April 2015 - tor-commits - lists.torproject.org

[spec/master] Add DNS Injection test
by art＠torproject.org 15 Apr '15

15 Apr '15

commit f536f4cf33bd2fef2854b8654abc1319a063979b Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Dec 9 12:01:26 2014 +0100 Add DNS Injection test --- test-specs/ts-012-dns-injection.md | 150 ++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) diff --git a/test-specs/ts-012-dns-injection.md b/test-specs/ts-012-dns-injection.md new file mode 100644 index 0000000..c24a2ee --- /dev/null +++ b/test-specs/ts-012-dns-injection.md @@ -0,0 +1,150 @@ +# Specification version number + +2014-12-09-001 + +# Specification name + +DNS Injection test + +# Test preconditions + +* An internet connection + +* An IP address that will traverse a box doing DNS injection triggering an + injected DNS response. + +# Expected impact + +Ability to detect the presence of DNS Injection and list of domains that are +being blocked via DNS injection. + +# Expected inputs + +* List of domains to test for injection. + +* IP address to send DNS queries to. This IP should not have a DNS resolver + listening on port 53 UDP or TCP. + +## Semantics + +one domain name per line + +# Test description + +For every domain in the input list we perform a A query towards the target IP +address using UDP on port 53. + +We wait for a DNS response until the timeout (by default 3 seconds) is reached. + +If we have received an answer by that time we say that that hostname is being +injected (since the endpoint is not a DNS resolver the answer we got must have +been injected by the censorship middle boxes). + +If we don't receive an answer that means everything is as usual and we mark +that hostname as not being injected. + +# Expected output + +## Parent data format + +df-002-dnst + +## Required output data + +* If the domain as input is being injected or not + +## Semantics + +injected: true|false +Indicates if we got an injected response for the domain in question. + +## Possible conclusions + +If DNS injection is being done and on which domains. + +## Example output sample + +``` +########################################### +# OONI Probe Report for dns_injection (0.1) +# Wed Sep 10 09:34:51 2014 +########################################### +--- +input_hashes: [d87e90ead07a7d8ec8f8ca4724807e3fb6c7f1b9471979c934d0dc01b0bd6551] +options: [-r, 123.58.180.7, -f, domains.txt] +probe_asn: AS7922 +probe_cc: US +probe_city: null +probe_ip: 127.0.0.1 +software_name: ooniprobe +software_version: 1.1.1 +start_time: 1410356091.339939 +test_name: dns_injection +test_version: '0.1' +... +--- +injected: true +input: facebook.com +queries: +- addrs: [173.252.110.27] + answers: + - [<RR name=facebook.com type=A class=IN ttl=121s auth=False>, <A address=173.252.110.27 + ttl=121>] + query: '[Query(''facebook.com'', 1, 1)]' + query_type: A + resolver: [123.58.180.7, 53] +... +--- +injected: true +input: www.twitter.com +queries: +- addrs: [199.16.156.198, 199.16.156.230, 199.16.156.6, 199.16.156.102] + answers: + - [<RR name=www.twitter.com type=CNAME class=IN ttl=548s auth=False>, <CNAME name=twitter.com + ttl=548>] + - [<RR name=twitter.com type=A class=IN ttl=16s auth=False>, <A address=199.16.156.198 + ttl=16>] + - [<RR name=twitter.com type=A class=IN ttl=16s auth=False>, <A address=199.16.156.230 + ttl=16>] + - [<RR name=twitter.com type=A class=IN ttl=16s auth=False>, <A address=199.16.156.6 + ttl=16>] + - [<RR name=twitter.com type=A class=IN ttl=16s auth=False>, <A address=199.16.156.102 + ttl=16>] + query: '[Query(''www.twitter.com'', 1, 1)]' + query_type: A + resolver: [123.58.180.7, 53] +... +--- +injected: true +input: youtube.com +queries: +- addrs: [173.194.43.35, 173.194.43.36, 173.194.43.37, 173.194.43.38, 173.194.43.39, + 173.194.43.40, 173.194.43.41, 173.194.43.46, 173.194.43.32, 173.194.43.33, 173.194.43.34] + answers: + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.35 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.36 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.37 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.38 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.39 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.40 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.41 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.46 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.32 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.33 + ttl=300>] + - [<RR name=youtube.com type=A class=IN ttl=300s auth=False>, <A address=173.194.43.34 + ttl=300>] + query: '[Query(''youtube.com'', 1, 1)]' + query_type: A + resolver: [123.58.180.7, 53] +... +```

