During a stay in Ghana, one of our colleagues noticed that she could not access westelm.com . Visits to a variety of other websites revealed more unavailability: travel websites like Orbitz and Expedia did not permit Accra, Ghana, to be selected as a travel destination; her attempt to use PayPal launched a “random” security screening that required her to retrieve a code from her phone in the United States (inaccessible to her in Ghana) before proceeding. The dating site plentyoffish.com disallowed users from selecting Ghana as their country of residence, then later stated that they blocked all traffic from Africa . Prior to 2015, Amazon did not allow shipping to Nigeria .
In this work, we quantitatively demonstrate that such unavailability is a measurable phenomenon. Despite the anecdotal and qualitative evidence for it, we know of no systematic studies of the differences in server-side blocking rates across regions. Rather, we find an abundance of measurements of censorship, some of which risk counting server-side blocking motivated by reasons other than censorship. This risk highlights the first importance of measuring regional differences more generally: a baseline to which to compare when looking at more specific forms of it and for interpreting regional differences in the unavailability of websites.
The second importance is that, as highlighted above, such regional differences can adversely affect would-be website visitors. This adversity can be understood both in terms of individuals and in terms of the populations affected. Our measurements show cases where much, if not all, of a region is blocked.
We measure the unavailability of a website caused by that website itself through actions or inactions of the website’s server (including CDNs working on behalf of the website’s operators). We term this server-side blocking. To do so, we use network measurements to find blocking at various network layers. We then use additional measurements to differentiate between server-side blocking and blocking by middleboxes (as seen with censorship). We also characterize the methods used for server-side blocking.
Our measurements use the following steps:
Measure the availability of websites from vantages inside and outside of a region expected to experience regional server-side blocking,
Find region-wide patterns of availability and unavailability,
Manually confirm the unavailability of websites, and
Identify server-side blocking using traceroutes.
The main novelty of our methods is the use of traceroute to confirm that a server is doing the blocking whereas previously only cases where the website volunteered this information were possible to identify. Along the way, we use a mix of automated and manual methods to characterize unavailability in terms such as network errors, block pages, captchas, and more.
We ran our tests to compare to developing regions with the US. We found 42 websites to be unavailable in Pakistan. Of these, we were able to determine with high confidence that 14 websites were using server-side blocking. Unexpectedly, a large fraction of these are websites are in India, not the developed world. For vantages in Africa, we found 19 to be unavailable and 13 to be so from server-side blocking.
These findings are subject to false positives and false negatives. Due to the lack of research on server-side blocking of regions, we focus on demonstrating its existence with high confidence instead of attempting to measure all of it. With this in mind, we err on the side of false negatives and underestimate the extent of such blocking, which partly explains the small number of websites we flag as such. For example, we manually inspect every website we claim to be engaged in server-side blocking. Furthermore, we focus on methods can confirm blocking as being server-side without relying upon the website to announce this fact or be truthful about it. This requires time-consuming traceroutes, which also limits the number of websites we identify.
One may wish to drawn conclusions about issues such as censorship or discrimination from our findings. We offer caution here, not only because these terms are vague, contested, and nominative, but also because our network-level measurements can at best serve as proxies for most common definitions of these concepts. For example, censorship typically describes a third-party interfering with communications between willing participants and includes server-side blocking due to government orders but not server-side blocking due to concerns over fraud and abuse. Thus, server-side blocking and censorship are about two orthogonal, although not independent, issues: who is doing the blocking and upon whose orders.
The relationship between our measurements and discrimination is even more complex. Our measurements certainly do not distinguish the willful targeting and harming of a group from implementing needed security precautions, or even from accidental misconfigurations. Only in the a subset of cases can we even say that the blocking of a vantage in a region is because the vantage is in that region.
However, the law also contains notions of indirect discrimination, such the US’s notion of disparate impact. We can draw an analogy between our findings and this notion. Disparate impact considers large differences between groups receiving some adverse outcome concerning enough to warrant justification. Only in the absence of such justification do the differences raise to the level of being illegal. Similarly, we believe our findings are concerning from the perspective of nondiscrimination but not necessarily problematic. Section 7 considers these issues in more detail.
Needing justifications to put our measurements into context, we also conducted a more qualitative examination of social media and web forums to gain some insight into the causes and effects of such blocking.
Two prominent causes are concerns over security and the costs of serving traffic to regions with high costs of doing so. The security concerns include not just hacking but also fraud, such as Nigerian 419 scams , Amazon delivery scams , and dating scams . From the websites’ points of view, their services suffer monetary loss from such abuse, and blacklisting the IP addresses of a region associated with such abuse provides a low-cost way of reducing such loss. We also find that serving traffic to the developing world can be more expensive than doing so to the developed world, which could reduce the willingness of websites to serve some regions.
Turning to the effects, we found not only annoyed foreigners111See, e.g., Vint Cerf on Verizon blocking: https://twitter.com/vgcerf/status/903723705838252032, but also disrupted online shopping experiences for locals. More generally, with many key services, such as education, commerce, and news, offered by a small number of web-based Western companies that might not view the developing world as worth the costs, these indiscriminate blanket blocks could slow the growth of blocked developing regions.
2 Related Work
While we believe ours to be the first study dedicated to detecting and understanding server-side website blocking in the developing world, we are not the first notice the phenomenon. Prior work has qualitatively analyzed regional discrimination. Burrell  analyzed regional discrimination from the perspective of two types of actors on the Internet: Internet users in Ghana (including both ordinary users as well as scammers) and Western webmasters. By observing and interviewing Ghanaian Internet users she identified confusion that arises from the social differences between Ghana and the West. For example, asking for money or gifts from potential partners is socially acceptable in Ghana, but Ghanaians get blocked on online dating sites for doing so. Her analysis of one webmaster forum (WebmastersWorld.com) showed that Western web admins view Africa as a source of Internet abuse without any legitimate users, and often advise other admins to blacklist the entire continent for abuse originating from only one region.
In addition to such qualitative evidence at least one study measured unavailability from a developing country. Bischof et al. studied Internet connectivity in Cuba, focusing on routes, performance, and availability . They found that 111 (2.5%) of 4,434 tested domains (those websites of Alexa top 10k that support HTTPS) to be unavailable in Cuba. They find unavailability to be particularly common among websites related to finance, ad networks, computer hardware, and adult content. Observing that 51 of the 111 (46%) unavailable domains are also unavailable in Sudan, they conclude that US sanctions might play a role given that both countries are subject to them.
