Three approaches to gathering censorship measurements exist: deploying researchers with software (snapshot coverage, researcher safety risk), deploying software to at-risk citizens (continuous but endangers locals), and co-opting existing deployed software (continuous, widespread coverage, but raises consent issues since device owners may be unwittingly implicated). The third approach offers substantially greater measurement capabilities but introduces the most unresolved ethical risk.

Requiring consent from device owners for co-opted censorship measurements reduces coverage and continuity, and may paradoxically increase danger: soliciting consent signals intent to participants and draws attention, whereas the prevalence of malware and third-party trackers provides plausible deniability for unwitting device owners. The authors note that more widespread co-opted measurements collectively provide greater individual protection by normalizing unexplained outbound traffic.

§2 Measurements from Co-Opted Devices policy

The Encore technique uses cross-origin HTTP requests to induce a visiting user's browser to silently fetch a censorship target URL, enabling passive measurement of web filtering for sites including Facebook, YouTube, and Twitter. The ethical argument for deployment rests on the observation that nearly all major websites already embed content from these platforms, so the additional traffic is indistinguishable from normal browsing behavior.

§3 Questions and Considerations evaluation

University IRBs are not equipped to evaluate censorship measurement research because it falls outside the formal definition of 'human subjects' research (which requires direct intervention with individuals to collect individualized data). Despite this, the work poses real and potentially serious risks to people, leaving a governance gap with no clear institutional oversight body.

§2 Measurements from Co-Opted Devices policy

The legality of a measurement method within a given country does not equate to safety for implicated subjects: authoritarian regimes may assess network logs based on ulterior motives unrelated to technical specifics, or may lack sufficient technical understanding to distinguish measurement traffic from deliberate access. Subjects may additionally face privacy hazards such as being falsely implicated in accessing illegal content.

§2 Measurements from Co-Opted Devices policy

The largest single source of censored domains in the GNL is MESA lab's SNI monitoring dataset (E21-SNI-Top200w.txt) containing 57,362 censored domains, and E21-SNI-Top120W-20221020.txt with 36,467 domains—totaling over 93K domains from network tap data alone for a single country (E21 = Ethiopia per InterSecLab attribution). A separate Xinjiang dataset (XJ-CUCC-SNI-Top200w.txt) contains 13,604 domains. These datasets "do not seem to come from popular domain lists, and instead appear to be gathered from network taps," confirming that Geedge builds censorship target lists directly from passive traffic observation.

2026-sheffey-geedge §4.2, Table 3 dpisni-blockingmeasurement-platform

Of 6,915,266 domains extracted from the 572 GiB Geedge Networks Leak (GNL), 298,955 censored domains (93.7% of all GNL-censored domains) appear in neither Tranco top-1M nor CitizenLab test lists. Measurements across China (Guangzhou/Nanjing), Myanmar, Pakistan, and Algeria confirmed censorship via DNS injection and SNI-based TLS connection termination. The GNL covers 25–62% of Tranco-censored domains across countries, showing substantial but incomplete overlap. This vendor-side ground truth reveals a censorship surface roughly two orders of magnitude larger than curated academic test lists.

2026-sheffey-geedge §4.1, Table 2 dpisni-blockingdns-poisoningmeasurement-platform

CensorAlert aggregates censorship signals from heterogeneous open sources — including OONI, Cloudflare Radar, NetBlocks, GitHub Issues of circumvention tools (Hysteria, Xray), Net4People BBS, NTC Party forum, Mastodon, X, Telegram channels, and arXiv — normalizing each item into a common schema preserving timestamp, source, raw data, and provenance with a link to the original content.

2026-zohaib-extended §2 (Data Sources) measurement-platform

Systematic measurement platforms (OONI, Censored Planet, Cloudflare Radar, NetBlocks) have inherent blind spots due to geographic coverage and protocol-specific test constraints; critical censorship discoveries — including GFW fully-encrypted protocol blocking and regional Chinese censorship — were first surfaced by user reports on forums and GitHub issue pages of circumvention tools, not by automated measurement infrastructure.

2026-zohaib-extended §1 measurement-platformfully-encrypted-detect

CensorAlert generates text embeddings (OpenAI text-embedding-3-small) from each item's summary, title, and tags to cluster semantically similar reports within configurable time windows; near-duplicates such as reposts, copied headlines, and translations are collapsed into a single canonical post that preserves all original source URLs and metadata.

2026-zohaib-extended §2 (AI-based Scoring) measurement-platform

CensorAlert's LLM agent scores each ingested item 0–5 on five independent dimensions — credibility, novelty, impact, timeliness, and verifiability — then computes a normalized significance score (0–10) from these components; items are processed every two hours using OpenAI GPT-5 Thinking (hosted on Azure) constrained to return structured JSON output.

2026-zohaib-extended §2 (AI-based Scoring) measurement-platform