September 2024 - tor-project - lists.torproject.org

OONI Monthly Report: May 2024
by Maria Xynou 06 Sep '24

06 Sep '24

Hello, This email shares OONI's monthly report for May 2024. *# OONI Monthly Report: May 2024* Throughout May 2024, the OONI team’s work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## Hosted the OONI Partner Gathering 2024 in Malaysia* On 8th and 9th May 2024, we hosted an in-person OONI Partner Gathering 2024 in Kuala Lumpur, Malaysia. As part of this 2-day event, we brought our partners (primarily from Asia and the Middle East) together to exchange skills and knowledge on internet censorship research. The goal of the event was to strengthen global and regional collaborations on censorship measurement research and advocacy. The OONI Partner Gathering 2024 brought together 45 individuals from 30 countries. Specifically, the participants included OONI partners from Southeast Asia, South Asia, East Asia, Central Asia, and the Middle East ( https://ooni.org/partners) some OONI partners who work internationally, as well as the whole OONI team. The event was possible thanks to generous support from the Ford Foundation (https://www.fordfoundation.org/) and Luminate (https://www.luminategroup.com/) As part of the OONI Partner Gathering 2024, we had the following objectives: * Exchange skills, knowledge, and methodologies to empower community participation in censorship measurement research and advocacy; * Better understand local challenges and develop strategies for improving censorship measurement research around the world; * Better understand partner/community needs; * Collect community feedback to support the improvement of OONI tools and methodologies; * Strengthen partnerships and strategically define goals and priorities on the study of internet censorship in collaboration with partners. The ultimate goal of the OONI Partner Gathering 2024 was to strengthen the OONI partnership network to help ensure that internet censorship is well-documented and rapidly addressed so that the world’s most at-risk individuals – human rights defenders, journalists, activists, and marginalized people in repressive environments — have consistent and open access to the internet. The agenda included a mixture of skill-share sessions, presentations, hands-on exercises, and interactive group discussions. We included a variety of parallel sessions to accommodate more sessions in the agenda, and to encourage more active participation in smaller group discussions. To provide space for discussions on ideas and needs that may emerge during the event, we also included a slot for “unconference” style sessions. Overall, the two-day OONI Partner Gathering 2024 event included 25 sessions, 20 of which were part of the official agenda, while 5 were proposed and facilitated by participants as part of the “unconference” session slots. The sessions were facilitated by both the OONI team and our partners. Notably, 9 sessions (from the official agenda) were facilitated by 11 of our partners, who provided amazing presentations sharing their work! We thank all those who facilitated sessions and participated in note-taking, helping to ensure a dynamic, inclusive, interesting, and well-documented event. To help ensure a safe, inclusive, and welcoming environment for all participants of the OONI Partner Gathering 2024, we shared the event’s Code of Conduct (CoC) with all participants prior to the event, and we set up an Incident Response Committee (composed of two partners and two OONI team members). No CoC violations were reported. The main outcomes of the OONI Partner Gathering 2024 include: * *Deeper understanding of regional challenges and partner needs. *Throughout the sessions of the OONI Partner Gathering, we gained deeper insight into the challenges experienced by our partners. Specifically, we mapped out current and emerging digital rights threats, the challenges that our partners experience in measuring internet censorship in their countries and regions, and we gained a deeper understanding of our partners’ needs. This insight will help with informing the improvement of OONI tools, as well as with informing opportunities for collaboration, shared strategies, and future goals. * *Collection of partner feedback.* OONI tools and methods have always been informed by community feedback. Based on the documentation of partner feedback, we will improve upon our tools, methodologies, and dataset to better meet the needs of our community. We may also create new tools based on partner feedback to support censorship measurement efforts. * *Increased partner ability to lead censorship measurement efforts in their countries/regions. *Through skillshares and knowledge-shares at the event, our partners gained an improved understanding of how to use OONI tools and data. This will support their community engagement activities, expanding OONI censorship measurement coverage and the documentation of censorship events. As an outcome of their participation at the OONI Partner Gathering 2024, we expect to see our partners make greater use of OONI tools and data in support of their research and advocacy efforts. * *Strengthened partnerships.* This was the first time that we met many of our partners in person, as the COVID-19 pandemic over the last years had reduced this opportunity. As a result of sharing knowledge, skills, and meals together, we now have stronger partnerships. The challenges and needs (as identified through sessions facilitated at the OONI Partner Gathering) will inform (many of) the goals and priorities of OONI partnerships moving forward. * *New partnerships.