DOCSLIB.ORG

Online Advertising Under Internet Censorship

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Online Advertising Under Internet Censorship Online Advertising under Internet Censorship Hira Javaid Hafiz Kamran Khalil LUMS, Pakistan LUMS, Pakistan Zartash Afzal Uzmi Ihsan Ayyub Qazi LUMS, Pakistan LUMS, Pakistan ABSTRACT the censorship region, thus masking the true user location. Online advertising plays a critical role in enabling the free As a result, users see irrelevant ads (e.g., ads in a language Web by allowing publishers to monetize their services. How- they do not understand or ads for products unavailable in 1 ever, the rise in internet censorship events globally poses their region). This frustrates the end-user , reduces the click an economic threat to the advertising ecosystem. This paper through rates, and disrupts the ad campaign, causing a loss of studies this interplay and presents ADVENTION, a system that revenue to publishers and advertisers. provides censorship circumvention while serving relevant ads. This work attempts to explore the adverse impact of cen- ADVENTION leverages the observation that ad systems are sorship circumvention on the relevance of advertisements and usually hosted on domains that are different from the pub- how to alleviate such impact. In particular, we ask, “How can lisher domains and are almost always uncensored. Taking cue we design censorship circumvention systems that allow ad- from this, ADVENTION fetches ads via the direct, uncensored, vertisers to serve geographically relevant ads to users while channel between users and the ad system. Preliminary results retaining circumvention effectiveness?” To this end, (a) we show that ADVENTION not only offers high ad relevance com- conduct an exploratory measurement study to understand how pared to other popular relay-based circumvention tools, it also ads are impacted by incorrect user location information and offers smaller page load times. quantify the decrease in ad relevance, and (b) present the initial design of ADVENTION, a system that exposes correct 1 INTRODUCTION user location information to advertisers while still allowing relay-based circumvention of internet censorship. Online advertising revenues are projected to reach $83 billion ADVENTION leverages the observation that the ads served in 2017, an increase of 40% since 2015, and now accounting by advertising systems are hosted on domains that are dif- for the largest share of the advertising market, surpassing ferent from the publisher domains and are almost always both print and TV advertising [1]. Online advertising plays uncensored to avoid potential collateral damage2. Based on a critical role in fueling the “free” Web and its growth can this observation, ADVENTION fetches ads through the (un- be attributed both to increase in internet users and the abil- censored) direct path to the advertisement system—to mimic ity to individually customize advertisements to users. While normal ad requests that are sent without routing through a targeted advertising—driven by collecting information about relay. We show that such an approach also leads to smaller a user’s digital habits, locality, and demographics [8, 12]— page load times (PLTs) and hence improved user experience has raised concerns about user privacy and surveillance, it as ad requests tend to get served faster over the direct channel. also offers a number of consumer benefits (e.g., seeing more While ADVENTION allows users to circumvent censorship, interesting or relevant ads). the publisher—accessed over the relayed path—still sees in- With internet censorship events on the rise and over 70 correct user location. The publisher may then generate irrele- countries filtering Web content [13, 15], the online advertising vant content3, thus passing incorrect publisher context to the ecosystem faces a serious challenge. The growing use of cen- ad service, leading to irrelevant ads. To address this challenge, sorship circumvention tools, such as Tor [10], Lantern [22], ADVENTION allows the possibility of improving publisher Hotspot Shield, and uProxy [34], implies that advertisers do context by intelligent relay selection (IRS) via which requests not infer the correct user location information to generate ads to publishers are routed. as these tools typically rely on proxy relays located outside We evaluate ADVENTION for a range of popular websites Permission to make digital or hard copies of all or part of this work for including both censored and uncensored websites in the re- personal or classroom use is granted without fee provided that copies are not gion of our experimental study. Our results show a substantial made or distributed for profit or commercial advantage and that copies bear loss in ad relevance when user traffic is routed via relays, this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with as is the current practice with most common circumvention credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request 1This may also incent more users to employ ad blockers [25]. permissions from [email protected]. 