During Phong’s OTF fellowship, he worked with the Citizen Lab at University of Toronto to investigate the Great Firewall (GFW) of China with a focus on its DNS filtering behavior.
From his previous fellowship in 2018, Phong discovered the prevalence of an abusive DNS poisoning behavior of the GFW in which IP addresses owned by many U.S. companies, including Facebook, Twitter, and SoftLayer are heavily used in forged DNS responses. A preliminary report for this line of work was presented at USENIX FOCI ’20. As one of the essential outcomes of this project, Phong has developed GFWatch, a longitudinal measurement platform built to monitor China’s DNS censorship at scale. Data collected by GFWatch is useful in informing the public about how GFW censorship changes over time and its impact on the free flow of information. GFWatch is accompanied by a research paper presented at the 30th USENIX Security Symposium in collaboration with researchers from four U.S. and Canadian institutions (Stony Brook University, UMass Amherst, ICSI at UC Berkeley, and the Citizen Lab at University of Toronto). The study has received wide media coverage.
As an ongoing effort, Phong has also created an interactive dashboard, providing useful longitudinal datasets for other researchers and insights about censored domains as well as the forged IP addresses being abused. Ultimately, these datasets can assist in the development of effective solutions to bypass and reduce the negative impact of the GFW’s DNS filtering on the global Internet. A blog post summarizing Phong’s findings over the course of his second fellowship is cross-posted on the Citizen Lab and OTF websites.
The focus of the 2018 fellowship was on The Invisible Internet Project (I2P), one of the popular anonymity networks on the Internet. I2P can be used by privacy-conscious Internet users to protect their online privacy, or by censored users to bypass censorship. Phong first built a metrics portal for I2P that provides useful data for other researchers. Following this, he published numerous papers identifying where and how access to I2P is blocked around the globe. Finally, he investigated and implemented solutions to make I2P more resistant to blockage. As a result of this work, I2P has adopted DNS over HTTPS to prevent passive snooping, making the reseeding process more resistant to DNS-based censorship and surveillance. A blog post summarizing all the work completed over the course of this fellowship can be found here.