Survey of robust and resilient social media tools on Android

Paul BrusseeDelft University of Technology

Email: P.W.G.Brussee@student.tudelft.nl

Johan PouwelseDelft University of TechnologyEmail: J.A.Pouwelse@tudelft.nl

Abstract—We present an overview of robust and resilient socialmedia tools to overcome natural disasters, censorship andInternet kill switches. These social media tools use Androiddevices to communicate during disasters and aim to overcomeattacks on freedom of expression. There is an abundance ofprojects that aim to provide resilient communication, enhanceprivacy, and provide anonymity. We focus specifically on thelimited set of mature tools with a healthy development com-munity and Internet-deployment.

Index Terms—social media, privacy, anonymity

1. Introduction

Social media has become a widespread phenomenon oflocal, national and global communication between people.This free human communication via social media is un-der threat of blackouts and far-reaching censorship. Recentnatural disasters have wiped out vital communication in-frastructure for a prolonged period of time [1] or caused asystem overload due to the way the network is structuredwith central bottlenecks that are also a single point of failure[2]. Communication networks can also be unreliable dueto a suddenly unstable power grid [3] or permanent powershortages [4].

Censorship can be effectuated in such a way that itresembles partial network failures [5] or a total blackout [6]with an Internet kill switch [7]. A constant battle is foughtover tools that counter a specific censorship mechanism andvice versa [8]. State actors are involved in what seems to bea direct battle between them and the open source communityproviding activists with the tools they need [9].

Mobile phones can be considered autonomous plat-forms thanks to wireless ad hoc connections and on boardrechargeable batteries [10]. The smart phone app phe-nomenon has been used as an angle to counter disruptionsin communications due to natural disasters or human madeinterference [11]. This recently prompted even more aggres-sive censorship measures behind the Great Firewall of China[12].

Problem Description

This survey lists field proven solutions that provide arobust and resilient social media experience on Android, one

of the most popular mobile platforms, considering privacyand anonymity. The threat model assumed is the following:[13]

• The adversary can observe, block, delay, replay, andmodify traffic on all underlying transport. Thus, thephysical layer is insecure.

• The adversary has a limited ability to compromisesmart phones or other participating devices. If adevice is compromised, the adversary can access anyinformation held in the devices volatile memory orpersistent storage.

• The adversary cannot break standard cryptographicprimitives, such as block ciphers and message-authentication codes.

2. The Twimight Ad Hoc Network

Twimight uses opportunistic ad hoc communication andthe store and forward principle to distribute tweets amoungusers with the same Twimight app in ’disaster mode’. [14] Innormal mode it behaves just like a regular Twitter app autho-rized by the user with OAuth. In disaster mode Twimighttries to spread tweets epidemically and publicly to everypeer within reach, flooding the network. Switching to thisdisaster mode enables Bluetooth to periodically scan forother devices, also running the Twimight app in disastermode, while continuously listening to answer connectionrequests from other devices. Upon finding a peer the Blue-tooth connection is automatically setup and ’disaster tweets’are exchanged.

The Twimight Disaster Server (TDS) is a central compo-nent in the system that signs a certificate for each Twimightuser. This certificate is used to sign disaster tweets forintegrity checks and author authentication, as well as toencrypt private direct messages between clients. The lifetimeof each certificate is limited to only 14 days to keep thecertificate revocation list embedded in the Twimight appshort. [14]

To prevent expiration of a certificate just before a disas-ter happens the clients update their keys and request a newcertificate from the TDS after 7 days. If the duration of adisaster is more than 7 days the authors of Twimight expectan alternative infrastructure to be available at that time toaccess the Internet. [14]

arX

iv:1

512.

0007

1v1

[cs

.CR

] 3

0 N

ov 2

015

New users can not join the network during a disasterbecause it is impossible to use the disaster mode withouta TDS signed certificate. The TDS is the only allowedcertificate authority by the Twimight app and all invalidtweets are discarded. The TDS root certificate is embeddedin the Twimight app for validation of every certificate that isused to sign a tweet. To update the root certificate requiresthe Twimight app to be updated. [14]

To control spam the maximum of tweets exchanged is500 of which at most 250 are from the peer itself and the restrelayed from others. It is expected of the user to moderatethe amount of their own tweets and to retweet only relevantinformation. There is no integrated resource managementstrategy in case this buffer gets full. [14]

If Internet connectivity is regained only the user’s owndisaster tweets are uploaded to the Twitter server [14]. Inorder for a disaster tweet of a user that may still be in harm’sway to reach the Internet requires a retweet from a user withInternet connection. Twimight is not able to check if thedisaster tweet from another user is already published and

Figure 1. The Twimight home screen.

cannot decide to publish this tweet on behalf of this user,who is apparently still without Internet connection, and whopossibly remains in harm’s way.

The opportunistic network approach requires continuousscanning for connection opportunities. A shorter intervalof 1 minute versus 2 minutes using Bluetooth severelydegrades battery life. A larger interval may result in missedconnection opportunities and resulting consequences in thecontext of a disaster.

