Findings from OTF’s Eighth Class of Information Controls Fellowship Program Fellows

Research from the eighth ICFP cohort provided insight into censorship over the new QUIC protocol, the deployment of censorship devices, and more.
Thu, 2024-05-16 13:56

OTF’s Information Controls Fellowship Program (ICFP) supports individuals to carry out cutting-edge, applied research projects to examine how authoritarian governments are restricting the free flow of information and to explore solutions to overcome these evolving tactics. Fellows embed with a host organization that helps support and guide their research efforts. The fellowship helps cultivate the next generation of internet freedom experts and sheds light on emerging trends in state-sponsored digital censorship and surveillance.

The eighth class of ICFP Fellows are a diverse cohort, with backgrounds spanning from computer science and reverse engineering to social sciences and human rights, Their research provided insight into censorship over the new protocol QUIC, the deployment of censorship devices, the impact of decentralized censorship mechanisms in South Asia, censorship-measurement techniques, applications with poor transport security, and internet shutdowns.

Below, you can find a brief description of each fellow’s area of focus, what they accomplished, and links to related materials where applicable. Over the course of their fellowships, fellows presented their findings publicly in the form of reports, presentations, and by releasing open-source code from their projects.

Kathrin Elmenhorst

Focus: Better Monitoring and Circumvention of QUIC Censorship

Host organization: Open Observatory of Network Interference 

Duration: Three months

QUIC is a fast growing, new internet protocol which uses encryption by design and is the transport for HTTP/3. Elmenhorst’s fellowship focused on measuring the level and type of QUIC censorship in various countries, and exploring approaches for circumventing this method of censorship—the protocol has promising potential for circumvention since it’s implemented on the application layer.  Investigating networks in China, India, Iran, Kazakhstan, Russia, Uganda and Venezuela, Elmenhorst found impairment of HTTP/3 traffic in most of these countries, while the censorship techniques varied between networks. She created a repository documenting known QUIC censorship methods and observed cases of HTTP/3 censorship, an analysis of QUIC features that can be used for censorship evasion, and building blocks for (automated) QUIC censorship evasion. She also assembled a collection of HTTP/3 measurement identifiers, which allows researchers to specifically look for and evaluate HTTP/3 measurements. Read Elmenhorst’s final OTF blog post for more details.

Ramakrishnan Sundara Raman

Focus: Identifying the Deployment of Devices that Perform Internet Censorship

Host organization: Citizen Lab

Duration: Seven months

In recent years, censorship and surveillance events have occurred at unprecedented scale, enabled by the proliferation of censorship devices with the ability to inspect large amounts of network traffic and enact fine-grained interference. While censorship technologies have advanced, techniques to identify and monitor them are still limited, and are developed on a case-by-case basis. To address this, Raman  developed a set of network measurement methods to locate and examine devices performing censorship, and to measure their deployment in different countries. This measurement toolkit identifies devices scalably through passive and active measurement techniques.  

Running case studies in Azerbaijan, Belarus, Kazakhstan, and Russia, Raman’s work identified that censorship policies are often deployed in networks that are upstream to the user—sometimes even in a different country—and that many devices manufactured by commercial vendors such as Cisco and Fortinet are used for censorship. In addition, the project identified similarities and differences in the behaviors of these devices. Raman’s OTF blog post summarizes his research findings. 

The tools developed through this project are fully open source (, and can be used to monitor the proliferation of censorship devices in different countries. Raman’s work was awarded the Internet Research Task Force Applied Networking Research Prize (ANRP) in January 2023, an award focused on recent results in applied networking research and on interesting new research of potential relevance to the internet standards community.

Gurshabad Grover

Focus: The Role of ISPs in Countries with Decentralized Information Controls

Host organization: Open Observatory of Network Interference

Duration: Twelve months

Grover’s research examined jurisdictions with decentralized information controls. In these countries, internet service providers (ISPs) and other infrastructure providers are responsible for implementing government orders for censorship. ISPs’ technical and policy decisions can exacerbate or minimize the effect of state-directed censorship. Historically, much of the literature on internet censorship and measurement has tended to focus on jurisdictions with centralized information controls, such as China. Grover’s research shed more light on how internet censorship plays out in South Asian countries with a decentralized approach.The project uncovered how ISPs in India are engaging in arbitrary blocking of websites, and using opaque techniques of blocking that hide critical information from internet users. Grover also studied the efforts of authorities in Pakistan to centralize infrastructure for censorship, and the effects of Indonesian regulations that allow ISPs to block websites at their own discretion.