* We strategically invited a few (regional) organizations to the OONI Partner Gathering with whom we hadn’t established a partnership (yet), but with whom we hoped to formalize a partnership given our mission alignment and the impact of their work. One of these organizations was Indonesia’s SAFEnet (who are known for having successfully litigated and advocated against the 2019 Internet shutdown in Indonesia), with whom we established a partnership in July 2024. We are also currently in the process of discussing and formalizing partnerships with prominent digital rights organizations in Central Asia. Moreover, our partners had the opportunity to learn from each other during the event and to explore opportunities for new collaborations between them. As a result of the above, we expect to see increased use of OONI tools and data in support of research and advocacy efforts aimed at monitoring and responding to censorship events in Asia and the Middle East over the next few years. At the Closing Ceremony of the event, all participants received a certificate for their participation at the OONI Partner Gathering 2024. Following the OONI Partner Gathering 2024, we shared a survey with all participants to collect their feedback on the event and to learn how we can improve future events. As part of this survey, we collected very positive feedback and participants provided a very positive evaluation of the event. Further details are available through our OONI Partner Gathering 2024 Report: https://ooni.org/post/2024-ooni-partner-gathering-report/ We thank all participants who took time out of their busy schedules to fly across the world to join us in Kuala Lumpur for the OONI Partner Gathering 2024. Thanks to their invaluable feedback and participation, they made the event an unforgettable experience for us all. We also thank the Ford Foundation and Luminate for supporting the OONI Partner Gathering 2024, believing in our mission, and making this event possible! *## OONI Team Meeting 2024 in Malaysia* Following the OONI Partner Gathering 2024 (which brought together the whole OONI team), we hosted an OONI Team Meeting Day on 10th May 2024 in Kuala Lumpur, Malaysia. As part of this meeting, we discussed OONI’s strategy, roles and responsibilities within the team, and we improved upon our roadmaps. Specifically, the OONI Team Meeting Day included the following sessions: * OONI Strategy * Roles, responsibilities, and decision making within the OONI team (Part 1) * Roles, responsibilities, and decision making within the OONI team (Part 2) * Presenting Thematic Censorship Findings on OONI Explorer and Revamping the OONI Explorer Navigation * VPN measurement update from OTF Information Controls Fellow * Roadmap updates (Part 1) * Roadmap updates (Part 2) As an outcome, we improved our roadmaps, we had important strategic discussions in person, and we discussed the next steps for some of our core projects. *## Published new report on the OONI Censorship Findings page* In May 2024, we published a report documenting the blocking of Grindr in Malaysia: https://explorer.ooni.org/findings/44213966401 OONI data suggests that Malaysia started blocking access to Grindr – the world’s largest social networking app for gay, bi, trans, and queer people – on 17th April 2024. Recent OONI data suggests that the block remains ongoing. *## Research collaborations with partners on upcoming reports* We continued to coordinate with our partners on research efforts required for upcoming research reports. Specifically, we coordinated with our partners on extensive updates to the Citizen Lab test lists for Bangladesh and Iran. In May 2024, the updates for the test lists of Bangladesh and Iran were finalized. Specifically: * Digitally Right updated the test list for Bangladesh: https://github.com/citizenlab/test-lists/pull/1733 * Miaan Group contributed more updates to the test list for Iran: https://github.com/citizenlab/test-lists/pull/1726 *## OONI Probe Mobile* We released News Media Scan v3.8.7: https://github.com/ooni/probe-android/pull/549 Notably, this release includes localization support for French, German, Portuguese, Russian, Spanish and Turkish. *## OONI Probe Desktop* In May 2024, we released OONI Probe Desktop 3.9.6: https://github.com/ooni/probe-desktop/releases/tag/v3.9.6 The latest version makes use of OONI Probe CLI v.3.22.0. *## OONI Probe CLI* In May 2024, we released OONI Probe CLI 3.22: https://github.com/ooni/probe-cli/releases/tag/v3.22.0 We documented the interaction between OONI Probe and the “probe services” (i.e., the OONI backend APIs providing services to OONI Probe). As part of this work, we also seized the opportunity to simplify and rationalize the code: https://github.com/ooni/probe/issues/2700 We refactored the algorithm used by OONI Probe to communicate with possibly blocked probe services to prioritize the DNS results over the bridge strategy and previous knowledge about existing working strategies: https://github.com/ooni/probe/issues/2704 *## OONI Run* Throughout May 2024, we focused on delivering OONI Run v2 support for the Deutsche Welle News Media Scan application ( https://github.com/ooni/probe/issues/2733) Adding this functionality to their application will enable Deutsche Welle to independently maintain and update lists of URLs they wish to test. We focused on adding the specific functionality they required to do so, as well as on bug fixing and testing. With regards to the OONI Run v2 implementation in OONI Probe Mobile, we continued our efforts to test and fix bugs. In May 2024, we fixed the following bugs: https://github.com/ooni/run/issues/161, https://github.com/ooni/run/issues/165, https://github.com/ooni/run/issues/147, https://github.com/ooni/run/issues/151 *## OONI Explorer* In May 2024, we continued our efforts to update our design system to TailWindCSS (https://github.com/ooni/design-system/issues/174) by updating components to use the new framework ( https://github.com/ooni/design-system/pull/170) We also continued our efforts to ensure that the OONI Explorer Country pages matched recently re-designed components (https://github.com/ooni/explorer/issues/915, https://github.com/ooni/explorer/issues/914) Based on community