- tor-project - lists.torproject.org

OONI Monthly Report: March 2021
by Maria Xynou 09 Apr '21

09 Apr '21

Hello, Throughout March 2021, the OONI team worked on the following sprints: * Sprint 34 - Hapi (1 - 14 March 2021) * Sprint 35 - Octariinae (15 - 28 March 2021) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. ## Published report on internet blocks and outages in Myanmar In collaboration with IODA and MIDO, we published a new research report which shares network measurement data on the internet blocks and internet outages in Myanmar, following the military coup. Our report is available here: https://ooni.org/post/2021-myanmar-internet-blocks-and-outages/ In the report, we share OONI data on: * Blocking of social media (Facebook, Facebook Messenger, WhatsApp, Instagram, Twitter) in Myanmar; * Blocking of Wikipedia (primarily seen from 20th February 2021 onwards); * Blocking of circumvention tool websites (such as protonvpn.com) * Blocking of Justice for Myanmar (www.justiceformyanmar.org) an activist campaign which aims to pressure businesses and investors around the world to divest from Myanmar military businesses; * Blocking of a COVID-19 website (coronavirus.app); * Ongoing blocking of news media (which started last year), including a few ethnic media sites. Through OONI data, we observe the following: 1) Censorship variance across networks: Internet censorship appears to vary across networks in Myanmar, as we observe different sites being blocked on different networks (and the blocks are not implemented on all networks). 2) Variance in censorship techniques: * IP blocking: In many cases, we observe the IP blocking of websites and apps across networks in Myanmar. * DNS based interference: In some cases, ISPs in Myanmar block sites by means of DNS based interference, returning IP addresses that host block pages (59.153.90.11, 167.172.4.60) or an address in private IP space (such as 127.0.0.1 or 172.29.8.1). We were able to automatically confirm these censorship cases. 3) Non-deterministic censorship: Not all IP blocks appear to be effective. OONI data shows that it is sometimes possible for connections to go through (even though IP blocks appear to be in place), which is likely why we observe inconsistent measurements (in terms of accessibility and blocking). The report also shares IODA data (along with Google traffic data & Oracle Internet Intelligence data) on the nightly internet outages that Myanmar has been experiencing. The first internet disruption was observed in the early hours of 1st February 2021 (on the day of the military coup), followed by a second, higher impact internet outage on 6th February 2021 (which lasted for almost 30 hours). As of 15th February 2021, Myanmar has been experiencing complete internet outages every night (between around 1am to 9am local time). The findings of this study suggest an alarming shift in Myanmar’s internet censorship landscape. In our 2017 study (which examined internet censorship in Myanmar based on the analysis of all OONI measurements collected between 2016-2017), we barely found any internet censorship in the country. Now, the ongoing social media blocks and nightly internet outages raise major human rights concerns, particularly in light of the current political environment. Our report received media coverage from Deutsche Welle (DW): * English article: https://www.dw.com/en/myanmar-military-coup-press-freedom/a-56829376 * German article: https://www.dw.com/de/myanmars-milit%C3%A4r-macht-massiv-druck-auf-die-pres… VPNCompare also wrote an article about the report: https://www.vpncompare.co.uk/myanmar-military-coup-leads-to-censorship-blac… ## OONI Probe Desktop We released OONI Probe Desktop 3.3.0 (https://github.com/ooni/probe-desktop/releases/tag/v3.3.0) which includes support for regular automated testing on Windows and macOS. We also implemented the new Signal test in OONI Probe Desktop (https://github.com/ooni/probe/issues/1408) and worked on adding RTL support in the OONI Probe desktop app (https://github.com/ooni/probe/issues/1087) ### Automated testing on OONI Probe Desktop The OONI Probe Desktop App now supports automated testing! Automated testing was added in OONI Probe Desktop 3.3.0 on Windows and macOS: https://ooni.org/install/desktop Instead of having to remember to manually run tests, users can now enable "automated testing" in the settings of their OONI Probe desktop app (version 3.3.0) and OONI Probe will automatically run tests every hour in the background (without user intervention). OONI Probe test results will automatically get published on OONI Explorer (in near real-time): https://explorer.ooni.org/ With automated testing, OONI Probe users can regularly contribute censorship measurements (without having to do anything), enhancing the internet freedom community’s ability to monitor and detect censorship events around the world. ## OONI