Johnson et al. study Internet use in the village of Macha, Zambia . The village network reached the Internet via a proxy and satellite link. They found that 2.39% of the proxy responses were HTTP 503 Service Unavailable, 1.98% were 504 Gateway Timeouts, and 0.25% were 502 Bad Gateway. They attribute this unavailability to the proxy being overloaded. Follow-up work found that failure rates remained high after switching to a faster link with flows of large size being more likely to fail . They attribute their findings to changes in Internet use driving bandwidth consumption up.
Others have studied issues with Internet connectivity in the developing world (e.g., [14, 25, 27, 29, 28, 57, 10, 56, 22, 30, 16, 41, 17]). For example, Zaki et al. conducted a measurement study to understand the high latency of the web in Ghana . They conclude that the large number of connections needed to load webpages with redirections and remote content strains the local DNS and caching infrastructure. To reach this conclusion, they loaded webpages from both locations within Ghana and from control locations (e.g., New York), in a fashion similar to our study. Gupta et al. come to similar conclusions .
Kende and Rose report that hosting websites in Africa is more expensive for African websites than hosting them outside of Africa .
Another study of Macha, Zambia, found that much of the traffic must leave the village over a slow satellite link to reach services, such as Facebook, despite being a messages between village residents . Fanou et al. study content providers in Africa and the routes between them and users, focusing Google’s cache network . They find poor connectivity between networks within Africa, sometimes making it faster for an African network to access data outside of African than that of a different network within Africa. This finding perhaps explains another of their findings: many websites local to Africa are hosted outside of Africa.
Given our suspicion that some of the unavailability is from security-motivated server-side blocking, we find works studying such blocking of Tor exits relevant. Khattak et al. performed a broad, systematic enumeration and characterization of websites and IP addresses that treat Tor users differently from normal connections 
. They ran two complementary measurement campaigns: (1) At the network layer, they scanned the entire IPv4 address space (with a small exclusion list); (2) At the application layer, they probed the top 1,000 Alexa websites. At the network layer, they estimated that at least 1.3 million IP addresses that would otherwise allow a TCP handshake on port 80 blocked the handshake if it originates from a Tor exit node. At the application layer, on average 3.6% of the top 1,000 Alexa websites blocked access from Tor users.
Singh et al. further explores this issue, attempting to determine the motivations and methods behind Tor blocking . As with Khattak et al.’s study , they crawl the web using Tor and without using Tor to detect Tor blocking, but they also search for additional forms of blocking: websites preventing logging in or using search functionality. To understand why blocking happens, they analyze email complaints sent to exit operators, including for exits they set up, to see what sorts of abuse webmasters complain about and whether they are associated with various attributes of the exits. They also analyzed IP blacklists to understand how Tor exit nodes get onto them.
Another line of work focuses on measuring specific types of geographic discrimination on the Internet. Mikians et al. examine price discrimination on e-commerce websites based on geolocation [37, 38]. Using Planet Lab nodes from 6 locations (New York, Los Angeles, Germany, Spain, Korea, and Brazil), they showed that the price of certain products, such as e-books, computer games, and office supplies, differ between buyers at different locations.
Vissers et al. looked for, but did not find, price discrimination for flights based upon location and other attributes (OS, browser, DNT setting, browsing history, and cookie settings) .
During April 2016, Amazon’s Prime Free Same-Day Delivery service was not available in the predominantly black neighborhoods in the major cities such as Atlanta, Boston, and New York . Amazon claims that the apparent discrimination is a result of minimizing the cost of the same-day service by offering it only to areas with with high numbers of Prime users.
More generally, researchers have searched for differentiation based on other attributes. Hannak et al. looked price discrimination and price steering (reordering of items to highlight specific products) on e-commerce sites based on features including logging in, OS, browser, and account history . Their research showed price differences due to logging in (Orbitz and Cheaptickets), due to click and purchase history (Priceline), due to browser (Travelocity and Home Depot), and due to A/B testing (Expedia and Hotels.com). Others have looked at ad personalization [21, 4, 53, 49, 34, 5, 33, 12, 51, 15, 50, 40, 8].
3 Designing the Experimental Setup
In this section, we discuss how we design and calibrate our experimental set-up. In particular, we describe how we eliminate any website unavailability that can happen due to an artifact of crawler design, as such unavailability is uninteresting for our study.
3.1 Crawler Design
Our experiments have two design requirements: (i) replicate the browser behavior experienced by real users and (ii) detailed connection-level error logging. The former ensures that the blocking we are experiencing is not an artifact of our crawler, and the latter enables us to differentiate cases of local network issues and censorship from server-side blocking.
We considered two drivers, Selenium and Python’s Requests package, for fetching the websites, and compared the two with varying header settings to enumerate the different reasons that can lead to website unavailability.
Below we discuss our findings on a sample of Alexa top 500 websites:
Timeout: We first investigated the effect of the time-out value used. We observed a significant reduction in the number of websites that time-out (from 43 down to 7), when increasing the time-out value from 10 to 30 seconds. Increasing the time-out value from 30 to 60s does not offer much advantage, but a few websites become accessible at 75s.
User Agent: We observed at least seven websites being unavailable when using the default user-agent for Requests. Six of these resulted in a 403 Forbidden with the default User Agent, but responded with a 200 OK when the fetch was attempted with Requests using the Firefox User Agent (e.g., theverge.com, glassdoor.com, and udemy.com). One website (Redd.it) responded with a 429 Too Many Requests, although we only sent one request.
Host header: We found that whether the Host header contains “www.” in the domain name has a significant effect on the number of websites unavailable. For both Selenium and Requests, adding a “www.” resulted in a number of websites failing at the DNS-level. For some of these this is because the domains already have a subdomain prepended to the second-level domain (for example, pages.tmall.com). However, not pre-pending “www.” does not necessarily work for all the websites. For example, target.com and ebc.net.tw return a 200 OK when fetched with a “www.” in the header, but return a 403 when fetched without a “www.”. To investigate this further, we checked the behavior of three major browsers and observed inconsistent behavior for when they add “www.”.
Cookie header (relevant in HTTP redirects): The default behavior in Requests is to not maintain state across HTTP requests and to not send a Cookie-Header in 3XX redirects. Servers could use this behavior to identify our crawler as automated and block it. Although we did not find evidence of this in our top 500 Alexa sample, as a precaution, we perform fetches with a Session object, which maintains state across requests.