3. The Serval Mesh Network

The Serval Project created mesh network software toprovide communication services without the need for fixedinfrastructure. Smart phones equipped with WiFi and theServal Mesh app for Android allow voice calls to be madeover the mesh network as well as text messaging andfile sharing. Within any mobile network the clients canphysically change location and therefore change locationin the network. Particularly in mesh networks there is no

Figure 2. The Serval home screen.

central directory to register the new location of a client,and the network itself may change in addition to that,making routing even more complex. To connect to a specificuser requires knowing their phone number and asking allneighboring phone in the mesh network to find the addressof the phone on the network. The Mesh Datagram Protocol(MDP) in the network layer propagates these requests overthe network for a limited time and returns the addressesof any phone that claims to own that phone number. It isimpossible to verify these claims without prior knowledgeof the public key of the callee so it is left up to the userto choose the right result, without knowing if the intendedreceiver was actually reached by the request at all. Eachuser can claim their own phone number on the mesh withoutany checks and generate their own public-private key pairwith elliptic curve cryptography (ECC). The public key isused as unique subscriber identifier or Serval Identity (SID)and both keys are stored on the device and hidden usingsteganography for plausible deniability [15]. Only after thefirst contact a certificate can be issued by the caller to thecallee to affirm their identity and build a trust network. Be-fore knowing the public key of the intended receiver anyonein between the connection can impersonate and eavesdropon the conversation. A man-in-the-middle attack is generallyvery difficult to defeat in a mesh network because often notrusted third party can be contacted to verify the validity ofa certificate.

Another pitfall of mesh networks is the usual highend-to-end packet loss. To reduce but not guarantee noend-to-end packet loss MDP uses per-hop retransmissionwhich restores otherwise unusable routes and provides betterpacket delivery rates than conventional UDP over a multi-hop wireless network. MDP also allows for packets tobe signed and encrypted so upper layers don’t have to.Directly above the network layer is the voice call session andaudio carrier protocol called the Voice over Mesh Protocol(VoMP). VoMP is more suitable for mesh networks as it doesnot assume stable virtual circuits over static routes, like SIPand RTP do. Since MDP does not offer reliable messagingVoMP is designed to handle packet loss, mid-call re-routingand re-connection where SIP would fail. [16]

The resilient file distribution system Rhizome is usedfor file sharing. Rhizome uses the store and forward prin-ciple and is therefore suitable for mesh networks, but onlyguarantees the integrity of the file and not eventual arrival.The best effort transport of files is prioritized according tonetwork topology, bandwidth and device storage and batteryavailability, but otherwise it preserves net neutrality. Anony-mous file sharing is possible by not storing any informationon the senders so they can not be traced. [15] The messagingservice MeshMS is build upon Rhizome by sharing twojournal files per interlocutor, one for incoming and one foroutgoing messages.

To overcome the scalability limitations of mesh networkswith link tracking, like the Serval Mesh, route aggregationis necessary beyond the point of all bandwidth being usedfor link tracking. Network prefixes based on physical ortopological location are proposed as well as making the net-

work interoperable with infrastructure like the Commotionwireless network [17]. Any device that does not know itsown location can clone a nearby network prefix and providea coarse location service. Anonymity however suffers fromthis approach.

4. The Psiphon Proxy & VPN Service

Psiphon is a proxy client and server tool originally madein 2006 by the Citizen Lab in the OpenNet Initiative andnow developed by Psiphon Inc. It is used in more than 40countries where Internet is censored in some way [18]. Thetool allows users to circumvent censorship by connecting toa proxy server outside of the censor’s network and createan encrypted tunnel through which the rest of the Internetcan be accessed. Psiphon uses the socket secure (SOCKS)and Secure Shell (SSH) protocol and virtual private network(VPN) to implement the secure tunnel as well as HTTPproxy technology. These protocols provide an encryptedend-to-end tunnel that prevents the censor from knowing

Figure 3. The Psiphon home screen.

the contents of the communication providing some privacy.An obfuscation layer can be added on top of SSH in anattempt to circumvent deep packet inspection (DPI) that canrecognize the type of traffic and block it regardless of itscontent and destination. The tunnel goes straight from theclient to the proxy server and no effort is made to hidethe client’s IP address, so Psiphon does not provide anyanonymity at all. This important dissent feature is deemedout of scope [19].

Keeping Psiphon operational requires new proxy serversto be available at the same rate or quicker than used proxyservers are blocked. If the censor gets ahead in this cat-and-mouse game the Psiphon client will no longer able toconnect to any proxy server and is forced to find anothersource for addresses of non-blocked proxy servers in thefuture. Domain fronting is used to hide the true destinationof an HTTPS request by putting a fake front domain inthe DNS query and in the TLS Server Name Indication(SNI) extension, and the real one in the HTTP Host header[20]. Using content delivery networks (CDN) to host thedomain of the proxy server is an attempt to make the costof blocking Psiphon together with the entire CDN too highfor the censor. Accessing the proxy by IP directly, likedomainless fronting, leaves the option of blocking the IPaddress, and with it all domains and services behind it. Theamount of available addresses is limited and will eventuallydeplete the remaining stack of IPv4 addresses. Psiphon isIPv6 compatible but the censor can block these addressesjust as easily when the censoring tools are IPv6 compatibleas well.

Psiphon is vulnerable to an insider attack because thecensor can use the tool itself to discover all non-blockedproxy servers and subsequently block them. Various strate-gies based on software build ID, date, and time of day, areused for publishing a limited amount of servers to a singleclient to mitigate this risk of an insider attack. The ideaof tracking which clients know about which servers to findtraitors was rejected because that requires tracking with anunique client ID [21].

