About

The ANT Lab’s research develops new methods, tools, and protocols to improve our understanding of the Internet and its security, privacy, and efficiency.

Research topics

• Computer Science
• World Wide Web
• Computer Security
• Computer network
• Algorithm
• Political Science
• Telecommunications
• Business
• Microeconomics
• Economics
• Biology
• Accounting
• Operating system

Selected publications

• Towards a Non-Binary View of IPv6 Adoption

  2025-10-28

  articleOpen accessSenior author

  Twelve years have passed since World IPv6 Launch Day, but what is the current state of IPv6 deployment? Prior work has examined IPv6 status as a binary: can a user do any IPv6? As deployment increases, we must consider a more nuanced, non-binary perspective on IPv6: how much and often can a user or a service use IPv6? We consider this question as a client, server, and cloud provider. Considering the client's perspective, we observe user traffic. We see that the fraction of IPv6 traffic a user sends varies greatly, both across users and day-by-day, with a standard deviation of over 15%. We show this variation occurs for two main reasons. First, IPv6 traffic is primarily human-generated, thus showing diurnal patterns. Second, some services lead with full IPv6 adoption, while others lag with partial or no support, so as users do different things their fraction of IPv6 varies. We look at server-side IPv6 adoption in two ways. First, we expand analysis of web services to examine how many are only partially IPv6 enabled due to their reliance on IPv4-only resources. Our findings reveal that only 12.6% of top 100k websites qualify as fully IPv6-ready. Finally, we examine cloud support for IPv6. Although all clouds and CDNs support IPv6, we find that tenant deployment rates vary significantly across providers. We find that ease of enabling IPv6 in the cloud is correlated with tenant IPv6 adoption rates, and recommend best practices for cloud providers to improve IPv6 adoption. Our results suggest IPv6 deployment is growing, but many services lag, presenting a potential for improvement.

  PublisherDOI

• Rediscovering Recurring Routing Results

  ArXiv.org · 2025-10-23

  preprintOpen accessSenior author

  Routing is central to networking performance, including: (1) latency in anycast services and websites served from multiple locations,(2) networking expenses and throughput in multi-homed enterprises, (3) the ability to keep traffic domestic when considering data sovereignty. However, understanding and managing how routing affects these services is challenging. Operators use Traffic Engineering (TE) with BGP to optimize network performance, but what they get is the result of all BGP policies throughout the Internet, not just their local choices. Our paper proposes Fenrir, a new system to rediscover recurring routing results. Fenrir can discover changes in network routing, even when it happens multiple hops away from the observer. Fenrir also provides new methods to quantify the degree of routing change, and to identify routing "modes" that may reappear. Second, we show that Fenrir can be applied to many different problems: we use five instances of three different types of systems to illustrate the generalization: anycast catchments showing in a root DNS service, route optimization for two multi-homed enterprises, and website selection for two of the top-10 web services. Each type requires different types of active measurements, data cleaning and weighting. We demonstrate Fenrir's methods of detecting and quantifying change are helpful because they all face similar operational questions: How much effect did traffic engineering have? Did a third-party change alter my routing? In either case, is the current routing new, or is it like a routing mode I saw before?

  PublisherOA PDFDOI

• Smoothing Rough Edges of IPv6 in VPNs

  ArXiv.org · 2025-11-27

  articleOpen accessSenior author

  How do commercial VPNs interact with IPv6? We show two "rough edges" in how commercial VPNs handle IPv6. First, we show that many IPv4-only VPNs leak IPv6 traffic to the ISP. Individual use VPNs in part to conceal their local IP addresses, so such leaks reduce user privacy. While prior work has studied VPNs in testbeds, we use a new dataset of 129k VPN-using daily visitors to WhatIsMyIPAddress.com that quantifies these leaks and show 12 VPNs previously considered safe still leak for at least 5% of their users. We show native IPv6 addresses leak most commonly in VPNs that claim only IPv4 support, with 5% to 57% of visitors of v4-only VPNs having their native IPv6 address exposed. Second, we show that most dual-stack VPNs users actually select IPv4 instead of IPv6. We observe this problem in our visitor data, and we identify the root cause arises because when user's computer follows standard address-selection rules, VPN-assigned addresses are often de-preferenced. Testing six VPNs on Android, we show that five consistently de-prioritize IPv6. Finally, we suggest a solution to IPv6 de-preferencing: we define a new IPv6 address range for VPNs that is not de-preferenced by address selection. We prototype this solution on Linux. Our findings help identify and address rough edges in the addition of IPv6 support to VPNs.