Given these findings, we opted to use Python’s Requests package with a timeout of 30 seconds and a User Agent of
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
Our crawler attempts to load all pages with HTTP, but follows any automatic switches to HTTPS. Given the server-dependent behavior of “www.”, we first attempt the domain exactly as it is listed in the list of URLs we used. If the DNS resolution fails and the URL lacks the “www.” prefix, we try adding it. If it resolves, we provide the modified URL to the crawler.
3.2 URL List and Vantage points
We run the measurements from 16 different vantage points. The machines are spread across nine countries (Botswana, Bulgaria, Kenya, Pakistan, South Africa, UK, Ukraine, and USA), and belong to a mix of network types (institutional, home, VPNs, and cloud). Table 1 lists our vantage points.
Website list: Our list of website URLs consists of: (i) the top 500 global websites, (ii) the top 500 regional websites for each of the countries where we have vantage points as well as for Bangladesh (where we attempted to have a vantage), and (iii) the top 500 websites according to Alexa in the following categories: news, shopping, business (including banks), reference (including educational and universities websites), science, recreation (including traveling and airline websites), games, computers (including technology companies websites), and home (e.g., personal finance). The resulting list contains 7081 unique URLs that form the subject of our study.
4 Finding Regional Blocking
In this section, we discuss our methods for finding regional blocking, and for the high-confidence candidates, establishing that the blocking happens at the server-side, as opposed to middlebox interference.
We collected data for each vantage in Table 1 three times between May 18 and 20, 2018, yielding three views of each URL from each vantage (with the exception of the Islamabad vantage for which we do not have data from the first day). Our collection logs record the raw HTML response (if present), as well as meta-information such as HTTP response codes and any errors.
4.2 Finding Regional Blocking Candidates
We start with a broad list of websites being unavailable due to any reason, and then narrow them down to candidates for regional blocking.
Identifying Unavailable Sites
We identify any site resulting in an error (such as, TCP connection error, DNS error) or serving a non-20X response as unavailable. We also include 200 OK responses that show a blockpage. To do so, we leverage block-page identification regexes from our prior work .
From the raw results, it is easy to find many instances of URLs being unavailable to a vantage in Table 1. However, we are not interested in mere unavailability, which could be caused by network failures. So, we first identify those URLs that are likely blocked (intentionally unavailable) at a regional scale. Our later analysis will tease apart different types of blocking and regional focuses.
As a first step, we use automated means to short-list a number of URLs small enough for manual analysis in a way that focuses our attention on those most likely to be blocked at the regional scale. Figure 1 provides an overview of our approach.
To find regional-level differences, and not just network-level ones, we aggregate results across all the vantages within a region. We examine three regions: the US, Pakistan, and Africa. Given that complaints of regional blocking often come from the developing world, we particularly focus on finding websites available in the US but not Pakistan or Africa.
Since our goal is to have high-confidence in our claims that some websites engage in server-side blocking, of regions in particular, as opposed to finding all instances of it, we do not treat the two sides of these comparisons equally. For the US, we aim to underestimate the availability of websites while for the developing region, we aim to overestimate it. This difference helps to ensure that we underestimate the number of sites available in the US but not in the developing region, thereby, controlling the false positive rate for claims of server-side blocking of regions.
With this in mind, to aggregate the results within a region, we use minimum availability for the US and the maximum availability for the developing region. That is, we only short-list URLs that always were available in the US and never were available in the developing region. This is a high bar, but in addition to helping to control for false positives, it captures the intuition that such blocking involves blocking whole regions at a time.
Furthermore, to help ensure that the differences were systematic, and not just the result of network issues, we throw out those URLs that were not always unavailable in the developing region in the same manner. For example, we do not short-list a URL that failed to load from Botswana due to a DNS failure and from Kenya due to a missing SYN-ACK, since the availability might come from two different unintentional network issues preventing the connection. Again, while this is a high bar, it is motivated by the intuition that region-wide blocking entails a single blanket block of a region, not many little blocks. Furthermore, the intent that is suggested from the uniformity of the unavailability moves the finding from mere unavailability to a suggestion of active blocking. However, we acknowledge that, in addition to possibly eliminating from our short list actual instances of regional server-side blocking that were mixed with network failures, our short list might include unintentional unavailability from network failures large enough to affect all of our vantages in a region.
To ensure that our crawler did not introduce artifacts into our data, we manually loaded each short-listed URL from locations in the apparently blocked region. For Pakistan, we loaded them manually with the Chrome browser from two vantage points in Lahore, one of them not present in our crawl measurements. For Africa, we lacked a physical presence and instead manually operated Selenium over SSH connections to our Johannesburg cloud vantage point, which, unfortunately, could introduce artifacts similar to our automated crawls with the Requests package.
4.3 Establishing Server-side Blocking
While the above approach identifies blocking, that is, persistent (and, thus, probably intentional) unavailability, it cannot distinguish between server-side blocking, client-side ISP blocking, and censorship implemented with a middlebox. In fact, even an explicit block page could be injected by a censor instead of coming from the requested server. The short-listed URLs could represent websites censored by each country in the developing region. Thus, we take steps to determine which of the short-listed URLs are unavailable due to server-side blocking.
Being able to reach the server rules out the quintessential form of transnational censorship: the client’s government blocking of requests leaving its country. However, it does leave open two less discussed forms of censorship: (1) the client country blocking returning responses, and (2) the server’s country blocking connections. In the second case, the server’s government could do so either directory using its own network infrastructure or indirectly by pressuring the server into blocking the connection itself.
On the flip side, it is possible that a website implements a a block by outsourcing the blocking to network infrastructure between it and the would-be visitors. In some sense, a website operator using CDN controls is an example of such, but in such cases, our measurements treat the CDN as the website’s server. A more tricky case of this is websites purposefully providing unhelpful DNS records to some DNS resolvers.
With all this in mind, we do not believe it is possible to perfectly distinguish between server’s choices and censorship. Nevertheless, we further restrict our attention to those cases where we can determine that server is at least reachable from the vantage.
To determine whether the server or a middlebox is responding to our requests, we use traceroute to determine how far requests for a particular unavailable website make it. We consider only those URLs that produce consistent traceroute lengths to have reached the website server. Out approach is inspired by the work of Xu et al., who use traceroute to determine where in China the censorship occurs .
We first use an ICMP-traceroute to establish a base number of hops that a given server is away, since with good likelihood the ICMP echo packets do not experience response-path middlebox interference. We compute response-path lengths as follows: If the ICMP traceroute completes, we use the first hope where responding IP address equals the destination server IP address. If the traceroute does not complete with a response from the intended destination, we underapproximate the distance to the server by using the length to the last responding hop.
