ooni-probe and tor (long version)
DESCRIPTION
The long version of the presentation given at the European Parliament in occasion of the EU Hackathon http://www.euhackathon.eu/. Topic are Censorship, Internet Filtering, Tor and ooni-probe.TRANSCRIPT
OONI-probeDetecting internet filtering for a Free and Transparent
Internet
Tuesday, November 8, 2011
Surveillance
• Internet filtering is a subset of Surveillance
• If they are filtering something, it means that they are surveilling everything
Wednesday, November 9, 2011
Censorship
• Internet filtering is a form of non democratic oppression on people
• It allows those in power to subvert reality
• FilterNet
It’s a distortion of what is in reality the internet.
Follows the subjectiveness of the authorities
This does not help humanity
Wednesday, November 9, 2011
FilterNet
• It’s a distortion of what is in reality the internet.
• Follows the subjectiveness of the authorities
• This does not help humanity
Tuesday, November 8, 2011
What we are doing?
• Help people circumvent censorship (Tor)
• Help people speak freely and anonymously (Tor Hidden Services)
• Measure Internet filtering in the world (OONI-Probe)
Tuesday, November 8, 2011
Tor
• Tor software downloads are currently blocked from China, Iran, Lebanon, Qatar, etc.
• Tor delivers via email, write to [email protected] and we will send you a client to bootstrap a Tor client
Tuesday, November 8, 2011
Hidden Services
• They allow a server to give access to content anonymously
• This means people can publish content even if filtering is in place
• No fear of retaliation
Tuesday, November 8, 2011
Tor Hidden Services
• am4wuhz3zifexz5u.onion
• Anonymity for the Server
• DoS protection
• End-To-End encryption
Tuesday, November 8, 2011
How HS work
Hidden ServerIP
IP
IP
Client
RP
Tuesday, November 8, 2011
Existing filter detection tools
• Various captive portal software
• Windows/iOS/Android/Google Chrome
• ONI has a tool called “rTurtle”
• ...
• Herdict “The verdict of the herd”
• ...
• Some academic research
• GATech and UC Berkeley have the best work
• Methodology, tools and data are (usually) closed
OpenNet Initiative (rTurtle)
Herdict
Academic research
Tuesday, November 8, 2011
OONI-probe: Measuring filtering
• Open Observatory of Network Interference
• Provide a methodology and framework
• Make our data and code publicly available
Tuesday, November 8, 2011
How filtering is performed
• Varies by country and agency
• Lebanon uses Free Software (squid)
• Syria uses commercial software (BlueCoat)
Tuesday, November 8, 2011
Filtering Techniques
Accuracy
Cost
IP Filtering
DNS Filtering
Keyword Filtering
Source: A Taxonomy of Internet Censorship and AntiCensorship - Princeton University
Tuesday, November 8, 2011
OONI-Probe Risk Levels
• The tests that are run by OONI-probe are divided into three categories:
• Active/High (High Risk)
• Active/Medium (Medium Risk)
• Active/Low (Low Risk)
• Passive (No Risk)
Tuesday, November 8, 2011
TTL walking
• UDP, TCP, ICMP
• Common ports 0, 53, 80, 123, 443
• Compare the result of UDP, TCP with common ports and ICMP traceroute
Active/HighActive/Low
Tuesday, November 8, 2011
Keyword injection
• Actively probe for blocking of particular keywords
• Connect to unblocked IP address with fake Host Header
Active/High
Tuesday, November 8, 2011
DNS probing
• Compare a good DNS server with a test one
• This is used in Italy
Active/MediumActive/High
Tuesday, November 8, 2011
HTTP requests
• Manipulated HTTP requests
• HTTP GeT foo.html
• Check for altered response/request headers
• This is used to detect squid
Active/LowPassive
Tuesday, November 8, 2011
URL lists
• Use URL lists of known blocked sites
Active/High
Tuesday, November 8, 2011
Network latency
• Check if the latency is congruent with the destination
• A case is Lebanon
Active/LowTPO in lebannon
Tuesday, November 8, 2011