-
SONIC: Connect the Unconnected via FM Radio & SMS
Authors:
Ayush Pandey,
Rohail Asim,
Khalid Mengal,
Matteo Varvello,
Yasir Zaki
Abstract:
As of 2022, about 2.78 billion people in develo** countries do not have access to the Internet. Lack of Internet access hinders economic growth, educational opportunities, and access to information and services. Recent initiatives to ``connect the unconnected'' have either failed (project Loon and Aquila) or are characterized by exorbitant costs (Starlink and similar), which are unsustainable fo…
▽ More
As of 2022, about 2.78 billion people in develo** countries do not have access to the Internet. Lack of Internet access hinders economic growth, educational opportunities, and access to information and services. Recent initiatives to ``connect the unconnected'' have either failed (project Loon and Aquila) or are characterized by exorbitant costs (Starlink and similar), which are unsustainable for users in develo** regions. This paper proposes SONIC, a novel connectivity solution that repurposes a widespread communication infrastructure (AM/FM radio) to deliver access to pre-rendered webpages. Our rationale is threefold: 1) the radio network is widely accessible -- currently reaching 70% of the world -- even in develo** countries, 2) unused frequencies are highly available, 3) while data over sound can be slow, when combined with the radio network, it takes advantage of its broadcast nature, efficiently reaching a large number of users. We have designed and built a proof of concept of SONIC which shows encouraging initial results.
△ Less
Submitted 1 July, 2024;
originally announced July 2024.
-
A First Look at Immersive Telepresence on Apple Vision Pro
Authors:
Ruizhi Cheng,
Nan Wu,
Matteo Varvello,
Eugene Chai,
Songqing Chen,
Bo Han
Abstract:
Due to the widespread adoption of "work-from-home" policies, videoconferencing applications (e.g., Zoom) have become indispensable for remote communication. However, these systems lack immersiveness, leading to the so-called "Zoom fatigue" and degrading communication efficiency. The recent debut of Apple Vision Pro, a mixed reality headset that supports "spatial persona", aims to offer an immersiv…
▽ More
Due to the widespread adoption of "work-from-home" policies, videoconferencing applications (e.g., Zoom) have become indispensable for remote communication. However, these systems lack immersiveness, leading to the so-called "Zoom fatigue" and degrading communication efficiency. The recent debut of Apple Vision Pro, a mixed reality headset that supports "spatial persona", aims to offer an immersive telepresence experience with these applications. In this paper, we conduct a first-of-its-kind in-depth and empirical study to analyze the performance of immersive telepresence with four applications, Apple FaceTime, Cisco Webex, Microsoft Teams, and Zoom, on Vision Pro. We find that only FaceTime provides a truly immersive experience with spatial personas, whereas other applications still operate 2D personas. Our measurement results reveal that (1) FaceTime delivers semantic information to optimize bandwidth consumption, which is even lower than that of 2D persona for other applications, and (2) it employs visibility-aware optimizations to reduce rendering overhead. However, the scalability of FaceTime remains limited, with a simple server allocation strategy that potentially leads to high network delay among users.
△ Less
Submitted 16 May, 2024;
originally announced May 2024.
-
Exploring the Potential of Generative AI for the World Wide Web
Authors:
Nouar AlDahoul,
Joseph Hong,
Matteo Varvello,
Yasir Zaki
Abstract:
Generative Artificial Intelligence (AI) is a cutting-edge technology capable of producing text, images, and various media content leveraging generative models and user prompts. Between 2022 and 2023, generative AI surged in popularity with a plethora of applications spanning from AI-powered movies to chatbots. In this paper, we delve into the potential of generative AI within the realm of the Worl…
▽ More
Generative Artificial Intelligence (AI) is a cutting-edge technology capable of producing text, images, and various media content leveraging generative models and user prompts. Between 2022 and 2023, generative AI surged in popularity with a plethora of applications spanning from AI-powered movies to chatbots. In this paper, we delve into the potential of generative AI within the realm of the World Wide Web, specifically focusing on image generation. Web developers already harness generative AI to help crafting text and images, while Web browsers might use it in the future to locally generate images for tasks like repairing broken webpages, conserving bandwidth, and enhancing privacy. To explore this research area, we have developed WebDiffusion, a tool that allows to simulate a Web powered by stable diffusion, a popular text-to-image model, from both a client and server perspective. WebDiffusion further supports crowdsourcing of user opinions, which we use to evaluate the quality and accuracy of 409 AI-generated images sourced from 60 webpages. Our findings suggest that generative AI is already capable of producing pertinent and high-quality Web images, even without requiring Web designers to manually input prompts, just by leveraging contextual information available within the webpages. However, we acknowledge that direct in-browser image generation remains a challenge, as only highly powerful GPUs, such as the A40 and A100, can (partially) compete with classic image downloads. Nevertheless, this approach could be valuable for a subset of the images, for example when fixing broken webpages or handling highly private content.