2Authorities rarely, if ever, block ad system domains as it would cause HotNets-XVI, November 30–December 1, 2017, Palo Alto, CA, USA blocking of ads displayed on scores of popular publishers. For example, © 2017 Association for Computing Machinery. Google’s DoubleClick is used by 1,843,854 publishers and PubMatic is used ACM ISBN 978-1-4503-5569-8/17/11. $15.00 by 215,046 publishers [11, 29]. https://doi.org/10.1145/3152434.3152455 3Many popular publishers offer region-specific content. tools [10, 22, 26, 32, 34]. ADVENTION provides significant 2 BACKGROUND improvements in fetching relevant ads, with further benefits Ad Classification and Targeting. Targeted advertising is of- when it employs IRS. From our experimental study, we also ten driven by: (i) publisher page context (e.g., language and demonstrate that compared to commonly-used tools for cir- keywords) to serve contextual ads, (ii) user profile and brows- cumvention (e.g., Tor and static proxies), ADVENTION shows ing history for behavioral ads, or (iii) user location to de- improvement in PLTs across a variety of popular websites, liver geo-targeted ads. We only consider these ‘dynamic’ ads, thus providing a deployment incentive for end-users. served on-the-fly via ad systems5 and real-time bidding [7]. ADVENTION keeps the users interested (lower PLTs and Profile ads such as those served over online social networks relevant ads) and enables effective ad campaigns (relevant ads largely remain relevant even with the use of a relay, and are with high click-through rates). The mechanism behind AD- not interesting from the point of view of this work. VENTION is powerful yet simple to implement as a browser Information Flow in Serving Ads. On receiving a page re- extension, for example by making use of proxy automatic quest from a client, the publisher sends back the webpage configuration (PAC) files [27] or other similar configurations. along with an embedded ad tag, which contains the page ADVENTION’s use of the direct path for routing ad re- context. The client browser, behind the scenes, forwards the quests raises three challenges. First, it can make easier for ad tag to the ad server which may also infer user profile censors to block traffic by inspecting the HTTP referer field and browsing history (via cookies) and location (via geo- of ad requests. Through measurements of Alexa top 500 web- mapping). The ad server then uses the available information sites, we find that over 82% ad requests are sent over HTTPS, (e.g., user location, user profile, or publisher context) to serve which encrypts the referer field. This prevents the censor from geo-targeted, behavioral, or contextual ads. This information blocking most traffic based on this 4field . Second, if censors flow usually allows relevant ads to be served. collude with ad systems, they can potentially block user traf- fic. However, this may be less likely in case of popular ad Information Flow with Relays. When a user routes a con- servers (e.g., DoubleClick and PubMatic) that are typically nection via circumvention relays, incorrect inference of user hosted in uncensored regions and serve majority of publisher location can cause the ad server to serve irrelevant ads. This websites. Finally, exposing user location information to ad has two important consequences: (1) it degrades user experi- servers raises potential user privacy and anonymity concerns. ence as users prefer relevant, targeted ads over random, untar- We argue that for users circumventing censorship, this may geted ads [9, 35] and (2) it disrupts the ad campaign, causing a loss of revenue to advertisers, ad servers, and publishers. be less of a concern. Furthermore, ADVENTION focuses on circumvention rather than provisioning anonymous commu- With a global rise in internet censorship [15] and the use of nication, in line with many popular circumvention tools such circumvention relays [26], the advertisement ecosystem may as Lantern, Hotspot Shield, uProxy, and static proxies. face a large economic impact. We summarize our contributions in this work as follows: 3 A MEASUREMENT STUDY • We quantify via an extensive measurement study the de- In this section, we quantify the decrease in ad relevance due crease in ad relevance when users employ relay-based to circumvention tools by conducting a measurement study. censorship circumvention. We collect ads from a range of websites and divide them into • We present the design and implementation of ADVEN- two sets, C and U. Websites in set C were censored while TION, a system for serving relevant ads while retaining those in U were not censored in the region of evaluation. The circumvention effectiveness, with a provision for IRS. set U was taken from Alexa top 500 websites [3]. • A preliminary evaluation of ADVENTION performance, compared to other circumvention tools, which captures: 3.1 Methodology (i) increase in ad relevance, (ii) additional increase in We use Selenium [31] with Firefox to automate our experi- ad relevance when ADVENTION uses IRS, and (iii) ments and employ Tor as a circumvention tool.
Load more

Recommended publications
  • What Is Threat Hunting?
