RANSOM: Routing Around Nation-States: Overlays and Measurements

System  •  Data  •  Writing  •  Talks  •  Press  •  Contact

An increasing number of countries are passing laws that facilitate the mass surveillance of Internet traffic. In response, governments and citizens are increasingly paying attention to the countries that their Internet traffic traverses. In some cases, countries are taking extreme steps, such as building new Internet Exchange Points (IXPs), which allow networks to interconnect directly, and encouraging local interconnection to keep local traffic local. We find that although many of these efforts are extensive, they are often futile, due to the inherent lack of hosting and route diversity for many popular sites. By measuring the country-level paths to popular domains, we characterize transnational routing detours. We find that traffic is traversing known surveillance states, even when the traffic originates and ends in a country that does not conduct mass surveillance. Then, we investigate how clients can use overlay network relays and the open DNS resolver infrastructure to prevent their traffic from traversing certain jurisdictions. We find that 84% of paths originating in Brazil traverse the United States, but when relays are used for country avoidance, only 37% of Brazilian paths traverse the United States. Using the open DNS resolver infrastructure allows Kenyan clients to avoid the United States on 17% more paths. Unfortunately, we find that some of the more prominent surveillance states (e.g., the U.S.) are also some of the least avoidable countries.


We have designed, implemented, and deployed RAN (Routing Around Nation-States), which is a system that allows clients to route their Internet traffic around a specified country. More information on using the system can be found here.


A large component of this work was measuring where current Internet paths go from various vantage points. We have open sourced our data; it's accessible here with additional information on the contents. Please see the tech report on arXiv (here) to learn how we collected this data.





This research was supported in part by the Center for Information Technology Policy at Princeton University. If you have any questions or feedback, please don’t hesitate to get in touch with us.