Probe Mobile In March 2021, we released OONI Probe mobile 2.10.0 and 2.10.1 on: * Android: https://github.com/ooni/probe-android/releases/tag/v2.10.0 & https://github.com/ooni/probe-android/releases/tag/v2.10.1 * iOS: https://github.com/ooni/probe-ios/releases/tag/v2.10.0 & https://github.com/ooni/probe-ios/releases/tag/v2.10.1 With these releases, we added support for dark mode, improved the API calls to the Citizen Lab test lists, removed the collection of app usage metrics entirely, removed all analytics from F-Droid (i.e. removed the collection of crash reports), and we made bug fixes and other improvements. We decided to remove the collection of app usage metrics entirely from the OONI Probe mobile apps, since we concluded that this information was not as useful as we originally thought (and we wanted to increase user privacy). We also decided to remove Firebase analytics and only use Sentry for the collection of crash reports (when users opt-in to this) and Countly for sending push notifications (on Android). We reached these decisions following a careful audit of these tools (https://github.com/ooni/probe/issues/1399) with the goal of ensuring greater data minimization and only collecting data that is necessary. We also implemented the new Signal test in OONI Probe Mobile: https://github.com/ooni/probe-android/pull/422 & https://github.com/ooni/probe-ios/pull/430 ### Progress on automated testing on OONI Probe Mobile We made significant progress in adding support to the OONI Probe mobile app for automated testing, as documented through the following pull request: https://github.com/ooni/probe-android/pull/380 Throughout March 2021, we created 2 APKs for automated OONI Probe testing on Android. We tested these APKs extensively and based on our testing, we made a series of improvements. Currently, the OONI Probe APK for automated testing on Android performs all tests automatically every hour, testing 100 URLs each time. We have configured it to only run these tests when the user is connected to WiFi and when their mobile device is charging (though we have also added settings which allow users to enable and/or disable these options). We will soon release a beta version for more extensive testing by community members, in preparation for the upcoming stable release. ## Publication of OONI Probe user guides We published 2 new user guides for the OONI Probe apps! 1) User Guide: OONI Probe Mobile: https://ooni.org/support/ooni-probe-mobile 2) User Guide: OONI Probe Desktop: https://ooni.org/support/ooni-probe-desktop These guides share step-by-step instructions (with screenshots) on how to: * Install and run OONI Probe (to measure various forms of internet censorship) * Access and share OONI censorship measurement data * Customize the use of OONI Probe (for example, to test websites of your choice) * Configure OONI Probe settings With our new user guides, we share detailed information that will hopefully enable many community members to become OONI Probe power users, and to share their OONI Probe knowledge and skills with others. ## OONI Probe Command Line Interface (CLI) We released OONI Probe CLI 3.6.0 (https://github.com/ooni/probe-cli/pull/239) which includes the new Signal experiment, data quality improvements, exposing a new API to call the URLs endpoint from mobile devices, end-to-end tests, and other improvements (as documented here: https://github.com/ooni/probe-cli/releases/tag/v3.6.0) Details from this release are also documented through the following ticket: https://github.com/ooni/probe/issues/1340. We also implemented a fix for the TRR2 DoH resolver: https://github.com/ooni/probe/issues/1365 We added support for go 1.16 in the OONI Probe CLI (https://github.com/ooni/probe/issues/1367) and we started adding support for a new experimental test card, which would include the DNSCheck experiment (https://github.com/ooni/probe/issues/1262) We also implemented the check-in API in OONI Probe CLI (https://github.com/ooni/probe/issues/1299) ## OONI Probe Engine We continued to work on a Go-based nettest API for the OONI Probe mobile app (https://github.com/ooni/probe/issues/1346) We continued to redesign the probe-services package to add circumvention support (https://github.com/ooni/probe/issues/1355) making OONI Probe more resilient to censorship. We also continued to redesign the probe-services package to increase its reliability (https://github.com/ooni/probe/issues/1405) ## Expanding OONI Probe measurement methodologies In preparation for the release of the new OONI Probe test for the Signal Private Messenger app, we implemented the test in the OONI Probe mobile and desktop apps (as discussed previously), and we published a Signal test description on our website: https://ooni.org/nettest/signal. This description explains how the OONI Probe test for Signal works, linking to our test specification (https://github.com/ooni/spec/blob/master/nettests/ts-029-signal.md) As part of efforts to improve OONI data quality, we tested bootstrapping Psiphon with a pre-existing cache (https://github.com/ooni/probe-engine/issues/1192) in order to understand the impact of using a cache directory. We improved upon the data quality of Web Connectivity measurements by adding support for exporting all URLGetter fields (https://github.com/ooni/probe-engine/issues/1157) We also fixed a critical issue in our STUN reachability experiment (https://github.com/ooni/probe/issues/1403) ## OONI Explorer We made progress on creating multi-dimensional charts for the Measurement Aggregation Toolkit of OONI Explorer (https://explorer.ooni.org/experimental/mat) This work is documented through the following ticket: https://github.com/ooni/explorer/issues/536 We also looked into and evaluated self-hosted crash reporting solutions for OONI Explorer: https://github.com/ooni/probe/issues/1401 A number of developers joined the OONI Slack/IRC channel, expressing interest in our Google Summer of Code (GSoC) OONI Explorer project (“Improving OONI Explorer code quality”): https://community.torproject.org/gsoc/ooni-explorer-code-quality/. Some of these developers have already worked on OONI Explorer tickets (see: https://github.com/ooni/explorer/pulls?q=is%3Apr+author%3AEddges and https://github.com/ooni/explorer/pulls?q=is%3Apr+author%3Amsaaddev) We therefore coordinated with prospect GSoC students who are interested in working on OONI Explorer. ## OONI backend Throughout March 2021, we worked on the following backend activities: * Completed the process of reprocessing old measurements in the OONI fastpath pipeline * Deployed quic.ooni.org * Added support to the API for an experimental test group: https://github.com/ooni/backend/issues/484 * Completed an initial experiment which involved correlating domains and server IP addresses in Web Connectivity measurements * Worked on investigating duplicate measurements with different measurement_uid * Worked on implementing the first login and registration backend prototype * Continued to look into bintray alternatives ## Data analysis for Cameroonian partner We analyzed all OONI measurements collected from Cameroon to identify cases of website blocking. Based on the analysis, we generated and shared charts (that summarize the findings) with our local partner (COMPSUDEV), and we shared instructions for further testing. ## Data analysis for researchers in Uganda Two independent researchers from Uganda are using OONI Probe and OONI data as part of their work. In support of their research, we analyzed relevant OONI measurements (collected from Uganda) and provided them charts (summarizing key findings) that they will use in their research reports. ## Updated test lists Throughout March 2021, we contributed updates to the following test lists: * Global: https://github.com/citizenlab/test-lists/pull/732, https://github.com/citizenlab/test-lists/pull/734, https://github.com/citizenlab/test-lists/pull/736 * Senegal: https://github.com/citizenlab/test-lists/pull/733 * Myanmar: https://github.com/citizenlab/test-lists/pull/744 We also started a new test list for Togo: https://github.com/citizenlab/test-lists/pull/740 ## Collaboration with Netalitica on test lists We continued to collaborate with Netalitica researchers, who did excellent work updating more Citizen Lab test lists. Throughout March 2021, we reviewed (and shared feedback on) Netalitica updates to the Malaysian and Palestinian (https://github.com/citizenlab/test-lists/pull/745) test lists. ## Google Summer of Code (GSoC) 2021 This year, we have 5 OONI Google Summer of Code (GSoC) projects (https://community.torproject.org/gsoc/) that students can apply to: 1) OONI: Implement Roaming Test Helpers: https://community.torproject.org/gsoc/ooni-roaming-test/ 2) OONI: Integration And Unit Testing Of OONI Probe Desktop Apps: https://community.torproject.org/gsoc/ooni-probe-testing/ 3) OONI Probe Network Experiments: https://community.torproject.org/gsoc/ooni-probe-experiments/ 4) OONI: Measure The Accuracy Of OONI GeoIP Lookup: https://community.torproject.org/gsoc/ooni-geoip-accuracy/ 5) OONI: Improve OONI Explorer Code Quality: https://community.torproject.org/gsoc/ooni-explorer-code-quality/ Accepted students will work on an OONI GSoC project (paid by Google) during the summer of 2021 (between 7th June 2021 to 16th August 2021) with mentorship from the OONI team. Information about GSoC is available here: https://summerofcode.withgoogle.com Students can apply until 13th April 2021: https://hub.osc.dial.community/t/gsoc-2021-dial-open-source-center/2134 ## Micro-course on Internet censorship Asuntos del Sur (https://asuntosdelsur.org/) launched Plataforma Inteligencia de Riesgos (https://riesgosdigitales.academiainnovacionpolitica.org/) an online platform that provides micro-courses on digital security and digital rights related topics. This platform features a micro-course on internet censorship, which we had the opportunity to contribute: https://riesgosdigitales.academiainnovacionpolitica.org/cursos/censura-e-in… For the micro-course on Internet censorship, we created 3 short videos on: 1) What is Internet censorship? 