• 12:00 - 18:00 - Open Measurement Hackathon (Registration is required, click here for more info)
  • 19:00 - 21:30 - Conference Welcome (Event held offsite --> More info)
  • 8:30 - 9:00 - Opening Doors
  • 9:00 - 9:30 - Opening Remarks
    • Abstract: Computing systems now impact almost every aspect of our daily lives. As these systems evolve and develop, they often raise new challenges to our security and privacy, as well as to our commitments to equity and justice. To identify and mitigate the risks that these new technologies present, it is crucial to have scientific and technological experts participate in the conversation. But fully addressing these issues in government-through legislation, regulation, policy development, and executive actions-requires that experts engage with policy and legislative processes, to be “in the room where it happens”. In this talk, I’ll reflect on my 18 months serving at the White House Office of Science and Technology Policy (OSTP) as Deputy U.S. Chief Technology Officer for Privacy. I’ll provide an overview of the Biden-Harris Administration’s work on fast-moving technologies such as AI as well as long-standing challenges such as privacy. I’ll describe OSTP’s role within the Executive Office of the President, and how OSTP works with and across the government to coordinate federal science and technology policy. Finally, I’ll discuss the importance of members of computing-and the IMC community in particular-engaging with government. And I’ll highlight opportunities to do so, ranging from responding to requests for information, to collaborative research projects, to tours of service and even careers in government.
  • 10:45 - 11:15 - Morning Break
      • Red is Sus: Automated Identification of Low-Quality Service Availability Claims in the US National Broadband Map  Long    
        Syed Tauhidun Nabi (Virginia Tech), Zhuowei Wen (Virginia Tech), Brooke Ritter (Virginia Tech), Shaddi Hasan (Virginia Tech)
        Abstract: The FCC's National Broadband Map aspires to provide an unprecedented view into broadband availability in the US. However, this map, which also determines eligibility for public grant funding, relies on self-reported data from service providers that in turn have incentives to strategically misrepresent their coverage. In this paper, we develop an approach for automatically identifying these low-quality service claims in the National Broadband Map. To do this, we develop a novel dataset of broadband availability consisting of 750k observations from more than 900 US ISPs, derived from a combination of regulatory data and crowdsourced speed tests. Using this dataset, we develop a model to classify the accuracy of service provider regulatory filings and achieve AUCs over 0.98 for unseen examples. Our approach provides an effective technique to enable policymakers, civil society, and the public to identify portions of the National Broadband Map that are likely to have integrity challenges.
      • CosmicDance: Measuring Low Earth Orbital Shifts due to Solar Radiations  Short    
        Suvam Basak (Indian Institute Of Technology Kanpur), Amitangshu Pal (Indian Institute Of Technology Kanpur), Debopam Bhattacherjee (Microsoft Research India)
        Abstract: Radiation shock waves from solar activities are known to be a menace to spaceborne electronic infrastructure. Recent deployments, like the SpaceX Starlink broadband mega-constellation, open up the possibility to measure such impact on Low Earth Orbit infrastructure at scale. Our tool, CosmicDance, enables a data-driven understanding of satellite orbital shifts due to solar radiations. CosmicDance could also signal corner cases, like premature orbital decay, that could lead to service holes in such globally spanning connectivity infrastructure. Our measurements with CosmicDance show that Starlink satellites experience both short and long-term orbital decay even after mild and moderate intensity solar events, often trespassing neighboring shells of satellites.
      • Measuring Network Latency from a Wireless ISP: Variations Within and Across Subnets  Long    
        Simon Sundberg (Karlstad University), Anna Brunstrom (Karlstad University), Simone Ferlin-Reiter (Red Hat), Toke Høiland-Jørgensen (Red Hat), Robert Chacón (JackRabbit Wireless)
        Abstract: While Internet Service Providers (ISPs) have traditionally focused on marketing network throughput, it is becoming increasingly recognized that network latency also plays a significant role for the quality of experience. However, many ISPs lack the means to continuously monitor the latency of their network. In this work, we present a method to continuously monitor and aggregate network latency per subnet directly in the Linux kernel by leveraging eBPF. We deploy this solution on a middlebox in an ISP network and collect an extensive dataset of latency measurements for both the internal and external parts of the network. We find that our monitoring solution can monitor all subscriber traffic while maintaining a low overhead of only around 1% additional CPU utilization. Our analysis of the latency data reveals a wide latency tail in the last-mile access, which grows during busy periods in the evening. Furthermore, we dissect the external network latency and uncover the latency profiles for the most popular autonomous systems.