feedback collected as part of our previous user research studies, we concluded that the new thematic censorship findings pages on OONI Explorer will focus on the following themes: * News Media: https://github.com/ooni/explorer/issues/940 * Social Media: https://github.com/ooni/explorer/issues/939 * Circumvention: https://github.com/ooni/explorer/issues/941 Community feedback also informed the ways through which information can be presented on each of these thematic pages, as well as which information to prioritize. While in Kuala Lumpur, we held a session during the OONI Team Day (10th May 2024) to further discuss our plans for both our projects on “Presenting Thematic Censorship Findings on OONI Explorer” and “Revamping the OONI Explorer Navigation”. We reviewed the mockups that had been made and we discussed the next steps. We have created the following issues to track this work: https://github.com/ooni/explorer/issues/938 https://github.com/ooni/explorer/issues/940 https://github.com/ooni/explorer/issues/941 https://github.com/ooni/explorer/issues/939 We also added simple event tracking ( https://github.com/ooni/explorer/pull/942) to the existing navigation bar so that we can better understand the top-visited pages on OONI Explorer. We will compare the data to the new navigation bar, once it is launched. *## General backend work* In May 2024, we: * Worked on porting the oonifindings API over to our new API pattern ( https://github.com/ooni/backend/issues/814) * Worked on refactoring the oonimeasurements service ( https://github.com/ooni/backend/pull/851) * Tried out a few devops PoCs to improve our devops processes ( https://github.com/ooni/devops/pull/59) *## Automating censorship detection and characterization based on OONI measurements* To help boost the performance of the new data processing pipeline, we started working on optimizing the performance of table writers and refactoring the table model: https://github.com/ooni/data/pull/72 Notably, we had the opportunity to present and share our new data analysis methods (for automating the detection and characterization of censorship) with our global network of partners and with experts from the internet measurement community. On 8th and 9th May 2024, we hosted the OONI Partner Gathering: a 2-day event in Kuala Lumpur, Malaysia, which brought OONI partners together to exchange skills and knowledge on internet censorship research and advocacy. During this event, we facilitated a session (“OONI data analysis deep dive”), as part of which we presented the OONI pipeline v5 ( https://github.com/ooni/data) and shared details of our methodological improvements for automating the detection and characterization of internet censorship based on OONI data. This enabled us to collect feedback from our partner network and to discuss how this could be useful to research and advocacy groups in highly censored environments (once the new pipeline is shipped into production). *## Community use of OONI data### Access Now’s #KeepItOn 2023 Report* In May 2024, Access Now published their annual 2023 #KeepItOn Report on Internet shutdowns around the world, which is available here: https://www.accessnow.org/wp-content/uploads/2024/05/2023-KIO-Report.pdf Many OONI reports from our Censorship Findings platform ( https://explorer.ooni.org/findings) as well as OONI research reports ( https://ooni.org/reports/) and OONI Explorer measurements ( https://explorer.ooni.org/) were cited quite extensively as part of Access Now’s (annual) #KeepItOn Report on Internet shutdowns in 2023. *## Community activities### iMAP Regional Partners Meeting in Malaysia* On 6th and 7th May 2024 (prior to the OONI Partner Gathering 2024), OONI’s Maria, Arturo, and Elizaveta participated in the iMAP Regional Partners Meeting in Kuala Lumpur, Malaysia (https://imap.sinarproject.org/) This event was organized and hosted by our partner, Sinar Project, who lead censorship measurement efforts in Southeast Asia. As part of our participation, we attended sessions that involved discussions on iMAP research reports (https://imap.sinarproject.org/reports) as well as on metadata collection for test list updates. *### Cross-Regional Convening of Digital Rights Activists in Malaysia* On 7th May 2024, OONI’s Elizaveta attended the Cross-Regional Convening of Digital Rights Activists of Central Asia and Southeast Asia that was organized by Internews in Kuala Lumpur, Malaysia. As part of this event, Elizaveta facilitated a session on documenting and researching internet censorship in Central Asia through the use of OONI tools and data. *### Countering Digital Threats to Democracy conference in Kenya* On 21st-22nd May 2024, OONI’s Elizaveta traveled to Nairobi, Kenya, to participate in the “Countering Digital Threats to Democracy” conference organized by USAID (https://events.pneumaav.com/USAID) As part of the event, Elizaveta presented OONI’s tools and work on documenting and investigating internet censorship in African countries. *### OONI workshop in Tanzania by community member* On 24th May 2024, our community member, Loveness Muhagazi (Digital Safety Consultant and author of the #Kiganjajanja online campaign) hosted an OONI training session for human rights defenders, civil society organizations and journalists in Tanzania. *### OONI Community Meeting* On 28th May 2024, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/) As part of this meeting, we discussed the following topics: 1) OONI Explorer user research: Does anyone have more feedback? 2) New OONI data processing pipeline v5: Testing and next steps for rolling it out in production 3) A new approach to characterize network blocking with decision trees (with an example in Russia) 4) Using soax.com for remote measurements *## Measurement coverage* In May 2024, 58,639,174 OONI Probe measurements were collected from 2,851 networks in 176 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

