ◎ Information Trading ◎ Remote Access ◎ Personal Documents ◎ Electronic Wallets ◎ Insider Threats Image Source: Intsights 8 Sites Examples 9 Cost of products? ◎ SSN - $1 ◎ Fake FB with 15 friends - $1 ◎ DDoS Service - $7/hr ◎ Rent a Hacker - $12/hr ◎ Credit Card - $20+ ◎ Mobile Malware - $150 ◎ Bank Details - $1000+ ◎ Exploits or 0-days - $150,000+ ◎ Critical databases - $300,000+ 10 Product Examples 11 Image Source: Digital Shadows 12 Image Source: Digital Shadows 13 What is Threat Hunting? ◎ Practice of proactively searching for cyber threats ◎ Hypothesis-based approach ◎ Uses advanced analytics and machine learning investigations ◎ Proactive and iterative search 15 Why So Serious (Eh! Important)? ◎ Hacker forums, darknet markets, dump shops, etc.
  • Uila Supported Apps

    Uila Supported Apps

    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
  • Threat Modeling and Circumvention of Internet Censorship

    Threat Modeling and Circumvention of Internet Censorship

    Threat modeling and circumvention of Internet censorship David Fifield September 27, 2017 Abstract Research on Internet censorship is hampered by a lack of adequate models of censor behavior, encompassing both censors' current practice and their likely future evolution. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not only as a set of capabilities| such as the ability to monitor network traffic—but also as a set of priorities constrained by resource limitations. A circumvention system designed under inadequate assumptions runs the risk of being either easily blocked, or impractical to deploy. My thesis research will be concerned with developing empirically informed censor models and practical, effective circumvention systems to counter them. My goal is to move the field away from seeing the censorship problem as a cat-and-mouse game that affords only incre- mental and temporary advancements. We should instead state the hypotheses and assumptions under which our circumvention designs will work|with the designs being more or less practical depending on how well the hypotheses and assumptions match the behavior of real-world censors. 1 Thesis My research is about Internet censorship and how to make it ineffective. To this end, I am interested in building useful models of real-world censors as they exist today and may exist in the future, for the purpose of building circumvention systems that are not only sound in theory but also effective in practice. 1 2 Scope Internet censorship is an enormous topic. My thesis research is concerned with one important case of it: the border firewall.
  • An Investigation Into the Security and Privacy of Ios VPN Applications

    An Investigation Into the Security and Privacy of Ios VPN Applications

    An Investigation Into the Security and Privacy of iOS VPN Applications Jack Wilson Division of Cybersecurity School of Design and Informatics Abertay University, Dundee A thesis submitted for the degree of Bachelor of Science with Honours in Ethical Hacking 1st May 2018 Word Count: 11,448 Abstract Due to the increasing number of recommendations for people to use VPN’s for privacy reasons, more app developers are creating VPN apps and publishing them on the Apple App Store and Google Play Store. In this ‘gold rush’, apps are being developed quickly and, in turn, not being developed with security fully in mind. This paper investigated a selection of free VPN applications available on the Apple App Store (for iOS devices) and test the apps for security and privacy. This includes testing for any traffic being transmitted over plain HTTP, DNS leakage and transmission of personally-identifiable information (such as phone number, IMEI 1, email address, MAC address) and evaluating the security of the tunnelling protocol used by the VPN. The testing methodology involved installing free VPN apps on a test device (an iPhone 6 running iOS 11), simulating network traffic for a pre-defined period of time and capturing the traffic (either through ARP spoofing, or through a proxy program such as Burpsuite). This allows for all traffic to be analysed to check for anything being sent without encryption. Other issues that often cause de-anonymisation with VPN applications such as DNS leakage can be tested using websites such as dnsleaktest.com. The research found several common security issues with the VPN applications that were tested, with a large majority of the applications tested failing to implement HTTPS.
  • OSS: Using Online Scanning Services for Censorship Circumvention

