OONI-probeDetecting internet filtering for a Free and Transparent

Internet

Tuesday, November 8, 2011

Surveillance

• Internet filtering is a subset of Surveillance

• If they are filtering something, it means that they are surveilling everything

Wednesday, November 9, 2011

Censorship

• Internet filtering is a form of non democratic oppression on people

• It allows those in power to subvert reality

• FilterNet

It’s a distortion of what is in reality the internet.

Follows the subjectiveness of the authorities

This does not help humanity

Wednesday, November 9, 2011

FilterNet

• It’s a distortion of what is in reality the internet.

• Follows the subjectiveness of the authorities

• This does not help humanity

Tuesday, November 8, 2011

What we are doing?

• Help people circumvent censorship (Tor)

• Help people speak freely and anonymously (Tor Hidden Services)

• Measure Internet filtering in the world (OONI-Probe)

Tuesday, November 8, 2011

Tor

• Tor software downloads are currently blocked from China, Iran, Lebanon, Qatar, etc.

• Tor delivers via email, write to gettor@torproject.org and we will send you a client to bootstrap a Tor client

Tuesday, November 8, 2011

Hidden Services

• They allow a server to give access to content anonymously

• This means people can publish content even if filtering is in place

• No fear of retaliation

Tuesday, November 8, 2011

Tor Hidden Services

• am4wuhz3zifexz5u.onion

• Anonymity for the Server

• DoS protection

• End-To-End encryption

Tuesday, November 8, 2011

How HS work

Hidden ServerIP

IP

IP

Client

RP

Tuesday, November 8, 2011

Existing filter detection tools

• Various captive portal software

• Windows/iOS/Android/Google Chrome

• ONI has a tool called “rTurtle”

• ...

• Herdict “The verdict of the herd”

• ...

• Some academic research

• GATech and UC Berkeley have the best work

• Methodology, tools and data are (usually) closed

OpenNet Initiative (rTurtle)

Herdict

Academic research

Tuesday, November 8, 2011

OONI-probe: Measuring filtering

• Open Observatory of Network Interference

• Provide a methodology and framework

• Make our data and code publicly available

Tuesday, November 8, 2011

How filtering is performed

• Varies by country and agency

• Lebanon uses Free Software (squid)

• Syria uses commercial software (BlueCoat)

Tuesday, November 8, 2011

Filtering Techniques

Accuracy

Cost

IP Filtering

DNS Filtering

Keyword Filtering

Source: A Taxonomy of Internet Censorship and AntiCensorship - Princeton University

Tuesday, November 8, 2011

OONI-Probe Risk Levels

• The tests that are run by OONI-probe are divided into three categories:

• Active/High (High Risk)

• Active/Medium (Medium Risk)

• Active/Low (Low Risk)

• Passive (No Risk)

Tuesday, November 8, 2011

TTL walking

• UDP, TCP, ICMP

• Common ports 0, 53, 80, 123, 443

• Compare the result of UDP, TCP with common ports and ICMP traceroute

Active/HighActive/Low

Tuesday, November 8, 2011

Keyword injection

• Actively probe for blocking of particular keywords

• Connect to unblocked IP address with fake Host Header

Active/High

Tuesday, November 8, 2011

DNS probing

• Compare a good DNS server with a test one

• This is used in Italy

Active/MediumActive/High

Tuesday, November 8, 2011

HTTP requests

• Manipulated HTTP requests

• HTTP GeT foo.html

• Check for altered response/request headers

• This is used to detect squid

Active/LowPassive

Tuesday, November 8, 2011

URL lists

• Use URL lists of known blocked sites

Active/High

Tuesday, November 8, 2011

Network latency

• Check if the latency is congruent with the destination

• A case is Lebanon

Active/LowTPO in lebannon

Tuesday, November 8, 2011