OONI Monthly Report: April 2024
by Maria Xynou 06 Sep '24

06 Sep '24

Hello, Apologies for the delay in sharing OONI's previous monthly reports, and for the many upcoming reports. This email shares OONI's monthly report for April 2024. *# OONI Monthly Report: April 2024* Throughout April 2024, the OONI team’s work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. *## Published research report on internet censorship in Tanzania* In April 2024, we published a new research report (“Tanzania: Surge in online LGBTIQ censorship and other targeted blocks”), documenting the blocking of LGBTIQ websites and other targeted blocks in Tanzania based on the analysis of OONI data. Thanks to community member Tori Francis, who translated the report, we also published it in Swahili to reach local communities. Our research report is available in: * English: https://ooni.org/post/2024-tanzania-lgbtiq-censorship-and-other-targeted-bl… * Swahili: https://ooni.org/sw/post/2024-tanzania-lgbtiq-censorship-and-other-targeted… As part of this report, we analyzed OONI data collected from Tanzania between 1st January 2023 to 31st January 2024. Our analysis of OONI data collected from Tanzania shows: * *Blocking of many LGBTIQ websites*, including LGBTIQ social networks (such as Grindr), LGBTIQ rights sites (such as OutRight International and ILGA), LGBTIQ news and culture sites (such as Queerty), and a LGBTIQ suicide prevention site (The Trevor Project); * *Blocking of online dating websites* (such as Tinder and OKCupid); * *Targeted blocking of specific websites that defend human rights through grants and petitions* (Change.org, Global Fund for Women, GlobalGiving, Open Society Foundations); * *Targeted blocking of specific social networking sites* (Clubhouse and 4chan); * *Targeted blocking of ProtonVPN*. Our analysis reveals the extensive blocking of LGBTIQ sites, which correlates with the escalating discrimination and crackdown on LGBTIQ communities in Tanzania in recent years. Many other blocks identified as part of this study appear to be targeted, as they involve very specific websites, while other sites from the same categories (e.g. social media, human rights) were found accessible. For example, access to the Global Fund for Women website was found blocked in Tanzania, while Amnesty International's website was found accessible. Meanwhile, Tanzania recently started requiring users to report their use of VPNs. Out of tested VPNs, we only found ProtonVPN blocked in Tanzania during the analysis period. Overall, the results of our analysis show that most ISPs in Tanzania appear to implement blocks by means of TLS interference, specifically by timing out the session after the Client Hello message during the TLS handshake. As the timing of the blocks and the types of URLs blocked are (mostly) consistent across (tested) networks, ISPs in Tanzania likely implement blocks in a coordinated manner (possibly through the use of Deep Packet Inspection technology). *## Published new reports on the OONI Censorship Findings page* In April 2024, we published 2 new reports on our Censorship Findings page: * Kyrgyzstan blocked TikTok: https://explorer.ooni.org/findings/154621229001 * Senegal blocked TikTok: https://explorer.ooni.org/findings/144156914701 These reports were published in response to emergent censorship events, sharing relevant OONI data. Access to TikTok was temporarily blocked in Senegal amid political unrest, while access to TikTok was blocked in Kyrgyzstan following a government order to ban the platform. *## Research collaborations with partners on upcoming reports* We continued to coordinate with our partners on research efforts required for upcoming research reports. Specifically, we coordinated with our partners on extensive updates to the Citizen Lab test lists for Bangladesh and Iran. In April 2024, Miaan Group contributed extensive updates to the test list for Iran: https://github.com/citizenlab/test-lists/pull/1702 *## OONI Probe Mobile* In April 2024, we released OONI Probe 3.8.6 on Android ( https://github.com/ooni/probe-android/releases/tag/v3.8.6) and iOS ( https://github.com/ooni/probe-ios/releases/tag/v3.8.6) This release includes a fix for the OONI Probe Signal experiment, as well as several other bug fixes and improvements. *## OONI Probe Desktop* In April 2024, we released OONI Probe Desktop 3.9.5: https://github.com/ooni/probe-desktop/releases/tag/v3.9.5 This release contained a fix that prevents the app from being disabled on Windows and uses OONI Probe CLI v3.21.0 ( https://github.com/ooni/probe/issues/2699) *## OONI Probe CLI* We rationalized, documented, refactored, and improved the code used to communicate with the OONI backend: https://github.com/ooni/probe/issues/2700 As part of this work, we improved the code used for circumventing the blocking of the OONI backend, documented its design, and planned for future improvements: https://github.com/ooni/probe/issues/2704 *## OONI Run* As part of our work on creating the next generation version of OONI Run (“OONI Run v2”), we continued our efforts with QA testing for the Android version of the new OONI Probe app that will include both an improved UI and support for new OONI Run links. We spent time polishing the new flow that users will go through when adding OONI Run v2 links to their app dashboard, as well as ensuring that updating and removing links works as planned. You can explore related issues here: https://github.com/ooni/run/issues Additionally, we continued to test and fine-tune the admin dashboard that users will use to create, edit and manage their OONI Run v2 links. *## Documented OONI methodology for measuring throttling* In April 2024, we published documentation for our methodology on measuring throttling: https://github.com/ooni/probe-cli/pull/1546/files In previous months, we created an open methodology for measuring throttling. In line with our broader scope of work (which focuses on targeted cases of internet censorship), this methodology aims to detect cases of targeted throttling that impact specific online services (such as the throttling of Twitter/X). As part of this methodology, we measure cases of targeted throttling through the analysis of OONI Web Connectivity data (which is collected through the OONI Probe testing of URLs). Specifically, OONI’s methodology for measuring targeted cases of throttling involves the analysis of timing information during HTTPS requests in Web Connectivity data. This methodology has been successful in measuring various cases of throttling, such as those documented as part of our previous research reports on throttling cases in Kazakhstan ( https://ooni.org/post/2023-throttling-kz-elections/#throttling-of-sites) Russia ( https://ooni.org/post/2022-russia-blocks-amid-ru-ua-conflict/#twitter-throt…) and Turkey (https://ooni.org/post/2023-turkey-throttling-blocking-twitter/) Our throttling methodology is also explained in these reports. *## OONI Explorer### User research* Last month, we mentioned that we started user interviews with members of our community who use OONI Explorer (https://explorer.ooni.org/) as part of research and advocacy. The goal of these interviews was to supplement the qualitative data collected through the surveys, and to better understand how they use OONI Explorer and the challenges they encounter in discovering censorship findings through the platform. In April 2024, we completed these interviews and distilled the information and insights gathered to help us inform the next phase of several projects we have on the go. To collect community feedback for the improvement of the OONI Explorer navigation, we also did a user study ( https://twitter.com/OpenObservatory/status/1778016715940536698) Our goal through this study ( https://s900pyof.optimalworkshop.com/optimalsort/33tdoyag) was to collect community feedback on how to improve the structure of content on OONI Explorer and make it easier to navigate. All of these efforts are helping us make progress on two important projects: * Presenting thematic censorship findings on OONI Explorer * Revamping the OONI Explorer navigation *### Presenting thematic censorship findings on OONI Explorer* Based on community feedback collected as part of our user research studies, we