<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Apr 23, 2013 at 5:01 PM, Jacob Appelbaum <span dir="ltr"><<a href="mailto:jacob@appelbaum.net" target="_blank">jacob@appelbaum.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
I was thinking of a useful service that will invite everyone to visit<br>
it. In an ideal world, we could offer it as a badge to be included on<br>
websites as well as just as a normal website.</blockquote><div> </div><div>I like this idea. The image might also say something qualitative about the
users ISP. A simple example would be that ISPs that do not filter/interfere
get a green badge, and those that do get varying shades of red.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Basically, I think we should have an HTTP page that reports the user's<br>
ip, asn, a traceroute (icmp, tcp, udp), and it should load an image from<br>
the same machine offered over HTTPS. We could create a unique reference<br>
and if we see split routing, we have a bit of data about likely filtering.<br>
<br>
We may even do scanning for key word filtering with a *.<a href="http://example.com" target="_blank">example.com</a><br>
domain certificate. In short, we generate a number of image links for<br>
which each domain load a small image. For every image that does not<br>
load, we know that the single difference is the different word in the<br>
TLS handshake. We could also offer an image to report an image of their<br>
ip address with or without ssl (with or with a lock icon). This would<br>
allow people to add an image for a web survey of sorts, if they wanted<br>
to help us with our coverage.<br></blockquote><div> </div><div>Can this technique be used to tell if Tor is being blocked by
fingerprinting TLS handshake, without using Tor?<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
The incentive for a user is that they want to know their IP address and<br>
other related information.</blockquote><div><br>I'm not sure that IP/asn information is a big incentive to most Internet
users and think we'd need to expand on this idea to get significant
traction, but it's a good starting point.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The incentive for us is that it gives us<br>
information to help develop a generic method that anyone may deploy on<br>
their own website for detecting surveillance of their readers/users/etc.<br>
A further incentive is that the data will be very interesting if we log<br>
all of the *source* ip addresses, headers (eg: X-Forwarded, X-Via, etc),<br>
and so on.</blockquote><div><br>Ideally done in a privacy preserving way.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I'm tempted to run this service on <a href="http://blockfinder.net" target="_blank">blockfinder.net</a> and back the data<br>
with the data from blockfinder/MaxMind and other GeoIP services. If we<br>
also ask the user of their country, we might be able to collect<br>
information corrections.</blockquote><div><br>If the image or embedded content can function as a simple (single click)
survey we can probably come up with a lot of interesting questions.
<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
This will give us a light weight one to one testing service This<br>
complements the more heavy ooniprobe one to one or one to many service.<br>
It also helps us develop the more heavy solutions as we'll have an idea<br>
about data we may be missing with the heavy solutions.<br>
<br>
Thoughts?<br>
<br>
All the best,<br>
Jake<br>
_______________________________________________<br>
ooni-dev mailing list<br>
<a href="mailto:ooni-dev@lists.torproject.org">ooni-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/ooni-dev" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/ooni-d</a>
</blockquote></div></div></div>