Scalable Remote Measurement of Application-Layer Disruption


Hyperquack is a powerful extension to Quack that measures keyword blocking at the application layer using infrastructural web servers as vantage points. Hyperuack detects DPI interference with HTTP and HTTPS traffic by making use of publicly accessible web-servers with consistent behavior. We send requests with the HTTP "Host" header or TLS SNI extension set to a domain we are interested in. If there is a DPI blocking the domain on the path between our measurement machine and the public web-server, we will receive a TCP reset or block page that does not match the web-server's typically response. By making retries and control measurements, we are able to distinguish between mismatches caused by normal network/server flakiness versus DPI interference.

To ensure the safety of our technique, we limit ourselves to ~30,000 infrastructural web-servers. These servers are owned by ISPs or governments rather than an individuals. Even with stringent standards for web-server selection, we still maintain broad coverage with ~103 countries having ≥15 vantage points.


All the data collected from the Observatory is publicly available, including metadata.


Hyperquack will be presented at the 2020 NDSS.

February 2020 Network and Distributed System Security Symposium (NDSS)

Measuring the Deployment of Network Censorship Filters at Global Scale

Ram Sundara Raman Adrian Stoll Jakub Dalek Reethika Ramesh Will Scott Roya Ensafi

Press: Censored Planet Michigan CSE

PDF Talk Slides

title={Measuring the Deployment of Network Censorship Filters at Global Scale},
author={Sundara Raman, Ram and Stoll, Adrian and Dalek, Jakub and Ramesh, Reethika and Scott, Will and Ensafi, Roya},
booktitle={Proceedings of the Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA},


Quack for Censored Planet is developed and maintained by Ram Sundara Raman, Adrian Stoll and Roya Ensafi.

© 2020 Censored Planet|Terms of Service