      • A Longitudinal Study of the Prevalence of WiFi Bottlenecks in Home Access Networks  Short    
        Ranya Sharma (University of Chicago), Nick Feamster (University of Chicago), Marc Richardson (University of Chicago)
        Abstract: Although home wireless networks (WiFi) are increasingly becoming performance bottlenecks, there are no research studies based on long-running field deployments that document this phenomenon. Given both public and private investment in broadband Internet infrastructure, a rigorous study of this phenomenon---and accompanying public data, based on open-source methods, is critical. To this end, this study pioneers a system and measurement technique to directly assess WiFi and access network performance. This study is first to continuously and contemporaneously measure Internet performance along two segments---the wireless client to the access point, and from the access point to the ISP access network. It is also the largest and longest-running study of its kind, with public data spanning more than two years (and counting), and, to our knowledge, the first such study in nearly a decade. Our study is based on data from over 22,000 joint measurements across more than 50 broadband access networks. Our findings have important implications for both the development of access technologies and Internet policy. Notably, for users with access links that exceed 800~Mbps, the user's wireless network was the performance bottleneck 100% of the time. Such inflection points will continue to evolve, yet the contributions of this paper include not only the results, but also open-source tools, data, and ongoing continuous measurements.
      • Through the Telco Lens: A Countrywide Empirical Study of Cellular Handovers  Long    
        Michail Kalntis (Delft University of Technology), José Suárez-Varela (Telefónica Research, Spain), Jesús Omaña Iglesias (Telefónica Research, Spain), Anup Kiran Bhattacharjee (Delft University of Technology), George Iosifidis (Delft University of Technology), Fernando A. Kuipers (Delft University of Technology), Andra Lutu (Telefónica Research, Spain)
        Abstract: Cellular networks rely on handovers (HOs) as a fundamental element to enable seamless connectivity for mobile users. A comprehensive analysis of HOs can be achieved through data from Mobile Network Operators (MNOs); however, the vast majority of studies employ data from measurement campaigns within confined areas and with limited end-user devices, thereby providing only a partial view of HOs. This paper presents the first countrywide analysis of HO performance, from the perspective of a top-tier MNO in a European country. We collect traffic from approximately 40M users for 4 weeks and study the impact of the radio access technologies (RATs), device types, and manufacturers on HOs across the country. We characterize the geo-temporal dynamics of horizontal (intra-RAT) and vertical (inter-RATs) HOs, at the district level and at millisecond granularity, and leverage open datasets from the country's official census office to associate our findings with the population. We further delve into the frequency, duration, and causes of HO failures, and model them using statistical tools. Our study offers unique insights into mobility management, highlighting the heterogeneity of the network and devices, and their effect on HOs.
