Refraction networking is a next-generation censorship circumvention approach that locates proxy functionality in the network itself, at participating ISPs or other network operators. Following years of research and development and a brief pilot, we established the world’s first production deployment of a Refraction Networking system. Our deployment uses a highperformance implementation of the TapDance protocol and is enabled as a transport in the popular circumvention app Psiphon. It uses TapDance stations at four physical uplink locations of a mid-sized ISP, Merit Network, with an aggregate bandwidth of 140 Gbps. By the end of 2019, our system was enabled as a transport option in 559,000 installations of Psiphon, and it served upwards of 33,000 unique users per month. This paper reports on our experience building the deployment and operating it for the first year. We describe how we overcame engineering challenges, present detailed performance metrics, and analyze how our system has responded to dynamic censor behavior. Finally, we review lessons learned from operating this unique artifact and discuss prospects for further scaling Refraction Networking to meet the needs of censored users.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 D. J. Bernstein, M. Hamburg, A. Krasnova, and T. Lange. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In ACM Conference on Computer and Communications Security (CCS), 2013.
 C. Bocovich and I. Goldberg. Slitheen: Perfectly imitated decoy routing through traffic replacement. In ACM Conference on Computer and Communications Security (CCS), 2016.
 C. Bocovich and I. Goldberg. Secure asymmetry and deployability for decoy routing systems. Proceedings on Privacy Enhancing Technologies, 2018(3), 2018.
 D. Ellard, A. Jackson, C. Jones, V. Manfredi, W. T. Strayer, B. Thapa, and M. V. Welie. Rebound: Decoy routing on asymmetric routes via error messages. In IEEE Conference on Local Computer Networks (LCN), 2015.
 S. Frolov, F. Douglas, W. Scott, A. McDonald, B. VanderSloot, R. Hynes, A. Kruger, M. Kallitsis, D. Robinson, N. Borisov, J. A. Halderman, and E. Wustrow. An ISP-scale deployment of TapDance. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2017.
 S. Frolov, J. Wampler, S. C. Tan, J. A. Halderman, N. Borisov, and E. Wustrow. Conjure: Summoning proxies from unused address space. In ACM Conference on Computer and Communications Security (CCS), 2019.
 D. Gosain, A. Agarwal, S. Chakravarty, and H. B. Acharya. The devil’s in the details: Placing decoy routers in the Internet. In Annual Computer Security Applications Conference (ACSAC), 2017.
 P. Hintjens. ZeroMQ: Messaging for Many Applications. O’Reilly, 2013.
 A. Houmansadr, G. T. K. Nguyen, M. Caesar, and N. Borisov. Cirripede: Circumvention infrastructure using router redirection with plausible deniability. In ACM Conference on Computer and Communications Security (CCS), 2011.
 A. Houmansadr, E. L. Wong, and V. Shmatikov. No direction home: The true cost of routing around decoys. In Internet Society Network and Distributed System Security Symposium (NDSS), 2014.
 J. Karlin, D. Ellard, A. W. Jackson, C. E. Jones, G. Lauer, D. P. Mankins, and W. T. Strayer. Decoy routing: Toward unblockable Internet communication. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2011.
 V. Manfredi and P. Songkuntham. Multiflow: Crossconnection decoy routing using TLS 1.3 session resumption. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2018.
 B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Railton, R. Deibert, and V. Paxson. An analysis of China’s Great Cannon. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2015.
 M. Nasr and A. Houmansadr. Game of decoys: Optimal decoy routing through game theory. In ACM Conference on Computer and Communications Security (CCS), 2016.
 M. Nasr, H. Zolfaghari, and A. Houmansadr. The waterfall of liberty: Decoy routing circumvention that resists routing attacks. In ACM Conference on Computer and Communications Security (CCS), 2017.