Inflight Modifications of Content: Who are the Culprits?

When a user requests content from a cloud service provider, sometimes the content sent by the provider is modified inflight by third-party entities. To the author's knowledge, there is no comprehensive study that examines the extent and primary root causes of the content modification problem. The authors design a lightweight experiment and instrument a vast number of clients in the wild to make two additional DNS queries every day. They identify candidate rogue servers and develop a measurement methodology to determine, for each candidate rogue server, whether the server is performing inflight modifications or not.