  PublisherOA PDF

• Quantifying Differences Between Batch and Streaming Detection of Internet Outages

  2025-06-10

  article

  A number of different systems today detect outages in the IPv4 Internet, often using active probing and algorithms based on Trinocular's Bayesian inference. Outage detection methods have evolved, both to provide results in near-real-time, and adding algorithms to account for important but less common cases that might otherwise be misinterpreted. We compare two implementations of active outage detection to see how choices to optimize for near-real-time results with streaming compare to designs that use long-term information to maximize accuracy using batch processing. Examining 8 days of data, starting on 2021-02-26, we show that the two similar systems agree most of the time, more than 84%. We show that only 0.2% of the time the algorithms disagree, and 15% of the time only one reports. We show these differences occur due to streaming's requirement for rapid decisions, precluding algorithms that consider long-term data (days or weeks). These results are important to understand the trade-offs that occur when balancing timely results with accuracy. Beyond the two systems we compare, our results suggest the role that algorithmic differences can have in similar but different systems, such as the several implementations of Trinocular-like active probing today.

  PublisherDOI

• Poster: Rough Edges for IPv6 in VPNs

  2025-10-28

  articleSenior author

  How do VPNs interact with IPv6? Our poster shows that VPNs often leak IPv6 traffic, failing to provide the promised privacy, and VPNs often prefer IPv4, even though IPv6 is available and working. These results use new data from a website for IP identification, coupled with experiments on specific VPN software. We identify the fraction of v6 traffic leaked, and find the root-cause of IPv6 de-preferencing in interactions between address selection in OSes and VPNs

  PublisherDOI

• Smoothing Rough Edges of IPv6 in VPNs

  arXiv (Cornell University) · 2025-11-27

  preprintOpen accessSenior author

  How do commercial VPNs interact with IPv6? We show two "rough edges" in how commercial VPNs handle IPv6. First, we show that many IPv4-only VPNs leak IPv6 traffic to the ISP. Individual use VPNs in part to conceal their local IP addresses, so such leaks reduce user privacy. While prior work has studied VPNs in testbeds, we use a new dataset of 129k VPN-using daily visitors to WhatIsMyIPAddress.com that quantifies these leaks and show 12 VPNs previously considered safe still leak for at least 5% of their users. We show native IPv6 addresses leak most commonly in VPNs that claim only IPv4 support, with 5% to 57% of visitors of v4-only VPNs having their native IPv6 address exposed. Second, we show that most dual-stack VPNs users actually select IPv4 instead of IPv6. We observe this problem in our visitor data, and we identify the root cause arises because when user's computer follows standard address-selection rules, VPN-assigned addresses are often de-preferenced. Testing six VPNs on Android, we show that five consistently de-prioritize IPv6. Finally, we suggest a solution to IPv6 de-preferencing: we define a new IPv6 address range for VPNs that is not de-preferenced by address selection. We prototype this solution on Linux. Our findings help identify and address rough edges in the addition of IPv6 support to VPNs.

  PublisherDOI

• Third-Party Assessment of Mobile Performance in the 5G Era

  ArXiv.org · 2025-07-24

  preprintOpen access

  The web experience using mobile devices is important since a significant portion of the Internet traffic is initiated from mobile devices. In the era of 5G, users expect a high-performance data network to stream media content and for other latency-sensitive applications. In this paper, we characterize mobile experience in terms of latency, throughput, and stability measured from a commercial, globally-distributed CDN. Unlike prior work, CDN data provides a relatively neutral, carrier-agnostic perspective, providing a clear view of multiple and international providers. Our analysis of mobile client traffic shows mobile users sometimes experience markedly low latency, even as low as 6 ms. However, only the top 5% users regularly experience less than 20 ms of minimum latency. While 100 Mb/s throughput is not rare, we show around 60% users observe less than 50 Mb/s throughput. We find the minimum mobile latency is generally stable at a specific location which can be an important characteristic for anomaly detection.