1 0

[spec/master] Merge pull request #33 from TheTorProject/feature/dns_injection
by art＠torproject.org 15 Apr '15

15 Apr '15

commit 8ee0cef1af7cb1c9cc7709936f226841be28c498 Merge: f90fd4a f536f4c Author: Arturo Filastò <arturo(a)filasto.net> Date: Tue Dec 9 12:24:42 2014 +0100 Merge pull request #33 from TheTorProject/feature/dns_injection Add DNS Injection test test-specs/ts-012-dns-injection.md | 150 ++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+)

1 0

[spec/master] Added reverse traceroute specification
by art＠torproject.org 15 Apr '15

15 Apr '15

commit de49e3fab389d484f286e3ea87bc9e35cae62f4e Author: Iain R. Learmonth <irl(a)fsfe.org> Date: Thu Jan 15 14:57:33 2015 +0000 Added reverse traceroute specification --- test-helpers/th-006-reverse-traceroute.md | 52 +++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/test-helpers/th-006-reverse-traceroute.md b/test-helpers/th-006-reverse-traceroute.md new file mode 100644 index 0000000..6a6071d --- /dev/null +++ b/test-helpers/th-006-reverse-traceroute.md @@ -0,0 +1,52 @@ +# Specification version number + +2014-12-15-000 + +# Specification name + +Reverse Traceroute Test Helper + +# Helper description + +The reverse traceroute test helper listens for incoming connections either on +a TCP socket or via a web server. When a connection is initiated, it performs +a reverse traceroute to the connection's source IP address and returns the +results of the traceroute via the same connection. + +# Helper preconditions + + * An Internet connection + * An Internet-Reachable TCP Port + * No known middleboxes rewriting packet payloads in unexpected ways between + the helper and the transit ISP + +# Expected impact + +Through cross-referencing results, the ability to determine where on the +network path network interference exists which could indicate whether or not +the interference is localised to an access ISP or being conducted on a national +level. + +# Expected inputs + + * The initiation of a connection. + +# Expected output + + * The results of a traceroute giving the IP address of each hop and, if + available, the ping times to each hop. + +The encoding chosen could be JSON, CSV, or another format. It should be +possible to convert between this format and the format used by tests that +perform a forward traceroute in ooni-probe. + +# Possible conclusions + +Through cross-referencing of results, it should be possible to determine in +which AS the network interference is occuring. + +# Notes + +An implementation of this test helper is currently being worked on by Iain R. +Learmonth <<irl(a)fsfe.org>> using Scapy. +

1 0

[spec/master] fix typo
by art＠torproject.org 15 Apr '15

15 Apr '15

commit fac37d882ab48944f827b8855bdf94900e862d5e Author: Arturo Filastò <arturo(a)filasto.net> Date: Wed Feb 4 13:27:05 2015 +0100 fix typo --- oonib.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oonib.md b/oonib.md index e653b02..88ab62a 100644 --- a/oonib.md +++ b/oonib.md @@ -641,7 +641,7 @@ This way the client sends: 'net-tests': [ { 'test-helpers': ['required test helper', ...], - 'input-hashed': ['required input id', ...], + 'input-hashes': ['required input id', ...], 'name': 'name of nettest', 'version': 'version of nettest' },