    • 12:30 - 14:00 - Lunch with Posters (Posters schedule and location)
        • Characterizing, modeling and exploiting the mobile demand footprint of large public protests  Long    
          Andre Felipe Zanella (IMDEA Networks Institute), Diego Madariaga (IMDEA Networks Institute), Sachit Mishra (IMDEA Networks Institute), Orlando Eduardo Martínez-Durive (IMDEA Networks Institute), Zbigniew Smoreda (Orange Labs), Marco Fiore (IMDEA Networks Institute)
          Abstract: Smartphones and mobile applications are staple tools in the operation of current-age public demonstrations, where they support organizers and participants in, \eg scaling the management of the events or communicating live about their objectives and traction. % The widespread use of mobile services during protests also presents interesting opportunities to observe the dynamics of these manifestations from a digital perspective. Previous studies in that direction have focused on the analysis of content posted in selected social media so as to forecast, survey or ascertain the success of public protests. In this paper, we take a different viewpoint and present a holistic characterization of the consumption of the whole spectrum of mobile applications during social protests. Hinging upon pervasive measurements in the production network of the incumbent network operator and focusing on the 2023 French pension reform strikes, we unveil how large masses of protesters generate a clearly recognizable footprint on mobile service demands in the examined events. In fact, the footprint is so strong that it lets us develop models informed by the usage of selected mobile applications that are capable of (i) tracking the spatiotemporal evolution of the target demonstrations and (ii) estimate the time-varying number of attendees from aggregate network operator data only. We demonstrate the utility of such privacy-preserving models to perform a-posteriori analyses of the public protests that reveal, e.g., the precise progression of the marches, alternate minor routes taken by participants or their dispersal at the end of the events.
        • A First Look at Related Website Sets  Short    
          Stephen McQuistin (University of St Andrews), Peter Snyder (Brave Software), Hamed Haddadi (Imperial College London & Brave Software), Gareth Tyson (Hong Kong University of Science and Technology (GZ))
          Abstract: We present the first measurement of the user-effect and privacy impact of "Related Website Sets," a recent proposal to reduce browser privacy protections between two sites if those sites are related to each other. An assumption (both explicitly and implicitly) underpinning the Related Website Sets proposal is that users can accurately determine if two sites are related via the same entity. In this work, we probe this assumption via measurements and a user study of 30 participants, to assess the ability of Web users to determine if two sites are (according to the Related Website Sets feature) related to each other. We find that this is largely not the case. Our findings indicate that 42 (36.8%) of the user determinations in our study are incorrect in privacy-harming ways, where users think that sites are not related, but would be treated as related (and so due less privacy protections) by the Related Website Sets feature. Additionally, 22 (73.3%) of participants made at least one incorrect evaluation during the study. We also characterise the Related Website Sets list, its composition over time, and its governance.
        • Whatcha Lookin' At: Investigating Third-Party Web Content in Popular Android Apps  Long    
          Dhruv Kuchhal (Georgia Institute of Technology), Karthik Ramakrishnan (Georgia Institute of Technology), Frank Li (Georgia Institute of Technology)
          Abstract: Over 65% of web traffic originates from mobile devices. However, much of this traffic is not from mobile web browsers but rather from mobile apps displaying web content. Android's WebView has been a common way for apps to display web content, but it entails security and privacy concerns, especially for third-party content. Custom Tabs (CTs) are a more recent and recommended alternative.In this paper, we conduct a large-scale empirical study to examine if the top ~146.5K Android apps use WebViews and CTs in a manner that aligns with user security and privacy considerations. Our measurements reveal that most apps still use WebViews, particularly to display ads, with only ~20% using CTs. We also find that while some popular SDKs have migrated to CTs, others (e.g., financial services) benefiting from CT's properties have not yet done so. Through semi-manual analysis of the top 1K apps, we uncover a handful of apps that use WebViews to show arbitrary web content within their app while modifying the web content behavior. Ultimately, our work seeks to improve our understanding of how mobile apps interact with third-party web content and shed light on real-world security and privacy implications.
        • Browsing without Third-Party Cookies: What Do You See?  Short    
          Maxwell Lin (Duke University), Shihan Lin (Duke University), Helen Wu (Vanderbilt University), Karen Wang (Duke University and Duke Kunshan University), Xiaowei Yang (Duke University)
          Abstract: Third-party web cookies are often used for privacy-invasive behavior tracking. Partly due to privacy concerns, browser vendors have started to block all third-party cookies in recent years. To understand the effects of such third-party cookieless browsing, we crawled and measured the top 10,000 Tranco websites. We developed a framework to remove third-party cookies and analyze the differences between the appearance of web pages with and without these cookies. We find that disabling third-party cookies has no substantial effect on website appearance including layouts, text, and images. This validates the industry-wide shift towards cookieless browsing as a way to protect user privacy without compromising on the user experience.