Next, we perform a TCP-SYN traceroute using TCP-SYN packets with increasing TTLs. If we receive a response for TCP, we use the first hop from where we receive a TCP packet as the length of the TCP traceroute. In the case, where we do not receive a response our test ends inconclusively since on possible explanation is a middlebox blocking the test but another is the server dropping the packets.
Given the two traceroutes, we use two methods for identifying middlebox interference:
If the TCP response-path length is shorter than the ICMP path length by more than 3 hops, we flag it as likely to be middlebox interference. We use threshold of 3 since the path lengths can fluctuate to some extent even in the case of no middlebox interference.
If the TCP response received is spoofed, we flag it as likely to be middle box interference. We detect a spoofed response when we receive an ICMP response and the TCP response for the same hop from two different IP addresses. Note that this check only detects the middlebox in cases where it sends an ICMP response from its own IP address in addition to sending a spoofed TCP response.
If the TCP traceroute does not find a middlebox using the above methods, we check using a stateful HTTP traceroute. We send HTTP GET request packets with increasing TTLs. Similarly to before, this could end inconclusively if we do not receive a HTTP response. We apply the same heuristics used for TCP to compare the HTTP traceroute to the ICMP traceroute.
If the tests are not inconclusive and we do not find interference from either the TCP or HTTP test, we conclude that the server is responding to our requests and the block is server-side.
Our method can both falsely flag a block as server-side and miss some server-side blocking. False positives will arise from middleboxes being 3 or less hops from the website and not returning an ICMP packet with their true address when they send a spoofed response (since we fail to detect spoofing in such a circumstance). While we would like to eliminate these false positives, such close middleboxes very well may be under the control the website anyhow. We will fail to confirm server-side blocking when our traceroutes do not receive the TCP responses needed for the above calculations, such as from silent server or middlebox blocking. This approach also does not work websites that implement blocks with DNS poisoning, although arguably, that is not truly server-side blocking despite being caused by the website.
4.4 Whitelisting vs. Blacklisting
Let us distinguish between two types of region-based blocking. In whitelisting, a website aims to serve its content to only visitors within a targeted region. In blacklisting, a website aims to exclude certain regions. Strictly speaking, this is again, the sort of property that cannot be measured since a large enough blacklist will look like a whitelist and a large enough whitelist will look like a blacklist. However, we can identify cases where a website appears to only be reachable within its country, which is a strong suggestion of whitelisting. As for identifying likely blacklisting, a website being reachable to some but not all regions outside of its country with no clear basis related to the website’s purpose suggests blacklisting. With this in mind, we looked at how websites treat regions other than two compared in the above methods.
Comparison to Other Regions
To judge whether the regional blocking we have observed is likely motivated by whitelisting or blacklisting, we look at measurements from other regions.
In particular, we use three measurements from across Europe. We selected Great Britain to be an English-speaking, highly developed country, unlikely to be blacklisted. We selected Bulgaria as a country that presents security risks to websites due to the presence of hackers . We selected Ukraine for similar reasons. We could see both these countries being blacklisted for security reasons. We also included India as a country similar to Pakistan.
Since our vantages in these countries are all VPNs, we must take findings of unavailability to possibly be indicative not of geo-blocking, but of VPN blocking. However, we accept findings of availability as indicating availability. (We took steps to confirm that the VPNs were actually in the countries claimed, which was not the case for some VPNs we tried previously.) For a short-listed URL, we take a URL being available in all the European locations as a strong signal of blacklisting and being available only in the US as a strong signal of whitelisting. Results in between these extremes are more ambiguous.
Despite taking these precautions, false positives remain possible. At the most fundamental level, the measures we took cannot distinguish between a web master blocking a region as a region and blocking the individual IP addresses that make up region after judging each individually by some other criteria. However, this does not negate that the server is using server-side blocking that is affecting a region. Furthermore, given the vagaries of geo-locating IP addresses, it is unlikely that even a web master determined to block a whole country will succeed without overestimating to a great deal.
We only sample the vantages of each region. While we took steps to ensure a diversity of vantages, it remains possible that that rather than whole countries being blocked, just the networks from which we measured were blocked. Scaling up our measures to more vantages could address this limitation. Nevertheless, we show that some parts of some regions are being affected by server-side blocking.
On the other hand, by consistently opting to be conservative in our accusations of server-side blocking, we may have missed many instances of it. In particular, we will miss instances due to network errors causing the website to be unavailable in different ways in addition to server-side blocking. Similarly, we will also miss server-side blocking using more than one method. Furthermore, we will miss websites blocking with DNS blocking or other methods that thwart a connection between researching the website, although it is debatable whether such blocks are truly server-side.
|Location/response||2XX||403||4XX (Other)||503||5XX (Other)||Conn. Err||DNS Err||Other||Timed Out||Total|
|USA, Berkeley, ICSI||6871.00||56.67||37.33||22.67||2.67||10.67||2.33||36.33||41.33||7081|
|USA, Berkeley, Home||6758.00||59.67||45.67||21.67||4.67||14.00||65.67||11.00||100.67||7081|
|USA, UC Berkeley (VPN)||6784.67||56.67||39.33||24.00||3.00||19.67||94.00||18.00||41.67||7081|
|USA, LA (VPN)||6437.00||69.00||52.00||24.33||7.00||16.00||385.67||9.00||81.00||7081|
PAK, Lahore (Institutional)
|PAK, Lahore (Home)||6595.00||113.00||56.00||28.00||3.00||16.00||152.00||40.00||78.00||7081|
|PAK, Islamabad (home)||6689.00||109.00||53.00||26.00||3.00||50.00||54.00||10.00||87.00||7081|
|PAK, Lahore (Dorm)||6662.00||108.00||48.00||29.00||4.00||90.00||48.00||9.00||83.00||7081|
|ZAF, Johannesburg (ISP)||6791.00||86.67||48.00||28.67||6.67||15.33||35.00||9.33||60.33||7081|
|KEN, Nairobi (ISP)||6802.33||83.00||49.33||24.00||5.00||17.33||35.00||9.67||55.33||7081|
|BWA, Gaborone (ISP)||6819.33||76.67||44.67||21.33||4.67||17.33||36.00||6.00||55.00||7081|
|ZAF, Johannesburg (Cloud)||6836.00||85.33||47.33||26.33||5.00||3.33||3.67||8.67||65.33||7081|
|BGR, Sofia (VPN)||6649.33||97.00||52.67||27.67||6.67||23.33||108.00||12.00||104.33||7081|
|GBR, London (VPN)||6725.33||71.67||43.67||23.00||4.67||16.33||122.33||12.33||61.67||7081|
|IND, Mumbai (VPN)||6467.00||85.67||45.00||25.33||4.00||25.00||44.67||8.00||376.33||7081|
|UKR, Kiev (VPN)||6583.33||158.00||57.33||34.00||5.00||23.67||104.67||10.67||104.33||7081|
|0.2em0.7em0.2em0.4pt0pt .1 Short-listed URLs. .2 Manually available. .3 With CAPTCHA. .3 With delay. .3 Without issues. .2 Not manually available. .3 Traceroute inconclusive. .4 DNS error. .4 No SYN-ACK. .3 Traceroute conclusive. .4 Stopped short. .4 Made it to server.||0pt0pt0pt0pt0pt .1 52. .1 10. .1 7. .1 3. .1 0. .1 42. .1 28. .1 11. .1 15. .1 14. .1 0. .1 14.||0pt0pt0pt0pt0pt .1 21. .1 2. .1 1. .1 1. .1 0. .1 19. .1 6. .1 0. .1 6. .1 13. .1 0. .1 13.|
As expected, we found evidence that websites in the US engage in blocking by blacklisting developing regions (Table 6 and Table 4). More unexpectedly, by flipping the roles of the US and Pakistan in the methods described in Section 4, we found evidence that websites within developing countries block the US (Table 5).