Certificates are used to verify the authenticity of theclients and servers. Proxy servers are authenticated by theclient automatically with embedded certificates in the soft-ware to make it hard for the censor to perform a man-in-the-middle attack. Because authenticating the client is amanual process that requires some technical knowledge itundermines the security of the embedded server certificates.A malicious repackaged version of Psiphon surfaced in2014, that was likely part of a targeted attack by actorsin Syria, installed a remote access tool (RAT) and keylogger [22]. Psiphon Inc. is a commercial company andit collects and sells the metadata of its users, for examplewhich sites are visited from which countries and how often[23]. This logging may concern anyone that uses Psiphonto circumvent censorship if the act of doing so is illegal.Also the company allows sponsors to automatically open awebsite in the user’s browser after a tunneled connection isestablished which makes a individual user traceable.

5. Orbot Onion Routing Service

The second generation onion router (Tor) is a circuit-based privacy-enhancing communication service [24]. Thedistributed overlay network Tor creates is designed toanonymize TCP-based applications like web browsing. Or-web is such a web browser and uses the Orbot app as theTor client software. Tor clients build temporary circuits fromavailable relay routers that are found in a Tor directoryserver. A typical circuit has a fixed length of three differ-ent nodes: 1. entry node 2. relay node 3. exit node. Theinitiator chooses which nodes to use and creates a tunnelthrough each, ending up with three layers of encryption.The nodes only know their direct neighbor in the circuit,so operate anonymously beyond their direct neighbor, andare not supposed to log this information to enhance privacy.Anonymity outside of the Tor network is the result of the exitnode connecting outside of the Tor network on behalf of theinitiator. From the exit node onwards the connection is nolonger secured by Tor. To prevent abuse not every exit node

Figure 4. The Orbot home screen.

allows all traffic and all destinations and some only connectto a private network. To achieve low latency the initiatormakes use of the advertised available bandwidth for a relayrouter to do load balancing. [25] Perfect forward secrecyis achieved by negotiating session keys for each successivehop in the circuit.

The directory server is a central component in the Tornetwork and is the authority of the list of relays that makeup the Tor network. Only 10 directory servers are currentlyin existence and all the addresses are hard coded into the TorBrowser Bundle. The directory server must approve everynew onion router and must be trusted by all its users. Bridgerelays however are not listed in the main Tor directorymaking it difficult for a censor to block all known Torrelays. Limited amount of bridge addresses are providedupon manual user request by the bridge authority via email[26]. Obfuscation protocols are used to connect to the firstTor relay and constantly improved to stay ahead of the deeppacket inspection of censoring ISPs.

Inside its network Tor offers location-hidden TCP-services, like a web server. The service provider can stayanonymous by creating circuits to multiple introductionpoints that can be contacted by potential users of the service.The user collects the onion identifier of the hidden serviceand create its own circuit to the introduction point as wellas a separate circuit to another relay router that acts as arendezvous point. The hidden service learns of the user’srequest from its introduction point and connects via anothercircuit to the rendezvous point where the two circuits aremated. Various attacks [27] [28] sometimes involve justone malicious node to compromise anonymity of a hiddenservice within minutes or hours [29]. An active attacker canalways try to analyze the timing and volume of traffic goingin and out of the relay to de-anonymize its target due tothe low-latency design of the Tor network. [30] To counterthis attack angle a relay that is deemed reliable in termsof uptime and capable in terms of bandwidth availabilityreceives the Guard flag. A small subset of guard nodesare selected by a Tor client for a longer period of time tochoose entry nodes from. If an adversary is not in this subsetof entry guards it prevents the adversary from eventuallybecoming the first relay in the circuit after frustrating thecircuit building process of the Tor client. This gives the Toruser a chance to not be observed from the first relay, thatis the only relay that knows the true origin. Although guardnodes are supposed to guard against path disruption attacks,they are themselves vulnerable to attack [25].

6. The Tribler Family

Tribler is a fully decentralized peer-to-peer social shar-ing app that aims to provide a Youtube-like video consumingexperience with an integrated multimedia player. On thedesktop Tribler is a single application which runs on all threemajor platforms, but on Android the core components andinterface are not yet well integrated. On the mobile platformthe Tribler family of apps offer additional privacy enhancingfeatures, viral spreading and mutation from source code.

The two authors of this survey are doing their thesiswork on Tribler and founded Tribler respectively.

6.1. Tribler Play

The Tribler Play app consists of a native Android JavaGUI, VLC for Android player and Python for Android torun Tribler underneath. [31]

Tribler is capable of distributed streaming of real-timeHD video and efficiently adapt to network conditions [32],[33]. It is based upon and compatible with the BitTorrentprotocol, but without the need for any central component inthe system, like trackers or websites. Search functionalityis integrated into the app by the elastic database Dispersy.Content is announced on channels, just like Youtube, andeach user can create one. Tribler uses three specific Dis-persy communities to distribute torrent files and therebyreplace the typical BitTorrent websites: AllChannelCom-munity, SearchCommunity and MetadataCommunity. Deepknowledge and performance analysis of the BitTorrent pro-

Figure 5. The Tribler Play home screen while starting a stream.

tocol generated insights for improvements that were appliedin Tribler [34], [35], [36], [37]. For instance, timely andaccurate knowledge of the geographical location of peersin the network can increase the transfer speed significantly[38]. In order to propagate and store metadata a gossip typeprotocol is used [39], [40]. A study of the top-10 Youtubecontent creators indicate that essential features for effectiveplatforms for peer production are: separation of good andbad contributions, regulation of computer resources, groupcommunication, and community building [41].