    $whoami ◎ Apurv Singh Gautam (@ASG_Sc0rpi0n) ◎ Security Researcher, Threat Intel/Hunting ◎ Cybersecurity @ Georgia Tech ◎ Prior: Research Intern at ICSI, UC Berkeley ◎ Hobbies ◎ Contributing to the security community ◎ Gaming/Streaming (Rainbow 6 Siege) ◎ Hiking, Lockpicking ◎ Social ◎ Twitter - @ASG_Sc0rpi0n ◎ Website – https://apurvsinghgautam.me 2 Agenda ◎ Introduction to the Dark Web ◎ Why hunting on the Dark Web? ◎ Methods to hunt on the Dark Web ◎ Can the Dark Web hunting be automated? ◎ Overall Picture ◎ OpSec? What’s that? ◎ Conclusion 3 Clear Web? Deep Web? Dark Web? 5 Image Source: UC San Diego Library Accessing the Dark Web ◎ Tor /I2P/ZeroNet ◎ .onion domains/.i2p domains ◎ Traffic through relays Image Sources: Hotspot Shield, Tor Project, I2P Project, ZeroNet 6 What’s all the Hype? ◎ Hype ○ Vast and mysterious part of the Internet ○ Place for cybercriminals only ○ Illegal to access the Dark Web ◎ Reality ○ Few reachable onion domains ○ Uptime isn’t ideal ○ Useful for free expression in few countries ○ Popular sites like Facebook, NYTimes, etc. ○ Legal to access the Dark Web 7 Relevant site types? ◎ General Markets ◎ PII & PHI ◎ Credit Cards ◎ Digital identities ◎ Information Trading ◎ Remote Access ◎ Personal Documents ◎ Electronic Wallets ◎ Insider Threats Image Source: Intsights 8 Sites Examples 9 Cost of products? ◎ SSN - $1 ◎ Fake FB with 15 friends - $1 ◎ DDoS Service - $7/hr ◎ Rent a Hacker - $12/hr ◎ Credit Card - $20+ ◎ Mobile Malware - $150 ◎ Bank Details - $1000+ ◎ Exploits or 0-days - $150,000+ ◎ Critical databases - $300,000+ 10 Product Examples 11 Image Source: Digital Shadows 12 Image Source: Digital Shadows 13 What is Threat Hunting? ◎ Practice of proactively searching for cyber threats ◎ Hypothesis-based approach ◎ Uses advanced analytics and machine learning investigations ◎ Proactive and iterative search 15 Why So Serious (Eh! Important)? ◎ Hacker forums, darknet markets, dump shops, etc.
    [Show full text]
  • An Investigation Into the Security and Privacy of Ios VPN Applications
    An Investigation Into the Security and Privacy of iOS VPN Applications Jack Wilson Division of Cybersecurity School of Design and Informatics Abertay University, Dundee A thesis submitted for the degree of Bachelor of Science with Honours in Ethical Hacking 1st May 2018 Word Count: 11,448 Abstract Due to the increasing number of recommendations for people to use VPN’s for privacy reasons, more app developers are creating VPN apps and publishing them on the Apple App Store and Google Play Store. In this ‘gold rush’, apps are being developed quickly and, in turn, not being developed with security fully in mind. This paper investigated a selection of free VPN applications available on the Apple App Store (for iOS devices) and test the apps for security and privacy. This includes testing for any traffic being transmitted over plain HTTP, DNS leakage and transmission of personally-identifiable information (such as phone number, IMEI 1, email address, MAC address) and evaluating the security of the tunnelling protocol used by the VPN. The testing methodology involved installing free VPN apps on a test device (an iPhone 6 running iOS 11), simulating network traffic for a pre-defined period of time and capturing the traffic (either through ARP spoofing, or through a proxy program such as Burpsuite). This allows for all traffic to be analysed to check for anything being sent without encryption. Other issues that often cause de-anonymisation with VPN applications such as DNS leakage can be tested using websites such as dnsleaktest.com. The research found several common security issues with the VPN applications that were tested, with a large majority of the applications tested failing to implement HTTPS.
    [Show full text]
  • User Guide Contents
    USER GUIDE CONTENTS What's new 4 About Magnet OUTRIDER 5 Getting started with Magnet OUTRIDER 6 System requirements 6 Use Magnet OUTRIDER on a dongle 6 Use a trial license of Magnet OUTRIDER 6 Understanding changes made to the system 7 Detecting Bitlocker encrypted drives 8 Scanning a target 9 Scan a computer 9 Encryption screening 9 Scan an external drive 10 Scan a folder 10 Configuring scan options 11 Locate files and apps settings 11 Collect artifacts and scan browser history settings 13 CSAM Detection Technology settings 14 Scan options 15 Reporting options 16 Miscellaneous options 16 Adding keywords and NCMEC report data to a search 17 Import a keyword list or NCMEC report data 17 View a keyword list or NCMEC report data 17 Export a keyword list or NCMEC report data 18 Reviewing scan results 19 Mark a CRC CSAM hit as a false positive 19 Starting a new scan 20 Supported application categories 20 Viewing and exporting scan reports 22 View scan reports 22 Navigating your scan report folder 22 Contents of scan reports 23 View and export an error list 23 Exporting filename keyword hits and CRC CSAM hits 25 Export filename keyword hits or CRC CSAM hits 25 Export a list of saved hits 25 Updating Magnet OUTRIDER 27 Update Magnet OUTRIDER manually 27 Automatically check for updates 27 User Guide WHAT'S NEW VERSION DESCRIPTION 2.1.0 l Updated Configuring scan options with information about scanning connected networks, new supported operating system artifacts, and customizing case and report locations. 2.0.0 l Updated Reviewing scan results with information about new supported apps.