1 0

[spec/master] Fix markup of example
by art＠torproject.org 15 Apr '15

15 Apr '15

commit 93027244eeb36060fc4482073ad1ae0b676f5acd Author: Arturo Filastò <arturo(a)filasto.net> Date: Fri Jan 16 17:53:52 2015 +0100 Fix markup of example --- test-specs/ts-006-header-field-manipulation.md | 226 +----------------------- 1 file changed, 3 insertions(+), 223 deletions(-) diff --git a/test-specs/ts-006-header-field-manipulation.md b/test-specs/ts-006-header-field-manipulation.md index e04d66b..8a121ff 100644 --- a/test-specs/ts-006-header-field-manipulation.md +++ b/test-specs/ts-006-header-field-manipulation.md @@ -118,6 +118,8 @@ headers not present in both the sent and received headers. ## Example output sample + +``` ########################################### # OONI Probe Report for http_header_field_manipulation (0.1.3) # Wed Oct 9 10:57:42 2013 @@ -141,185 +143,6 @@ headers not present in both the sent and received headers. - request: body: null headers: - - - ACCePT-LAnGuagE - - ['en-US,en;q=0.8'] - - - aCCEPT-ENcODInG - - ['gzip,deflate,sdch'] - - - aCcEPT - - ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'] - - - User-AGeNt - - ['Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) Gecko/20091221 - Firefox/3.5.7'] - - - aCCEpt-cHArSEt - - ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'] - - - HOsT - - [KIXnnZDJfGKRNab.com] - method: GET - url: http://12.34.56.78 - response: - body: '{"headers_dict": {"ACCePT-LAnGuagE": ["en-US,en;q=0.8"], "aCCEPT-ENcODInG": - ["gzip,deflate,sdch"], "HOsT": ["KIXnnZDJfGKRNab.com"], "aCcEPT": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - "User-AGeNt": ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) - Gecko/20091221 Firefox/3.5.7"], "aCCEpt-cHArSEt": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], - "Connection": ["close"]}, "request_line": "GET / HTTP/1.1", "request_headers": - [["Connection", "close"], ["ACCePT-LAnGuagE", "en-US,en;q=0.8"], ["aCCEPT-ENcODInG", - "gzip,deflate,sdch"], ["aCcEPT", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - ["User-AGeNt", "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.7) - Gecko/20091221 Firefox/3.5.7"], ["aCCEpt-cHArSEt", "ISO-8859-1,utf-8;q=0.7,*;q=0.3"], - ["HOsT", "KIXnnZDJfGKRNab.com"]]}' - code: 200 - headers: [] - socksproxy: null - tampering: - header_field_name: false - header_field_number: false - header_field_value: false - header_name_capitalization: false - header_name_diff: [] - request_line_capitalization: false - total: false - ... - --- - agent: agent - input: null - requests: - - request: - body: null - headers: - - - accePt-LAnguAGE - - ['en-US,en;q=0.8'] - - - AcCEpT-eNCOdinG - - ['gzip,deflate,sdch'] - - - accept - - ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'] - - - UseR-aGENt - - ['Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6'] - - - aCcEPT-cHARSeT - - ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'] - - - HoSt - - [AjzqKfZkMpoRf8r.com] - method: POst - url: http://12.34.56.78 - response: - body: '{"headers_dict": {"accePt-LAnguAGE": ["en-US,en;q=0.8"], "AcCEpT-eNCOdinG": - ["gzip,deflate,sdch"], "HoSt": ["AjzqKfZkMpoRf8r.com"], "accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - "UseR-aGENt": ["Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 - Firefox/3.6"], "aCcEPT-cHARSeT": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], "Connection": - ["close"]}, "request_line": "POst / HTTP/1.1", "request_headers": [["Connection", - "close"], ["accePt-LAnguAGE", "en-US,en;q=0.8"], ["AcCEpT-eNCOdinG", "gzip,deflate,sdch"], - ["accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - ["UseR-aGENt", "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 - Firefox/3.6"], ["aCcEPT-cHARSeT", "ISO-8859-1,utf-8;q=0.7,*;q=0.3"], ["HoSt", - "AjzqKfZkMpoRf8r.com"]]}' - code: 200 - headers: [] - socksproxy: null - tampering: - header_field_name: false - header_field_number: false - header_field_value: false - header_name_capitalization: false - header_name_diff: [] - request_line_capitalization: false - total: false - ... - --- - agent: agent - input: null - requests: - - request: - body: null - headers: - - - Accept-Language - - ['en-US,en;q=0.8'] - - - Accept-Encoding - - ['gzip,deflate,sdch'] - - - Accept - - ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'] - - - User-Agent - - ['Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 - Firefox/3.6'] - - - Accept-Charset - - ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'] - - - Host - - [NViZZh58LWHFnyp.com] - method: PUT - url: http://12.34.56.78 - response: - body: '{"headers_dict": {"Accept-Language": ["en-US,en;q=0.8"], "Accept-Encoding": - ["gzip,deflate,sdch"], "Host": ["NViZZh58LWHFnyp.com"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - "User-Agent": ["Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 - Firefox/3.6"], "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], "Connection": - ["close"]}, "request_line": "PUT / HTTP/1.1", "request_headers": [["Connection", - "close"], ["Accept-Language", "en-US,en;q=0.8"], ["Accept-Encoding", "gzip,deflate,sdch"], - ["Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - ["User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 - Firefox/3.6"], ["Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.3"], ["Host", - "NViZZh58LWHFnyp.com"]]}' - code: 200 - headers: [] - socksproxy: null - tampering: - header_field_name: false - header_field_number: false - header_field_value: false - header_name_capitalization: false - header_name_diff: [] - request_line_capitalization: false - total: false - ... - --- - agent: agent - input: null - requests: - - request: - body: null - headers: - - - AccepT-langUaGe - - ['en-US,en;q=0.8'] - - - aCcePT-ENcoDing - - ['gzip,deflate,sdch'] - - - ACCEpT - - ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'] - - - uSER-agent - - ['Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.7) Gecko/20091221 - Firefox/3.5.7 (.NET CLR 3.5.30729)'] - - - aCCept-CHaRSEt - - ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'] - - - HoSt - - [48wD518oXAV1pzv.com] - method: pUT - url: http://12.34.56.78 - response: - body: '{"headers_dict": {"AccepT-langUaGe": ["en-US,en;q=0.8"], "aCcePT-ENcoDing": - ["gzip,deflate,sdch"], "HoSt": ["48wD518oXAV1pzv.com"], "ACCEpT": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - "uSER-agent": ["Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.7) Gecko/20091221 - Firefox/3.5.7 (.NET CLR 3.5.30729)"], "aCCept-CHaRSEt": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], - "Connection": ["close"]}, "request_line": "pUT / HTTP/1.1", "request_headers": - [["Connection", "close"], ["AccepT-langUaGe", "en-US,en;q=0.8"], ["aCcePT-ENcoDing", - "gzip,deflate,sdch"], ["ACCEpT", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - ["uSER-agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.7) Gecko/20091221 - Firefox/3.5.7 (.NET CLR 3.5.30729)"], ["aCCept-CHaRSEt", "ISO-8859-1,utf-8;q=0.7,*;q=0.3"], - ["HoSt", "48wD518oXAV1pzv.com"]]}' - code: 200 - headers: [] - socksproxy: null - tampering: - header_field_name: false - header_field_number: false - header_field_value: false - header_name_capitalization: false - header_name_diff: [] - request_line_capitalization: false - total: false - ... - --- - agent: agent - input: null - requests: - - request: - body: null - headers: - - accEpt-LANGuAGE - ['en-US,en;q=0.8'] - - aCcepT-ENCoDIng @@ -358,50 +181,7 @@ headers not present in both the sent and received headers. request_line_capitalization: false total: false ... - --- - agent: agent - input: null - requests: - - request: - body: null - headers: - - - Accept-Language - - ['en-US,en;q=0.8'] - - - Accept-Encoding - - ['gzip,deflate,sdch'] - - - Accept - - ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'] - - - User-Agent - - ['Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6'] - - - Accept-Charset - - ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'] - - - Host - - [iIjXcFcLGv8WHMk.com] - method: POST - url: http://12.34.56.78 - response: - body: '{"headers_dict": {"Accept-Language": ["en-US,en;q=0.8"], "Accept-Encoding": - ["gzip,deflate,sdch"], "Host": ["iIjXcFcLGv8WHMk.com"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - "User-Agent": ["Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 - Firefox/3.6"], "Accept-Charset": ["ISO-8859-1,utf-8;q=0.7,*;q=0.3"], "Connection": - ["close"]}, "request_line": "POST / HTTP/1.1", "request_headers": [["Connection", - "close"], ["Accept-Language", "en-US,en;q=0.8"], ["Accept-Encoding", "gzip,deflate,sdch"], - ["Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], - ["User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 - Firefox/3.6"], ["Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.3"], ["Host", - "iIjXcFcLGv8WHMk.com"]]}' - code: 200 - headers: [] - socksproxy: null - tampering: - header_field_name: false - header_field_number: false - header_field_value: false - header_name_capitalization: false - header_name_diff: [] - request_line_capitalization: false - total: false - ... +``` # Privacy considerations

