We’ve discussed how Censys has grown, how Censys works as a platform, and how we evaluated its performance. Today, we’ll wrap up this blog series by discussing our ethical considerations while scanning, and looking forward to the next ten years (and beyond). Of course, you can read our full discourse in the original paper.
Ethics and Lessons Learned
Internet scanning raises a lot of ethical questions, and opinions about what’s acceptable are still evolving. Researchers and operators don’t always agree on what “responsible” looks like, and our own thinking has changed over time as we’ve worked with governments and companies to help protect Internet infrastructure.
Some have argued that Censys goes too far by collecting more than just “service presence” data, citing privacy concerns. However, just knowing a service exists isn’t enough to understand who owns it or how exposed it is — both of which are essential for securing critical systems, a foundational goal here at Censys.
We follow established best practices for scanning. That means never exploiting vulnerabilities, bypassing authentication, or touching devices behind NAT. Our scans identify themselves, our IPs clearly show ownership and contact info, and we comply with U.S. and E.U. privacy laws. When new probes are introduced, we test carefully, scale up slowly, and make sure network operators can reach us easily.
Censys sends about 26.5 million probes per second, meaning a typical public IP sees one probe every few minutes. That might sound like a lot, but it’s only about 1–2% of the total scan traffic seen by cloud hosts. Even so, we’re still focused on finding ways to reduce traffic while maintaining real-time visibility.
Moreover, operators can opt out of scanning if they verify ownership of a network or domain. Today, only a small fraction of the Internet has opted out (a smaller percentage than in the early ZMap days) even though Censys scans more comprehensively. This may speak to the changing dynamics of the Internet.
One of the harder ethical questions now is deciding what data to share publicly. Transparency helps defenders, but it can also help attackers. As attacks have become more targeted, sometimes even causing physical damage, we’ve become more careful about what we make publicly accessible. Data related to vulnerabilities, industrial control systems, or command-and-control infrastructure is now restricted to verified users with a clear need. While this added friction isn’t ideal for researchers, it’s part of a growing effort to balance openness with safety.
Looking Ahead
Censys has evolved significantly since it began in 2015. By documenting how the system works and how our goals have shifted, we hope to help others use our data more effectively, and to inform the next wave of Internet measurement research.
Looking ahead, we see several opportunities for further exploration and research:
- Understanding Internet Dynamics: We still don’t fully grasp how and why Internet services appear, disappear, and move. More work is needed to study these patterns safely and accurately, and understand the implications for Internet measurement.
- Smarter Scanning: Predictive scanning methods show promise, but they’re not yet reliable or scalable enough to replace full Internet scans.
- Safe Fingerprinting: We need better, safer ways to detect vulnerabilities and identify software versions without putting systems at risk.
- Mapping Relationships: Linking related assets and uncovering infrastructure patterns is still a mostly manual process — one that could benefit from smarter automation.
- Tracking Services Over Time: IPs change, but services persist. We need reliable ways to follow those changes across different services protocols.
- Effective Notifications: Even when vulnerabilities are reported, many go unfixed. Our collaboration with the EPA showed that effective enforcement and communication channels can make a big difference.
Censys started as a research project, and we remain true to our roots. As the world evolves, so do we, and we remain committed to pushing the boundary of science and engineering in order to provide the most accurate map of the Internet. While we’ve reached the end of our ten year retrospective, our work does not stop here. To stay in the loop on what we’re up to and where we’re headed next, you can sign up for monthly updates or follow us on LinkedIn or X.