Michael Collyer

Focus: Developing an Internet Shutdown Taxonomy and Interactive Database

Host organization: Oxford Internet Institute

Duration: Twelve months

Internet shutdowns have become an increasingly popular form of digital repression. Despite this, there is uncertainty surrounding what an “internet shutdown” is and the types of shutdowns that exist. Existing taxonomies of shutdowns often focus on the technical methods of implementation, leaving a gap for a taxonomy focused on non-technical measurements, such as duration and geographic scope.

In order to better understand the types of internet shutdowns and the existing resources and data, Collyer proposed a framework for types of internet shutdowns, and one for grouping existing taxonomies surrounding shutdowns. The goal was to simplify the language and classification of this phenomenon. He also created an interactive shutdown database to centralize shutdown data to highlight the value of data triangulation and make it easier for future researchers to carry out analysis on this phenomenon. Read a summary of the research in Collyer’s OTF blog post.

Ain Ghazal

Focus: Improving VPN Censorship Resistance

Host organization: Open Observatory of Network Interference

Duration: Twelve months

Global usage of virtual private network (VPN) technologies shows a sustained demand in the last few years. While many users rely on VPNs for improving their privacy online, reducing their personal exposure, and bypassing censorship, interference with VPN traffic is also a growing trend. At least 10 countries are known to have declared VPN technology illegal. More and better data, as well as accurate models of censor behavior, will help to improve circumvention. To this end, Ghazal contributed to ongoing research to quantify censor interference over VPN connections, improving existing metrics and performing novel experiments.

The fellow collaborated with the Open Observatory of Network Interference (OONI) on a proposal for a new data format enabling OONI to receive external reports about VPN failure rates, intended for VPN providers to aggregate and submit reports from their client apps. This cross-actor gathering of real-time intelligence about censor capabilities can help circumvention tools prepare for future blocks in a genuinely resilient way. Read more about Ghazal’s research in his OTF blog post.

Benjamin Mixon-Baca

Focus: Automatically Identifying Applications with Poor Transport Security

Host organization: Censored Planet, University of Michigan

Duration: Twelve months

Lack of transport security where an attacker can spy on personal identifiable information (PII) and inject malware into a machine is an immense and underestimated threat to at-risk users because they operate in environments where the attacker controls the network infrastructure. While there have been efforts to analyze this lack of transport security, they typically do so either on a per-app basis, are not automated, or require some pre-existing knowledge of the apps being analyzed. 

To fill this gap, Mixon-Baca developed CryptoSluice, a tool to automatically analyze potentially insecure applications that use poor or no encryption in the transport layer from data alone —analysts no longer need to play a guessing game in deciding which apps to reverse (the data informs the analyst). The approach preserves user privacy throughout its entire analysis without extracting PII. When deployed across a major university’s network for a period of 30 days, CryptoSluice identified 105 apps with poor or no transport layer security. Six of these apps—many of which have millions of downloads from Tencent and other Chinese app stores (1) Kuaishou, (2) Fliggy Travel (Taobao Trip), (3) Quark Browser, (4) Kuaifan VPN Accelerator, (5) Royal Flush, and (6) Ctrip – were subsequently reverse-engineered and confirmed to be putting users at risk by requesting suspicious permissions or employing insecure cryptography (or none at all). Read more about Mixon-Beca’s research here and here

About the program:

OTF’s Information Controls Fellowship Program (ICFP) supports examination into how governments in countries, regions, or areas of OTF’s core focus are restricting the free flow of information, impeding access to the open internet, and implementing censorship mechanisms, thereby threatening the ability of global citizens to exercise basic human rights and democracy. The program supports fellows to work within host organizations that are established centers of expertise by offering competitively paid fellowships for three, six, nine, or twelve months in duration.

The projects of OTF’s ninth class of fellows are making great progress towards their goals. Please keep an eye on the ICFP page to learn more about the next application window, which will open in early 2025. We also encourage you to sign up for our “OTF-Announce” email list. This low-traffic list is limited to providing upcoming submission deadlines for OTF and other relevant funders on a monthly basis including fellowship opportunities. Please send a message with subscribe in the subject line.