Older News (latest is here)

• 5/3/19 Beyond proud to report that my PhD student's work on analyzing global net neutrality violations using Wehe was accepted to SIGCOMM 2019! This was a multiyear effort with tons of support from the rest of the research team (Arian Niaki and Phililpa Gill from UMass, and Alan Mislove and me at NEU), along with important contributions to app and system development from Kirill Voloshin, Harsh Modi, I-Farn Chen, and more. I'd also like to think the 100,000+ users who have run tests using our Wehe apps, Arcep for our collaboration on auditing net neutrality violations in France, and our other partners/sponsors (the NSF, Google, Verizon Labs, and Measurement-Lab, and Amazon AWS).
• 8/3/18 I will be co-chairing the program committee for the 20th edition of the Passive and Active Measurement (PAM) Conference, to be held in Chilean Patagonia (Puerto Varas)! More details at the PAM 2019 website. Looking forward to seeing great measurement submissions.
• 7/31/18 Pleased to report that our work on measuring whether we're ready to move to HTTPS certificate validation via OSCP was accepted to IMC '18. Joint work with Taejoong Chung, Jay Lok, Balakrishnan Chandrasekaran, Dave Levin, Bruce Maggs, Alan Mislove, John Rula, Nick Sullivan (Cloudflare) and Christo Wilson.
• 7/3/18 Coverage of our work on apps that spy on you. TL;DR: We didn't see abuse of microphone or cameras, but we did see how apps are recording your every move and sending images/videos of this to third parties. We responsibly disclosed to Google and others, they took action to mitigate this privacy risk. More details in our paper.
• 5/4/18 My recently graduated Ph.D. student, Dr. Arash Molavi Kakhki, won the 2018 Northeastern CCIS Excellence in Research Award. Congrats, Arash!
• 5/2/18 Just a few end-of-semester updates:
  • Our paper "Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications" was accepted to PETs 2018. We found some scary stuff and are in the process of responsible disclosure, so stay tuned.
  • Our paper "A First Look at Certification Authority Authorization (CAA)" appeared in SIGCOMM CCR's April issue. This is joint work with TUM, RWTH Aachen, University of Twente, and University of Sydney.
  • I'm co-chairing the IRTF Applied Networking Research Workshop to be held at IETF 102. We received over 40 submissions in this reboot of the workshop, which promises to feature a great program.
  • My PhD student Jingjing Ren presented her NDSS work on privacy leaks over time at the FTC's annual PrivacyCon event.
  • I testified again at the MA state legislature on the topic of net neutrality.
  • We've now received more than a half million tests from our Wehe app. Download it now for iOS and Android, learn if your ISP is violating net neutrality.
• 2/20/18 Our paper, Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach, won the Cisco Network Security Best Paper Award at NDSS! Joint work with Samuel Jero, Endadul Hoque, Alan Mislove, and Cristina Nita-Rotaru.
• 2/12/18 First update of the new year. Just a few things happened...
  • Our Wehe app for detecting net neutrality violations got quite a bit of attention, in large part due to Apple rejecting our app and then later reversing its decision. Our work was subsequently covered by dozens of news outlets, and a piece about net neutrality featuring this work appeared on VICE News. Thanks to this publicity we have received over 100,000 tests worldwide, and we will be updating our website with our findings as we process the data.
  • I testified to the Massachusetts State Senate Committee on Net Neutrality and Consumer Protection, you can find coverage here.
  • Arash Molavi Kakhki, my recently graduated PhD student, won the IRTF's Applied Networking Research Prize for his work on QUIC that was published at IMC 2017.
• 12/24/17 Year-end update:
  • Our longitudinal study on app privacy (to appear in NDSS'18) was selected for presentation at FTC PrivacyCon 2018.
  • A first look at in-flight WiFi (joint work with Northwestern) was accepted to WWW'18.
  • I led a panel on tools for data transparency at the DTL'17 conference, featuring Ashkan Soltani, Kashmir Hill, Justin Brookman, Franck Baudot, and Andrea Martens.
  • ReCon was awarded a grant from the Comcast Innovation Fund.
  • Wehe, our tool for detecting net neutrality violations, has been selected by ARCEP (the French telecom regulator) for providing consumers in France the ability to monitor and report ISPs that unlawfully differentiate network traffic.
  • More exciting news to report in 2018!