    OSS: Using Online Scanning Services for Censorship Circumvention

    OSS: Using Online Scanning Services for Censorship Circumvention David Fifield1, Gabi Nakibly2, and Dan Boneh1 1 Computer Science Department, Stanford University 2 National EW Research & Simulation Center, Rafael { Advanced Defense Systems Ltd. Abstract. We introduce the concept of a web-based online scanning service, or OSS for short, and show that these OSSes can be covertly used as proxies in a censorship circumvention system. Such proxies are suitable both for short one-time rendezvous messages and bulk bidirectional data transport. We show that OSSes are widely available on the Internet and blocking all of them can be difficult and harmful. We measure the number of round trips and the amount of data that can be pushed through various OSSes and show that we can achieve throughputs of about 100 KB/sec. To demonstrate the effectiveness of our approach we built a system for censored users to communicate with blocked Tor relays using available OSS providers. We report on its design and performance. 1 Introduction Nowadays many nations regularly filter Internet traffic by blocking news sites, social networking sites, search sites, and even public mail sites like Gmail. The OpenNet Initiative, which tracks public reports of Internet filtering, lists a large number of countries that filter Internet traffic. Over half of the 74 countries tested in 2011 imposed some degree of filtering on the Internet [1]. In response, several proxy systems have emerged to help censored users freely browse the Internet. Most notable among these is Tor [2], which, while originally designed to provide anonymity, has also seen wide use in circumvention.
  • Design of a Blocking-Resistant Anonymity System DRAFT

    Design of a Blocking-Resistant Anonymity System DRAFT

    Design of a blocking-resistant anonymity system DRAFT Roger Dingledine Nick Mathewson The Tor Project The Tor Project [email protected] [email protected] Abstract Internet censorship is on the rise as websites around the world are increasingly blocked by government-level firewalls. Although popular anonymizing networks like Tor were originally designed to keep attackers from tracing people’s activities, many people are also using them to evade local censorship. But if the censor simply denies access to the Tor network itself, blocked users can no longer benefit from the security Tor offers. Here we describe a design that builds upon the current Tor network to provide an anonymiz- ing network that resists blocking by government-level attackers. 1 Introduction and Goals Anonymizing networks like Tor [11] bounce traffic around a network of encrypting relays. Unlike encryption, which hides only what is said, these networks also aim to hide who is communicat- ing with whom, which users are using which websites, and similar relations. These systems have a broad range of users, including ordinary citizens who want to avoid being profiled for targeted advertisements, corporations who don’t want to reveal information to their competitors, and law en- forcement and government intelligence agencies who need to do operations on the Internet without being noticed. Historical anonymity research has focused on an attacker who monitors the user (call her Alice) and tries to discover her activities, yet lets her reach any piece of the network. In more modern threat models such as Tor’s, the adversary is allowed to perform active attacks such as modifying communications to trick Alice into revealing her destination, or intercepting some connections to run a man-in-the-middle attack.
  • Everyone's Guide to Bypassing Internet Censorship

    Everyone's Guide to Bypassing Internet Censorship

    EVERYONE’S GUIDE TO BY-PASSING INTERNET CENSORSHIP FOR CITIZENS WORLDWIDE A CIVISEC PROJECT The Citizen Lab The University of Toronto September, 2007 cover illustration by Jane Gowan Glossary page 4 Introduction page 5 Choosing Circumvention page 8 User self-assessment Provider self-assessment Technology page 17 Web-based Circumvention Systems Tunneling Software Anonymous Communications Systems Tricks of the trade page 28 Things to remember page 29 Further reading page 29 Circumvention Technologies Circumvention technologies are any tools, software, or methods used to bypass Inter- net filtering. These can range from complex computer programs to relatively simple manual steps, such as accessing a banned website stored on a search engine’s cache, instead of trying to access it directly. Circumvention Providers Circumvention providers install software on a computer in a non-filtered location and make connections to this computer available to those who access the Internet from a censored location. Circumvention providers can range from large commercial organi- zations offering circumvention services for a fee to individuals providing circumven- tion services for free. Circumvention Users Circumvention users are individuals who use circumvention technologies to bypass Internet content filtering. 4 Internet censorship, or content filtering, has become a major global problem. Whereas once it was assumed that states could not control Internet communications, according to research by the OpenNet Initiative (http://opennet.net) more than 25 countries now engage in Internet censorship practices. Those with the most pervasive filtering policies have been found to routinely block access to human rights organi- zations, news, blogs, and web services that challenge the status quo or are deemed threatening or undesirable.
  • Shedding Light on Mobile App Store Censorship