1 0

[spec/master] Add informed consent text prepared by Dan O'Huiginn in https://lists.torproject.org/pipermail/ooni-dev/2015-January/000208.html
by art＠torproject.org 15 Apr '15

15 Apr '15

commit b2f5b1ccc4f76ebb7c0fb69c6a44992607ca6313 Author: Arturo Filastò <art(a)fuffa.org> Date: Mon Mar 16 13:19:04 2015 +0100 Add informed consent text prepared by Dan O'Huiginn in https://lists.torproject.org/pipermail/ooni-dev/2015-January/000208.html --- informed-consent/inform-users-long.md | 55 ++++++++++++++++++++++++++++++++ informed-consent/inform-users-short.md | 10 ++++++ 2 files changed, 65 insertions(+) diff --git a/informed-consent/inform-users-long.md b/informed-consent/inform-users-long.md new file mode 100644 index 0000000..fdfebbd --- /dev/null +++ b/informed-consent/inform-users-long.md @@ -0,0 +1,55 @@ +# LEGALITY + +OONI does several things which may be illegal in your country, and/or +banned by your ISP. + +OONI's http test will download data from controversial websites, +specifically targeting those which may be censored in your country. +These may include, for example, sites containing pornography or hate +speech. You can find a list of sites checked at +https://github.com/citizenlab/test-lists + +Even where these sites are not blocked, it may be illegal to access +them. It may also be illegal to bypass censorship, as OONI attempts by +using Tor. + +In the most extreme case, any form of network monitoring could be +illegal or banned, or even considered a form of espionage. + +[Include link to some resource on relevant laws globally. Someone like +the EFF must have one of these; does anybody have a link?] + +# PRIVACY + +OONI IS NOT DESIGNED TO PROTECT YOUR PRIVACY. It will reveal information +about your internet connection to the whole world. Particular groups, +such as your ISP and web services used by the ooni tests, will be able +to discover even more detailed information about you. + +THE PUBLIC will be able to see the information collected by OONIprobe. +This will definitely include your approximate location, the network +(ASN) you are connecting from, and when you ran ooniprobe. Other +identifying information, such as your IP address, is not deliberately +collected, but may be included in HTTP headers or other metadata. The +full page content downloaded by OONI could potentially include further +information, for example if a website includes tracking codes or custom +content based on your network location. + +You can see what information OONI releases to the public at +https://ooni.torproject.org/reports/. You should expect this information +to remain online PERMANENTLY. [include details of retention policy, once +we have one] + +THE OONI PROJECT will also be able to see your IP address [What other +info do we get?] + +ORGANIZATIONS MONITORING YOUR INTERNET CONNECTION will be able to see +all web traffic generated by OONI, including your IP address, and will +likely be able to link it to you personally. These organizations might +include your government, your ISP, and your employer. + +ANYBODY WITH ACCESS TO YOUR COMPUTER, now or in the future, may be able +to detect that you have installed or run ooni + +SERVICES CONNECTED TO BY OONI will be able to see your IP address, and +may be able to detect that you are using OONI diff --git a/informed-consent/inform-users-short.md b/informed-consent/inform-users-short.md new file mode 100644 index 0000000..0422d5a --- /dev/null +++ b/informed-consent/inform-users-short.md @@ -0,0 +1,10 @@ +WARNING: Running OONI may be illegal in your country, or forbidden by +your ISP. By running OONI you will connect to web services which may be +banned, and use web censorship circumvention methods such as Tor. The +OONI project will publish data submitted by probes, possibly including +your IP address or other identifying information. In addition, your use +of OONI will be clear to anybody who has access to your computer, and to +anybody who can monitor your internet connection (such as your employer, +ISP or government). + +[link to long version]

1 0

[spec/master] Merge pull request #34 from irl/master
by art＠torproject.org 15 Apr '15

15 Apr '15

commit e25a2af54d6b557f8e45b1abc76d4dc01cf6620b Merge: b0591bd 657aba5 Author: Arturo Filastò <arturo(a)filasto.net> Date: Mon Dec 15 18:34:50 2014 +0100 Merge pull request #34 from irl/master test-helpers: Addressing comments from hellais in PR #32 test-helpers/th-004-raw-tcp-echo.md | 4 ++-- test-helpers/th-005-raw-udp-echo.md | 27 +++++++++++++++++++++------ 2 files changed, 23 insertions(+), 8 deletions(-)

