Evaluation of the top 10,000 Alexa websites finds that 3,916 (39%) support HTTPS, of which 1,976 (50%) perform HTTP 3XX redirects that echo the requested path in the Location header and 812 (20%) replay the URL in HTTP 404 error responses — both usable as upstream covert channels readable by downstream-only decoy routers without intercepting upstream traffic.

Through Internet-scale BGP simulation against China, downstream-only decoy routing (Waterfall) with a single decoy AS provides equivalent resistance to routing attacks as a traditional upstream decoy system (e.g., Telex) with 53 decoy ASes. This efficiency gain arises because censoring ISPs can selectively re-route upstream traffic per destination but must re-route all or none of downstream traffic through each provider AS, making downstream-only routing far more expensive to evade.

§4.1.1 defense

Waterfall's Overt User Simulator caches previously loaded overt-website responses and replays them to generate cover traffic, overcoming Slitheen's 40% downstream throughput ceiling (caused by restricting covert replacement to leaf HTTP objects only). Because downstream-only decoy routers intercept all downstream TLS records — not just leaf content — Waterfall achieves higher covert capacity while perfectly mimicking overt browsing patterns against traffic analysis.

§9 defense

Table 2 shows that with 50 decoy ASes, the most powerful practical routing attack on downstream-only systems (rewiring-I) impacts 93% of China's routes (22.4% unreachable, 70% re-routed), compared to only 18.2% total impact from RAD on traditional upstream designs. Table 3 shows that even for Syria, the rewiring-II attack with just 1 downstream-only decoy AS already impacts 81% of routes versus 1.5% for RAD on upstream systems.

§4.2.1, Table 2, Table 3 evaluation

BGP simulation shows that a censor's source-block attack against 100 downstream-only decoy ASes disconnects 23% of Chinese Internet destinations, versus only 8% when applying the standard RAD attack against 100 upstream decoy ASes — imposing nearly 3× more unreachability collateral damage on the censor for the same decoy count.

§4.1.1, Figure 3 evaluation

During the June 2025 Iran shutdown, circumvention tool performance diverged sharply by transport design. Psiphon's multi-protocol architecture sustained 1.5 million concurrent users—roughly one-third of its normal Iranian base. Lantern's "proxyless" protocol (domain-fronting via CDN, ~40% of Lantern's Iranian traffic) showed moderate success. Tor usage collapsed during the blackout but bridge connections surged and rebounded quickly after lifting. BeePass (serving 500k+ daily users at shutdown onset) used live A/B testing of port/obfuscation-prefix combinations to probe the censors' blocking parameters in real time. The Ceno Browser's P2P network grew from 600 active peers on June 13 to ~8,000 by July 11, indicating that decentralized fallback paths stayed up even during peak blocking.

2025-iran-shutdown-measurement §Tool Performance dpithrottling

The June 2025 Iran shutdown—carried out during the Iran-Israel war beginning ~June 19—did not use BGP route withdrawals as in 2019. Instead, authorities applied service-level restrictions at the national border: DNS poisoning of foreign destinations, protocol whitelisting permitting only pre-approved domestic services, and DPI to block circumvention-tool traffic. Iran's international traffic fell roughly 90% while the country's BGP routes remained advertised, making the shutdown invisible to BGP-based monitoring systems. OONI measurement volume, which totalled 121,333 in June 2025, collapsed to under 200 submissions on June 19-20.

2025-iran-shutdown-measurement Executive Summary / §2 dpidns-poisoningport-blockingip-blocking

During the June 2025 shutdown, Iranian authorities blocked international One-Time Password (OTP) SMS delivery, preventing new sign-ins to foreign secure-messaging platforms and VPN services. This forced users toward government-approved domestic platforms that lack security and privacy protections. The blockade of OTPs effectively weaponized account-recovery flows as a secondary shutdown layer, disproportionately affecting users who needed to activate new circumvention tools during the crisis.

2025-iran-shutdown-measurement §Human Rights Implications port-blockingdpikeyword-filtering

Input blocking in Chinese LLM services (DeepSeek, Qwen, Kimi, Doubao) is overwhelmingly consistent: all four services persistently block the exact same queries across all 5 measurement samples in both Simplified and Traditional Chinese. Output blocking is far less consistent, with only 29 out of 349 output-blocked queries blocked across all 5 samples. Baidu-Chat is exceptional: it performs almost no input blocking but instead relies heavily on post-search and output blocking (78.6% of blocks are output-phase).

2026-ablove-characterizing §VI-B keyword-filteringdpi

A three-stage detection pipeline exploiting the "dual-role" behavioral fingerprint of single-IP circumvention relays achieved 23.2% recall (96/414 ground-truth relays) with a 0.18% false-positive rate against 97,651 benign TLS servers, for an overall accuracy of 99.5%. The ground-truth set covered OpenVPN, WireGuard, and SOCKS relays identified in a 17 TB single-day backbone trace (WIDE Project, April 9, 2025).

2026-almutairi-server §3.4, Table 1 traffic-shapedpiflow-correlation

The paper identifies a fundamental architectural vulnerability in single-IP circumvention designs: a relay must generate new observable flows (via DNS or TLS SNI) to reach end services after receiving client connections, creating a detectable server-and-client behavioral contrast. A relay accessing user-facing domains (news, social media) scores high on a Relay Suspicion Score (w=0.9) versus infrastructure domains (w=0.1). The paper argues this host-level signal is censorship-invariant and cannot be concealed by link obfuscation.

2026-almutairi-server §2.4, §4 traffic-shapedpisni-blocking