worked with a designer on creating wireframes and mockups of potential ways to present thematic censorship findings on OONI Explorer ( https://explorer.ooni.org/) In addition to enabling the internet freedom community to easily and quickly discover censorship findings that they care about, we aim to also ensure that information is presented in a logical fashion, building a stronger connection between the various pages and sections on OONI Explorer. *### Revamping the OONI Explorer navigation* Adding another section like the Thematic Censorship pages to OONI Explorer will require us to consider the navigation menu of the site. As is, the OONI Explorer menu is fairly crowded, and we want to ensure that we can continue to grow and expand the navigation as we grow the functionality within OONI Explorer. Based on community feedback collected as part of a user study on OONI Explorer navigation ( https://s900pyof.optimalworkshop.com/optimalsort/33tdoyag) we completed some wireframes of different options for the navigation and had several brainstorming sessions to discuss. *### Other improvements* On the development side, we began the work to update a few sections of the OONI Explorer country pages that had previously been redesigned ( https://github.com/ooni/explorer/issues/916, https://github.com/ooni/explorer/issues/914) We fixed an issue with our language drop-down menu for people using Brave browser ( https://github.com/ooni/explorer/issues/931) We also continued our work using Tailwind for our design library ( https://github.com/ooni/design-system/pull/175) *## Automating censorship detection and characterization based on OONI measurements* In April 2024, we continued to make progress towards shipping our new OONI Data Pipeline into production. Specifically, to improve maintainability going forward, we refactored OONI data into two separate packages (https://github.com/ooni/data/pull/60) * End user pip installable package to download and parse measurements; * Pipeline to perform the analysis and processing of OONI data. We also ported analysis and observation generation over to temporal and set up the production environment in the OONI devops repository ( https://github.com/ooni/data/pull/61) *## General backend/devops* In April 2024, we worked on porting the oonifindings service to our new and improved ooniapi pattern (https://github.com/ooni/backend/issues/807) We also experimented with some proof of concepts to improve our devops processes, such as re-conceptualizing codepipeline triggers, and trying weighted target groups and scheduled blue/green deployment. *## Test list updates* Following the announcement of the suspension of the broadcasting of programs from several news media outlets in Burkina Faso ( https://x.com/sergedanielinfo/status/1784676862083399728) we created a new test list for Burkina Faso with those news media websites: https://github.com/citizenlab/test-lists/pull/1714 We also added a few news media websites to the Togo test list: https://github.com/citizenlab/test-lists/pull/1715 *## Planning the OONI Partner Gathering 2024* In preparation for the upcoming OONI Partner Gathering in Malaysia in May 2024, we continued to coordinate on numerous logistics (flights, shuttle service, hotel, catering, etc.). We also continued to assist participants as needed with their travel logistics, and we continued to coordinate with designers on event-related supplies and materials. To help ensure that the OONI Partner Gathering 2024 agenda is as useful as possible to our partners, we previously shared a survey to collect their feedback. As our goal was to ensure that we create an agenda that is valuable to all participants, we requested their feedback on the types of sessions that they would find most useful, the types of skills and knowledge that they would like to learn, and the outcomes that would make their participation feel well spent. We also asked participants to propose sessions that they would like to facilitate at the event. Based on the analysis of partner feedback, we created the final agenda based on the most pressing needs, interests, and requests identified in most survey responses, while taking into account the diversity in participant backgrounds. We also coordinated with partners who expressed interest (through our survey) in facilitating sessions to include their proposed sessions in the final agenda. In April 2024 (several weeks in advance to the event), we shared the final Agenda with all OONI Partner Gathering participants. The detailed Agenda of the OONI Partner Gathering 2024 is available here: https://ooni.org/documents/OONI-Partner-Gathering-Agenda.pdf We also created an additional, internal, and more detailed agenda for our team to enable coordination and the management of logistics during the event. Prior to the event, we prepared and shared the following with participants: * Code of Conduct: https://ooni.org/documents/Information-Package-CoC-Privacy-Policy.pdf * Communication Guidelines: https://ooni.org/documents/Information-Package-Communication-Tips.pdf * Privacy Policy * OONI Partner Gathering Information Package (providing detailed information about the event, logistical details, and answers to Frequently Asked Questions (FAQ) about the event) * Facilitation guidelines (shared with all OONI Partner Gathering facilitators) * Participant list document * COVID-19 Safety Guidelines * Emergency Information document Moreover, in preparation for the OONI Partner Gathering 2024, we: * Created a dedicated OONI Partner Gathering 2024 mailing list; * Created a dedicated OONI Partner Gathering 2024 Signal group; * Created documents for note-taking during the OONI Partner Gathering sessions; * Created slides for various OONI Partner Gathering sessions; * Created certificates for each of the participants; * Ordered OONI t-shirts, banners, stickers, flyers, tote bags, and lanyards for the event; * Ordered COVID-19 masks, tests, and hand sanitizers for the event. *## Rapid response### Blocking of TikTok in Kyrgyzstan* In response to the blocking of TikTok in Kyrgyzstan, we shared relevant OONI data and information on Twitter/X: https://twitter.com/OpenObservatory/status/1782005308342055256 We subsequently published a report on our Censorship Findings page, providing further information on the blocking of TikTok in Kyrgyzstan: https://explorer.ooni.org/findings/154621229001 *## Community use of OONI data### Report on the blocking of Grindr in Malaysia* Our partner, Sinar Project, published a report documenting the blocking of Grindr in Malaysia based on OONI data: https://imap.sinarproject.org/news/internet-censorship-update-blocking-of-g… They also encouraged OONI Probe testing of Grindr in Malaysia on Twitter/X: https://twitter.com/sinarproject/status/1781287369213395291 *## Community activities### DRL Implementers Meeting 2024* Between 1st-4th April 2024, OONI’s Arturo and Jessie traveled to Washington D.C to attend the DRL Implementers Meeting 2024. As part of their participation, they facilitated sessions about community organization and governance, and communicating security risks to users. *### OONI training by Zaina Foundation for researchers in Tanzania* On 4th April 2024, our partner, Zaina Foundation ( https://ooni.org/partners/zaina-foundation/) facilitated an OONI training for researchers in Tanzania ( https://x.com/ZainaFoundation/status/1776243051339350226) OONI’s Elizaveta joined the training through remote/online participation, provided a live demo of using OONI Explorer, and addressed the questions of the participants. *### Digital Rights & Inclusion Forum (DRIF) 2024* Between 23rd-25th April 2024, OONI’s Elizaveta traveled to Accra, Ghana, to participate in the Digital Rights & Inclusion Forum (DRIF) 2024. As part of her participation, Elizaveta facilitated a session on strengthening community response to internet censorship ( https://drif.paradigmhq.org/agenda/) While in Accra, Elizaveta also shared OONI’s work as part of a TV interview with Pan African TV: https://www.facebook.com/PANAFRICANTV/videos/979923349677358 *## Measurement coverage* In April 2024, 57,990,058 OONI Probe measurements were collected from 2,887 networks in 167 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team.