• 10/30/17 Excited to report that I will have two papers appearing at NDSS 2018! "Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions" -- joint work with UCSB, U of Helsinki and IMDEA/ICSI -- explores how app privacy leaks change over time. "Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach" -- joint work with Purdue and FIU -- combines the generality of implementation-agnostic fuzzing with the precision of runtime analysis to find attacks against implementations of TCP congestion control.
• 9/8/17 I gave a talk about DPI middleboxes and their implications for policymakers at TPRC 45. Read my paper on the topic here.
• 8/21/17 The Harvest documentary film, which is based on data gathered from the ReCon Project, is now available online for free! This short film (11 minutes) appeared at several presitigious film festivals, including Aspen Shortsfest, HotDocs, Seattle International Film Festival, and Rooftop Films summer series.
• 8/16/17 Our paper on studying DNSSEC and its improper deployments won the Distinguished Paper award at USENIX Security '17! Congratulations to the lead author, Taejoong Chung, and all the rest of our coauthors!
• 7/28/17 Northeastern continues its strong presence in IMC, with four papers appearing in the conference! I am involved all four of them:
  • "Taking a Long Look at QUIC: An Approach for Rigorous Evaluation of Rapidly Evolving Transport Protocols"
  • "lib·erate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently" (with UMass-Amherst)
  • "Understanding the Role of Registrars in DNSSEC Deployment" (with Maryland, Duke/Akamai, University of Twente)
  • "The Record Route Option is an Option!" (with Rutgers/USC/Columbia/Microsoft and Waikato)
  More details to come after camera-ready versions are prepared.
• 6/23/17 Many updates after a long hiatus.
  • Harvest will appear at Rooftop Films in NYC, where we will be running an interactive event using ReCon. It's a free event, register here.
  • Our paper on studying DNSSEC and its improper deployments was accepted to USENIX Security. This completes my first-ever "cycle" for top security conferences (CCS, NDSS, Oakland, USENIX). Wouldn't have been able to do it without the my ridiculously talented collaborators.
  • Our poster on studying the DNSSEC root key rollover event was accepted to the SIGCOMM poster session.
  • Our traffic differentiation work was covered in the ARCEP (French national telecom regulator) annual report (page 73).
  • ReCon was in the news (again)! A great article by Fast Company and a TV story by NBC News Boston.
• 5/4/17 Harvest continues its film festival appearances, with announcments today that it will appear at BAMcinemaFest in NYC and the Seattle International Film Festival.
• 4/26/17 After a successful world premiere in Aspen, the Harvest documentary film will have its international premeiere at the HotDocs Film Festival in Toronto this weekend!
• 3/14/17 Thrilled to announce that Harvest, a documentary film that used our ReCon project to identify and highlight privacy risks when using mobile apps, will be premiering at the Aspen Film Festival in April!
• 3/10/17 ReCon was mentioned in the Danish news site Version2.
• 2/15/17 Our ReCon project was mentioned in a Boston Globe article about mobile privacy.
• 2/14/17 Renata Teixeira (Inria) and I were awarded a Google Faculty Research Award for our proposal on diagnoising and improving QoE. Thanks, Google!
• 2/9/17 Our work on efficiently and scalably pushing all revocations to browsers was accepted to IEEE S&P (Oakland) 2017! This is joint work with the lead author (and undergraduate) James Larisch along with Christo Wilson, Alan Mislove, Dave Levin (UMD), and Bruce Maggs (Duke/Akamai).
• 1/12/17 I presented ReCon at the FTC's PrivacyCon 2017. You can find the video here.
• 10/22/16 Our work on measuring the ecosystem of socially engineered exploit documents (joint with MPI-SWS) was accepted to NDSS!
• 9/10/16 My paper titled "A Case for Personal Virtual Networks" was selected to appear at HotNets '16! Looking forward to an interactive workshop!
• 8/31/16 Our work on next-generation anonymity systems (beyond Tor) was covered in Ars Technica!
• 7/30/16 Deja Vu all over again! Northeastern, for a second year in a row, has a whopping 7 papers appearing at IMC (more than 1/7 of the program)! I am involved in five of the papers:
  • "Should You Use the App for That? Comparing the Privacy Implications of Web- and App-based Online Services",
  • "Classifiers Unclassified: An Efficient Approach to Revealing IP-Traffic Classification Rules" (with Stony Brook),
  • "Tunneling for Transparency: A Large-Scale Analysis of End-to-End Violations in the Internet",
  • "Measuring and Applying Invalid SSL Certificates: The Silent Majority" (with U of Maryland, Duke), and
  • "Inspecting the Free Bridge Across the Digital Divide: Assessing the Quality of Facebook's Free Basics Service" (with MPI, University of Cape Town, LUMS, and IIT Kharagpur).