Another unexpected pattern was the high degree of blocking of Pakistan by websites in India. With only a single VPN vantage in India, we cannot have high confidence about the unavailability of websites in that country, but we can confirm with high confidence that Pakistan is blocked by up and running Indian websites. This finding could be explained by the tensions between the countries having lead to tit-for-tat vigilante hackers from each country attacking websites in the other . (Relatedly, there are reports of Pakistan censoring Indian websites .)
The results for our black/whitelisting tests were more mixed than we expected. For example, peapod.com works only in the US and in Botswana, producing a 403 for every other vantage. We suspect this is a case of whitelisting with a geo-location error for the ISP-based vantage in Botswana.
The website sunpass.com, which starts out “Welcome Florida Visitors! Planning a vacation to Florida?” blocks all our vantages outside the US and Great Britain. Perhaps, the website decided that only those from the Anglosphere, narrowly construed, would like to visit Florida.
hud.gov could be another such example, with an additional geo-location error affecting our vantage in Kenya. This website, about housing from the US government may be an interesting example of a government deciding to block access as a server operator, instead of as a censor. Or, given that all the blocking came from DNS errors, a misconfiguration.
At the opposite end of the spectrum, 12 websites block only Pakistan, with three being confirmed server-side blocking. Nine of them, and all three confirmed server-side blockers, are hosted in India and may be explained by the aforementioned tensions between Pakistan and India. Others may be instances of tight blacklisting due to some previous issue with Pakistan, such as abuse. Two websites (pikabu.ru and williams-sonoma.com) blocked all and only the vantages in Africa. Two Pakistani websites (joinpaknavy.gov.pk and joinpakarmy.gov.pk) block all vantage points outside Pakistan.
We found the following types of blocking:
Geo blocking: Websites explicitly mention that the country is blocked. For example, when loaded from London, jcpenney.com shows a message saying “We are currently unable to provide a shopping experience for this country.”
Block page with a way to bypass: Websites show a static block page with a captcha or a browser-check page. In both cases, the websites load after extra work from the client side.
Block page with a way to bypass: Websites show a static block page without any way to bypass. These cases include the Akamai block page saying “Access Denied”.
Some websites block by blocking the DNS request, resetting or aborting connection and by responding to the request to cause time out.
6 Why Blocking Happens
Numerous possibilities exist for why a website, or content on it, would be available from Berkeley but not Africa or Pakistan. Some websites, for example YouTube, explicitly state the reason of content licence restrictions. We also found a small number of blockpages that explicitly say that the reason is securty concerns. For example, lendingtree.com blocks access from Pakistan by security rules (Figure 2). However, often, no reason is provided, as shown in Tables 6 and Table 4. With this in mind, we looked elsewhere for evidence that such blocking exists.
We first looked for blocking motivated by reducing the costs associated with security and fraud in particular. We searched for webpages intended for webmasters that discuss such blocking. We found a forum discussion in which the original poster complains of fraudulent orders using stolen credit cards . The poster asserts that sometimes the orders are to “the stolen card owners real USA address” and claims that “They are doing this for no reason other than to be annoying.” For this reason, the poster says that not shipping to Africa would not fix the problem and asks “Is it possible to block african traffic by IP?” Other forum posters shared technical approaches to blocking web traffic by country and addition complaints about traffic from some countries. For example, one forum poster wrote
In the past, we’ve had alot of trouble with Nigerian orders. We’ve had many an order from Lagos, Sweden. But we purchased an annual service from StoreIQ to block a list of countries that we specify. Haven’t had a single Nigerian order since.
(Lagos is a city in Nigeria, not Sweden.) Another writes “I nuked most of China about a year ago because of some really obnoxious activity on the web site (not necessarily fraudulent orders).” and that “I can’t imagine any reason someone in Nigeria needs to even *see* my web site, let alone place an order on it.” Others wrote about tricking users into thinking the website is down:
[Our systems] redirect any one from a list of chosen countries sent to a page on our site which says our site is down. This way they will think something is wrong with our site and not come back. It seems to work as there is less trafic now from those countires.
and “I […] send all traffic from offending countries to a mock 404 page.” Another poster says “instead of a 404 we redirect all Nigerian traffic the the FBI’s Internet Fraud Complaint Center, just for fun.”
Another website sets up a discussion of technical methods of blocking as follows :
I admin ecom website and a lot of bogus traffic comes from countries that do not offer much in commercial value. How do I just configure Apache or iptables to just refuse connections to certain countries?
A similar how-to website  starts
It’s a sad fact that the majority of malicious web traffic to US sites originates from the same handful of foreign countries. If your site doesn’t benefit from actual users living in those countries, you may resolve to block them from accessing your site entirely in order to prevent repeated attacks.
A website provides lists of IP addresses by country for blocking “to minimize on-line fraud, SPAM, floods or brute force attacks” .
Our search of social media found not only reports of blocking, but also occasionally a response from the website in question. President’s Choice Financial explicitly cited security as the motivation . Macy’s claimed that the reason was not shipping to the country in question without explaining why that entails blocking . (Macy’s did not reply when the affected user said she wanted to ship to a US address.)