        • Fediverse Migrations: A Study of User Account Portability on the Mastodon Social Network  Short    
          Haris Bin Zia (Queen Mary University of London), Jiahui HE (The Hong Kong University of Science and Technology (Guangzhou)), Ignacio Castro (Queen Mary University of London), Gareth Tyson (Hong Kong University of Science and Technology (GZ))
          Abstract: The advent of regulation, such as the Digital Markets Act, will foster greater interoperability across competing digital platforms. In such regulatory environments, decentralized platforms like Mastodon have pioneered the principles of social data portability. Such platforms are composed of thousands of independent servers, each of which hosts their own social community. To enable transparent interoperability, users can easily migrate their accounts from one server provider to another. In this paper, we examine 8,745 users who switch their server instances in Mastodon. We use this as a case study to examine account portability behavior more broadly. We explore the factors that affect users' decision to switch instances, as well as the impact of switching on their social media engagement and discussion topics. This leads us to build a classifier to show that switching is predictable, with an F1 score of 0.891. We argue that Mastodon serves as an early exemplar of a social media platform that advocates account interoperability and portability. We hope that this study can bring unique insights to a wider and open digital world in the future.
        • Looking AT the Blue Skies of Bluesky  Long    
          Leonhard Balduf (Technical University of Darmstadt), Saidu Sokoto (City, University of London), Onur Ascigil (Lancaster University), Gareth Tyson (Hong Kong University of Science and Technology (GZ)), Björn Scheuermann (Technical University of Darmstadt), Maciej Korczynski (University of Grenoble Alps, Grenoble Informatics Laboratory), Ignacio Castro (Queen Mary University of London), Michał Król (City, University of London)
          Abstract: The pitfalls of centralized social networks, such as Facebook and Twitter/X, have led to concerns about control, transparency, and accountability. Decentralized social networks have emerged as a result with the goal of empowering users. These decentralized approaches come with their own trade-offs, and therefore multiple architectures exist. In this paper, we conduct the first large-scale analysis of Bluesky, a prominent decentralized microblogging platform. In contrast to alternative approaches (e.g. Mastodon), Bluesky decomposes and opens the key functions of the platform into subcomponents that can be provided by third party stakeholders. We collect a comprehensive dataset covering all the key elements of Bluesky, study user activity and assess the diversity of providers for each sub-components.
      • 15:30 - 16:00 - Break
          • Ten Years of ZMap  Short    
            Zakir Durumeric (Stanford University), David Adrian (Independent), Phillip Stephens (Stanford University), Eric Wustrow (University of Colorado Boulder), J. Alex Halderman (University of Michigan)
            Abstract: Since ZMap's debut in 2013, networking and security researchers have used the open-source scanner to write hundreds of research papers that study Internet behavior. In addition, ZMap has been adopted by the security industry to build new classes of enterprise security and compliance products. Over the past decade, much of ZMap's behavior---ranging from its pseudorandom IP generation to its packet construction---has evolved as we have learned more about how to scan the Internet. In this work, we quantify ZMap's adoption over the ten years since its release, describe its modern behavior (and the measurements that motivated changes), and offer lessons from releasing and maintaining ZMap for future tools.
          • Have you SYN me? Characterizing Ten Years of Internet Scanning  Long    
            Harm Griffioen (TU Delft), Georgios Koursiounis (TU Delft), Georgios Smaragdakis (TU Delft), Christian Doerr (Hasso Plattner Institute)
            Abstract: Port scanning is the de-facto method to enumerate active hosts and potentially exploitable services on the Internet. Over the last years, several studies have quantified the ecosystem of port scanning. Each work has found drastic changes in the threat landscape compared to the previous one, and since the advent of high-performance scanning tools and botnets a lot has changed in this highly volatile ecosystem.Based on a unique dataset of Internet-wide scanning traffic collected in a large network telescope, we provide an assessment of Internet-wide TCP scanning with measurement periods in the last 10 years (2015 to 2024). We collect over 750 million scanning campaigns sending more than 45 billion packets and report on the evolution and developments of actors, their tooling, and targets. We find that Internet scanning has increased 30-fold over the last ten years, but the number and speed of scans have not developed at the same pace. We report that the ecosystem is extremely volatile, where targeted ports and geographical scanner locations drastically change at the level of weeks or months. We thus find that for an accurate understanding of the ecosystem we need longitudinal assessments. We show that port scanning becomes heavily commoditized, and many scanners target multiple ports. By 2024, well-known scanning institutions are targeting the entire IPv4 space and the entire port range.
