January 2017 - ooni-talk - lists.torproject.org

Specifying the term "vendor" on OONI Explorer
by Anatol 07 Jun '17

07 Jun '17

Dear Oonitarians, I would like to discuss wether the vagueness of the term 'vendor' on http://explorer.ooni.torproject.org/ is potentially taking some impact from understanding OONIs test results for new users. I personally recall thinking it meant something like "vendors of internet infrastructure" the first time I visited the explorer, and the only place to figure it out is in one of the boxes in /highlights/. I'm not entirely sure what an appropriate specification should look like, I guess it's a balance between correct definition and convenience in length - with a focus on the first my proposal would be "vendors of [potentially] traffic manipulating software" - but that's so long it will probably break the design of the front page. Maybe if someone knows a shorter, appropriate synonym for "[potentially] traffic manipulating software" ? Best wishes, Anatol

4 4

Google is blocked in Egypt
by Leonid Evdokimov 11 Jan '17

11 Jan '17

I'd like to share some information I have regarding Google being blocked by one of Egyptian ISPs for a short period of time in the beginning of January 2017. I've seen some Facebook reports from humans claiming observation of timeout errors and later it converted to connection reset errors. I got some packet captures regarding TCP connection resets from one Egyptian vantage point (AFAIK, it was TE Data ISP). These captures show that connection was reset depending on SNI field in TLS ClientHello. The connection was reset for `google.com.eg`, but it was not reset when the client presented no SNI field (like `openssl s_client` CLI tool does without `-servername` option). SNI-based blocking was reproducible, but the data did not pass sanity checks due to confusing metadata: latency and TCP/IP headers were suggesting that the blocking could possibly happen within user's network as well (compromised PC? compromised router? bogus anti-virus or firewall software?), so I am not confident enough to release any "public" statement based on the data I had at that moment, so I'm just sharing it to ooni-talk@ for historical & archiving reasons. Also, as far as I know, the blocking was gone somewhere between Jan 05 09:00 UTC and 10:40 UTC. It's unclear if the blocking was observable from Google's point of view, it's not obviously existing in aggregated traffic stats[1]. One can suggest that non-smooth lines correspond to blocking being turned on and off, but it's hard to state that for sure as the same spiky pattern may be observed in the month-old data[2] as well. [1] https://www.google.com/transparencyreport/traffic/explorer/?r=EG&l=WEBSEARC… [2] https://www.google.com/transparencyreport/traffic/explorer/?r=EG&l=WEBSEARC… Open Whisper Systems (developers of encrypted messaging app Signal) claim[3], that the block may be caused by an attempt to tune existing[4] equipment to block Signal messenger. IMHO, it's rather bold claim as it implies absence of good testing environment for the fingerprinting and blocking ruleset :-) [3] https://twitter.com/whispersystems/status/817062093094604800 [4] https://ooni.torproject.org/post/egypt-network-interference/ -- WBRBW, Leonid Evdokimov, xmpp:leon@darkk.net.ru http://darkk.net.ru tel:+79816800702 PGP: 6691 DE6B 4CCD C1C1 76A0 0D4A E1F2 A980 7F50 FAB2

1 0

lepidopter - custom url list
by paja 05 Jan '17

05 Jan '17

Hi, I'm running lepidopter (with ooniprobe v2.1.0) and I would like to add some custom url to web_connection test which is running on daily basis. Is there any file for such purpose which is not rewritten after update ? Best Regards, paja

2 1