From these sources, we conclude that at least some webmasters would like to block countries due to concerns about fraud or otherwise undesired traffic originating from them. Furthermore, it appears common enough that how-to websites provide advice on doing so. However, we have not determined what percentage of blocking occurs for this reason.
We also looked for evidence that websites might be sensitive to the costs associated with servicing traffic from some countries. Fastly’s content delivery network (CDN) offers points of presence across the world, including one in South Africa . We found that Fastly charges more for serving requests from some regions than others. For example, South Africa is more than twice as expensive as North America . It is possible that websites have decided to not serve traffic to regions with higher fees and low expectations for revenue. As with security, we have not attempted to quantify how common this practice is.
Interpreting our results requires care to not jump to unwarranted conclusions. We have measured server-side blocking that affects some regions more than others. While we have documented some stated causes for such blocking, we have not quantitatively measured the effect size of each. Furthermore, except for a small number (at least two, see Figure 2) of blockpages explicitly stating that geo-blocking is the cause, we do not know which causes lead to the blocking we measured. Even in these cases, we cannot be sure of the motivations behind the geo-blocking. For example, recall the web master posts about using misleading block pages. Also, many websites hosted on Akamai or Cloudflare inadvertently block Tor users without knowing that they do so because they use the abuse protection from the content delivery networks (CDNs) . Perhaps misconfiguration or poorly understood configuration led to some of our findings as well.
One may wish to drawn conclusions about issues such as censorship or discrimination from our findings. While precisely defining these terms and measuring such high-level social impacts are beyond the scope of this work, we can say something about the relationship between our measurements of server-side blocking of regions and these higher-level concepts.
For most definitions of censorship, our method counts a strict subset of censorship but also blocking that does meet the definition. Typically, censorship implies that both parties in a communication are willing participants and that a third-party (paradigmatically, a government) disrupts the communication. Our method counts server-side blocking taken up not only due to orders issued by a government (such as with economic sanctions ) but also that taken up for voluntary reasons not involving a third party. On the other hand, we do not count censorship implemented with middle-boxes, its quintessential form.
One may wish to say that we have measured some or all of the other possible voluntary reasons for a server to block a region, such as asserting that we measured discrimination. However, we only detect blocking for such reasons that is implemented by server-side blocking. We would miss any implemented with middleboxes, which, at least in theory, could happen if the website pays a government to block requests crossing its boarder headed for the website.
As for discrimination, can we at least say we are measuring the subset of it implemented as server-side blocking? The answer depends upon the definition of discrimination used. For some, such those requiring bigotry or intent, we cannot draw such a conclusion.
However, we have shown some regions to be disproportionately affected by a website’s use of server-side blocking. For employment, US anti-discrimination law makes illegal some cases of disproportionate impact, namely, those that constitute disparate impact. Disparate impact is a complex legal doctrine. (For a discussion related to CS, see .) We will not argue that we found disparate impact, but we do find it helpful to draw an analogy to it. In particular, we note that an action can lead to disparate impact even when it and the reasons behind it are facially neutral towards all groups and do not involve animosity, for example, when it is correlated with one of the groups. Furthermore, disparate impact can happen even when not everyone in the affected group experiences the adverse outcome. Nor does disparate impact have to be wide spread in the sense of many employers committing it. Finally, under the doctrine, disproportionate effects are concerning enough to warrant a justification and in the absence of such justification can be problematic (and illegal in that setting). We also borrow the concept that such justifications should be strong, in their setting a business necessity.
We believe our findings are concerning enough to warrant justifications in the same sense. In particular, our study does not determine whether differences in availability between regions is caused by geo-blocking the affected region or by some other factor correlated with it. We also do not show that everyone in the affected region experiences it nor that it is wide spread across many websites. However, under our analogy, these issues do not diminish the need for a strong justification.
As for what would count as a strong justification, we get little guidance from our analogy since the context of employment differs greatly from that of serving webpages. We will leave it to the reader to weigh the justifications found in Section 6.
While small in scale, our network measurements provide reasonably strong evidence that some websites are available from the United States but not from various locations in Africa and Pakistan (Section 5). We have also established that at least some websites claim that the reason for theirs being so is fraud concerns or not shipping to the location (Section 6). We also found forum discussions relating a desire to block countries due to concerns over fraud and that traffic can be more expensive in Africa (Section 6). However, we cannot attribute all the measured difference in availability to these reasons.
Despite the uncertainties surrounding the causes of our findings and how to refer to them, we believe they should be a cause for concern. The limitations created by such blocks can pose impediments to commerce in developing regions, either directly by preventing purchases or indirectly by making examples of successful e-commence sites harder to come by.
Furthermore, decisions about blocking remain opaque to the affected users: for them, things simply do not work, with little explanation as to why. For example, Akamai-hosted websites show a static page to blocked locations simply stating “Access Denied”, without any explanation of the underlying issue that led to the blocking, and with the blog page on the issue being a laundry list of possibilities . Users may infer the worst, such as xenophobia, creating a sense of oppression even if webmasters have legitimate concerns about security.
Even in such cases, wide-net geo-blocking, such as the desire to block all of Africa we found (Section 6), could represent an overreaction that ignores the great diversity in Africa. In addition to future research on measuring and understanding the server-side blocking identified in this work, research could provide webmasters with tools that allow cost-effective fine-grain blocking in hopes of preventing such overreactions.
In addition to being interesting in their own right and raising questions of regional justice, our results have implications for censorship measurements. Censorship measurements that do not tease server-side blocking apart from censorship risks overestimating censorship. Furthermore, the focus of Western researchers on censorship in the Eastern world while not acknowledging the server-side blocking existing in their own countries risks biasing the discussion of openness on the Internet.
We thank David Fifield for allowing us to use some of his code. We thank the ISP that allowed us to use their servers. We gratefully acknowledge funding support from the National Science Foundation (Grants 1518918 and 1651857) and UC Berkeley’s Center for Long-Term Cybersecurity. The opinions in this paper are those of the authors and do not necessarily reflect the opinions of any funding sponsor or the United States Government.
-  Nigerian letter or “419” fraud. https://www.fbi.gov/scams-and-safety/common-fraud-schemes/nigerian-letter-or-419-fraud.
-  Amazon. Countries accepted for seller registration: List of accepted countries. http://www.amazon.com/gp/help/customer/display.html/ref=hp_rel_topic?ie=UTF8&nodeId=200417280. Accessed 2015–12–13.