1 0

Advisory regarding your Yubikey
by Antoine Beaupré 05 Sep '24

05 Sep '24

As some of you have already noticed, a security issue regarding the Yubikey 5 series has been released two days ago. Sadly, the Yubikeys distributed at the 2023 Tor Meeting in Costa Rica are affected. ### The issue at hand To work their magic, Yubikeys store a secret key inside them that is never supposed to leave the device. Researches at Ninjalab found out that by physically probing one of the chips inside a Yubikey, it is possible to acquire this secret key. Once an adversary has acquired such a secret key, they can use this to perform two-factor authentication and/or OpenPGP operations, as if they were the owner of the device. In practice, abusing this vulnerability is quite costly. It requires: - having physical access to your Yubikey - knowing a password(s) to one of your accounts protected by two-factor authentication (and/or your PIN if you use passkey) to get to your two-factor secret key - knowing your PIN to get to your OpenPGP secret key Nevertheless, it's not unthinkable that adversaries with sufficient resources may be targeting Torproject. ### Am I affected? - Was the Yubikey you use given to you in Costa Rica? Then yes, you are affected. - Are you using a Yubikey 5 that was purchased before May this year? Then yes, you are affected. - Are you using a Yubikey 5 that was purchased after May this year? Then you should check the firmware version to see if you are affected. Keys with firmware prior to 5.7 are affected. For instructions on how to find out which firmware your Key has, see the [Where to find YubiKey Firmware][] guide from Yubico. Command-line users can use the `ykman info` command to view the firmware version. [Where to find YubiKey Firmware]: https://support.yubico.com/hc/en-us/articles/12420838928284-Where-to-find-Y… ### What does this mean for me? The impact for you depends on what you use your Yubikey for. #### For two-factor authentication If you use your Yubikey for two-factor authentication, this attack can be used on top of a regular phishing attack to permanently break the second factor and compromise your accounts, without you noticing. #### For OpenPGP signing and decryption If you use your Yubikey for OpenPGP signing or authentication, you should check what type of key you have: - If it's an RSA key, you are not affected by this vulnerability. - If it's an elliptic curve key, and the attacker knows your PIN, this attack can be used to gain access to and make a copy of your secret key. An attacker could then forge signatures, authenticate to servers, or possibly decrypt other secrets. ### What should I do? First of all, in the wise words of Douglas Adams: don't panic. We advise you to take care of the following: - Keep using your Yubikey for two-factor authentication, it is still much safer than TOTP (e.g., google authenticator) or not having any two-factor authentication. - Do make sure you don't leave your Yubikey unattended, especially during conferences, in hotel rooms, etc. - Avoid using passkey (passwordless authentication). - Apply multi-coloured glitter nail polish on the casing of your Yubikey (yes, really) and store a photo of it. If you have reason to believe the device has been tampered with, check if the glitter is still the same. - If you use your Yubikey for OpenPGP and have an elliptic curve key, please ensure you have a strong PIN. You may consider switching to an RSA key or switching to a newer Yubikey using firmware 5.7 or higher, depending on the impact a compromise of your key may have. ### References - YubiCo advisory YSA-2024-03: https://www.yubico.com/support/security-advisories/ysa-2024-03/ - Technical paper: https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf . ### Further questions If you have any questions about the safety of your Yubikey, please feel free to contact TPA, see: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/support -- Antoine Beaupré torproject.org system administration

1 0

Felicia's Montly Status Report, August 2024
by Priscila 05 Sep '24

05 Sep '24

Hi, This is my first status report since joining TPI on August 12th. As I'm still getting up to speed, I may have missed some details, but I'll ensure more comprehensive reports in the future. During August, my primary focus was familiarizing myself with Figma libraries, addressing minor issues, and studying Acorn, Mozilla’s design system. Here are some key activities: * Attended onboarding meetings from August 12th to August 19th; * Set up accounts and passwords; * Resolved minor issues in GitLab, such as updating the bridge-emoji background: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42698#n… Since then, I’ve been concentrating on: * Tasks related to Figma, UI and design system, aligning Tor Browser’s UI elements with those of Firefox; * Addressing small UI-related issues. Cheers, — Felicia (she/her)

