Projects

Since I started at Linköping University in 2024, I’ve been investigating video fingerprinting — techniques for determining which video someone is watching by analyzing their encrypted network traffic.

The biggest outcome of this work is Dodge, a plugin for the dash.js in-browser video player that enables practical video fingerprinting protection for ordinary users. Dodge provides building blocks for defenses, a straightforward file format for expressing defenses using those building blocks, and a simple, plug-and-play interface to developers. For everyone else, there’s a browser extension that makes defended playback a matter of clicking some buttons.

I’ve been working on website fingerprinting — techniques for identifying the websites someone visits over an encrypted tunnel, such as a VPN or Tor, by analyzing their encrypted network traffic — ever since I started doing research at the University of Minnesota–Twin Cities in 2022.

My first project used network simulations to show that padding-only defenses, which work by simply injecting packets (extra network traffic) during website downloads, result in delays in the Tor network — at the time, it was widely believed that they did not. This was followed by my undergraduate honors thesis, an evaluation of the Maybenot defense framework’s potential to represent proposed defenses in the literature.

Since then, I’ve been involved in the development of Maybenot and working on ephemeral defenses, which are essentially an application of Kerckhoffs’s principle to traffic analysis. Maybenot has been adopted by Mullvad VPN and the Tor Project (Arti), and Mullvad’s DAITA uses ephemeral defenses.