    Shedding Light on Mobile App Store Censorship

    Shedding Light on Mobile App Store Censorship Vasilis Ververis Marios Isaakidis Humboldt University, Berlin, Germany University College London, London, UK [email protected] [email protected] Valentin Weber Benjamin Fabian Centre for Technology and Global Affairs University of Telecommunications Leipzig (HfTL) University of Oxford, Oxford, UK Humboldt University, Berlin, Germany [email protected] [email protected] ABSTRACT KEYWORDS This paper studies the availability of apps and app stores across app stores, censorship, country availability, mobile applications, countries. Our research finds that users in specific countries do China, Russia not have access to popular app stores due to local laws, financial reasons, or because countries are on a sanctions list that prohibit ACM Reference Format: Vasilis Ververis, Marios Isaakidis, Valentin Weber, and Benjamin Fabian. foreign businesses to operate within its jurisdiction. Furthermore, 2019. Shedding Light on Mobile App Store Censorship. In 27th Conference this paper presents a novel methodology for querying the public on User Modeling, Adaptation and Personalization Adjunct (UMAP’19 Ad- search engines and APIs of major app stores (Google Play Store, junct), June 9–12, 2019, Larnaca, Cyprus. ACM, New York, NY, USA, 6 pages. Apple App Store, Tencent MyApp Store) that is cross-verified by https://doi.org/10.1145/3314183.3324965 network measurements. This allows us to investigate which apps are available in which country. We primarily focused on the avail- ability of VPN apps in Russia and China. Our results show that 1 INTRODUCTION despite both countries having restrictive VPN laws, there are still The widespread adoption of smartphones over the past decade saw many VPN apps available in Russia and only a handful in China.
  • Internet Infrastructure Review Vol.27

    Internet Infrastructure Review Vol.27

    Internet Infrastructure Vol.27 Review May 2015 Infrastructure Security Increasingly Malicious PUAs Messaging Technology Anti-Spam Measure Technology and DMARC Trends Web Traffic Report Report on Access Log Analysis Results for Streaming Delivery of the 2014 Summer Koshien Inte r ne t In f r ast r uc t ure Review Vol.27 May 2015 Executive Summary ———————————————————3 1. Infrastructure Security ———————————————4 Table of Contents Table 1.1 Introduction —————————————————————— 4 1.2 Incident Summary ——————————————————— 4 1.3 Incident Survey ——————————————————— 11 1.3.1 DDoS Attacks —————————————————————— 11 1.3.2 Malware Activities ———————————————————— 13 1.3.3 SQL Injection Attacks —————————————————— 16 1.3.4 Website Alterations ——————————————————— 17 1.4 Focused Research —————————————————— 18 1.4.1 Increasingly Malicious PUAs —————————————— 18 1.4.2 ID Management Technology: From a Convenience and Security Perspective ————— 22 1.4.3 Evaluating the IOCs of Malware That Reprograms HDD Firmware —————————————————————— 25 1.5 Conclusion —————————————————————— 27 2. Messaging Technology —————————————— 28 2.1 Introduction ————————————————————— 28 2.2 Spam Trends ————————————————————— 28 2.2.1 Spam Ratios Decline Further in FY2014 ————————— 28 2.2.2 Higher Risks Despite Lower Volumes —————————— 29 2.3 Trends in Email Technologies ——————————— 29 2.3.1 The DMARC RFC ————————————————————— 29 2.3.2 Problems with DMARC and Reporting —————————— 30 2.3.3 Use of DMARC by Email Recipients ——————————— 30 2.3.4 Domain Reputation ——————————————————— 31 2.3.5
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
  • W Shekatkar Committee Report W Atmanirbhar Bharat Abhiyan W