Building upon social relationships Tribler gives contentrecommendations to the user automatically based on thepreferences of friends and people with similar interests andimproves these suggestions even without interaction [42],[43]. Self-organizing collaborative filtering can improvethese recommendations even without interaction [44], [45],[46], [47], [48]

Free-riding can not be prevented if more than half thepeers are behind a firewall, since they are unable to respondto incoming connections [49]. Therefore to be able to pro-vide a reasonable quality of service for fair users, free-ridersin the system are penalized as long as upload bandwidth inthe swarm is scarce [50]. A distinction is made betweenlazy free-riders and die-hard free-riders, the latter of whichcheats the protocol [51].

Tribler correlates multiple overlay networks to charac-terize the behavior of real users [52]. For example, com-munities of users with similar interests can be exploited toautomatically build a robust semantic and social overlay toincrease usability and download performance significantlyby collaborative downloading [53], [54]. The social networkcan also increase trust and give an incentive to exchangecontent which increases content availability [48]. Since co-operation is hard to enforce Tribler uses psychology theoryfor inducing it by showing the similarity between users,making behavior publicly visible, making it possible forusers to express approval or disapproval about each other,allowing different return-on-investment times for differentrelationship types, showing how much others contribute inrespect to their total resources, exploiting the need to belong,and make groups small, powerful and exclusive, allowingusers to stand out of the crowd, displaying informationon friendship and the degrees of separation, letting usersspecialize in one of the four aspects of cooperation, keepingtrack of the given help/received help ratio, making infor-mation about a group and its members visible, and finally,making users feel intrinsically motivated to cooperate [55],[56]. A user is more induced to reciprocity over time if theaction is directed at one person rather than whole communityas a whole [57]. Effective reciprocal relationships can mostlikely be found within first or second degrees of separation,whereas relationships of higher degrees are not as flexibleover time, thus benefiting most from immediate reciprocity.[58]

6.2. Android Tor Tribler Tunneling (AT3)

Android Tor Tribler Tunneling (AT3) is a research proto-type that proves the feasibility of using anonymous tunnelson an Android device through which Tribler can offer itsservices to the user as long as the Android device supportshardware accelerated cryptography or encryption is disabled.AT3 is the sibling of Tribler Play, both use Python forAndroid to run the Tribler core and an Android port of theBitTorrent library (libtorrent), and the apps together offerthe same functionality as the Tribler desktop application.[59]

The Tor-like anonymity network is very similar to plainTor, however it is a separate network and allows multiplecircuits at the same time to be aggregated to increase down-load speed. The app anonymously downloads a torrent of 50MB over 1-3 hops and 1-3 circuits while measuring CPUusage and download speed, averaging 450-650 KB/s [59].

The regular BitTorrent protocol on top of plain Tor leaksinformation and becomes more vulnerable to traffic moni-toring and communications’ hijacking [60]. Tribler howevereliminated the tracker that would normally reveal the trueIP addresses of its users, thus Tribler now combines the bestof both worlds.

Figure 6. The Android Tor Tribler Tunneling home screen.

6.3. Shadow Internet

The Shadow Internet app currently integrates a videorecording feature, NFC+Bluetooth wireless app & file trans-fer feature with the Tribler search and download features.The entire app, including the interface, are written in Python,supported by Python for Android. [61]

Android smart phones that are equipped with a NearField Communication (NFC) chip can use this to auto-matically setup a Bluetooth large file transfer with theAndroid Beam feature. The Shadow Internet app can trans-fer the videos made with the phone as well as the appitself. Leveraging the ease of use and power efficiency ofNFC+Bluetooth transfers the smart phone is turned intoa node of an ad hoc network wherever Internet is notavailable. When Internet is available the app would use theTribler network to seed the video, but is currently not yetimplemented.

In the use case of eye witness of government misbehav-ior the app would allow the user to record and share theevidence anonymously directly from the Shadow Internetapp. Spreading the data as fast as possible and possiblygetting it out of the government controlled region is keyfor the evidence to come to light.

Another use case is the festival fanatic who records avideo of the experience and wants to instantly share it withfriends in an extremely busy area or an area without Internetaccess. In both instances the wireless NFC+Bluetooth trans-fer allows the user to share the content to anyone withoutthe app even. If a WiFi connection is available the Triblerprotocol would publish and distribute the video effectivelyvia the users’ channel.

6.4. DroidStealth

The DroidStealth app has a morphing capabilities, cryp-tography containers and can hide traces of usage of itselfon the phone. The app acts like a vault in which content

Figure 7. The Shadow Internet home screen with video context menu.

can be securely saved thanks to encryption. Just like theShadow Internet app [61] it also features a video camerarecorder and on top of that a voice and photo capture feature.[63], [64] The user interface is very intuitive thanks to anicon and color indication of which content is currently (not)encrypted, and simply tapping to toggle the status. The mostimpressive features are the hiding capabilities that do notrequire special permissions on the device: morphing the iconand name to something inconspicuous, the hidden launchers,and automatic removal of traces of usage.

The app can be secretly launched by typing a userconfigured pin-code into phone dialer or with an invisiblewidget. The fake phone number won’t be called and won’tshow up in the recent called list. After switching to anotherapp or the desktop DroidStealth is no longer present in therecent app carousel.

The morphing is achieved through unpacking the An-droid Application Package (.apk) and modifying the binaryxml files and icon.png, then repackaging and signing withan embedded key. The morphed app can then be shared with

Figure 8. The DroidStealth home screen with content.