1 0

[spec/master] test-helpers: Addressing comments from hellais in PR #32
by art＠torproject.org 15 Apr '15

15 Apr '15

commit 657aba53bc76849ba9cf32ee7133d8bebd2ab78e Author: Iain R. Learmonth <irl(a)fsfe.org> Date: Mon Dec 15 17:04:37 2014 +0000 test-helpers: Addressing comments from hellais in PR #32 * Corrected vocabulary for the OONI naming conventions * Added a security considerations section to the raw UDP helper * Added a reference for UDP-lite in the raw UDP helper --- test-helpers/th-004-raw-tcp-echo.md | 4 ++-- test-helpers/th-005-raw-udp-echo.md | 27 +++++++++++++++++++++------ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/test-helpers/th-004-raw-tcp-echo.md b/test-helpers/th-004-raw-tcp-echo.md index 8b9cd54..38a3c92 100644 --- a/test-helpers/th-004-raw-tcp-echo.md +++ b/test-helpers/th-004-raw-tcp-echo.md @@ -1,6 +1,6 @@ # Specification version number -2014-12-08-000 +2014-12-15-000 # Specification name @@ -12,7 +12,7 @@ The Raw TCPEcho Test Helper listens on a TCP port for incoming connections. When a connection is initiated, it accepts the connection, reads a dummy HTTP request and sends an HTTP reply containing an encoding of the IP packets that made up the TCP 3 way handshake [[Wikipedia-3WHS][]] which can be compared -against the packets sent by an ooniprobe test. +against the packets sent by an ooni-probe meter. # Helper preconditions diff --git a/test-helpers/th-005-raw-udp-echo.md b/test-helpers/th-005-raw-udp-echo.md index 3414076..ec7eda7 100644 --- a/test-helpers/th-005-raw-udp-echo.md +++ b/test-helpers/th-005-raw-udp-echo.md @@ -1,6 +1,6 @@ # Specification version number -2014-12-08-000 +2014-12-15-000 # Specification name @@ -10,7 +10,7 @@ Raw UDP Echo Test Helper The Raw UDP Echo Test Helper listens on a UDP port for incoming packets. When a packet is recieved, it sends a UDP packet in reply with the original packet's -header as its payload. +IP and UDP header and payload as the reply's payload. # Helper preconditions @@ -22,9 +22,9 @@ header as its payload. # Expected impact Ability to help an ooni-probe client determine if the UDP header is being -rewritten and if packets are being truncated when UDP-lite is used with a -shorter checksum coverage than the full length of the packet using the UDP -protocol number in the IP header. +rewritten and if packets are being truncated when UDP-lite [[RFC3828][]] is +used with a shorter checksum coverage than the full length of the packet using +the UDP protocol number in the IP header. # Expected inputs @@ -35,7 +35,7 @@ protocol number in the IP header. # Expected output * A UDP packet with the original incoming packet as its payload addressed to - return to the ooniprobe client + return to the ooni-probe meter # Possible conclusions @@ -47,8 +47,23 @@ Possible conclusions that could be drawn from tests using this helper are: for the full length of the packet * Source and destination ports are being rewritten +# Security considerations + +In order to prevent the possibility of this helper being used to set up a +"loop" where a forged source address causes packets to be sent to another +service that replies to arbitrary UDP packets, such as UDP echo, the first byte +of the payload in the request must have a zero value. Replies will never have a +zero value as this first byte contains the IP protocol version number from the +IP header. + +The possibility of this helper being used for an amplification attack was +considered, but as the amplification factor is limited to the size of an IP and +UDP header, it was not deemed that mitigation for this was necessary. + # Notes An implementation of this test helper is currently being worked on by Iain R. Learmonth <<irl(a)fsfe.org>> using Scapy. +[RFC3828]: http://tools.ietf.org/html/rfc3828 +