  PublisherOA PDFDOI

• External Evaluation of Discrimination Mitigation Efforts in Meta's Ad Delivery

  2025-06-23 · 1 citations

  preprintOpen access

  The 2022 settlement between Meta and the U.S. Department of Justice to resolve allegations of discriminatory advertising resulted is a first-of-its-kind change to Meta's ad delivery system aimed to address algorithmic discrimination in its housing ad delivery. In this work, we explore direct and indirect effects of both the settlement's choice of terms and the Variance Reduction System (VRS) implemented by Meta on the actual reduction in discrimination. We first show that the settlement terms allow for an implementation that does not meaningfully improve access to opportunities for individuals. The settlement measures impact of ad delivery in terms of impressions, instead of unique individuals reached by an ad; it allows the platform to level down access, reducing disparities by decreasing the overall access to opportunities; and it allows the platform to selectively apply VRS to only small advertisers. We then conduct experiments to evaluate VRS with real-world ads, and show that while VRS does reduce variance, it also raises advertiser costs (measured per-individuals-reached), therefore decreasing user exposure to opportunity ads for a given ad budget. VRS thus passes the cost of decreasing variance to advertisers. Finally, we explore an alternative approach to achieve the settlement goals, that is significantly more intuitive and transparent than VRS. We show our approach outperforms VRS by both increasing ad exposure for users from all groups and reducing cost to advertisers, thus demonstrating that the increase in cost to advertisers when implementing the settlement is not inevitable. Our methodologies use a black-box approach that relies on capabilities available to any regular advertiser, rather than on privileged access to data, allowing others to reproduce or extend our work.

  PublisherDOI

• Auditing for Bias in Ad Delivery Using Inferred Demographic Attributes

  2025-06-23 · 1 citations

  articleOpen accessSenior author
  PublisherOA PDFDOI

• Auditing for Racial Discrimination in the Delivery of Education Ads

  2024-06-03 · 9 citations

  preprintOpen accessSenior author

  Digital ads on social-media platforms play an important role in shaping access to economic opportunities. Our work proposes and implements a new third-party auditing method that can evaluate racial bias in the delivery of ads for education opportunities. Third-party auditing is important because it allows external parties to demonstrate presence or absence of bias in social-media algorithms. Education is a domain with legal protections against discrimination and concerns of racial-targeting, but bias induced by ad delivery algorithms has not been previously explored in this domain. Prior audits demonstrated discrimination in platforms’ delivery of ads to users for housing and employment ads. These audit findings supported legal action that prompted Meta to change their ad-delivery algorithms to reduce bias, but only in the domains of housing, employment, and credit. In this work, we propose a new methodology that allows us to measure racial discrimination in a platform’s ad delivery algorithms for education ads. We apply our method to Meta using ads for real schools and observe the results of delivery. We find evidence of racial discrimination in Meta’s algorithmic delivery of ads for education opportunities, posing legal and ethical concerns. Our results extend evidence of algorithmic discrimination to the education domain, showing that current bias mitigation mechanisms are narrow in scope, and suggesting a broader role for third-party auditing of social media in areas where ensuring non-discrimination is important.

  PublisherOA PDFDOI

Recent grants

• CCRI: Medium: DNS, Identity, and Internet Naming for Experimentation and Research (DIINER)

  NSF · $1.5M · 2019–2024

• NeTS-FIND: Sensor-Internet Sharing and Search

  NSF · $580k · 2006–2010

• CRI: CRD: Collaborative Research: Open Research Testbed for Underwater Ad Hoc and Sensor Networks

  NSF · $150k · 2007–2011

• NeTS-NOSS: Sensor Networks for Undersea Seismic Experimentation (SNUSE)

  NSF · $918k · 2004–2009

• RAPID: Measuring the Internet during Novel Coronavirus to Evaluate Quarantine (RAPID-MINSEQ)

  NSF · $99k · 2020–2022

Frequent coauthors

• Deborah Estrin

  Cornell University

  66 shared

• Ramesh Govindan

  University of Southern California

  33 shared

• Christos Papadopoulos

  University of Western Macedonia

  21 shared

• Kun-Chan Lan

  National Cheng Kung University

  18 shared

• Yuri Pradkin

  18 shared

• Affan A. Syed

  National University of Computer and Emerging Sciences

  15 shared

• Fábio Silva

  Polytechnic Institute of Porto

  15 shared

• Giovane C. M. Moura

  Delft University of Technology

  15 shared

Labs

• ANT peoplePI

  Information about the ANT project's research.

Awards & honors

• 2014 IEEE Fellow
• 2008 Association for Computing Machinery Senior Member