△ Less
Submitted 26 October, 2023;
originally announced October 2023.
-
Dissecting the Performance of Satellite Network Operators
Authors:
Aravindh Raman,
Matteo Varvello,
Hyunseok Chang,
Nishanth Sastry,
Yasir Zaki
Abstract:
The rapid growth of satellite network operators (SNOs) has revolutionized broadband communications, enabling global connectivity and bridging the digital divide. As these networks expand, it is important to evaluate their performance and efficiency. This paper presents the first comprehensive study of SNOs. We take an opportunistic approach and devise a methodology which allows to identify public…
▽ More
The rapid growth of satellite network operators (SNOs) has revolutionized broadband communications, enabling global connectivity and bridging the digital divide. As these networks expand, it is important to evaluate their performance and efficiency. This paper presents the first comprehensive study of SNOs. We take an opportunistic approach and devise a methodology which allows to identify public network measurements performed via SNOs. We apply this methodology to both M-Lab and RIPE public datasets which allowed us to characterize low level performance and footprint of up to 18 SNOs operating in different orbits. Finally, we identify and recruit paid testers on three popular SNOs (Starlink, HughesNet, and ViaSat) to evaluate the performance of popular applications like web browsing and video streaming.
△ Less
Submitted 16 November, 2023; v1 submitted 24 October, 2023;
originally announced October 2023.
-
I Tag, You Tag, Everybody Tags!
Authors:
Hazem Ibrahim,
Rohail Asim,
Matteo Varvello,
Yasir Zaki
Abstract:
Location tags are designed to track personal belongings. Nevertheless, there has been anecdotal evidence that location tags are also misused to stalk people. Tracking is achieved locally, e.g., via Bluetooth with a paired phone, and remotely, by piggybacking on location-reporting devices which come into proximity of a tag. This paper studies the performance of the two most popular location tags (A…
▽ More
Location tags are designed to track personal belongings. Nevertheless, there has been anecdotal evidence that location tags are also misused to stalk people. Tracking is achieved locally, e.g., via Bluetooth with a paired phone, and remotely, by piggybacking on location-reporting devices which come into proximity of a tag. This paper studies the performance of the two most popular location tags (Apple's AirTag and Samsung's SmartTag) through controlled experiments - with a known large distribution of location-reporting devices - as well as in-the-wild experiments - with no control on the number and kind of reporting devices encountered, thus emulating real-life use-cases. We find that both tags achieve similar performance, e.g., they are located 55% of the times in about 10 minutes within a 100 m radius. It follows that real time stalking to a precise location via location tags is impractical, even when both tags are concurrently deployed which achieves comparable accuracy in half the time. Nevertheless, half of a victim's exact movements can be backtracked accurately (10m error) with just a one-hour delay, which is still perilous information in the possession of a stalker.
△ Less
Submitted 24 October, 2023; v1 submitted 9 March, 2023;
originally announced March 2023.
-
A Worldwide Look Into Mobile Access Networks Through the Eyes of AmiGos
Authors:
Matteo Varvello,
Yasir Zaki
Abstract:
How does the mobile experience compare between Germany and Nigeria? There is currently no public data or test-bed to provide an answer to this question. This is because deploying and maintaining such test-bed can be both challenging and expensive. To fill this gap, this paper proposes a novel test-bed design called "AmiGo", which relies on travelers carrying mobile phones to act as vantage points…
▽ More
How does the mobile experience compare between Germany and Nigeria? There is currently no public data or test-bed to provide an answer to this question. This is because deploying and maintaining such test-bed can be both challenging and expensive. To fill this gap, this paper proposes a novel test-bed design called "AmiGo", which relies on travelers carrying mobile phones to act as vantage points and collect data on mobile network performance. The "AmiGo" design has three key advantages: it is easy to deploy, has realistic user mobility, and runs on real Android devices. We further developed a suite of measurement tools for "AmiGo" to perform network measurements, e.g., **s, speedtests, and webpage loads. We leverage these tools to measure the performance of 24 mobile networks across five continents over a month via an "AmiGo" deployment involving 31 students. We find that 50% of networks face a 40-70% chance of providing low data rates, only 20% achieve low latencies, and networks in Asia, Central/South America, and Africa have significantly higher CDN download times than in Europe. Most news websites load slowly, while YouTube performs well. We made both test-bed and measurement tools open source.