  Congrats to all of our collaborators, and particularly to the students and postdocs who did all the hard work! More details to come when the camera ready versions are available.
• 7/22/16 Our work on measuring and analyzing private key sharing in the HTTPS ecosystem was accepted to CCS! This is joint work with U. Marlyand, Duke/Akamai, and Northeastern.
• 6/22/16 I gave a talk about ReCon at the Mozilla Privacy Lab at ICSI. Watch the video here!
• 6/21/16 I'm happy to report the NSF has funded our work on PKI research, a joint effort with Alan Mislove, Christo Wilson, myself, Dave Levin (UMD) and Tudor Dumitras (UMD)!
• 6/18/16 Our paper analyzing T-Mobile's Binge On implementation and its implications was accepted to the SIGCOMM Internet-QoE workshop!
• 2/23/16 Our paper on ReCon was accepted to appear at MobiSys 2016! Congrats to my student Jingjing Ren, and to our co-authors Ashwin Rao, Martina Lindorfer, and Arnaud Legout!
• 1/8/16 Want to know what information your mobile apps are leaking about you? Check out the Recon App Report! We break it down by app, OS, information leaked, and who is collecting it. If you're interested, also check out the ReCon Web Report, showing the same details for information leaked through your mobile Web browser.
• 12/8/15 Our proposal to adopt in-flight IP connectivity to serve a variety of airline flight communication applications was accepted to HotMobile '16! This is a collaboration with NorthWEstern University, led by the talented John Rula, advised by Fabian Bustamante.
• 11/17/15 Our work on ReCon, presented at the DTL conference, was covered by the Boston Globe, CS Monitor, and NBC News, among others!
• 10/1/15 Interested in whether there's a proxy in your network? Check out Proxy Detector for Android! Also see the associated tech report for more details.
• 8/25/15 I am starting a two-year term as Associate Editor for CCR. Keep those excellent submissions coming!
• 8/15/15 I was awarded a Google Research Award for my work on identifying traffic differentiation. Many thanks to Google for their support!
• 7/23/15 Our research group at NEU has a whopping 7 papers appearing at IMC (1/6 of the program)! I am involved in three of the papers: "Identifying Traffic Differentiation in Mobile Networks" (with Stony Brook), "On SSL Certificate Revocation: The Race to the Bottom in Securing the Web's PKI" (with U of Maryland, Duke, and Stanford), and "Investigating Interdomain Routing Policies in the Wild" (with Stony Brook, UFMG, and USC). Congrats to all of our collaborators, and particularly to the students who did all the hard work! More details to come when the camera ready versions are available.
• 6/12/15 Our ReCon project (part of Meddle) was awarded a grant from the Data Transparency Lab! We are very grateful to the DTL board for their generous support.
• 6/4/15 Our Differentiation Detector app for determining if your mobile carrier is violating net neutrality and shaping your traffic is now live in the Google Play Store. (CACM article, NEU article)
• 6/3/15 I gave a talk at IBM Haifa about Herd, our anonymous VoIP solution. Many thanks to Gil Zussman for organizing the event, to Michael Schapira and Danny Dolev at Hebrew Univeristy for making it possible for me to attend!
• 5/21/15 Shichang Xu won a best poster award at MobiSys 2015 for our work on Context-Triggered Mobile Measurement!
• 4/24/15 My work on practical, anonymous VoIP communication with Stevens Le Blond, Peter Druschel, William Caldwell, and Nicholas Merritt was accepted to SIGCOMM 2015!
• 2/21/15 My work on Mobilyzer (project page) with Ashkan Nikravesh, Hongyi Yao, Shichang Xu, and Z. Morley Mao was accepted to MobiSys 2015!
• 11/4/14 UPDATE: Video from the event! I am co-organizing the first annual New England Networking and Systems Day, to be held at Boston University on October 24th. If you are a networking and systems researcher or practitioner in the area, please consider submitting an abstract for a lightning talk. All are welcome to attend, even if you don't have a talk!