    [Show full text]
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • Array AG 9.4 CLI Handbook
    Array AG 9.4 CLI Handbook Copyright Statement Copyright Statement Copyright©2000-2018 Array Networks, Inc., 1371 McCarthy Blvd, Milpitas, California 95035, USA. All rights reserved. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and compilation. No part of this document can be reproduced in any form by any means without prior written authorization of Array Networks. Documentation is provided “as is” without warranty of any kind, either express or implied, including any kind of implied or express warranty of non-infringement or the implied warranties of merchantability or fitness for a particular purpose. Array Networks reserves the right to change any products described herein at any time, and without notice. Array Networks assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Array Networks. The use and purchase of this product does not convey a license to any patent copyright, or trademark rights, or any other intellectual property rights of Array Networks. Warning: Modifications made to the Array Networks unit, unless expressly approved by Array Networks, could void the user’s authority to operate the equipment. Declaration of Conformity We, Array Networks, Inc., 1371 McCarthy Blvd, Milpitas, CA 95035, 1-866-692-7729; declare under our sole responsibility that the product(s) Array Networks, Array Appliance complies with Part 15 of FCC Rules. Operation is subject to the following two conditions: (1) this device can not cause harmful interference, and (2) this device must accept any interference received, including interference that can cause undesired operation.
    [Show full text]
  • Best VPN Services in 2017 (Speed, Cost & Usability Reviews)
    10/8/2017 Best VPN Services in 2017 (Speed, Cost & Usability Reviews) Best VPN Services VPN Reviews & In-Depth Comparisons Brad Smith Sep 18, 2017 With the help of John & Andrey (https://thebestvpn.com/contact-us/), we’ve put together a list of best VPNs. We compared their download/upload speed, support, usability, cost, servers, countries and features. We also analyzed their TOS to see if they keep logs or not and whether they allow P2P and work with Netflix. here’s a link to the spreadsheet (https://docs.google.com/spreadsheets/d/11IZdVCBjVvbdaKx2HKz2hKB4F Z_l8nRJXXubX4FaQj4/) You want to start using a VPN, but don’t know which software/service to use? In this page, we’ve reviewed 30+ most popular VPN services (on going process). In order to find out which are best VPNs, we spent some time on research and speed testing: 1. Installed 30+ VPN software on our personal devices, such as Windows, Mac, Android and iOS and compared their usability. 2. Performed Download/Upload speed tests on speedtest.net to see which had best performing servers. 3. Double checked if they work with Netflix and allow P2P. 4. Read their TOS to verify if they keep logs or not. 5. Compared security (encryption and protocols). That means we’ve dug through a large number of privacy policies (on logging), checked their features, speed, customer support and usability. If you know a good VPN provider that is not listed here, please contact us and we’ll test it out as soon as possible. 5 Best VPNs for Online Privacy and Security Here are the top 5 VPN services of 2017 after our research, analysis, monitoring, testing, and verifying.
    [Show full text]
  • A Privacy Threat for Internet Users in Internet-Censoring Countries
    A Privacy Threat for Internet Users in Internet-censoring Countries Feno Heriniaina R. College of Computer Science, Chongqing University, Chongqing, China Keywords: Censorship, Human Computer Interaction, Privacy, Virtual Private Networks. Abstract: Online surveillance has been increasingly used by different governments to control the spread of information on the Internet. The magnitude of this activity differs widely and is based primarily on the areas that are deemed, by the state, to be critical. Aside from the use of keywords and the complete domain name filtering technologies, Internet censorship can sometimes even use the total blocking of IP addresses to censor content. Despite the advances, in terms of technology used for Internet censorship, there are also different types of circumvention tools that are available to the general public. In this paper, we report the results of our investigation on how migrants who previously had access to the open Internet behave toward Internet censorship when subjected to it. Four hundred and thirty-two (432) international students took part in the study that lasted two years. We identified the most common circumvention tools that are utilized by the foreign students in China. We investigated the usability of these tools and monitored the way in which they are used. We identified a behaviour-based privacy threat that puts the users of circumvention tools at risk while they live in an Internet-censoring country. We also recommend the use of a user-oriented filtering method, which should be considered as part of the censoring system, as it enhances the performance of the screening process and recognizes the real needs of its users.