Name Age Last Commits LOC # Contributers # Open # Open Min. Android # Installations

Release Pull Requests Issues Version

Psiphon 9 y nov ‘15 6 K 363 K 29 4 174 2.2+ 10.000.000 - 50.000.000

Tor 13 y oct ‘14 46 K 435 K 287 - 2425 2.2+ 5.000.000 - 10.000.000

Tribler 10 y jan ‘15 15 K 166 K 72 8 186 4.0+ 1.000.000 - 5.000.000

Serval 11 y jul ‘15 12 K 420 K 120 8 17 2.2+ 100.000 - 500.000

Twimight 4 y sep ‘14 0.5 K 24 K 6 - 9 4.0+ 5.000 - 10.000

TABLE 1. COMPARING PROJECTS [62].

others via NFC+Bluetooth just like the Shadow Internet app[61].

Any adversary that performs a casual check on the phonewill not notice a calculator or another similarly innocuousapp. All suspect traces of usage are removed automaticallyby the app and it can superficially look like any other appwith extreme ease.

6.5. SelfCompileApp

The SelfCompileApp is the first autonomous app thatis capable of self-compilation, mutation and viral spreading[11]. It does not require a host computer to alter its function-ality or change its appearance, and no special permissions onthe device. It also does not need to be distributed through anapp store or website because it has the same NFC+Bluetoothtransfer feature as DroidStealth [63]. It has all the requiredAndroid SDK build tools embedded and a Java key storewith the default android debug key to sign the AndroidApplication Package (.apk). The source code, resources andlibraries are extracted on the SD card accessible to the userwho can then modify the app manually or only use the GUIof the app that allows the icon, name, package, colors andtheme to be modified.

Any content added to the assets folder on the SD cardcan be embedded in the app just like the Java key store.Combined with the wireless transfer capabilities the app be-comes effectively a morphing container that can mutate andvirally spread without the need for Internet, thus overcomingInternet kill switches and disruptions due to natural disastersor man made interference.

7. Conclusions

We presented a wide range of Android-based socialmedia tools for disaster communication, privacy, and over-coming Internet kill switches.

No clear winner has emerged among the existing robustsocial media tools. For numerous years various groups haveworked on differing approaches. No project has achievedthe maturity and popularity of the mainstream fragile so-cial media tools based on a single profit-driven entity andcentralized architecture. Will any robust tool ever reach thepopularity of market leaders such as Twitter (300 millionmonthly active users)?

Our survey indicates that it is unlikely that robustnessand resilience will become mainstream. Existing projects do

not seem to be on a sustainable trajectory for mainstreamuptake. The sad conclusions is that the underlying reasonsfor a stark future are difficult to overcome. For instance,lack of funding, lack of dedicated expert developers, highlyfragmented development effort, replication of effort insteadof software re-use, lack of usability testing, and minimaluser experience expertise.

Figure 9. The SelfCompileApp home screen.

References

[1] J. Cowie, A. Popescu, and T. Underwood, “Impact of hurricanekatrina on internet infrastructure,” Renesys, Tech. Rep., September2005. [Online]. Available: http://research.dyn.com/content/uploads/2013/05/Renesys-Katrina-Report-9sep2005.pdf

[2] C.-E. Denis, “Why haiti’s cellphone networks failed,” IEEE, Feb2010. [Online]. Available: http://spectrum.ieee.org/telecom/wireless/why-haitis-cellphone-networks-failed

[3] CNN, “Major power outage hits new york, other large cities,”August 2003. [Online]. Available: http://edition.cnn.com/2003/US/08/14/power.outage/

[4] N. Onishi, “Weak power grids in africa stunt economies andfire up tempers,” New York Times, July 2015. [Online].Available: http://www.nytimes.com/2015/07/03/world/africa/weak-power-grids-in-africa-stunt-economies-and-fire-up-tempers.html

[5] H. R. Watch, “How censorship works in china: A brief overview,”August 2006. [Online]. Available: https://www.hrw.org/reports/2006/china0806/3.htm

[6] J. Watts, “Cuba’s ’offline internet’: no access, nopower, no problem,” December 2014. [Online]. Avail-able: http://www.theguardian.com/world/2014/dec/23/cuba-offline-internet-weekly-packet-external-hard-drives

[7] A. Passary, “Turkey calls for social media blackout afterankara terrorist attack: Twitter and facebook blocked,” October2015. [Online]. Available: http://www.techtimes.com/articles/94159/20151012/turkey-calls-for-social-media-blackout-after-ankara-terrorist-attack-twitter-and-facebook-blocked.htm

[8] J. A. Halderman, “Internet censorship in iran: A first look,” in3rd USENIX Workshop on Free and Open Communications onthe Internet. Aryan Censorship Project, August 2013. [Online].Available: https://jhalderm.com/pub/papers/iran-foci13.pdf

[9] A. Nesterov, “Russia actually kind of cracked (?) tor,”Nov 2015. [Online]. Available: http://www.mail-archive.com/cypherpunks@cpunks.org/msg10678.html

[10] E. Quartey, “The mystery of the power bank phone taking overghana,” May 2015. [Online]. Available: http://qz.com/411330/the-mystery-of-the-power-bank-phone-taking-over-ghana/

[11] P. Brussee and J. Pouwelse, “Autonomous smartphone apps:self-compilation, mutation, and viral spreading,” arXiv, Nov 2015.[Online]. Available: http://arxiv.org/abs/1511.00444