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 15 Apr '15

15 Apr '15

commit e9225ba3b57eb2f344f490295254d05e62097077 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Apr 15 15:45:38 2015 +0000 Update translations for tails-misc --- id.po | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/id.po b/id.po index 048e228..d5a4422 100644 --- a/id.po +++ b/id.po @@ -4,15 +4,16 @@ # # Translators: # Astryd Viandila Dahlan <astrydviandila(a)yahoo.com>, 2015 -# Gregori, 2014 +# Dwi Cahyono, 2015 +# Ibnu Daru AJi, 2014 # L1Nus <multazam_ali(a)me.com>, 2014 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-02-23 16:25+0100\n" -"PO-Revision-Date: 2015-02-25 08:49+0000\n" -"Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" +"POT-Creation-Date: 2015-03-30 16:51+0200\n" +"PO-Revision-Date: 2015-04-15 15:43+0000\n" +"Last-Translator: Dwi Cahyono\n" "Language-Team: Indonesian (http://www.transifex.com/projects/p/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -20,11 +21,11 @@ msgstr "" "Language: id\n" "Plural-Forms: nplurals=1; plural=0;\n" -#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready-notification.sh:42 +#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:43 msgid "Tor is ready" msgstr "Tor telah siap" -#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready-notification.sh:43 +#: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:44 msgid "You can now access the Internet." msgstr "Sekarang Anda dapat mengakses internet." @@ -58,7 +59,7 @@ msgstr "" #: config/chroot_local-includes/usr/local/bin/electrum:18 msgid "Do you want to start Electrum anyway?" -msgstr "" +msgstr "Apakah Anda ingin memulai Electrum?" #: config/chroot_local-includes/usr/local/bin/electrum:20 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:36 @@ -428,7 +429,7 @@ msgstr "Peramban tak aman lain sedang berjalan, atau sedang dibersihkan. Silakan msgid "" "NetworkManager passed us garbage data when trying to deduce the clearnet DNS" " server." -msgstr "" +msgstr "Pengelola Jaringan mengirimi kita data tidak berguna ketika " #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:115 msgid "" @@ -442,11 +443,11 @@ msgstr "Gagal mengkonfigurasi chroot." #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:129 msgid "Failed to configure browser." -msgstr "" +msgstr "Konfigurasi peramban gagal." #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:134 msgid "Failed to run browser." -msgstr "" +msgstr "Gagal menjalankan peramban." #: config/chroot_local-includes/usr/local/sbin/tails-i2p:31 msgid "I2P failed to start"

1 0

[translation/bridgedb] Update translations for bridgedb
by translation＠torproject.org 15 Apr '15

15 Apr '15

commit 3a73f66bfb46c2ad5e51a06c6b8280fa01c1a7c6 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Apr 15 15:45:03 2015 +0000 Update translations for bridgedb --- id/LC_MESSAGES/bridgedb.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/id/LC_MESSAGES/bridgedb.po b/id/LC_MESSAGES/bridgedb.po index 738963a..e26bf8c 100644 --- a/id/LC_MESSAGES/bridgedb.po +++ b/id/LC_MESSAGES/bridgedb.po @@ -6,6 +6,7 @@ # Anthony Santana, 2014 # Astryd Viandila Dahlan <astrydviandila(a)yahoo.com>, 2015 # constantius damar wicaksono <constantiusdamar(a)gmail.com>, 2015 +# Dwi Cahyono, 2015 # MasIs <is.roadster(a)gmail.com>, 2013 # L1Nus <multazam_ali(a)me.com>, 2014 # km242saya <pencurimangga(a)gmail.com>, 2014 @@ -14,8 +15,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2015-02-03 03:24+0000\n" -"PO-Revision-Date: 2015-03-04 17:31+0000\n" -"Last-Translator: constantius damar wicaksono <constantiusdamar(a)gmail.com>\n" +"PO-Revision-Date: 2015-04-15 15:32+0000\n" +"Last-Translator: Dwi Cahyono\n" "Language-Team: Indonesian (http://www.transifex.com/projects/p/torproject/language/id/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -281,7 +282,7 @@ msgstr "Pilih Semua" #: lib/bridgedb/templates/bridges.html:87 msgid "Show QRCode" -msgstr "" +msgstr "Perlihatkan KodeQR" #: lib/bridgedb/templates/bridges.html:100 msgid "QRCode for your bridge lines"

1 0