    [Show full text]
  • VPN Report 2020
    VPN Report 2020 www.av-comparatives.org Independent Tests of Anti-Virus Software VPN - Virtual Private Network 35 VPN services put to test LANGUAGE : ENGLISH LAST REVISION : 20 TH MAY 2020 WWW.AV-COMPARATIVES.ORG 1 VPN Report 2020 www.av-comparatives.org Contents Introduction 4 What is a VPN? 4 Why use a VPN? 4 Vague Privacy 5 Potential Risks 5 The Relevance of No-Logs Policies 6 Using VPNs to Spoof Geolocation 6 Test Procedure 7 Lab Setup 7 Test Methodology 7 Leak Test 7 Kill-Switch Test 8 Performance Test 8 Tested Products 9 Additional Product Information 10 Consolidations & Collaborations 10 Supported Protocols 11 Logging 12 Payment Information 14 Test Results 17 Leak & Kill-Switch Tests 17 Performance Test 19 Download speed 20 Upload speed 21 Latency 22 Performance Overview 24 Discussion 25 General Security Observations 25 Test Results 25 Logging & Privacy Policies 26 Further Recommendations 27 2 VPN Report 2020 www.av-comparatives.org Individual VPN Product Reviews 28 Avast SecureLine VPN 29 AVG Secure VPN 31 Avira Phantom VPN 33 Bitdefender VPN 35 BullGuard VPN 37 CyberGhost VPN 39 ExpressVPN 41 F-Secure Freedome 43 hide.me VPN 45 HMA VPN 47 Hotspot Shield 49 IPVanish 51 Ivacy 53 Kaspersky Secure Connection 55 McAfee Safe Connect 57 mySteganos Online Shield VPN 59 Norton Secure VPN 63 Panda Dome VPN 65 Private Internet Access 67 Private Tunnel 69 PrivateVPN 71 ProtonVPN 73 PureVPN 75 SaferVPN 77 StrongVPN 79 Surfshark 81 TorGuard 83 Trust.Zone VPN 85 TunnelBear 87 VPNSecure 89 VPN Unlimited 91 VyprVPN 93 Windscribe 95 ZenMate VPN 97 Copyright and Disclaimer 99 3 VPN Report 2020 www.av-comparatives.org Introduction The aim of this test is to compare VPN services for consumers in a real-world environment by assessing their security and privacy features, along with download speed, upload speed, and latency.
    [Show full text]
  • Blocking-Resistant Communication Through Domain Fronting
    Proceedings on Privacy Enhancing Technologies 2015; 2015 (2):46–64 David Fifield*, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson Blocking-resistant communication through domain fronting Abstract: We describe “domain fronting,” a versatile 1 Introduction censorship circumvention technique that hides the re- mote endpoint of a communication. Domain fronting Censorship is a daily reality for many Internet users. works at the application layer, using HTTPS, to com- Workplaces, schools, and governments use technical and municate with a forbidden host while appearing to com- social means to prevent access to information by the net- municate with some other host, permitted by the cen- work users under their control. In response, those users sor. The key idea is the use of different domain names at employ technical and social means to gain access to the different layers of communication. One domain appears forbidden information. We have seen an ongoing conflict on the “outside” of an HTTPS request—in the DNS re- between censor and censored, with advances on both quest and TLS Server Name Indication—while another sides, more subtle evasion countered by more powerful domain appears on the “inside”—in the HTTP Host detection. header, invisible to the censor under HTTPS encryp- Circumventors, at a natural disadvantage because tion. A censor, unable to distinguish fronted and non- the censor controls the network, have a point working fronted traffic to a domain, must choose between allow- in their favor: the censor’s distaste for “collateral dam- ing circumvention traffic and blocking the domain en- age,” incidental overblocking committed in the course of tirely, which results in expensive collateral damage.