• 9/10/14My work with Arnau Gavalda, Jordi Duch, et al. has been accepted to PNAS! The article is titled "Impact of heterogeneity and socio-economic factors on individual behavior in decentralized sharing ecosystems," and it shows (among many things) how BitTorrent users are "specialists" in terms of what they download, and specialists vary by region and GDP.
• 8/20/14 Arash Molavi and Abbas Razaghpanah took second prize in the SIGCOMM Student Research Competition for their work on identifying traffic differentiation on cellular data traffic. Congrats!
• 7/25/14 Our paper on SSL reissue and revocation behavior in the wake of Heartbleed has been accepted to IMC. Congrats to Liang and the other authors!
• 2/9/14 I'll be serving on the CoNEXT and IMC PCs for 2014. Looking forward to seeing some great submissions!
• 11/25/13 Meddle is live and open to external users. If you want device-wide ad-blocking for your phone and want to see how trackers are tracking you and your device, sign up here: http://www.meddle.mobi/.
• 11/24/13 I'm happy to report that two papers have been accepted to the Passive and Active Measurement (PAM) Conference, both on the topic of measuring and understanding performance in mobile networks. These were joint work with University of Michigan, USC and Google.
• 10/25/13 My work on privacy (with Stevens Le Blond of MPI) was mentioned in the MIT Technology Review.
• 9/30/13 I was awarded an NSF NeTS grant (co-PI with Arvind Krishnamurthy) to explore automated diagnosis and repair of Internet problems. Thanks NSF!
• I'm happy to announce that my coauthors and I will have 2 papers in SIGCOMM 2013!
    One paper is about identifying the origins of BGP path changes -- with Umar Javed, Italo Cunha, Ethan Katz-Bassett, Arvind Krishnamurthy and Tom Anderson.
    The other is about an efficient anonymity network that is resilient to traffic analysis -- with Stevens Le Blond, Wenxuan Zhou, Hitesh Ballani, Peter Druschel and Paul Francis.
  Congrats to everyone involved!
• Ethan Katz-Bassett and I were awarded an M-Lab Network Research Grant for investigating the origins of the mobile Internet performance. Thanks M-Lab!
• My fantastic collaborator, Ashwin Rao, was awarded one of 8 best paper awards at the CoNEXT '12 Student Workshop for Meddle: Middleboxes for Increased Transparency and Control of Mobile Traffic !
• I'll be a poster/demo chair for SIGCOMM 2014 in Chicago!
• I'll be serving on the TPC for the CoNEXT '13 Student Workshop. This is a great venue for early feedback (see below).
• Our work on automatic avoidance of network problems has been accepted to HotNets 2011.
• Web browsing is leaking all kinds of personal information. As a first step toward addressing this, we've released Piigeon, a browser extension that informs users of Web login safety before you submit credentials. Please help us by beta testing and giving feedback!
• Our work on the network impact of a large distributed system has been accepted for publication in SIGCOMM 2011!
• Our work on privacy revelations for Web and mobile apps will appear in HotOS 2011.
• I gave a talk about my current work at the AIMS workshop, on the topic of fault isolation in the wide area.
• I've been named a 2010 Computing Innovation Fellow, which will support my postdoc work at the University of Washington.
• I will be serving as a PC member for ACM MM 2011, in the area of "Media transport and sharing".
• I will be serving as a PC member on the SIGCOMM 2011 Workshop on Measurements "Up the Stack" (W-MUST).
• I gave a talk on Crowdsouring Network Event Detection (what I like to call "Using the Crowd to Monitor the Cloud") at SIGCOMM 2010 in New Delhi, India. Slides from the presentation are here.
• I was awarded the 2009/2010 Outstanding Disseration Award from the Northwestern EECS department in June, 2010.
• Fabian hooded me on June 18th, finally ensuring that my username (drchoffnes) is read correctly both as my title and as my first two initials + last name.
• My thesis work (crowdsourcing network event detection) was accepted to SIGCOMM 2010. See this link for details.
• Our work on detecting communities in BitTorrent has been accepted to IPTPS 2010.
• A revised version of our tech report on pitfalls for testbed evaluations of Internet systems has been accepted for the April issue of SIGCOMM CCR. One of the key findings is that our current testbeds and public measurement vantage points are woefully inadequate for inferring properties of a large, Internet scale system such as BitTorrent. A more comprehensive study of this issue is under submission.
• I passed my dissertation defense on February 15th! Slides from the talk are here.
• I gave a talk about EdgeScope at the AIMS workshop on February 7th. I also briefly presented my dissertation work.