Who Watches the Watchmen: Exploring Complaints on the Web

The Web Conference 2019Under increasing scrutiny, many web companies now offer bespoke mechanisms allowing any third party to file complaints (e.g., requesting the de-listing of a URL from a search engine). While this self-regulation might be a valuable web governance tool, it places huge responsibility within the hands of these organisations that demands close examination. We present the first large-scale study of web complaints (over 1 billion URLs). We find a range of complainants, largely focused on copyright enforcement. Whereas the majority of organisations are occasional users of the complaint system, we find a number of bulk senders specialised in targeting specific types of domain. We identify a series of trends and patterns amongst both the domains and complainants. By inspecting the availability of the domains, we also observe that a sizeable portion go offline shortly after complaints are generated. This paper sheds critical light on how complaints are issued, who they pertain to and which domains go offline after complaints are issued

Assessing the Privacy Benefits of Domain Name Encryption

As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak information about the domains they visit via DNS queries and via the Server Name Indication (SNI) extension of TLS. Two recent proposals to ameliorate this issue are DNS over HTTPS/TLS (DoH/DoT) and Encrypted SNI (ESNI). In this paper we aim to assess the privacy benefits of these proposals by considering the relationship between hostnames and IP addresses, the latter of which are still exposed. We perform DNS queries from nine vantage points around the globe to characterize this relationship. We quantify the privacy gain offered by ESNI for different hosting and CDN providers using two different metrics, the k-anonymity degree due to co-hosting and the dynamics of IP address changes. We find that 20% of the domains studied will not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address. On the other hand, 30% will gain a significant privacy benefit with a k value greater than 100, since these domains are co-hosted with more than 100 other domains. Domains whose visitors' privacy will meaningfully improve are far less popular, while for popular domains the benefit is not significant. Analyzing the dynamics of IP addresses of long-lived domains, we find that only 7.7% of them change their hosting IP addresses on a daily basis. We conclude by discussing potential approaches for website owners and hosting/CDN providers for maximizing the privacy benefits of ESNI.Comment: In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS '20), October 5-9, 2020, Taipei, Taiwa

Thiolutin is a zinc chelator that inhibits the Rpn11 and other JAMM metalloproteases

Thiolutin is a disulfide-containing antibiotic and anti-angiogenic compound produced by Streptomyces. Its biological targets are not known. We show that reduced thiolutin is a zinc chelator that inhibits the JAB1/MPN/Mov34 (JAMM) domain–containing metalloprotease Rpn11, a deubiquitinating enzyme of the 19S proteasome. Thiolutin also inhibits the JAMM metalloproteases Csn5, the deneddylase of the COP9 signalosome; AMSH, which regulates ubiquitin-dependent sorting of cell-surface receptors; and BRCC36, a K63-specific deubiquitinase of the BRCC36-containing isopeptidase complex and the BRCA1–BRCA2-containing complex. We provide evidence that other dithiolopyrrolones also function as inhibitors of JAMM metalloproteases

Security & Scalability of Content-Centric Networking

By suggesting radical changes to the current Internet, approaches to clean-slate architectures run the risk of introducing new opportunities for attacks. These attacks can range from new forms of denial-of-service to attacks against other users’ privacy. In this thesis, we analyse the architecture proposed by Content-Centric Networking from a security perspective. One security-critical feature of Content-Centric Networking is the introduction of general-purpose caches that are shared by a small number of users. We show how attackers can leverage these caches to monitor what content its users are retrieving. More generally, we argue that there is a tradeoff between network efficiency and user privacy. Countermeasures against cache-based privacy attacks need to carefully explore this tradeoff

Paying for Piracy? An Analysis of One-Click Hosters ’ Controversial Reward Schemes

Abstract. One-Click Hosters (OCHs) such as Rapidshare and now defunct Megaupload are popular services where users can upload and store large files. Uploaders can then share the files with friends or make them publicly available by publishing the download links in separate directories, so-called direct download or streaming sites. While OCHs have legitimate use cases, they are also frequently used to distribute pirated content. Many OCHs operate affiliate programmes to financially reward the uploaders of popular files. These affiliate programmes are controversial for allegedly financing piracy, and they were prominently cited in the criminal indictment that lead to the shutdown of Megaupload, once among the world’s 100 largest web sites. In this paper, we provide insights into how much money uploaders of pirated content could earn on a range of direct download and streaming sites. While the potential earnings of a few uploaders are non-negligible, for most uploaders these amounts are so low that they cannot rationally explain profit-oriented behaviour