Investigating internet controls with OONI

From IFF Wiki
Jump to: navigation, search
Investigating internet controls with OONI
Presenter(s) Arturo Filastò, Maria Xynou
Title(s) Investigating internet controls with OONI
Organization(s) The Tor Project (OONI)
Project(s) OONI: Open Observatory of Network Interference
Country(ies) Worldwide
Social media @OpenObservatory
2017 theme Tools & Technology

The Open Observatory of Network Interference (OONI) is a free software project that aims to empower decentralized efforts in increasing transparency of internet censorship around the world.

ooniprobe is an investigatory tool that can help people understand if and how internet censorship is being performed on their network. All network measurement data collected by ooniprobe is published, increasing transparency of global censorship events and enabling researchers to conduct independent studies.

As part of this workshop, participants will learn how to install and run ooniprobe on their own computer or smartphones and how to interpret the results. We will be showing how journalists, policy makers, activists and just curious people can use the data that ooniprobe collects to examine internet censorship.

We will also be showing how data collected by ooniprobe users around the world can be made actionable. In particular, trainers will learn how to use OONI data to check which tools work (or don't work) in a given country.

Some of the major findings based on OONI data will be presented and participants will learn how they can produce similar reports for their own countries.

Format Workshop
Target Groups Journalists, Policy makers, Activists
Length 1
Skill Level Novice
Language English

What follows are notes taken by synnick on 7/3/17 at the session

What is OONI?

Is a FOSS project focused on decentralization platform for monitoring internet cenorship

All of the data is made available in raw formats to the public. The public is free to perform analysis on the data

started in 2012 with measurements from over 180 to 190 countries.

OONi is a research expirement that is trying to characterize different forms of censorship in context.

Partner rganizations in Africa, SE, ME, have helped provide measurements, background and understanding of the data collected.

The project provides the largest open data set available about internet censorship across the world. They only confirm cases of censorship when they detect blocked pages. This does not mean that other countries are not censoring traffic.

OONI Functionality

There are 5 areas that are measured

1) Blocking of websites Uses the blocked url lists chosen by the user.

The goal of the test is to recreate the normal process of visiting a web page.

They use DNS lookup, TCP connections, HTTP request, Invalid request line -- quasi hacking -- Title tag, Headers checks which will look for header mangling from middle boxes that inject and change https headers. These transparent network proxies are not always bad -- they can provide caching and net speed ups for mobile networks for example. status code

These heuristics can produce false positives when the control does not match the test results. This was a design choice to try and avoid the chances of hiding censorship

It is hard to distinguish a network failure from a censorship event.

2) Whether or not instant messaging apps works

The app tests try to reach the endpoints related to the companies network services that are required for the application to function properly.

3) Circumvention tools are available or not 4) Detection of middle boxes

The middlebox tests are designed to detect if transparent network proxies are deployed in a countries network. The DPI tests that the OONI probes try have sometimes demonstrated that this caching technology may have been used to censor websites.

5) General network performance


Your usage of the probe is not secret to agents monitoring internet traffic.

The probes itself connects to pornographic content that may be illegal in your country.

Detection of middle boxes may be considered illegal as hacking

Usage of the tool may be deemed illegal.

The projects operators are not aware of anyone encountering legal trouble from a users usage of the tool.


Remove the plausible deniabilty of ordered censorship.


OONi was a command line probe. OONI can be run on a rasberry pi. Deploying a probe is made easier by an image that packages ooni simply.

There is also a mobile applications. The application does not support every type of test already written for the original version.

Choices available

Users are asked to answer questions before they can use the application

Test lists are places for Thursday there will be a discussion that goes deeper on the urls and its management.

When operating a probe you are able to choose: - A global content list. - An in country list.

Types of tests to run

Where and how to upload the OONI data.

Data collection

Try to be minimal about collected expirement. IP addresses are scrubbed, but sometimes the project has missed removing personally identifiable information.

The OONI control servers can recieve data over tor. The servers can be reached over HTTPS as well as clound-fronting.

There are many benefits to publishing this data publicly:

It allows other researchers to consider other questions. A group could verify a reasearch question: "Which countries are actively blocking tor."

This data could be used in court cases as evidence.

Story telling could help advocates produce compelling stories around the impact censorship has.

Data Interpretation

An API is available for download of the OONI data from the control servers.

Definitive Internet censorship is codified by what the team considers a confirmed 'blocked page'


Partnership project IRC and slack monthly community meetings Running probes is great. Contributing to test lists is great Analyzing the data Story telling is great too.


  1. ooni (


President [XXX] from 1986. During elections partner organizations helped produce research that demonstrated discrepancies between ISPs that censored traffic.

When the government ordered a shutdown they asked the ISP to block social media, and left the ISP to implement the block.

Since December 2015 there has been many protests in Uganda. An OONI user deployed a probe during the protests. Third party DPI tech was deployed to track

Torproject and psyphon were deployed.


Discovered the blocking of 39 different websites via DNS block pages.

Interestingly, many of the blocked pages were related to the 1MDB scandal -- an organization focused on internal economic development. The washingpost revealed that 700m was deposited into personal accounts of politicians from the fund.

Question & Answers

Should the project consider providing by default an opt-in versus an opt-in type of model.

A probe run on its own does not provide a meaningful experiment. One the ooni probes quiz questions specifically tests to see if the user understands the implications.

Is the team considering other methodology for tagging definitive cases of cenorship other than DNS based blocking or HTTP testing?

Measurements are being grouped into 4 catergories

1) Nothing is happening 2) Something is not quiet okay 3) DNS based blocking and 4) Red HTTPS blocks

The process of analyzing and confiriming whether a country is censored is a semi-manual process.

Does the team work with chokepoint and RIPE ATLAS?

Collabartion occurs via the citizenlab testing list. RIPE ATLAS and the ooni project produced a joint report together.

How does the team ensure that the uncensored network is not censored?

The control vantage points are located at a trusted provider.

There is a problem with thepiratebay being censored by Cogent an internet transit provider?

Maybe the analysis could look at the routing of probes through different autonomous systems. The project could use probes deployed in ISPs to help provide control and more data to help understand this type of filtering.

In Africa governments have largely been blocking social media. Does the blocking of SM constitute this type of blocking?

Typically the project means a block page where a ministry of communication has spefically taken down content.

Is there any IPv6 tesing and measurements?

No, only IPv6 DNS lookups.