Investigating internet controls with OONI
|Investigating internet controls with OONI|
|Presenter(s)||Arturo Filastò, Maria Xynou|
|Title(s)||Investigating internet controls with OONI|
|Organization(s)||The Tor Project (OONI)|
|Project(s)||OONI: Open Observatory of Network Interference|
|2017 theme||Tools & Technology|
The Open Observatory of Network Interference (OONI) is a free software project that aims to empower decentralized efforts in increasing transparency of internet censorship around the world.
ooniprobe is an investigatory tool that can help people understand if and how internet censorship is being performed on their network. All network measurement data collected by ooniprobe is published, increasing transparency of global censorship events and enabling researchers to conduct independent studies.
As part of this workshop, participants will learn how to install and run ooniprobe on their own computer or smartphones and how to interpret the results. We will be showing how journalists, policy makers, activists and just curious people can use the data that ooniprobe collects to examine internet censorship.
We will also be showing how data collected by ooniprobe users around the world can be made actionable. In particular, trainers will learn how to use OONI data to check which tools work (or don't work) in a given country.
Some of the major findings based on OONI data will be presented and participants will learn how they can produce similar reports for their own countries.
|Target Groups||Journalists, Policy makers, Activists|
What follows are notes taken by synnick on 7/3/17 at the session
What is OONI?
Is a FOSS project focused on decentralization platform for monitoring internet cenorship
All of the data is made available in raw formats to the public. The public is free to perform analysis on the data
started in 2012 with measurements from over 180 to 190 countries.
OONi is a research expirement that is trying to characterize different forms of censorship in context.
Partner rganizations in Africa, SE, ME, have helped provide measurements, background and understanding of the data collected.
The project provides the largest open data set available about internet censorship across the world. They only confirm cases of censorship when they detect blocked pages. This does not mean that other countries are not censoring traffic.
There are 5 areas that are measured
1) Blocking of websites Uses the blocked url lists chosen by the user.
The goal of the test is to recreate the normal process of visiting a web page.
They use DNS lookup, TCP connections, HTTP request, Invalid request line -- quasi hacking -- Title tag, Headers checks which will look for header mangling from middle boxes that inject and change https headers. These transparent network proxies are not always bad -- they can provide caching and net speed ups for mobile networks for example. status code
These heuristics can produce false positives when the control does not match the test results. This was a design choice to try and avoid the chances of hiding censorship
It is hard to distinguish a network failure from a censorship event.
2) Whether or not instant messaging apps works
The app tests try to reach the endpoints related to the companies network services that are required for the application to function properly.
3) Circumvention tools are available or not 4) Detection of middle boxes
The middlebox tests are designed to detect if transparent network proxies are deployed in a countries network. The DPI tests that the OONI probes try have sometimes demonstrated that this caching technology may have been used to censor websites.
5) General network performance
Your usage of the probe is not secret to agents monitoring internet traffic.
The probes itself connects to pornographic content that may be illegal in your country.
Detection of middle boxes may be considered illegal as hacking
Usage of the tool may be deemed illegal.
The projects operators are not aware of anyone encountering legal trouble from a users usage of the tool.
Remove the plausible deniabilty of ordered censorship.
OONi was a command line probe. OONI can be run on a rasberry pi. Deploying a probe is made easier by an image that packages ooni simply.
There is also a mobile applications. The application does not support every type of test already written for the original version.
Users are asked to answer questions before they can use the application
Test lists are places for Thursday there will be a discussion that goes deeper on the urls and its management.
When operating a probe you are able to choose: - A global content list. - An in country list.
Types of tests to run
Where and how to upload the OONI data.
Try to be minimal about collected expirement. IP addresses are scrubbed, but sometimes the project has missed removing personally identifiable information.
The OONI control servers can recieve data over tor. The servers can be reached over HTTPS as well as clound-fronting.
There are many benefits to publishing this data publicly:
It allows other researchers to consider other questions. A group could verify a reasearch question: "Which countries are actively blocking tor."
This data could be used in court cases as evidence.
Story telling could help advocates produce compelling stories around the impact censorship has.
An API is available for download of the OONI data from the control servers.
Definitive Internet censorship is codified by what the team considers a confirmed 'blocked page'
Partnership project IRC and slack monthly community meetings Running probes is great. Contributing to test lists is great Analyzing the data Story telling is great too.
- ooni (irc.oftc.net)
President [XXX] from 1986. During elections partner organizations helped produce research that demonstrated discrepancies between ISPs that censored traffic.
When the government ordered a shutdown they asked the ISP to block social media, and left the ISP to implement the block.
Since December 2015 there has been many protests in Uganda. An OONI user deployed a probe during the protests. Third party DPI tech was deployed to track
Torproject and psyphon were deployed.
Discovered the blocking of 39 different websites via DNS block pages.
Interestingly, many of the blocked pages were related to the 1MDB scandal -- an organization focused on internal economic development. The washingpost revealed that 700m was deposited into personal accounts of politicians from the fund.
Question & Answers
Should the project consider providing by default an opt-in versus an opt-in type of model.
A probe run on its own does not provide a meaningful experiment. One the ooni probes quiz questions specifically tests to see if the user understands the implications.
Is the team considering other methodology for tagging definitive cases of cenorship other than DNS based blocking or HTTP testing?
Measurements are being grouped into 4 catergories
1) Nothing is happening 2) Something is not quiet okay 3) DNS based blocking and 4) Red HTTPS blocks
The process of analyzing and confiriming whether a country is censored is a semi-manual process.
Does the team work with chokepoint and RIPE ATLAS?
Collabartion occurs via the citizenlab testing list. RIPE ATLAS and the ooni project produced a joint report together.
How does the team ensure that the uncensored network is not censored?
The control vantage points are located at a trusted provider.
There is a problem with thepiratebay being censored by Cogent an internet transit provider?
Maybe the analysis could look at the routing of probes through different autonomous systems. The project could use probes deployed in ISPs to help provide control and more data to help understand this type of filtering.
In Africa governments have largely been blocking social media. Does the blocking of SM constitute this type of blocking?
Typically the project means a block page where a ministry of communication has spefically taken down content.
Is there any IPv6 tesing and measurements?
No, only IPv6 DNS lookups.