At the 2015 USENIX Free and Open Communications on the Internet (FOCI) workshop, held in Washington DC on August 10, Citizen Lab researchers and collaborators present three papers.

The papers include: investigation of censorship and surveillance on China’s most popular social video platforms, an updated analysis of China’s Great Cannon, and examination of securing cookie-based identifiers from passive surveillance.

Every Rose Has Its Thorn: Censorship and Surveillance on Social Video Platforms in China
Jeffrey Knockel (University of New Mexico and Citizen Lab), Masashi Crete-Nishihata (Citizen Lab), Jason Q. Ng (Citizen Lab), Adam Senft (Citizen Lab),  and Jedidiah R. Crandall (University of New Mexico)

Social media companies operating in China face a complex array of regulations and are liable for content posted to their platforms. Through reverse engineering we provide a view into how keyword censorship operates on four popular social video platforms in China: YY, 9158, Sina Show, and GuaGua. We also find keyword surveillance capabilities on YY. Our findings show inconsistencies in the implementation of censorship and the keyword lists used to trigger censorship events between the platforms we analyzed. We reveal a range of targeted content including criticism of the government and collective action. These results develop a deeper understanding of Chinese social media via comparative analysis across platforms, and provide evidence that there is no monolithic set of rules that govern how information controls are implemented in China.

An Analysis of China’s “Great Cannon”
Bill Marczak (UC Berkeley and Citizen Lab), Nicholas Weaver (ICSI,UC Berkeley), Jakub Dalek (Citizen Lab), Roya Ensafi (Princeton University), David Fifield (UC Berkeley), Sarah McKune (Citizen Lab), Arn Rey, John Scott-Railton (Citizen Lab) and Ron Deibert (Citizen Lab).

On March 16th, 2015, the Chinese censorship apparatus employed a new tool, the “Great Cannon”, to engineer a denial-of-service attack on, an organization dedicated to resisting China’s censorship. This paper presents a technical analysis of the attack and what it reveals about the Great Cannon’s working, underscoring that in essence it constitutes a selective nation-state Man-in-the-Middle attack tool. Although sharing some code similarities and network locations with the Great Firewall, the Great Cannon is a distinct tool, designed to compromise foreign visitors to Chinese sites. We identify the Great Cannon’s operational behavior, localize it in the network topology, verify its distinctive side-channel, and attribute the system as likely operated by the Chinese government. We also discuss the substantial policy implications raised by its use, including the potential imposition on any user whose browser might visit (even inadvertently) a Chinese website.

Half Baked: The Opportunity to Secure Cookie-based Identifiers from Passive Surveillance
Andrew Hilts (Citizen Lab and Open Effect) and Christopher Parsons (Citizen Lab)

This paper examines the security of the embedded ad trackers that transmit unique identifiers. This work is important because network snoops can collect internet traffic in bulk, linking together unencrypted cookies to build out detailed profiles of user’s interests, and “patterns of life”, which can then be used to target specific individuals for intelligence operations. The paper identifies simple ways that websites can take steps today to better protect the privacy of their readership.