△ Less
Submitted 11 July, 2023; v1 submitted 9 September, 2022;
originally announced September 2022.
-
BatteryLab: A Collaborative Platform for Power Monitoring
Authors:
Matteo Varvello,
Kleomenis Katevas,
Mihai Plesa,
Hamed Haddadi,
Fabian Bustamante,
Ben Livshits
Abstract:
Advances in cloud computing have simplified the way that both software development and testing are performed. This is not true for battery testing for which state of the art test-beds simply consist of one phone attached to a power meter. These test-beds have limited resources, access, and are overall hard to maintain; for these reasons, they often sit idle with no experiment to run. In this paper…
▽ More
Advances in cloud computing have simplified the way that both software development and testing are performed. This is not true for battery testing for which state of the art test-beds simply consist of one phone attached to a power meter. These test-beds have limited resources, access, and are overall hard to maintain; for these reasons, they often sit idle with no experiment to run. In this paper, we propose to share existing battery testbeds and transform them into vantage points of BatteryLab, a power monitoring platform offering heterogeneous devices and testing conditions. We have achieved this vision with a combination of hardware and software which allow to augment existing battery test-beds with remote capabilities. BatteryLab currently counts three vantage points, one in Europe and two in the US, hosting three Android devices and one iPhone 7. We benchmark BatteryLab with respect to the accuracy of its battery readings, system performance, and platform heterogeneity. Next, we demonstrate how measurements can be run atop of BatteryLab by develo** the "Web Power Monitor" (WPM), a tool which can measure website power consumption at scale. We released WPM and used it to report on the energy consumption of Alexa's top 1,000 websites across 3 locations and 4 devices (both Android and iOS).
△ Less
Submitted 29 January, 2022;
originally announced January 2022.
-
Can You See Me Now? A Measurement Study of Zoom, Webex, and Meet
Authors:
Hyunseok Chang,
Matteo Varvello,
Fang Hao,
Sarit Mukherjee
Abstract:
Since the outbreak of the COVID-19 pandemic, videoconferencing has become the default mode of communication in our daily lives at homes, workplaces and schools, and it is likely to remain an important part of our lives in the post-pandemic world. Despite its significance, there has not been any systematic study characterizing the user-perceived performance of existing videoconferencing systems oth…
▽ More
Since the outbreak of the COVID-19 pandemic, videoconferencing has become the default mode of communication in our daily lives at homes, workplaces and schools, and it is likely to remain an important part of our lives in the post-pandemic world. Despite its significance, there has not been any systematic study characterizing the user-perceived performance of existing videoconferencing systems other than anecdotal reports. In this paper, we present a detailed measurement study that compares three major videoconferencing systems: Zoom, Webex and Google Meet. Our study is based on 48 hours' worth of more than 700 videoconferencing sessions, which were created with a mix of emulated videoconferencing clients deployed in the cloud, as well as real mobile devices running from a residential network. We find that the existing videoconferencing systems vary in terms of geographic scope, which in turns determines streaming lag experienced by users. We also observe that streaming rate can change under different conditions (e.g., number of users in a session, mobile device status, etc), which affects user-perceived streaming quality. Beyond these findings, our measurement methodology can enable reproducible benchmark analysis for any types of comparative or longitudinal study on available videoconferencing systems.
△ Less
Submitted 27 September, 2021;
originally announced September 2021.
-
POW-HOW: An enduring timing side-channel to evade online malware sandboxes
Authors:
Antonio Nappa,
Panagiotis Papadopoulos,
Matteo Varvello,
Daniel Aceituno Gomez,
Juan Tapiador,
Andrea Lanzi
Abstract:
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided API and the wealth of information inthe reports pr…
▽ More
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided API and the wealth of information inthe reports produced by these services have also helped attackers test the efficacy of numerous techniques to make malware hard to detect.The most common technique used by malware for evading the analysis system is to monitor the execution environment, detect the presence of any debugging artifacts, and hide its malicious behavior if needed. This is usually achieved by looking for signals suggesting that the execution environment does not belong to a the native machine, such as specific memory patterns or behavioral traits of certain CPU instructions.