          • What's in the Dataset? Unboxing the APNIC User Populations  Long    
            Loqman Salamatian (Columbia University), Matt Calder (Columbia University), Calvin Ardi (University of Southern California/Information Sciences Institute), Vasileios Giotsas (Cloudflare), Ethan Katz-Bassett (Columbia University), Todd Arnold (Army Cyber Institute, West Point)
            Abstract: The research measurement community needs methods and datasets to identify user concentrations and to accurately weight ASes against each other for analyzing measurements' coverage. However, academic researchers traditionally lack visibility into how many users are in each network or how much traffic flows to each network and so often fall back on treating all IP addresses or networks equally. As an alternative, some recent studies have used the APNIC per AS Population Estimates dataset, but it is unvalidated and its methodology is not fully public.In this work, we validate its use as a fairly reliable user population indicator. Our approach includes a detailed comparative analysis using a global CDN dataset, providing concrete evidence of the APNIC dataset's accuracy. We find that the APNIC per-AS user estimates closely align with the Content Delivery Network (CDN) per-AS user estimates in 51.2% of countries and correctly identify the largest networks in 93.9% of cases. When we investigate the agreement with CDN traffic volume, the APNIC dataset closely aligns in 36.5% of countries, increasing to 91.0% when focusing only on larger networks. We also evaluate the limitations of the APNIC dataset, particularly its inability to accurately identify user populations for ASes in certain countries. To address this, we introduce new methods to improve its usability by focusing on the statistical representativeness of the underlying data collection process and ensuring consistency across several public datasets.
          • The Wisdom of the Measurement Crowd: Building the Internet Yellow Pages a Knowledge Graph for the Internet  Long    
            Romain Fontugne (IIJ Research Laboratory), Malte Tashiro (IIJ Research Laboratory / SOKENDAI), Raffaele Sommese (University of Twente), Mattijs Jonker (University of Twente), Zachary S Bischof (Georgia Tech), Emile Aben (RIPE NCC)
            Abstract: The Internet measurement community has significantly advanced our understanding of the Internet by documenting its various components. Subsequent research often builds on these efforts, using previously published datasets. This process is fundamental for researchers, but a laborious task due to the diverse data formats, terminologies, and areas of expertise involved. Additionally, the time-consuming task of merging datasets is undertaken only if the expected benefits are worthwhile, posing a barrier to simple exploration and innovation. In this paper we present the Internet Yellow Pages (IYP), a knowledge graph for Internet resources. By leveraging the flexibility of graph databases and ontology-based data integration, we compile datasets (currently 46) from diverse and independent sources into a single harmonized database where the meaning of each entity and relationship is unequivocal. Using simple examples, we illustrate how IYP allows us to seamlessly navigate data coming from numerous underlying sources. As a result, IYP significantly reduces time to insight, which we demonstrate by reproducing two past studies and extending them by incorporating additional datasets available in IYP. Finally, we discuss how IYP can foster the sharing of datasets as it provides a universal platform for querying and describing data. This is a seminal effort to bootstrap what we envision as a community-driven project where dataset curation and ontology definitions evolve with the Internet measurement community.
        • 17:00 - 17:30 - SPONSOR EVENT: IPinfo
        • 18:30 - 19:45 - Social Event at Thyssen-Bornemisza Museum (Event held offsite --> More info)
        • 20:30 - 22:30 - META STUDENT DINNER (Registration is required, click here for more info)