    W Shekatkar Committee Report W Atmanirbhar Bharat Abhiyan W

    MONTHLY MAGAZINE FOR TNPSC EXAMS MAY–2020 w Atmanirbhar Bharat Abhiyan w Cleanest City List w Shekatkar Committee Report w Konark Sun Temple w Char Dham Project w Samagra Shiksha Abhiyan VETRII IAS STUDY CIRCLE TNPSC CURRENT AFFAIRS MAY - 2020 An ISO 9001 : 2015 Institution | Providing Excellence Since 2011 Head Office Old No.52, New No.1, 9th Street, F Block, 1st Avenue Main Road, (Near Istha siddhi Vinayakar Temple), Anna Nagar East – 600102. Phone: 044-2626 5326 | 98844 72636 | 98844 21666 | 98844 32666 Branches SALEM KOVAI No.189/1, Meyanoor Road, Near ARRS Multiplex, (Near Salem New No.347, D.S.Complex (3rd floor), Nehru Street,Near Gandhipuram bus Stand), Opp. Venkateshwara Complex, Salem - 636004. Central Bus Stand, Ramnagar, Kovai - 9 0427-2330307 | 95001 22022 75021 65390 Educarreerr Location Vivekanandha Educational Institutions for Women, Elayampalayam, Tiruchengode - TK Namakkal District - 637 205. 04288 - 234670 | 91 94437 34670 Patrician College of Arts and Science, 3, Canal Bank Rd, Gandhi Nagar, Opposite to Kotturpuram Railway Station, Adyar, Chennai - 600020. 044 - 24401362 | 044 - 24426913 Sree Saraswathi Thyagaraja College Palani Road, Thippampatti, Pollachi - 642 107 73737 66550 | 94432 66008 | 90951 66009 www.vetriias.com My Dear Aspirants, Greetings to all of you! “What we think we become” Gautama Buddha. We all have dreams. To make dreams come into reality it takes a lot of determination, dedication, self discipline and continuous effort. We at VETRII IAS Study Circle are committed to provide the right guidance, quality coaching and help every aspirants to achieve his or her life’s cherished goal of becoming a civil servant.
  • Style Counsel: Seeing the (Random) Forest for the Trees in Adversarial Code Stylometry∗

    Style Counsel: Seeing the (Random) Forest for the Trees in Adversarial Code Stylometry∗

    Style Counsel: Seeing the (Random) Forest for the Trees in Adversarial Code Stylometry∗ Christopher McKnight Ian Goldberg Magnet Forensics University of Waterloo [email protected] [email protected] ABSTRACT worm based on an examination of the reverse-engineered code [17], The results of recent experiments have suggested that code stylom- casting style analysis as a forensic technique. etry can successfully identify the author of short programs from This technique, however, may be used to chill speech for soft- among hundreds of candidates with up to 98% precision. This poten- ware developers. There are several cases of developers being treated tial ability to discern the programmer of a code sample from a large as individuals of suspicion, intimidated by authorities and/or co- group of possible authors could have concerning consequences for erced into removing their software from the Internet. In the US, the open-source community at large, particularly those contrib- Nadim Kobeissi, the Canadian creator of Cryptocat (an online se- utors that may wish to remain anonymous. Recent international cure messaging application) was stopped, searched, and questioned events have suggested the developers of certain anti-censorship by Department of Homeland Security officials on four separate oc- and anti-surveillance tools are being targeted by their governments casions in 2012 about Cryptocat and the algorithms it employs [16]. and forced to delete their repositories or face prosecution. In November 2014, Chinese developer Xu Dong was arrested, pri- In light of this threat to the freedom and privacy of individual marily for political tweets, but also because he allegedly “committed programmers around the world, we devised a tool, Style Counsel, to crimes of developing software to help Chinese Internet users scale aid programmers in obfuscating their inherent style and imitating the Great Fire Wall of China” [4] in relation to proxy software he another, overt, author’s style in order to protect their anonymity wrote.