In this paper, we show how an attacker can evade detection on such online services by incorporating a Proof-of-Work (PoW) algorithm into a malware sample. Specifically, we leverage the asymptotic behavior of the computational cost of PoW algorithms when they run on some classes of hardware platforms to effectively detect a non bare-metal environment of the malware sandbox analyzer. To prove the validity of this intuition, we design and implement the POW-HOW framework, a tool to automatically implement sandbox detection strategies and embed a test evasion program into an arbitrary malware sample. Our empirical evaluation shows that the proposed evasion technique is durable, hard to fingerprint, and reduces existing malware detection rate by a factor of 10. Moreover, we show how bare-metal environments cannot scale with actual malware submissions rates for consumer services.
△ Less
Submitted 5 October, 2021; v1 submitted 7 September, 2021;
originally announced September 2021.
-
To Block or Not to Block: Accelerating Mobile Web Pages On-The-Fly Through JavaScript Classification
Authors:
Moumena Chaqfeh,
Muhammad Haseeb,
Waleed Hashmi,
Patrick Inshuti,
Manesha Ramesh,
Matteo Varvello,
Fareed Zaffar,
Lakshmi Subramanian,
Yasir Zaki
Abstract:
The increasing complexity of JavaScript in modern mobile web pages has become a critical performance bottleneck for low-end mobile phone users, especially in develo** regions. In this paper, we propose SlimWeb, a novel approach that automatically derives lightweight versions of mobile web pages on-the-fly by eliminating the use of unnecessary JavaScript. SlimWeb consists of a JavaScript classifi…
▽ More
The increasing complexity of JavaScript in modern mobile web pages has become a critical performance bottleneck for low-end mobile phone users, especially in develo** regions. In this paper, we propose SlimWeb, a novel approach that automatically derives lightweight versions of mobile web pages on-the-fly by eliminating the use of unnecessary JavaScript. SlimWeb consists of a JavaScript classification service powered by a supervised Machine Learning (ML) model that provides insights into each JavaScript element embedded in a web page. SlimWeb aims to improve the web browsing experience by predicting the class of each element, such that essential elements are preserved and non-essential elements are blocked by the browsers using the service. We motivate the core design of SlimWeb using a user preference survey of 306 users and perform a detailed evaluation of SlimWeb across 500 popular web pages in a develo** region on real 3G and 4G cellular networks, along with a user experience study with 20 real-world users and a usage willingness survey of 588 users. Evaluation results show that SlimWeb achieves a 50% reduction in the page load time compared to the original pages, and more than 30% reduction compared to competing solutions, while achieving high similarity scores to the original pages measured via a qualitative evaluation study of 62 users. SlimWeb improves the overall user experience by more than 60% compared to the original pages, while maintaining 90%-100% of the visual and functional components of most pages. Finally, the SlimWeb classifier achieves a median accuracy of 90% in predicting the JavaScript category.
△ Less
Submitted 20 June, 2021;
originally announced June 2021.
-
Muzeel: A Dynamic JavaScript Analyzer for Dead Code Elimination in Today's Web
Authors:
Tofunmi Kupoluyi,
Moumena Chaqfeh,
Matteo Varvello,
Waleed Hashmi,
Lakshmi Subramanian,
Yasir Zaki
Abstract:
JavaScript contributes to the increasing complexity of today's web. To support user interactivity and accelerate the development cycle, web developers heavily rely on large general-purpose third-party JavaScript libraries. This practice increases the size and the processing complexity of a web page by bringing additional functions that are not used by the page but unnecessarily downloaded and proc…
▽ More
JavaScript contributes to the increasing complexity of today's web. To support user interactivity and accelerate the development cycle, web developers heavily rely on large general-purpose third-party JavaScript libraries. This practice increases the size and the processing complexity of a web page by bringing additional functions that are not used by the page but unnecessarily downloaded and processed by the browser. In this paper, an analysis of around 40,000 web pages shows that 70% of JavaScript functions on the median page are unused, and the elimination of these functions would contribute to the reduction of the page size by 60%. Motivated by these findings, we propose Muzeel (which means eliminator in Arabic); a solution for eliminating JavaScript functions that are not used in a given web page (commonly referred to as dead code). Muzeel extracts all of the page event listeners upon page load, and emulates user interactions using a bot that triggers each of these events, in order to eliminate the dead code of functions that are not called by any of these events. Our evaluation results spanning several Android mobile phones and browsers show that Muzeel speeds up the page load by around 30% on low-end phones, and by 25% on high-end phones under 3G network. It also reduces the speed index (which is an important user experience metric) by 23% and 21% under the same network on low-end, and high-end phones, respectively. Additionally, Muzeel reduces the overall download size while maintaining the visual content and interactive functionality of the pages.