[12] P. Mozur, “China cuts mobile service of xinjiang residentsevading internet filters,” Nov 2015. [Online]. Available:http://www.nytimes.com/2015/11/24/business/international/china-cuts-mobile-service-of-xinjiang-residents-evading-internet-filters.html? r=0

[13] J. Pouwelse, “Moving toward a censorship-free internet,” InternetEngineering Task Force, vol. 8, no. 2, pp. 16–17, October 2012.[Online]. Available: http://www.internetsociety.org/articles/moving-toward-censorship-free-internet

[14] T. Hossmann, P. Carta, D. Schatzmann, F. Legendre, P. Gunningberg,and C. Rohner, “Twitter in disaster mode: Security architecture,”in Proceedings of the Special Workshop on Internet and Disasters,ser. SWID ’11. New York, NY, USA: ACM, 2011, pp. 7:1–7:8.[Online]. Available: http://doi.acm.org/10.1145/2079360.2079367

[15] A. Bettison, “Serval dna,” 2014. [Online]. Available: http://developer.servalproject.org/dokuwiki/doku.php?id=content:tech:dna

[16] S. Project. (2014) Serval dna. [Online]. Available: https://github.com/servalproject/serval-dna

[17] O. T. Institute. (2012) Commotion wireless mesh. [Online]. Available:https://commotionwireless.net/about/faq/

[18] H. Hoag, “Canadian software helps syrian ac-tivists avoid web censors,” March 2012. [Online].Available: http://www.thestar.com/sponsored sections/2012/03/02/canadian software helps syrian activists avoid web censors.html

[19] M. Manning, A. Gomes, and A. Rahimi, “Psiphon inc. psiphon 3security assessment,” iSECpartners, Tech. Rep., August 2014.

[20] D. Fifield, C. Lan, R. Hynes, P. Wegmann, and V. Paxson, “Blocking-resistant communication through domain fronting,” in Proceedingson Privacy Enhancing Technologies 2015, 2015, pp. 46–64. [Online].Available: https://petsymposium.org/2015/papers/03 Fifield.pdf

[21] “Psiphon circumvention system design paper,” June 2011.

[22] J. Scott-Railton, “Maliciously repackaged psiphon found,” Universityof Toronto, Tech. Rep., March 2014. [Online]. Available: https://citizenlab.org/2014/03/maliciously-repackaged-psiphon/

[23] P. Inc. (2015) Psiphon. [Online]. Available: https://psiphon.ca/

[24] R. Dingledine, N. Mathewson, and P. Syverson, “Tor:The second-generation onion router,” 2004. [Online]. Avail-able: http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA465464

[25] K. Bauer, D. McCoy, D. Grunwald, T. Kohno, and D. Sicker,“Low-resource routing attacks against tor,” in Proceedings of the2007 ACM Workshop on Privacy in Electronic Society, ser. WPES’07. New York, NY, USA: ACM, 2007, pp. 11–20. [Online].Available: http://doi.acm.org/10.1145/1314333.1314336

[26] T. Project, “Tor: Bridges,” 2015. [Online]. Available: https://www.torproject.org/docs/bridges.html.en

[27] S. Chakravarty, A. Stavrou, and A. Keromytis, “Identifyingproxy nodes in a tor anonymization circuit,” in Signal ImageTechnology and Internet Based Systems, 2008. SITIS ’08. IEEEInternational Conference on, Nov 2008, pp. 633–639. [Online].Available: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=4725864&newsearch=true&queryText=Identifying%20Proxy%20Nodes%20in%20a%20Tor%20Anonymization%20Circuit

[28] J. Elices and F. Perez-Gonzalez, “Locating tor hidden services throughan interval-based traffic-correlation attack,” in Communications andNetwork Security (CNS), 2013 IEEE Conference on, Oct 2013,pp. 385–386. [Online]. Available: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6682740

[29] L. Overlier and P. Syverson, “Locating hidden servers,” inSecurity and Privacy, 2006 IEEE Symposium on, May 2006,pp. 15 pp.–114. [Online]. Available: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1624004&tag=1

[30] C. Tang and I. Goldberg, “An improved algorithm for tor circuitscheduling,” in Proceedings of the 17th ACM Conference onComputer and Communications Security, ser. CCS ’10. NewYork, NY, USA: ACM, 2010, pp. 329–339. [Online]. Available:http://doi.acm.org/10.1145/1866307.1866345

[31] W. Sabe, D. Schut, and N. Spruit, “Decentralized media streamingon android using tribler,” 2014.

[32] J. Pouwelse, J. Taal, R. Lagendijk, D. Epema, and H. Sips,“Real-time video delivery using peer-to-peer bartering networksand multiple description coding,” in IEEE Conference on Systems,Man and Cybernetics, October 2004. [Online]. Available: http://www.pds.ewi.tudelft.nl/pubs/papers/smc2004.pdf

[33] J. Taal, J. Pouwelse, and R. Lagendijk, “Scalable multiple descriptioncoding for video distribution in p2p networks,” in 24-th PictureCoding Symposium, San Francisco, dec 2004. [Online]. Available:http://www.pds.ewi.tudelft.nl/pubs/papers/pcs2004.pdf

[34] J. Pouwelse, P. Garbacki, D. Epema, and H. Sips, “A measurementstudy of the bittorrent peer-to-peer file-sharing system,” DelftUniversity of Technology, Tech. Rep., april 2004. [Online]. Available:http://www.pds.ewi.tudelft.nl/pubs/papers/report200407.pdf