2) The Problem of Internet censorship 3) Detecting Internet censorship with OONI Probe The micro-course also includes the slides from each video presentation, as well as relevant resources for further reading. All of the above are available through the “Curriculum” section of this page: https://riesgosdigitales.academiainnovacionpolitica.org/cursos/censura-e-in… As these micro-courses are primarily geared towards civil society groups in Latin America, the materials include Spanish translations. We are grateful to Asuntos del Sur for offering us the opportunity to contribute to this project! ## Community use of OONI data ### Lebanon blocking currency exchange rate sites SMEX published an article on the blocking of currency exchange rate websites in Lebanon: https://smex.org/internet-censorship-in-lebanon-the-case-of-currency-exchan… In their article, SMEX shared an OONI Run link for the OONI Probe testing of specific currency exchange rate websites, and a link to OONI measurements collected from Lebanon. They also shared their OONI Probe findings (from the testing of currency exchange rate sites in Lebanon) on social media: https://twitter.com/alisibai/status/1369943574054375424 ## Community activities ### DigitalReach event On 17th March 2021, OONI’s Simone participated as a speaker on DigitalReach’s webinar, “From Beijing with Love: The Internet Firewall in Southeast Asia”. This online event was hosted for civil society groups in Southeast Asia, and information about the event is available here: https://digitalreach.asia/event/from-beijing-with-love-the-internet-firewal… As part of his participation, Simone presented OONI’s methodologies and explained how civil society groups in Southeast Asia can use OONI Probe and OONI data to investigate internet censorship. He also discussed some of OONI’s recent censorship findings from Myanmar, as well as how communities in Cambodia and China can participate in censorship measurement research. ### MozFest 2021 On 17th March 2021, OONI’s Arturo and Sarath facilitated a workshop at MozFest 2021, during which they demoed OONI Explorer and explained how human rights defenders can use the platform to investigate internet censorship around the world. Information about our MozFest session (“Exploring Internet censorship through OONI data”) is available here: https://schedule.mozillafestival.org/session/FPRYTV-1 ### OONI Community Meeting On 30th March 2021, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/) during which we discussed the following topics: 1. Automated testing on OONI Probe Desktop and OONI GSoC projects. 2. Updates regarding the web platform for contributing to the Citizen Lab test lists. 3. We know that OONI Probe tests a sample of the URLs included in a given country list. If I run in parallel network tests on both Desktop and Mobile (mobile connected to wifi), will the apps sample the test list in the same way? Is there a way to make the probe go through the entire test list instead of testing a random sample of URLs? ## Userbase In March 2021, 7,960,987 OONI Probe measurements were collected from 5,408 networks in 204 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Anti-censorship meeting notes, 8 April 2021
by David Fifield 08 Apr '21

08 Apr '21

Meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-04-08-16.07.html Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday April 8th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors we are working on: * All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 30 * https://gitlab.torproject.org/groups/tpo/-/milestones/4 * https://gitlab.torproject.org/groups/tpo/-/milestones/7 * https://gitlab.torproject.org/groups/tpo/-/milestones/5 * https://gitlab.torproject.org/groups/tpo/-/milestones/6 * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Public bug-reporting pad: * https://pad.riseup.net/p/tor-anti-censorship-bugs-keep <-- we have anonymous tickets handling now. Let's see which anti-censorship repos to include. == Announcements == * == Discussion == * == Actions == * == Interesting links == * https://censoredplanet.org/throttling == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2020-04-01 Last week: - fixed snowflake CI (snowflake#40026) - updated tor browser binaries for GetTor - reviewed docker-obfs4-bridge!2 - reviewed emma#4 - responded to microsoft azure shutting down domain fronting - set up domain fronting for snowflake on fastly - worked on anti-censorhsip alerts for hackweek - Opened MR for webrtc update in Tor Browser (tor-browser-build#40261) This