△ Less
Submitted 15 June, 2021;
originally announced June 2021.
-
Browselite: A Private Data Saving Solution for the Web
Authors:
Conor Kelton,
Matteo Varvello,
Andrius Aucinas,
Benjamin Livshits
Abstract:
The median webpage has increased in size by more than 80% in the last 4 years. This extra complexity allows for a rich browsing experience, but it hurts the majority of mobile users which still pay for their traffic. This has motivated several data-saving solutions, which aim at reducing the complexity of webpages by transforming their content. Despite each method being unique, they either reduce…
▽ More
The median webpage has increased in size by more than 80% in the last 4 years. This extra complexity allows for a rich browsing experience, but it hurts the majority of mobile users which still pay for their traffic. This has motivated several data-saving solutions, which aim at reducing the complexity of webpages by transforming their content. Despite each method being unique, they either reduce user privacy by further centralizing web traffic through data-saving middleboxes or introduce web compatibility (Webcompat) issues by removing content that breaks pages in unpredictable ways. In this paper, we argue that data-saving is still possible without impacting either users privacy or Webcompat. Our main observation is that Web images make up a large portion of Web traffic and have negligible impact on Webcompat. To this end we make two main contributions. First, we quantify the potential savings that image manipulation, such as dimension resizing, quality compression, and transcoding, enables at large scale: 300 landing and 880 internal pages. Next, we design and build Browselite, an entirely client-side tool that achieves such data savings through opportunistically instrumenting existing server-side tooling to perform image compression, while simultaneously reducing the total amount of image data fetched. The effect of Browselite on the user experience is quantified using standard page load metrics and a real user study of over 200 users across 50 optimized web pages. Browselite allows for similar savings to middlebox approaches, while offering additional security, privacy, and Webcompat guarantees.
△ Less
Submitted 15 February, 2021;
originally announced February 2021.
-
On the Battery Consumption of Mobile Browsers
Authors:
Matteo Varvello,
Benjamin Livshits
Abstract:
Mobile web browsing has recently surpassed desktop browsing both in term of popularity and traffic. Following its desktop counterpart, the mobile browsers ecosystem has been growing from few browsers (Chrome, Firefox, and Safari) to a plethora of browsers, each with unique characteristics (battery friendly, privacy preserving, lightweight, etc.). In this paper, we introduce a browser benchmarking…
▽ More
Mobile web browsing has recently surpassed desktop browsing both in term of popularity and traffic. Following its desktop counterpart, the mobile browsers ecosystem has been growing from few browsers (Chrome, Firefox, and Safari) to a plethora of browsers, each with unique characteristics (battery friendly, privacy preserving, lightweight, etc.). In this paper, we introduce a browser benchmarking pipeline for Android browsers encompassing automation, in-depth experimentation, and result analysis. We tested 15 Android browsers, using Cappuccino a novel testing suite we built for third party Android applications. We perform a battery-centric analysis of such browsers and show that: 1) popular browsers tend also to consume the most, 2) adblocking produces significant battery savings (between 20 and 40% depending on the browser), and 3) dark mode offers an extra 10% battery savings on AMOLED screens. We exploit this observation to build AttentionDim, a screen dimming mechanism driven by browser events. Via integration with the Brave browser and 10 volunteers, we show potential battery savings up to 30%, on both devices with AMOLED and LCD screens.
△ Less
Submitted 6 August, 2020;
originally announced September 2020.
