Video Fingerprinting 2024–2026

Since I began working at Linköping University as a research assistant in 2024, I've been investigating video fingerprinting—techniques for identifying the videos someone streams by analyzing their encrypted network traffic—from both attack and defense perspectives. I've been involved in the development of network-layer defenses (adaptations of two website fingerprinting defenses and a targeted defense, Scrambler) as well as Dodge, a client-side framework for application-layer video fingerprinting defenses which does not require any changes to servers or network infrastructure, implemented as a fork of the dash.js video player. I've also looked at how attacks can be improved and how they perform under varied network conditions.

Dodge source code (GitHub) Dodge demo page

• Dodge: A Client-Side Framework for Application-Layer Video Fingerprinting Defenses — Proceedings on Privacy Enhancing Technologies
• Understanding and Improving Video Fingerprinting Attack Accuracy under Challenging Conditions — Proceedings of the 23rd Workshop on Privacy in the Electronic Society
• Raising the Bar: Improved Fingerprinting Attacks and Defenses for Video Streaming Traffic — Proceedings on Privacy Enhancing Technologies

Maybenot / Website Fingerprinting Defenses 2022–2026

I've been working on website fingerprinting—techniques for identifying the websites someone visits over an encrypted tunnel, such as a VPN or Tor, by analyzing the encrypted network traffic—ever since I started doing research at the University of Minnesota–Twin Cities in 2022. My first project used network simulations to show that padding-only defenses add delay in the Tor network (at the time, it was widely believed that they did not). This was followed by my undergraduate honors thesis, an evaluation of the Maybenot defense framework's potential to represent proposed defenses in the literature. Since then, I've been involved in the development of Maybenot and working on ephemeral defenses, which are an application of Kerckhoffs's principle to traffic analysis. The Maybenot framework has been adopted by Mullvad VPN and the Tor Project (Arti), and Mullvad's DAITA uses ephemeral defenses.

Maybenot framework (GitHub) DAITA (Mullvad VPN)

• Ephemeral Network-Layer Fingerprinting Defenses — Proceedings on Privacy Enhancing Technologies
• Maybenot: A Framework for Traffic Analysis Defenses — Proceedings of the 22nd Workshop on Privacy in the Electronic Society
• State Machine Frameworks for Website Fingerprinting Defenses: Maybe Not — Undergraduate honors thesis, University of Minnesota–Twin Cities
• Padding-only Defenses Add Delay in Tor — Proceedings of the 21st Workshop on Privacy in the Electronic Society