Joe DeBlasio scite author profile

Joe DeBlasio

5Publications

51Citation Statements Received

52Citation Statements Given

How they've been cited

113

How they cite others

Affiliations

Google (United States), University of California, San Diego, UC San Diego Health System

Publications

Order By: Most citations

An Empirical Analysis of the Commercial VPN Ecosystem

Khan¹,

DeBlasio

Voelker

et al. 2018

View full text Add to dashboard Cite

Global Internet users increasingly rely on virtual private network (VPN) services to preserve their privacy, circumvent censorship, and access geo-filtered content. Due to their own lack of technical sophistication and the opaque nature of VPN clients, however, the vast majority of users have limited means to verify a given VPN service's claims along any of these dimensions. We design an active measurement system to test various infrastructural and privacy aspects of VPN services and evaluate 62 commercial providers. Our results suggest that while commercial VPN services seem, on the whole, less likely to intercept or tamper with user traffic than other, previously studied forms of traffic proxying, many VPNs do leak user traffic-perhaps inadvertently-through a variety of means. We also find that a non-trivial fraction of VPN providers transparently proxy traffic, and many misrepresent the physical location of their vantage points: 5-30% of the vantage points, associated with 10% of the providers we study, appear to be hosted on servers located in countries other than those advertised to users.

show abstract

Hack for Hire: Exploring the Emerging Market for Account Hijacking

Mirian

DeBlasio

Savage

et al. 2019

View full text Add to dashboard Cite

Exploring the dynamics of search advertiser fraud

DeBlasio

Guha

Voelker

et al. 2017

View full text Add to dashboard Cite

Tripwire

DeBlasio

Savage

Voelker

et al. 2017

View full text Add to dashboard Cite

SoK: SCT Auditing in Certificate Transparency

Meiklejohn

DeBlasio

O’Brien

et al. 2022

PoPETs

View full text Add to dashboard Cite

The Web public key infrastructure is essential to providing secure communication on the Internet today, and certificate authorities play a crucial role in this ecosystem by issuing certificates. These authorities may misissue certificates or suffer misuse attacks, however, which has given rise to the Certificate Transparency (CT) project. The goal of CT is to store all issued certificates in public logs, which can then be checked for the presence of potentially misissued certificates. Thus, the requirement that a given certificate is indeed in one (or several) of these logs lies at the core of CT. In its current deployment, however, most individual clients do not check that the certificates they see are in logs, as requesting a proof of inclusion directly reveals the certificate and thus creates the clear potential for a violation of that client’s privacy. In this paper, we explore the techniques that have been proposed for privacy-preserving auditing of certificate inclusion, focusing on their effectiveness, efficiency, and suitability in a near-term deployment. In doing so, we also explore the parallels with related problems involving browser clients. Guided by a set of constraints that we develop, we ultimately observe several key limitations in many proposals, ranging from their privacy provisions to the fact that they focus on the interaction between a client and a log but leave open the question of how a client could privately report any certificates that are missing.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Joe DeBlasio

An Empirical Analysis of the Commercial VPN Ecosystem

Hack for Hire: Exploring the Emerging Market for Account Hijacking

Exploring the dynamics of search advertiser fraud

Tripwire

SoK: SCT Auditing in Certificate Transparency

Contact Info

Product

Resources

About