-
A Retrospective Analysis of User Exposure to (Illicit) Cryptocurrency Mining on the Web
Authors:
Ralph Holz,
Diego Perino,
Matteo Varvello,
Johanna Amann,
Andrea Continella,
Nate Evans,
Ilias Leontiadis,
Christopher Natoli,
Quirin Scheitle
Abstract:
In late 2017, a sudden proliferation of malicious JavaScript was reported on the Web: browser-based mining exploited the CPU time of website visitors to mine the cryptocurrency Monero. Several studies measured the deployment of such code and developed defenses. However, previous work did not establish how many users were really exposed to the identified mining sites and whether there was a real ri…
▽ More
In late 2017, a sudden proliferation of malicious JavaScript was reported on the Web: browser-based mining exploited the CPU time of website visitors to mine the cryptocurrency Monero. Several studies measured the deployment of such code and developed defenses. However, previous work did not establish how many users were really exposed to the identified mining sites and whether there was a real risk given common user browsing behavior. In this paper, we present a retroactive analysis to close this research gap. We pool large-scale, longitudinal data from several vantage points, gathered during the prime time of illicit cryptomining, to measure the impact on web users. We leverage data from passive traffic monitoring of university networks and a large European ISP, with suspected mining sites identified in previous active scans. We corroborate our results with data from a browser extension with a large user base that tracks site visits. We also monitor open HTTP proxies and the Tor network for malicious injection of code. We find that the risk for most Web users was always very low, much lower than what deployment scans suggested. Any exposure period was also very brief. However, we also identify a previously unknown and exploited attack vector on mobile devices.
△ Less
Submitted 25 June, 2020; v1 submitted 27 April, 2020;
originally announced April 2020.
-
ZKSENSE: A Friction-less Privacy-Preserving Human Attestation Mechanism for Mobile Devices
Authors:
Iñigo Querejeta-Azurmendi,
Panagiotis Papadopoulos,
Matteo Varvello,
Antonio Nappa,
Jiexin Zhang,
Benjamin Livshits
Abstract:
Recent studies show that 20.4% of the internet traffic originates from automated agents. To identify and block such ill-intentioned traffic, mechanisms that verify the humanness of the user are widely deployed, with CAPTCHAs being the most popular. Traditional CAPTCHAs require extra user effort (e.g., solving mathematical puzzles), which can severely downgrade the end-user's experience, especially…
▽ More
Recent studies show that 20.4% of the internet traffic originates from automated agents. To identify and block such ill-intentioned traffic, mechanisms that verify the humanness of the user are widely deployed, with CAPTCHAs being the most popular. Traditional CAPTCHAs require extra user effort (e.g., solving mathematical puzzles), which can severely downgrade the end-user's experience, especially on mobile, and provide sporadic humanness verification of questionable accuracy. More recent solutions like Google's reCAPTCHA v3, leverage user data, thus raising significant privacy concerns. To address these issues, we present zkSENSE: the first zero-knowledge proof-based humanness attestation system for mobile devices. zkSENSE moves the human attestation to the edge: onto the user's very own device, where humanness of the user is assessed in a privacy-preserving and seamless manner. zkSENSE achieves this by classifying motion sensor outputs of the mobile device, based on a model trained by using both publicly available sensor data and data collected from a small group of volunteers. To ensure the integrity of the process, the classification result is enclosed in a zero-knowledge proof of humanness that can be safely shared with a remote server. We implement zkSENSE as an Android service to demonstrate its effectiveness and practicality. In our evaluation, we show that zkSENSE successfully verifies the humanness of a user across a variety of attacking scenarios and demonstrates 92% accuracy. On a two years old Samsung S9, zkSENSE's attestation takes around 3 seconds (when visual CAPTCHAs need 9.8 seconds) and consumes a negligible amount of battery.
△ Less
Submitted 7 September, 2021; v1 submitted 18 November, 2019;
originally announced November 2019.
-
BatteryLab, A Distributed Power Monitoring Platform For Mobile Devices
Authors:
Matteo Varvello,
Kleomenis Katevas,
Mihai Plesa,
Hamed Haddadi,
Benjamin Livshits
Abstract:
Recent advances in cloud computing have simplified the way that both software development and testing are performed. Unfortunately, this is not true for battery testing for which state of the art test-beds simply consist of one phone attached to a power meter. These test-beds have limited resources, access, and are overall hard to maintain; for these reasons, they often sit idle with no experiment…
▽ More
Recent advances in cloud computing have simplified the way that both software development and testing are performed. Unfortunately, this is not true for battery testing for which state of the art test-beds simply consist of one phone attached to a power meter. These test-beds have limited resources, access, and are overall hard to maintain; for these reasons, they often sit idle with no experiment to run. In this paper, we propose to share existing battery testing setups and build BatteryLab, a distributed platform for battery measurements. Our vision is to transform independent battery testing setups into vantage points of a planetary-scale measurement platform offering heterogeneous devices and testing conditions. In the paper, we design and deploy a combination of hardware and software solutions to enable BatteryLab's vision. We then preliminarily evaluate BatteryLab's accuracy of battery reporting, along with some system benchmarking. We also demonstrate how BatteryLab can be used by researchers to investigate a simple research question.
