This page is a basic demo of Dodge, a client-side framework for application-layer defenses against video fingerprinting.
Dodge generalizes the telltale request-response sequence of DASH video streaming, replacing segment downloads with customizable cycles that are specified in a JSON file called an extended manifest.
This provides a significant degree of control over the sequence of request and response sizes in a video stream, enabling quick and easy deployment of different types of traffic analysis defenses without any required changes to servers or network infrastructure.
We've implemented Dodge as a fork of the dash.js video player; our code can be used as is (like in the examples on this page) or as a reference when implementing defenses in other video players.
For more details, see the PoPETS 2026 paper "Dodge: A Client-Side Framework for Application-Layer Video Fingerprinting Defenses" (link), and our GitHub repo.
Player examples
Note that these examples have only been tested in Firefox and Chrome.
This is a Dodge player in which an extended manifest is specified via the src
attribute of the video element. It plays the short video Big Buck Bunny (often used as a test
video), with a minimal extended manifest that mirrors undefended DASH traffic: each video and
audio segment is downloaded with a single cycle, whose range covers the whole segment. If you
want to see the network traffic, open Developer Tools in your browser (which can
usually be done by pressing F12), click on the Network tab, and reload the page.
Here, a Dodge player is also provided an extended manifest for the Big Buck Bunny video, but with a simple defense: all cycles (and, thus, responses from the server) have about the same size within each representation/quality. With adjustment of cycle sizes to account for header variation, cycles could be made to have the exact same size, at least with HTTP/1.1. A better solution for HTTP/2 and HTTP/3 QUIC is to slightly randomize cycle sizes each time a manifest is requested. See the paper for more details on how to do this!
In this example, a Dodge player is provided an extended manifest for the short animated film Elephants Dream, which mimics the Big Buck Bunny extended manifest in the second example. Its sequence of cycles is identical to Big Buck Bunny played at 4000k (disregarding differences in HTTP header sizes). Note that the video will not play to the end: we've limited the extended manifest to the same duration as Big Buck Bunny. Another strategy is to download more cycles after all actual content - see the paper for information on this!