[35] J. A. Pouwelse, P. Garbacki, D. H. J. Epema, and H. J. Sips,“The bittorrent p2p file-sharing system: Measurements and analysis,”in In Proc. of the 4th International Workshop on Peer-to-PeerSystems (IPTPS’05), ser. LNCS 3640. Springer, feb 2005, pp.205–216. [Online]. Available: http://www.pds.ewi.tudelft.nl/pubs/papers/iptps2005.pdf

[36] A. Iosup, P. Garbacki, J. Pouwelse, and D. Epema, “Analyzingbittorrent: Three lessons from one peer-level view,” in Proc. of the11th ASCI Conference, 2005, pp. 96–104, 6-8 June, 2005, Heijen,The Netherlands. [Online]. Available: http://www.pds.ewi.tudelft.nl/∼iosup/aiosup05asci.pdf

[37] D. Hales, R. Rahman, B. Zhang, M. Meulpolder, and J. Pouwelse,“Bittorrent or bitcrunch: Evidence of a credit squeeze in bittorrent?”in Proceedings Wetice 2009. IEEE CS Press, 2009, pp. 99–104. [Online]. Available: http://davidhales.name/papers/bitcrunch-2009.pdf

[38] A. Iosup, P. Garbacki, J. Pouwelse, and D. Epema, “A method takingfast and accurate geo* snapshots of large p2p networks,” in Proc. ofthe 15th Intl. Conference on Control Systems and Computer Science(CSCS-15), 2005, pp. 663–670, 25–27 May, Bucharest, Romania.

[39] J. Yang, J. Wang, M. Clements, J. A. Pouwelse, A. P.de Vries, and M. Reinders, “An epidemic-based p2p recommendersystem,” in Workshop on Large Scale Distributed Systemsfor Information Retrieval (LSDS-IR) in SIGIR07, 2007. [On-line]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.107.7019&rep=rep1&type=pdf#page=16

[40] R. Rahman, D. Hales, M. Meulpolder, V. Heinink, J. Pouwelse, andH. Sips, “Robust vote sampling in a p2p media distribution system,”in Proceedings IPDPS 2009 (HotP2P 2009). IEEE ComputerSociety, May 2009. [Online]. Available: http://dx.doi.org/10.1109/IPDPS.2009.5160946

[41] J. Pouwelse, P. Garbacki, D. Epema, and H. Sips, “Pirates andsamaritans: A decade of measurements on peer production and theirimplications for net neutrality and copyright,” TelecommunicationsPolicy, vol. 32, pp. 701–712, 2008. [Online]. Available: http://pds.twi.tudelft.nl/pubs/papers/telecompolicy2008.pdf

[42] J. A. Pouwelse, M. van Slobbe, J. Wang, and H. J. Sips,“P2p-based pvr recommendation using friends, taste buddies andsuperpeers,” in Beyond Personalization 2005, Workshop on theNext Stage of Recommender Systems Research, San Diego, jan2005. [Online]. Available: http://www.pds.ewi.tudelft.nl/pubs/papers/beyond2005.pdf

[43] J. Pouwelse, J. Yang, M. Meulpolder, D. Epema, and H. Sips,“Buddycast: an operational peer-to-peer epidemic protocol stack,” inProc. of the 14th Annual Conf. of the Advanced School for Computingand Imaging, G. Smit, D. Epema, and M. Lew, Eds. ASCI, 2008,pp. 200–205. [Online]. Available: http://www.pds.ewi.tudelft.nl/fileadmin/pds/reports/2008/PDS-2008-005.pdf

[44] J. Wang, M. Reinders, J. Pouwelse, and R. Lagendijk, “Wi-fiwalkman: a wireless handhold that shares and recommends musicon peer-to-peer networks,” in Proc. of Embedded Processors forMultimedia and Communications II, part of the IS and T/SPIESymposium on Electronic Imaging 2005., 2005. [Online]. Available:http://www.pds.ewi.tudelft.nl/pubs/papers/spie2005.pdf

[45] J. Wang, M. Reinders, R. Lagendijk, and J. Pouwelse, “Self-organizing distributed collaborative filtering,” in ACM SIGIRConference on Research and Development in Information Retrieval,Aug 2005. [Online]. Available: http://www.isa.its.tudelft.nl/∼pouwelse/self-organizing distributed collaborative filtering.pdf

[46] J. Wang, J. Pouwelse, M. Reinders, and R. Lagendijk, “Distributedcollaborative filtering for peer-to-peer file sharing systems,” inEleventh annual conference of the Advanced School for Computingand Imaging, 2005. [Online]. Available: http://www.isa.its.tudelft.nl/∼pouwelse/distributed collaborative filtering for P2P.pdf

[47] M. Clements, A. P. de Vries, J. A. Pouwelse, J. Wang,and M. J. Reinders, “Evaluation of neighbourhood selectionmethods in decentralized recommendation systems,” in Workshopon Large Scale Distributed Systems for Information Retrieval(LSDS-IR), Springer, Ed. Springer, July 2007. [Online]. Available:http://mmc.tudelft.nl/sites/default/files/Clements2007 LSDS.pdf

[48] J. Wang, J. Pouwelse, J. Fokker, A. de Vries, and M. Reinders,“Personalization on a peer-to-peer television system,” MultimediaTools and Applications, vol. 36, pp. 89–113, 2008. [Online].Available: http://www.pds.ewi.tudelft.nl/pubs/papers/mmt2008.pdf