△ Less
Submitted 20 October, 2019;
originally announced October 2019.
-
VPN0: A Privacy-Preserving Decentralized Virtual Private Network
Authors:
Matteo Varvello,
Iñigo Querejeta Azurmendi,
Antonio Nappa,
Panagiotis Papadopoulos,
Goncalo Pestana,
Ben Livshits
Abstract:
Distributed Virtual Private Networks (dVPNs) are new VPN solutions aiming to solve the trust-privacy concern of a VPN's central authority by leveraging a distributed architecture. In this paper, we first review the existing dVPN ecosystem and debate on its privacy requirements. Then, we present VPN0, a dVPN with strong privacy guarantees and minimal performance impact on its users. VPN0 guarantees…
▽ More
Distributed Virtual Private Networks (dVPNs) are new VPN solutions aiming to solve the trust-privacy concern of a VPN's central authority by leveraging a distributed architecture. In this paper, we first review the existing dVPN ecosystem and debate on its privacy requirements. Then, we present VPN0, a dVPN with strong privacy guarantees and minimal performance impact on its users. VPN0 guarantees that a dVPN node only carries traffic it has "whitelisted", without revealing its whitelist or knowing the traffic it tunnels. This is achieved via three main innovations. First, an attestation mechanism which leverages TLS to certify a user visit to a specific domain. Second, a zero knowledge proof to certify that some incoming traffic is authorized, e.g., falls in a node's whitelist, without disclosing the target domain. Third, a dynamic chain of VPN tunnels to both increase privacy and guarantee service continuation while traffic certification is in place. The paper demonstrates VPN0 functioning when integrated with several production systems, namely BitTorrent DHT and ProtonVPN.
△ Less
Submitted 30 September, 2019;
originally announced October 2019.
-
The Blind Men and the Internet: Multi-Vantage Point Web Measurements
Authors:
Jordan Jueckstock,
Shaown Sarker,
Peter Snyder,
Panagiotis Papadopoulos,
Matteo Varvello,
Benjamin Livshits,
Alexandros Kapravelos
Abstract:
In this paper, we design and deploy a synchronized multi-vantage point web measurement study to explore the comparability of web measurements across vantage points (VPs). We describe in reproducible detail the system with which we performed synchronized crawls on the Alexa top 5K domains from four distinct network VPs: research university, cloud datacenter, residential network, and Tor gateway pro…
▽ More
In this paper, we design and deploy a synchronized multi-vantage point web measurement study to explore the comparability of web measurements across vantage points (VPs). We describe in reproducible detail the system with which we performed synchronized crawls on the Alexa top 5K domains from four distinct network VPs: research university, cloud datacenter, residential network, and Tor gateway proxy. Apart from the expected poor results from Tor, we observed no shocking disparities across VPs, but we did find significant impact from the residential VP's reliability and performance disadvantages. We also found subtle but distinct indicators that some third-party content consistently avoided crawls from our cloud VP. In summary, we infer that cloud VPs do fail to observe some content of interest to security and privacy researchers, who should consider augmenting cloud VPs with alternate VPs for cross-validation. Our results also imply that the added visibility provided by residential VPs over university VPs is marginal compared to the infrastructure complexity and network fragility they introduce.
△ Less
Submitted 21 May, 2019;
originally announced May 2019.