-  (B-C-MPC4K3), A. Why is akamai blocking me? Cloud Security Blog: https://community.akamai.com/community/cloud-security/blog/2016/04/07/why-is-akamai-blocking-me, Apr. 2016.
-  Balebako, R., Leon, P., Shay, R., Ur, B., Wang, Y., and Cranor, L. Measuring the effectiveness of privacy tools for limiting behavioral advertising. In Web 2.0 Security and Privacy Workshop (2012).
-  Barford, P., Canadi, I., Krushevskaja, D., Ma, Q., and Muthukrishnan, S. Adscape: Harvesting and analyzing online display ads. In Proceedings of the 23rd International Conference on World Wide Web (Republic and Canton of Geneva, Switzerland, 2014), International World Wide Web Conferences Steering Committee, pp. 597–608.
-  Barocas, S., and Selbst, A. Big data’s disparate impact. California Law Review 104 (2016), 671.
-  Bischof, Z. S., Rula, J. P., and Bustamante, F. E. In and out of cuba: Characterizing cuba’s connectivity. In Proceedings of the 2015 Internet Measurement Conference (New York, NY, USA, 2015), IMC ’15, ACM, pp. 487–493.
-  Book, T., and Wallach, D. S. An empirical study of mobile ad targeting. ArXiv 1502.06577 (2015).
-  Burrell, J. Invisible users: Youth in the Internet cafés of urban Ghana. Mit Press, 2012.
-  Chetty, M., Sundaresan, S., Muckaden, S., Feamster, N., and Calandro, E. Measuring broadband performance in south africa. In Proceedings of the 4th Annual Symposium on Computing for Development (New York, NY, USA, 2013), ACM DEV-4 ’13, ACM, pp. 1:1–1:10.
-  Constantin, L. Savviest hackers hail from eastern europe, researchers say. PC World (Sept. 2012). https://www.pcworld.com/article/2010491/savviest-hackers-hail-from-eastern-europe-researchers-say.html.
-  Datta, A., Tschantz, M. C., and Datta, A. Automated experiments on ad privacy settings: A tale of opacity, choice, and discrimination. In Proceedings on Privacy Enhancing Technologies (PoPETs) (2015), De Gruyter Open.
-  D’Mello, G. A Pakistani group hacked into 10 Indian university websites as revenge against Indian hackers. India Times (Apr. 2017). https://www.indiatimes.com/technology/news/a-pakistani-group-hacked-defaced-10-indian-university-websites-as-retaliation-against-indian-hackers-276456.html.
-  Du, B., Demmer, M., and Brewer, E. Analysis of www traffic in cambodia and ghana. In Proceedings of the 15th International Conference on World Wide Web (New York, NY, USA, 2006), WWW ’06, ACM, pp. 771–780.
-  Englehardt, S., Eubank, C., Zimmerman, P., Reisman, D., and Narayanan, A. Web privacy measurement: Scientific principles, engineering platform, and new results. Manuscript posted at http://randomwalker.info/publications/WebPrivacyMeasurement.pdf, June 2014. Accessed Nov. 22, 2014.
-  Fanou, R., Francois, P., and Aben, E. On the diversity of interdomain routing in africa. In Passive and Active Measurement (Cham, 2015), J. Mirkovic and Y. Liu, Eds., Springer International Publishing, pp. 41–54.
-  Fanou, R., Tyson, G., Francois, P., and Sathiaseelan, A. Pushing the frontier: Exploring the african web ecosystem. In Proceedings of the 25th International Conference on World Wide Web (Republic and Canton of Geneva, Switzerland, 2016), WWW ’16, International World Wide Web Conferences Steering Committee, pp. 435–445.
-  Fastly. Bandwidth & requests. Pricing webpage: https://www.fastly.com/products/load-balancing, 2018. Accessed Feb. 27, 2018.
-  Fastly. Traffic scalability. Load balancing webpage: https://www.fastly.com/products/load-balancing, 2018. Accessed Feb. 27, 2018.
-  Gite, V. Linux iptables just block by country. nixCraft website: https://www.cyberciti.biz/faq/block-entier-country-using-iptables/, Apr. 2017.
-  Guha, S., Cheng, B., and Francis, P. Challenges in measuring online advertising systems. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (New York, NY, USA, 2010), pp. 81–87.
-  Gupta, A., Calder, M., Feamster, N., Chetty, M., Calandro, E., and Katz-Bassett, E. Peering at the internet’s frontier: A first look at isp interconnectivity in africa. In Proceedings of the 15th International Conference on Passive and Active Measurement - Volume 8362 (New York, NY, USA, 2014), PAM 2014, Springer-Verlag New York, Inc., pp. 204–213.
-  Hannak, A., Sapiezynski, P., Molavi Kakhki, A., Krishnamurthy, B., Lazer, D., Mislove, A., and Wilson, C. Measuring personalization of web search. In Proceedings of the 22nd International Conference on World Wide Web (New York, NY, USA, 2013), ACM, pp. 527–538.
-  Hannak, A., Soeller, G., Lazer, D., Mislove, A., and Wilson, C. Measuring price discrimination and steering on e-commerce web sites. In Proceedings of the 2014 Conference on Internet Measurement Conference (New York, NY, USA, 2014), ACM, pp. 305–318.
-  Ihm, S., Park, K., and Pai, V. S. Towards understanding developing world traffic. In Proceedings of the 4th ACM Workshop on Networked Systems for Developing Regions (New York, NY, USA, 2010), NSDR ’10, ACM, pp. 8:1–8:6.
-  Ingold, D., and Soper, S. Amazon doesn’t consider the race of its customers. should it? Bloomberg (Apr. 2016). http://www.bloomberg.com/graphics/2016-amazon-same-day/.
-  Johnson, D. L., Belding, E. M., Almeroth, K., and van Stam, G. Internet usage and performance analysis of a rural wireless network in macha, zambia. In Proceedings of the 4th ACM Workshop on Networked Systems for Developing Regions (New York, NY, USA, 2010), NSDR ’10, ACM, pp. 7:1–7:6.
-  Johnson, D. L., Belding, E. M., and van Stam, G. Network traffic locality in a rural african village. In Proceedings of the Fifth International Conference on Information and Communication Technologies and Development (New York, NY, USA, 2012), ICTD ’12, ACM, pp. 268–277.
-  Johnson, D. L., Pejovic, V., Belding, E. M., and van Stam, G. Traffic characterization and internet usage in rural africa. In Proceedings of the 20th International Conference Companion on World Wide Web (New York, NY, USA, 2011), WWW ’11, ACM, pp. 493–502.