1 0

Anti-censorship team meeting notes, 2024-09-05
by Shelikhoo 05 Sep '24

05 Sep '24

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2024/tor-meeting.2024-09-05-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, September 12 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == * (empty) == Actions == == Interesting links == * https://www.bamsoftware.com/talks/wac7-fep/ * dcf's recent talk (45 min) "How cryptography relates to Internet censorship circumvention" == Reading group == * We will discuss "SpotProxy: Rediscovering the Cloud for Censorship Circumvention " on September 12 * https://www.cs-pk.com/sec24-spotproxy-final.pdf * https://censorbib.nymity.ch/#Kon2024b * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2024-08-29 Last week: - went through massive todo backlog - dealt with breaking changes in KCP library - answered a bunch of Lox questions for integration work - cleared out review backlog This week: - take a look at snowflake web and webext translations and best practices - make changes to Lox encrypted bridge table - https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/147 Needs help with: dcf: 2024-09-05 Last week: Next week: - archive snowflake webextension v0.9.0 (manifest V3) - comment as requested on kcp v5.6.17 upgrade - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to disable /debug endpoint on snowflake broker - move snowflake-02 to new VM Help with: - tell me when to restart the brokers for https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… meskio: 2023-08-29 Last week: - don't distribute blocked-in bridges in moat and https (rdsys#204) - plan switch from BridgeDB to rdsys (rdsys#218) Next week: - add ipversion subscription to rdsys - be ready for the BridgeDB switch Shelikhoo: 2024-09-05 Last Week: - snowflake broker update/reinstall - Review fix: extension not starting after browser restart( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) - Research: respond to YSA-2024-03 (YubiKey < 5.7 side-channel attack on ECC private keys) (https://gitlab.torproject.org/tpo/tpa/team/-/issues/41744) - Release Snowflake Webext(again) - Merge request reviews Next Week/TODO: - Merge request reviews - snowflake broker update/reinstall: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… onyinyang: 2023-08-29 Last week(s): - continued with key rotation integration work - collected issues and TODOs for all Lox work that needs to be done before deployment Next week: - finish up key rotation integration work - add pref to handle timing for pubkey checks in Tor browser - update lox protocols to return duplicate responses for an already seen request - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - Work on outstanding milestone issues: in particular: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/69 - key rotation automation Later: - begin implementing some preliminary user feedback mechanism to identify bridge blocking based on Vecna's work - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): https://pad.riseup.net/p/tor-ac-community-azaleas-room-keep - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2024-08-22 Last weeks: - Expose hooks in pion/webrtc library Next weeks: - Update Snowflake to use latest pion upstream releases (DTLS: v3 and WebRTC: beta v4) - Test Snowflake fork with covert-dtls - Condensing thesis into paper Help with: - Feedback on thesis Facilitator Queue: onyinyang meskio shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue (This message is unsigned as my email client is having some issues....)

1 0

ebanam's monthly status report and user support report for August 2024
by ebanam 03 Sep '24

03 Sep '24

Hello everyone! Last month, we saw a massive uptick in user support requests coming from Russian and Chinese speaking users. To put it in numbers, we answered a little over 1100 unique user support requests across our various user support channels. This can be attributed to the latest developments[0] in Tor censorship in Russia and continued outreach work aimed towards Chinese speaking audience[1] respectively. Since a majority of these requests are from users in regions where Tor is censored, it has involved helping users to download (using mirrors and GetTor) and install Tor Browser, using censorship circumvention methods that will work best for them, gathering feedback and general troubleshooting. I dedicated some time testing the latest Tor Browser Alpha releases and answered a number of Tor Browser related user support tickets. Here's a more detailed breakdown of the tickets our user support team worked on last month: # Frontdesk (email support channel) * 762(↑) RT tickets created * 672(↑) RT tickets resolved Tickets by numbers: 1. 350(↑) RT tickets: private bridge requests from Chinese speaking users. 2. 237(↑) RT tickets: circumventing censorship in Russian speaking countries. 3. 5 RT tickets: Reports of onion services (not maintained by Tor Project) not working. We ask users to report to the respective onion service operator. 4. 3(↓) RT tickets: Circumventing censorship with Tor in Farsi. Highlighting some other topics we received questions and feedback: 5. 4 RT tickets: Help with troubleshooting Tor Browser install on Windows. 6. 3 RT tickets: Reports of websites blocking Tor. 7. 2 RT tickets: Help with installing Tor Browser install on Linux. 8. Help with installing Tor Browser on macOS. 9. Question about contributing to Tor. # Telegram, WhatsApp and Signal Support channel * 751(↑) tickets resolved Breakdown: * 734(↑) tickets on Telegram * 17(↓) tickets on WhatsApp * 0(↓) ticket on Signal Tickets by numbers: 1. 542(↑) tickets: circumventing censorship in Russian speaking countries. 2. 46(↓) tickets: circumventing censorship with Tor in Farsi. 3. 27(↑) tickets: private bridge requests from Chinese speaking users. 4. 22(↑) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. Highlighting some other topics we received questions about: 5. 10(↑) tickets: instructions on how to get Tor Browser binaries from GetTor. 6. 2 tickets: Questions about what onion services are and how to access them. 7. 2 tickets: Help with troubleshooting Tor Browser install on Linux. 8. Help with troubleshooting Tor Browser install on macOS. # Highlights from the Tor Forum 1. Issues connecting to Tor with bridges from Russia.[2] 2. 'lyrebird' in Tor Browser.[3] 3. Bookmarks in Tor Browser.[4] Thanks! e. [0]: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… [1]: https://github.com/torproject/tor4zh [2]: https://forum.torproject.org/t/does-anyone-have-issues-with-the-connection-… [3]: https://forum.torproject.org/t/lyrebird-can-prevent-tor-browser-from-workin… [4]: https://forum.torproject.org/t/security-hole-with-bookmarks/14266