-
EYEORG: A Platform For Crowdsourcing Web Quality Of Experience Measurements
Authors:
Matteo Varvello,
Jeremy Blackburn,
David Naylor,
Kostantina Papagiannaki
Abstract:
Tremendous effort has gone into the ongoing battle to make webpages load faster. This effort has culminated in new protocols (QUIC, SPDY, and HTTP/2) as well as novel content delivery mechanisms. In addition, companies like Google and SpeedCurve investigated how to measure "page load time" (PLT) in a way that captures human perception. In this paper we present Eyeorg, a platform for crowdsourcing…
▽ More
Tremendous effort has gone into the ongoing battle to make webpages load faster. This effort has culminated in new protocols (QUIC, SPDY, and HTTP/2) as well as novel content delivery mechanisms. In addition, companies like Google and SpeedCurve investigated how to measure "page load time" (PLT) in a way that captures human perception. In this paper we present Eyeorg, a platform for crowdsourcing web quality of experience measurements. Eyeorg overcomes the scaling and automation challenges of recruiting users and collecting consistent user-perceived quality measurements. We validate Eyeorg's capabilities via a set of 100 trusted participants. Next, we showcase its functionalities via three measurement campaigns, each involving 1,000 paid participants, to 1) study the quality of several PLT metrics, 2) compare HTTP/1.1 and HTTP/2 performance, and 3) assess the impact of online advertisements and ad blockers on user experience. We find that commonly used, and even novel and sophisticated PLT metrics fail to represent actual human perception of PLT, that the performance gains from HTTP/2 are imperceivable in some circumstances, and that not all ad blockers are created equal.
△ Less
Submitted 7 February, 2019;
originally announced February 2019.
-
ProxyTorrent: Untangling the Free HTTP(S) Proxy Ecosystem
Authors:
Diego Perino,
Matteo Varvello,
Claudio Soriente
Abstract:
Free web proxies promise anonymity and censorship circumvention at no cost. Several websites publish lists of free proxies organized by country, anonymity level, and performance. These lists index hundreds of thousand of hosts discovered via automated tools and crowd-sourcing. A complex free proxy ecosystem has been forming over the years, of which very little is known. In this paper we shed light…
▽ More
Free web proxies promise anonymity and censorship circumvention at no cost. Several websites publish lists of free proxies organized by country, anonymity level, and performance. These lists index hundreds of thousand of hosts discovered via automated tools and crowd-sourcing. A complex free proxy ecosystem has been forming over the years, of which very little is known. In this paper we shed light on this ecosystem via ProxyTorrent, a distributed measurement platform that leverages both active and passive measurements. Active measurements discover free proxies, assess their performance, and detect potential malicious activities. Passive measurements relate to proxy performance and usage in the wild, and are collected by free proxies users via a Chrome plugin we developed. ProxyTorrent has been running since January 2017, monitoring up to 180,000 free proxies and totaling more than 1,500 users. Our analysis shows that less than 2% of the proxies announced on the web indeed proxy traffic on behalf of users; further, only half of these proxies have decent performance and can be used reliably. Around 10% of the working proxies exhibit malicious behaviors, e.g., ads injection and TLS interception, and these proxies are also the ones providing the best performance. Through the analysis of more than 2 Terabytes of proxied traffic, we show that web browsing is the primary user activity. Geo-blocking avoidance is not a prominent use-case, with the exception of countries hosting popular geo-blocked content.
△ Less
Submitted 2 November, 2017; v1 submitted 19 December, 2016;
originally announced December 2016.
-
To HTTP/2, or Not To HTTP/2, That Is The Question
Authors:
Matteo Varvello,
Kyle Schomp,
David Naylor,
Jeremy Blackburn,
Alessandro Finamore,
Kostantina Papagiannaki
Abstract:
As of February, 2015, HTTP/2, the update to the 16-year-old HTTP 1.1, is officially complete. HTTP/2 aims to improve the Web experience by solving well-known problems (e.g., head of line blocking and redundant headers), while introducing new features (e.g., server push and content priority). On paper HTTP/2 represents the future of the Web. Yet, it is unclear whether the Web itself will, and shoul…
▽ More
As of February, 2015, HTTP/2, the update to the 16-year-old HTTP 1.1, is officially complete. HTTP/2 aims to improve the Web experience by solving well-known problems (e.g., head of line blocking and redundant headers), while introducing new features (e.g., server push and content priority). On paper HTTP/2 represents the future of the Web. Yet, it is unclear whether the Web itself will, and should, hop on board. To shed some light on these questions, we built a measurement platform that monitors HTTP/2 adoption and performance across the Alexa top 1 million websites on a daily basis. Our system is live and up-to-date results can be viewed at http://isthewebhttp2yet.com/. In this paper, we report our initial findings from a 6 month measurement campaign (November 2014 - May 2015). We find 13,000 websites reporting HTTP/2 support, but only 600, mostly hosted by Google and Twitter, actually serving content. In terms of speed, we find no significant benefits from HTTP/2 under stable network conditions. More benefits appear in a 3G network where current Web development practices make HTTP/2 more resilient to losses and delay variation than previously believed.
△ Less
Submitted 23 July, 2015;
originally announced July 2015.