[49] J. Mol, J. Pouwelse, D. Epema, and H. Sips, “Free-riding, fairness,and firewalls in p2p file-sharing,” in 8-th IEEE InternationalConference on Peer-to-Peer Computing, K. Wehrle, W. Kellerer,S. Singhal, and R. Steinmetz, Eds. IEEE Computer Society, sep 2008,pp. 301–310. [Online]. Available: http://www.pds.ewi.tudelft.nl/pubs/papers/p2p2008.pdf

[50] J. Mol, J. Pouwelse, M. Meulpolder, D. Epema, and H. Sips,“Give-to-get: Free-riding-resilient video-on-demand in p2p systems,”in Multimedia Computing and Networking 2008, vol. 6818, no.Article 681804. SPIE Vol. 6818, January 2008. [Online]. Available:http://www.pds.ewi.tudelft.nl/pubs/papers/mmcn2008.pdf

[51] M. Meulpolder, J. Pouwelse, D. Epema, and H. Sips,“Bartercast: A practical approach to prevent lazy freeriding inp2p networks,” in Proceedings of the 23rd IEEE InternationalParallel and Distributed Processing Symposium, S. U. o.N. Y. Yuanyuan Yang, Ed. Los Alamitos, USA: IEEEComputer Society, May 2009, pp. 1–8. [Online]. Available:http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=5160954&searchWithin%3Dp Last Names%3Ameulpolder%26matchBoolean%3Dtrue%26queryText%3D%28p Authors%3Ameulpolder%29

[52] A. Iosup, P. Garbacki, J. Pouwelse, and D. Epema, “Correlatingtopology and path characteristics of overlay networks and theinternet,” in Proc. of the the 6th Intl. Workshop on Globaland Peer-to-Peer Computing (GP2PC06). Los Alamitos, CA,USA: IEEE Computer Society, 2006, pp. 10, CDROM, inconjunction with the IEEE/ACM CCGrid. [Online]. Available:http://www.st.ewi.tudelft.nl/∼iosup/mprobe05gp2pc.pdf

[53] J. Pouwelse, P. Garbacki, J. Wang, A. Bakker, J. Yang, A. Iosup,D. Epema, M. Reinders, M. van Steen, and H. Sips, “Tribler: A social-based peer-to-peer system,” Concurrency and Computation: Practiceand Experience, vol. 20, pp. 127–138, February 2008. [Online].Available: http://www.pds.ewi.tudelft.nl/pubs/papers/cpe2007.pdf

[54] P. Garbacki, D. Epema, J. A. Pouwelse, and M. van Steen,“Offloading servers with collaborative video on demand,” in In7th International Workshop on Peer-to-Peer Systems (IPTPS ’08),A. Iamnitchi and S. Saroiu, Eds., Feb 2008. [Online]. Available:http://www.st.ewi.tudelft.nl/∼pawel/pub/collvod.pdf

[55] J. Fokker, H. de Ridder, P. Westendorp, and J. Pouwelse,“Psychological backgrounds for inducing cooperation in peer-to-peertelevision,” in EuroITV 2007. Springer Verlag, 2007, pp. 136–145. [Online]. Available: http://www.pds.ewi.tudelft.nl/pubs/papers/euroitv2007a.pdf

[56] J. E. Fokker, H. de Ridder, P. H. Westendorp, and J. A. Pouwelse,“Inducing cooperation in peer-to-peer television systems,” in TICSPAdjunct Proccedings of EuroITV 2007. TICPS, 2007, pp. 314–318. [Online]. Available: http://www.pds.ewi.tudelft.nl/pubs/papers/euroitv2007b.pdf

[57] J. Fokker, H. de Ridder, P. Westendorp, and J. Pouwelse, “Exploringthe acceptability of delayed reciprocity in peer-to-peer networks,” inPersuasive 2008. Springer, 2008, pp. 237–2008. [Online]. Available:http://www.pds.ewi.tudelft.nl/pubs/papers/persuasive2008.pdf

[58] J. E. Fokker, P. H. Westendorp, J. A. Pouwelse, and H. de Ridder,“A questionnaire-based study on delayed reciprocity in a p2p-tv system,” in Proceeding of the 1st international conferenceon Designing interactive user experiences for TV and video(UXTV ’08), ACM, Ed. ACM, 2008. [Online]. Available:http://dx.doi.org/10.1145/1453805.1453836

[59] M. D. Vos, R. Jagerman, and L. Versluis, “Android tor tribler tun-neling (at3),” 2014. [Online]. Available: http://repository.tudelft.nl/view/ir/uuid%3Ab258a5e8-002c-4631-9291-04be902119f6/

[60] P. Manils, C. Abdelberi, S. L. Blond, M. A. Kaafar, C. Castelluccia,A. Legout, and W. Dabbous, “Compromising tor anonymityexploiting P2P information leakage,” CoRR, vol. abs/1004.1461,2010. [Online]. Available: http://arxiv.org/abs/1004.1461

[61] M. van Beusekom and N. Herckenrath, “Shadow internet: Acensorship-free communication infrastructure,” 2015.

[62] Redecentralize, “Alternative internet,” oct 2015. [Online]. Available:https://redecentralize.github.io/alternative-internet/

[63] O. Hokke, A. Kolpa, J. van den Oever, A. Walterbos, and J. Pouwelse,“A self-compiling android data obfuscation tool,” 2015.

[64] O. Hokke, A. Kolpa, A. Walterbos, and J. van den Oever. (2014,4) Droidstealth. Delft University of Technology. [Online]. Available:https://github.com/droidstealth