-  Kende, M., and Rose, K. Promoting local content hosting to develop the internet ecosystem. Internet Society Report: https://www.internetsociety.org/resources/doc/2015/promoting-local-content-hosting-to-develop-the-internet-ecosystem/, Jan. 2015.
-  Khattak, S., Fifield, D., Afroz, S., Javed, M., Sundaresan, S., Paxson, V., Murdoch, S. J., and McCoy, D. Do you see what I see? Differential treatment of anonymous users. In Proceedings of the Network and Distributed System Security Symposium (NDSS) (2016).
-  Kliman-Silver, C., Hannak, A., Lazer, D., Wilson, C., and Mislove, A. Location, location, location: The impact of geolocation on web search personalization. In Proceedings of the 2015 ACM Conference on Internet Measurement Conference (New York, NY, USA, 2015), ACM, pp. 121–127.
-  Lécuyer, M., Ducoffe, G., Lan, F., Papancea, A., Petsios, T., Spahn, R., Chaintreau, A., and Geambasu, R. XRay: Increasing the web’s transparency with differential correlation. In Proceedings of the USENIX Security Symposium (2014).
-  Liu, B., Sheth, A., Weinsberg, U., Chandrashekar, J., and Govindan, R. AdReveal: Improving transparency into online targeted advertising. In Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks (New York, NY, USA, 2013), ACM, pp. 12:1–12:7.
-  Macy’s (@Macys). Hi, aliaa — our site can only be viewed from locations we deliver to[…]. Twitter: https://twitter.com/Macys/status/883133375984349185, July.
-  McClellan, D. POF scams – All about PlentyofFish catfish scams. https://socialcatfish.com/pof-scams-plentyoffish-catfish-scams/.
-  Mikians, J., Gyarmati, L., Erramilli, V., and Laoutaris, N. Detecting price and search discrimination on the internet. In Proceedings of the 11th ACM Workshop on Hot Topics in Networks (New York, NY, USA, 2012), ACM, pp. 79–84.
-  Mikians, J., Gyarmati, L., Erramilli, V., and Laoutaris, N. Crowd-assisted search for price discrimination in e-commerce: First results. In Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies (New York, NY, USA, 2013), ACM, pp. 1–6.
-  Mombrea, M. How to block traffic from other countries in linux. ITworld’s BYTESTREAM blog: https://www.itworld.com/article/2833357/security/how-to-block-traffic-from-other-countries-in-linux.html, Dec. 2013.
-  Nath, S. Madscope: Characterizing mobile in-app targeted ads. In Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services (New York, NY, USA, 2015), ACM, pp. 59–73.
-  Noordally, R., Nicolay, X., Anelli, P., Lorion, R., and Tournoux, P. U. Analysis of internet latency: The reunion island case. In Proceedings of the 12th Asian Internet Engineering Conference (New York, NY, USA, 2016), AINTEC ’16, ACM, pp. 49–56.
-  partipants, F. How can I block African (Nigerian) traffic from my site? Webmaster World web forum: https://www.webmasterworld.com/forum22/3091-2-30.htm.
-  President’s Choice Financial (@PCFinancial). Due to security measures, the pcfinancial.ca website is not accessible in your current location. (1/2). Twitter: https://twitter.com/PCFinancial/status/872094785024274432, June 2017.
-  Project, I. IPdeny country block downloads. http://www.ipdeny.com/, Feb. 2018.
-  Sampson, T. How scammers get free stuff from Amazon, no questions asked. http://www.dailydot.com/news/scammers-amazon-free-replacement-shipments/.
-  Sholli, S. India SLAMS Pakistan for ‘BLOCKING’ access to websites’ amid rising World War 3 fears. Express (May 2018). https://www.express.co.uk/news/world/933411/pakistan-india-world-war-3-websites-jammu-kashmir.
-  Singh, R., Nithyanand, R., Afroz, S., Pearce, P., Tschantz, M. C., Gill, P., and Paxson, V. Characterizing the nature and dynamics of Tor exit blocking. In USENIX Security (Aug. 2017).
-  Soeller, G., Karahalios, K., Sandvig, C., and Wilson, C. MapWatch: Detecting and monitoring international border personalization on online maps. In Proceedings of the 25th International Conference on World Wide Web (Republic and Canton of Geneva, Switzerland, 2016), International World Wide Web Conferences Steering Committee, pp. 867–878.
-  Sweeney, L. Discrimination in online ad delivery. Commun. ACM 56, 5 (May 2013), 44–54.
-  Tramèr, F., Atlidakis, V., Geambasu, R., Hsu, D. J., Hubaux, J., Humbert, M., Juels, A., and Lin, H. FairTest: Discovering unwarranted associations in data-driven applications. In 2017 IEEE European Symposium on Security and Privacy, EuroS&P (2017), IEEE, pp. 401–416.
-  Tschantz, M. C., Datta, A., Datta, A., and Wing, J. M. A methodology for information flow experiments. In Computer Security Foundations Symposium (2015), IEEE.
-  Vissers, T., Nikiforakis, N., Bielova, N., and Joosen, W. Crying wolf? On the price discrimination of online airline tickets. In 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2014) (July 2014).
-  Wills, C. E., and Tatar, C. Understanding what they do with what they know. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society (New York, NY, USA, 2012), pp. 13–18.
-  Xing, X., Meng, W., Doozan, D., Feamster, N., Lee, W., and Snoeren, A. C. Exposing inconsistent web search results with Bobble. In Proceedings of the 15th International Conference on Passive and Active Measurement - Volume 8362 (New York, NY, USA, 2014), Springer-Verlag New York, Inc., pp. 131–140.
-  Xu, X., Mao, Z. M., and Halderman, J. A. Internet censorship in China: Where does the filtering occur? In Passive and Active Measurement Conference (Atlanta, GA, USA, 2011), Springer, pp. 133–142.
-  Zaki, Y., Chen, J., Pötsch, T., Ahmad, T., and Subramanian, L. Dissecting web latency in ghana. In Proceedings of the 2014 Conference on Internet Measurement Conference (New York, NY, USA, 2014), IMC ’14, ACM, pp. 241–248.
-  Zheleva, M., Schmitt, P., Vigil, M., and Belding, E. The increased bandwidth fallacy: Performance and usage in rural zambia. In Proceedings of the 4th Annual Symposium on Computing for Development (New York, NY, USA, 2013), ACM DEV-4 ’13, ACM, pp. 2:1–2:10.