    [Show full text]
  • The Impact of Media Censorship: Evidence from a Field Experiment in China
    The Impact of Media Censorship: Evidence from a Field Experiment in China Yuyu Chen David Y. Yang* January 4, 2018 — JOB MARKET PAPER — — CLICK HERE FOR LATEST VERSION — Abstract Media censorship is a hallmark of authoritarian regimes. We conduct a field experiment in China to measure the effects of providing citizens with access to an uncensored Internet. We track subjects’ me- dia consumption, beliefs regarding the media, economic beliefs, political attitudes, and behaviors over 18 months. We find four main results: (i) free access alone does not induce subjects to acquire politically sen- sitive information; (ii) temporary encouragement leads to a persistent increase in acquisition, indicating that demand is not permanently low; (iii) acquisition brings broad, substantial, and persistent changes to knowledge, beliefs, attitudes, and intended behaviors; and (iv) social transmission of information is statis- tically significant but small in magnitude. We calibrate a simple model to show that the combination of low demand for uncensored information and the moderate social transmission means China’s censorship apparatus may remain robust to a large number of citizens receiving access to an uncensored Internet. Keywords: censorship, information, media, belief JEL classification: D80, D83, L86, P26 *Chen: Guanghua School of Management, Peking University. Email: [email protected]. Yang: Department of Economics, Stanford University. Email: [email protected]. Yang is deeply grateful to Ran Abramitzky, Matthew Gentzkow, and Muriel Niederle
    [Show full text]
  • Download and Install a New Trusted Root Certificate in Order to Connect to ~250 Foreign Web Sites
    The Information Safety & Capacity (ISC) Project FINAL REPORT 2011-2020 Submitted to: USAID/DCHA Submitted by: Counterpart International DISCLAIMER: This publication was produced by Counterpart International for review by the United States Agency for International Development under Cooperative Agreement AID-OAA-LA-11-00008 and Leader Cooperative Agreement Number: FD-A-00-09-00141-00. The authors’ views expressed in this publication do not necessarily reflect the views of the United States Agency for International Development or the United States Government. 2 The ISC Project Final Report Table of Contents 04 Executive Summary 20 Locally Created Resources and Tools 04 Introduction 20 Technology Development 05 Achievements & Milestones 22 Investment in Technology 06 Investing in Trust 22 Technology Support Grants: 2013 06 Initial Threats and Fixes 24 Technology Support Grants: 2016 06 State Actors and Suppression 24 Technology Support Grants: 2018 07 Looking Ahead 24 Technology Support Grants: 2019 08 Part One: ISC Project Vision and Strategy 25 Technology Support Grants: 2020 08 The Importance of Cybersecurity in Civil Society 26 Cyber Policy Support 09 Global Threats and Trends: Old and New 26 Internet Freedom Landscape 09 Cybersecurity Threats in the Beginning 27 Design Principles for Internet Freedom Support 10 Evolution of Threats Through Technological 28 Internet Governance and Internet Freedom: 2017- Innovation 2019 Awardees 11 The ISC Project’s Network of Digital Security 30 Internet Freedom Policy Advocacy: 2020 Specialists Awardees
    [Show full text]
  • Online Security for Independent Media and Civil Society Activists
    Online Security for Independent Media and Civil Society Activists A white paper for SIDA’s October 2010 “Exile Media” conference Eric S Johnson (updated 13 Oct 2013) For activists who make it a priority to deliver news to citizens of countries which try to control the information to which their citizens have access, the internet has provided massive new opportunities. But those countries’ governments also realise ICTs’ potential and implement countermeasures to impede the delivery of independent news via the internet. This paper covers what exile media can or should do to protect itself, addressing three categories of issues: common computer security precautions, defense against targeted attacks, and circumventing cybercensorship, with a final note about overkill (aka FUD: fear, uncertainty, doubt). For each of the issues mentioned below, specific ex- amples from within the human rights or freedom of expression world can be provided where non-observance was cata- strophic, but most of those who suffered problems would rather not be named. [NB Snowden- gate changed little or nothing about these recommendations.] Common computer security: The best defense is a good … (aka “lock your doors”) The main threats to exile media’s successful use of ICTs—and solutions—are the same as for any other computer user: 1) Ensure all software automatically patches itself regularly against newly-discovered secu- rity flaws (e.g. to maintain up-to-date SSL certificate revocation lists). As with antivirus software, this may cost something; e.g. with Microsoft (Windows and Office), it may re- quire your software be legally purchased (or use the WSUS Offline Update tool, which helps in low-bandwidth environments).
    [Show full text]