Breakpointing Bad is a 501(c)(3) nonprofit research and education organization founded in 2019. We conduct public-interest computer security research focused on privacy, censorship resistance, free expression, and human rights.
Our work combines academic research, technical analysis, infrastructure building, and education. We study the security properties of real-world systems, with particular attention to the ways that network protocols, mobile applications, VPNs, operating systems, cloud infrastructure, and deployment choices can expose users to surveillance, censorship, or abuse.
Our group consists of computer scientists, security researchers, students, and collaborators working on projects ranging from network side channels and VPN security to reverse engineering, mobile application analysis, censorship measurement, and privacy-focused infrastructure. A core part of our mission is to provide technical expertise, tools, and educational resources that can help at-risk populations subjected to repressive or authoritarian control.
Recent Publications
Architectural VPN Vulnerabilities, Disclosure Fatigue, and Structural Failures
William J. Tolley, Everett Morse, Gabriel Hogan, Jeffrey Knockel, and Jedidiah R. Crandall.
Free and Open Communications on the Internet Workshop (FOCI 2026). February 2026.
Revisiting SDN Resilience in Cloud and Enterprise Environments
Sana Habib, Jedidiah R. Crandall, and Adam Doupé.
Cloud Computing Security Workshop (CCSW 2025). Taipei, Taiwan. October 2025.
CryptoFilter: Privacy-Preserving Traffic Analysis of Weak Transport Layer Encryption at Internet Gateways
Benjamin Mixon-Baca, Diwen Xue, Roya Ensafi, and Jedidiah R. Crandall.
Workshop on Privacy in the Electronic Society (WPES 2025). Taipei, Taiwan. October 2025.
Hidden Links: Analyzing Secret Families of VPN Apps
Benjamin Mixon-Baca, Jeffrey Knockel, and Jedidiah R. Crandall.
Free and Open Communications on the Internet Workshop (FOCI 2025). Washington, DC. July 2025.
Examining Leading Pakistani Mobile Apps
Sana Habib, Mohammad Taha Khan, and Jedidiah R. Crandall.
Free and Open Communications on the Internet Workshop (FOCI 2025). Washington, DC. July 2025.
Revisiting BAT Browsers: Protecting At-Risk Populations from Surveillance, Censorship, and Targeted Attacks
Esther Rodriguez, Lobsang Gyatso, Tenzin Thayai, and Jedidiah R. Crandall.
Free and Open Communications on the Internet Workshop (FOCI 2025). Washington, DC. July 2025.
OpenVPN Is Open to VPN Fingerprinting
Diwen Xue, Reethika Ramesh, Arham Jain, Michaelis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, and Roya Ensafi. Communications of the ACM. Vol. 68, No. 1, pp. 79 ^`^s87. January 2025.
Analyzing Prominent Mobile Apps in Latin America
Beau Kujath, Jeffrey Knockel, Paul Aguilar, Diego Morabito, Masashi Crete-Nishihata, and Jedidiah R. Crandall.
Free and Open Communications on the Internet Workshop (FOCI 2024). Bristol, United Kingdom. July 2024.
Attacking Connection Tracking Frameworks as used by Virtual Private Networks
Benjamin Mixon-Baca, Jeffrey Knockel, Diwen Xue, Tarun Ayyagari, Deepak Kapur, Roya Ensafi, and Jedidiah R. Crandall.
Proceedings on Privacy Enhancing Technologies / PETS 2024. Bristol, United Kingdom. July 2024.
TSPU: Russia’s Decentralized Censorship System
Diwen Xue, Benjamin Mixon-Baca, ValdikSS, Beau Kujath, Jedidiah R. Crandall, and Roya Ensafi.
ACM Internet Measurement Conference (IMC 2022). Nice, France. October 2022.
Blind In/On-Path Attacks and Applications to VPNs
William J. Tolley, Beau Kujath, Mohammad Taha Khan, Narseo Vallina-Rodriguez, and Jedidiah R. Crandall.
30th USENIX Security Symposium (USENIX Security 2021). Virtual event. August 2021.