week: - more hackweek stuff - more domain fronting stuff - afk mostly next week except for a few meetings and emergencies Ongoing: - connect bridgedb to rdsys (rdsys#12) - congestion logging patches for snowflake#40026 - install our snowflake app on android and try it out for a few days - prepare snowflake for sponsor 28 evaluations Needs help with: - review of snowflake!31 - review of snowflake!32 - review of tor-browser-build!251 arlolra: 2020-10-29 Last week: - Next week: - getting back up to speed - follow ups to #33365 - start on #31201 Help with: - dcf: 2021-04-08 Last week: - snowflake CDN accounting https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… - commented on snowflake broker prometheus exporter https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - reviewed snowflake broker CDN change https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - look at PT v2 branch https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: Antonela: 2020-08-27 This week: agix:2021-04-08 Last week: -Been busy with university stuff for the last few weeks Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - HashikD: 2021-01-22 This week: - Next week: - Help with: -

1 0

OONI Monthly Report: February 2021
by Maria Xynou 08 Apr '21

08 Apr '21

Hello, Apologies for sharing this late. Throughout February 2021, the OONI team worked on the following sprints: * Sprint 32 - Tursiop truncatus (1 - 14 February 2021) * Sprint 33 - Actinia Equina (15 - 28 February 2021) Our work can be tracked through the various OONI GitHub repositories: https://github.com/ooni Highlights are shared in this report below. ## New OONI Probe Command Line Interface (CLI) for Linux and macOS We released a new OONI Probe Command Line Interface (CLI) for Linux and macOS! OONI Probe can be installed on the command line on: * Debian/Ubuntu: https://ooni.org/install/cli/ubuntu-debian * macOS: https://ooni.org/install/cli/macos Upon installation, OONI Probe will run all tests *automatically* every day, enabling the regular contribution of measurements (without user intervention). Given that all OONI Probe measurements are openly published in near real-time (https://ooni.org/data/) this will enable the internet freedom community to better investigate internet censorship. As we are in the process of discontinuing the python legacy ooniprobe version (https://github.com/ooni/probe-legacy) we encourage legacy ooniprobe users to switch over to the new OONI Probe CLI: https://ooni.org/install/cli Similarly to the legacy version, the new OONI Probe CLI runs all tests automatically in the background every day and it will also receive important future updates (such as new tests, code improvements, etc.). ## OONI Probe Mobile In February 2021, we released OONI Probe mobile 2.9.2 and 2.9.3 on: * Android: https://github.com/ooni/probe-android/releases/tag/v2.9.2 & https://github.com/ooni/probe-android/releases/tag/v2.9.3 * iOS: https://github.com/ooni/probe-ios/releases/tag/v2.9.2 & https://github.com/ooni/probe-ios/releases/tag/v2.9.3 With these releases, we added crash reporting tools (but removed Countly for crash reports on F-Droid), fixed bugs, and made improvements to the app. We also added dark mode support to OONI Probe on iOS (https://github.com/ooni/probe/issues/925) and we added wrappers for test list URLs (https://github.com/ooni/probe/issues/1331) We also created a proof of concept for a Go API that runs Web Connectivity measurements (and other tests) on mobile devices. This work is documented through the following ticket: https://github.com/ooni/probe/issues/1346 ## OONI Probe Desktop In February 2021, we released OONI Probe Desktop 3.2.2 (https://github.com/ooni/probe-desktop/releases/tag/v3.2.2) and 3.2.3 (https://github.com/ooni/probe-desktop/releases/tag/v3.2.3) With these new releases, we: * Implemented a new Dashboard screen (with detailed screens for each test group): https://github.com/ooni/probe/issues/1274 * Added support for running all OONI Probe tests with the click of a single button * Added the “Choose websites” button inside the Websites card, enabling users to test websites of their choice * Added support for the new OONI Probe RiseupVPN test * Added a setting for limiting the test duration of the Web Connectivity test (default run time set to 90 seconds) * Removed the setting for specifying the number of websites tested in each run * Removed the setting which enabled users to share their IP address With these latest releases, we made significant progress towards achieving feature parity between the OONI Probe mobile and desktop apps, as the OONI Probe desktop app now has the same design/layout and many of the same features as the OONI Probe mobile app. We also added support for automated OONI Probe testing on Windows and macOS: https://github.com/ooni/probe-desktop/pull/198. As part of this, we added the ability support for scheduling