1 0

cohosh's monthly status report, August 2024
by Cecylia Bocovich 03 Sep '24

03 Sep '24

Hi! This is my status report for contract work done in August 2024. # Snowflake The big task this month was rolling out the MV3 update for the Snowflake web extension[0]. I helped review and test those changes. I also followed up on a proxy count check after we had a significant drop caused by new requirements from the Mozilla web store[1]. We had a lot of contributions to review lately, which is great, and I spent some time doing reviews and issue maintenance. There was a dependency update for the KCP library that caused one of our tests to fail[2] due to a change in whether queued writes are flushed[3]. # Reputation-based bridge distribution We're continuing work on the integration with Tor Browser. I finally got around to answering some questions on open merge requests about requirements for that[4,5], and picked up some work on maintaining our wasm-bindgen fork[6]. # Conjure I worked on writing a grant to support Conjure development and infrastructure. We're hoping to submit this as an NSF TTP. # Other An ongoing issue with pluggable transports and Tor Browser are their large binary sizes, and restrictions for Tor Browser android. As part of the Firefox 128 ESR work, we needed to explore some potential space-saving tricks for reducing PT binary sizes[7]. The results weren't as useful as we hoped, but managed to reduce binary sizes a little[8]. During the week of August 12-16 I travelled to USENIX, where we presented our work on Snowflake. [0] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… [1] https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/142 [2] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… [3] https://github.com/xtaci/kcp-go/issues/273 [4] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [5] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [6] https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/71 [7] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42607 [8] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…

1 0

Nina’s Monthly Status Report, August 2024
by Nina 03 Sep '24

03 Sep '24

Hi! Below is my August’24 report! In August, I resolved 928 (↑341) tickets: * On Telegram (@TorProjectSupportBot) - 687 (↑260) * On RT (frontdesk@tpo) - 233 (↑88) * On WhatsApp (+447421000612) - 8 (↓5) * and on Signal (+17787431312) - 0 (↓2) The focus of my work is to help Russian-speaking users of Tor to install the browser and bypass internet censorship. In August, internet censorship in Russia became more strict, with YouTube and Signal being blocked[0], as well as many Tor bridges. So we received more tickets than usual: + 341 compared to July 24 - the growth or decrease by category can be seen above. Tor is reachable with bridgesin Russia, and I updated and posted the instructions for Russian users on the Forum [1]. We got a lot of questions from iOS users from Russia about what app they should use. Also, I helpedusers with troubleshooting and keep an eye on issues and bugs to report them to Tor developers. InAugust I submitted a copy/paste issue in Tor Browser [2],and continued to monitor the issue with Tor Browser not working on some of the Samsung devices [3]. [0] https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… [1] https://forum.torproject.org/t/tor-blocked-in-russia-how-to-circumvent-cens… [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43064 [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42714

1 0

PieroV's Monthly Status Report, August 2024
by Pier Angelo Vendrame 02 Sep '24

02 Sep '24

Hi everyone! Here is my status report for August 2024. I spent this month almost only on tasks linked with the transition from Firefox ESR115 to ESR128. At the beginning of the month, I reviewed Dan's Android rebase. Then, after it landed, I checked for new reproducibility problems. I found only one with the license files [0]. The oss-license-plugin wasn't updated upstream this year, so it must be linked with other toolchain updates (including Java from 11 to 17 and Gradle). The solution [1] was to build and use a patched plugin that uses `TreeSet` instead of a `HashSet`. Sadly, the APK sizes grew a lot between 115 and 128. For this reason, we couldn't publish 14.0a2 and 14.0a3 on the Play Store for the x86 and x86-64 architectures [2]. During this month, Claire, cohosh from the AC team, and I spent some time investigating this. 14.0a4 should fit at least for Android x86-64. For Android x86, we might have to shave another 100-200kB if we understood how this threshold works. Another issue I worked on was a leak of regional locale data with the `Intl` API. During the rebase, we had to start specifying `RFPTarget`s, and I chose the only one handled differently without realizing it. This was a reminder of how important it is to upstream our patches whenever possible. I started the process for this one two years ago [3], but then it didn't land because it would have applied also to the browser UI. After finding a new fix that worked for us, I added a proposal to the upstream bug on a possible approach that might also work for Firefox. Another bug worth mentioning was a problem with mixed content in Onion Services [4]. The fix eventually was easy [5], but it took me quite a while to understand what was going on because it involved debugging between parent and content processes. Also, it was a great occasion to improve the Onion Sites I implemented for testing [6] and the documentation around them. While doing so, I accidentally learned that we accept self-signed certificates only if they specify subject alternative names. This new knowledge allowed me to quickly answer another issue [7] without further investigation. Finally, Mozilla is releasing Firefox 115.15 tomorrow, which is expected to be the last update for the 115 series [8]. However, it's also the last version supporting Windows 7. While we agree that people shouldn't use unsupported operating systems, we know some of our users don't have another choice. So, if eventually Mozilla decides to extend the support for Firefox 115, we might end up extending Tor Browser 13.5's life as well [9]. One of our updater changes is to check for the minimum requirements on the client side to avoid sending the OS version to our update servers. So, this month, I also simulated providing several updates to Firefox: one compatible with Windows >= 7 and one with Windows >= 10. Sadly, the updater didn't handle this case as expected, and I needed to create a patch. We will need some additional deployment steps if we actually provide the alternative update path. In this case, we will also drop the hash check on the update files (it's redundant since they are already signed) [10]. Cheers, Pier [0] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [1] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42607 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1746668 [4] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43013 [5] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [6] https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Development-Inf… [7] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42887 [8] https://whattrainisitnow.com/release/?version=esr [9] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42747 [10] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42737

1 0