The fragment cache side channel is the most widely applicable TCP/IP side channel, capable of eliciting responses even from hosts behind host firewalls because it operates at Layer 3 (IP fragments). When combined with a Layer 4 technique such as the SYN backlog scan, it can distinguish censorship implemented at Layer 3 versus Layer 4, though fragment cache implementations vary widely across OSes and devices.

Approximately 1% of the IPv4 address space has globally incrementing IP ID counters, making IPID idle scans viable for Internet-scale censorship detection at roughly 5 packets per second. The technique is well-understood in terms of noise properties but is difficult to apply in IPv6 because the fragment ID field appears only in fragments.

§3.3, Table 1 evaluation

Over more than 10 years of ONI client-side measurements conducted in 77 countries—of which 42 were found to implement some form of filtering—no participating user was ever arrested, apprehended, pressured, or intimidated by authorities. However, HTTP GET requests to sensitive URLs are made without obfuscation or anonymization, and in countries with restrictive legal frameworks this activity could be viewed as subversive by authorities sensitive to exposure of censorship infrastructure.

§2.1, §2.2 evaluation

To reduce risk to human subjects in side-channel censorship measurements, researchers can substitute gateway routers near the target client in place of the client machine itself—the approach used by Censored Planet—or perform measurements across entire /24 subnets so that no individual can be incorrectly associated with the measurement traffic. For the ICMP rate-limit side channel, the 'client' can be an unresponsive IP address, measuring the gateway router rather than any end-user machine.

§3.4 policy

The SYN backlog side channel can detect censorship for any Internet host with an open port at approximately 5 packets per second without causing denial of service, provided only one measurement machine targets any given server at a time. Updated implementations require only that the backlog be half full rather than requiring full exhaustion, eliminating the earlier DoS requirement.

§3.3, Table 1 evaluation

The largest single source of censored domains in the GNL is MESA lab's SNI monitoring dataset (E21-SNI-Top200w.txt) containing 57,362 censored domains, and E21-SNI-Top120W-20221020.txt with 36,467 domains—totaling over 93K domains from network tap data alone for a single country (E21 = Ethiopia per InterSecLab attribution). A separate Xinjiang dataset (XJ-CUCC-SNI-Top200w.txt) contains 13,604 domains. These datasets "do not seem to come from popular domain lists, and instead appear to be gathered from network taps," confirming that Geedge builds censorship target lists directly from passive traffic observation.

2026-sheffey-geedge §4.2, Table 3 dpisni-blockingmeasurement-platform

Of 6,915,266 domains extracted from the 572 GiB Geedge Networks Leak (GNL), 298,955 censored domains (93.7% of all GNL-censored domains) appear in neither Tranco top-1M nor CitizenLab test lists. Measurements across China (Guangzhou/Nanjing), Myanmar, Pakistan, and Algeria confirmed censorship via DNS injection and SNI-based TLS connection termination. The GNL covers 25–62% of Tranco-censored domains across countries, showing substantial but incomplete overlap. This vendor-side ground truth reveals a censorship surface roughly two orders of magnitude larger than curated academic test lists.

2026-sheffey-geedge §4.1, Table 2 dpisni-blockingdns-poisoningmeasurement-platform

CensorAlert aggregates censorship signals from heterogeneous open sources — including OONI, Cloudflare Radar, NetBlocks, GitHub Issues of circumvention tools (Hysteria, Xray), Net4People BBS, NTC Party forum, Mastodon, X, Telegram channels, and arXiv — normalizing each item into a common schema preserving timestamp, source, raw data, and provenance with a link to the original content.

2026-zohaib-extended §2 (Data Sources) measurement-platform

Systematic measurement platforms (OONI, Censored Planet, Cloudflare Radar, NetBlocks) have inherent blind spots due to geographic coverage and protocol-specific test constraints; critical censorship discoveries — including GFW fully-encrypted protocol blocking and regional Chinese censorship — were first surfaced by user reports on forums and GitHub issue pages of circumvention tools, not by automated measurement infrastructure.

2026-zohaib-extended §1 measurement-platformfully-encrypted-detect

CensorAlert generates text embeddings (OpenAI text-embedding-3-small) from each item's summary, title, and tags to cluster semantically similar reports within configurable time windows; near-duplicates such as reposts, copied headlines, and translations are collapsed into a single canonical post that preserves all original source URLs and metadata.

2026-zohaib-extended §2 (AI-based Scoring) measurement-platform

CensorAlert's LLM agent scores each ingested item 0–5 on five independent dimensions — credibility, novelty, impact, timeliness, and verifiability — then computes a normalized significance score (0–10) from these components; items are processed every two hours using OpenAI GPT-5 Thinking (hosted on Azure) constrained to return structured JSON output.

2026-zohaib-extended §2 (AI-based Scoring) measurement-platform