ooniprobe as a task on Windows: https://github.com/ooni/probe/issues/1350. ## OONI Probe for Raspberry Pi We worked on adding support for creating armv7 and arm64 builds of OONI Probe CLI in our continuous integration (CI) platform. Through these builds, we will be able to create Debian packages that can run on Raspberry Pi computers. Progress on this front is documented through the following pull requests: https://github.com/ooni/probe-cli/pull/199 https://github.com/ooni/probe/issues/1334 https://github.com/ooni/probe/issues/807 ## OONI Probe Engine We merged the probe-engine and probe-cli codebases to make the build process smoother and make maintenance easier in the long run. This work is documented through the following ticket: https://github.com/ooni/probe/issues/1335 We also improved the data quality of measurements by addressing a bug, as documented in this ticket: https://github.com/ooni/probe-engine/issues/1191. We also made progress on adding circumvention support to the OONI Probe apps. ## Expanding OONI Probe measurement methodologies As part of our ongoing efforts to expand OONI Probe measurement methodologies, we: * Worked on implementing a new OONI Probe test for the Signal Private Messenger app: https://github.com/ooni/probe-engine/issues/278 * Updated the Telegram endpoints (used in the OONI Probe Telegram test) to new IPs: https://github.com/ooni/probe-cli/pull/232 * Investigated WireGuard blocking in the UAE and discussed the implementation of a relevant test * Carried out research on measuring QUIC blocking in Iran and Uganda * Carried out research on alternative TLS stacks ## OONI Explorer We created a UI for presenting blocked websites in the country pages of OONI Explorer: https://github.com/ooni/explorer/issues/289 We aim to display the aggregates for tested websites within the selected time period and we will expose functionality that will enable users to filter websites based on “confirmed blocked” or “anomalous” measurement values. When the user clicks on a row, we may display a chart of measurements for that website over time. We also aim to add links to the website-centric charts that will display metrics about that particular URL around the world. We made SEO improvements to OONI Explorer. We improved the meta tags in the measurement and country pages to expose more useful information. The title tags of the pages were also updated to contain more relevant information about the page in question. See: https://github.com/ooni/explorer/issues/547 https://github.com/ooni/explorer/issues/202 https://github.com/ooni/explorer/pull/550 ## OONI backend Throughout February 2021, we worked on the following backend activities: * Implemented the processing of minicans from S3 in the OONI fastpath pipeline * Added YAML support in the OONI fastpath pipeline * Worked on reprocessing old data in the OONI fastpath pipeline * Looked into alternatives for bintray * Looked into duckdb for the counters aggregation * Looked into deploying new, dynamic “test helpers” on cloud services * Looked into tracking and scoring measurements using stateful data around DNS, SSL certificates and integration with our event detector * Carried out an initial experiment with correlating domains and server IP addresses in Web Connectivity measurements * Added nspawn and Docker-based runners in the API * Refactored the probe-services codebase to increase its reliability: https://github.com/ooni/probe-engine/issues/755 ## Created mockups for URL submission web platform To enable community contributions to the Citizen Lab test lists (https://github.com/citizenlab/test-lists) we are creating a web platform that will enable community members to add, edit, and remove URLs (included in the Citizen Lab test lists), without using GitHub. In February 2021, we created some initial mockups, outlining what the web platform would look like and how community members would contribute to the Citizen Lab test lists. These mockups are available here: https://github.com/ooni/ooni.org/issues/787#issuecomment-779231391 We subsequently shared the mockups with community members (particularly Netalitica) in order to collect their feedback in the early stages of design and development. We also opened a ticket, where community members can share their feedback: https://github.com/ooni/ooni.org/issues/810 ## Updated OONI Data Policy We edited the OONI Data Policy to reflect changes with respect to our use of analytics (primarily used for crash reports). On 12th February 2021, we published the updated version of the OONI Data Policy: https://ooni.org/about/data-policy ## Data analysis for Azerbaijan Internet Watch In support of our partner, Azerbaijan Internet Watch, we analyzed OONI measurements collected from Azerbaijan between December 2020 to February 2021. We documented the findings of our analysis in a report (including relevant charts), which Azerbaijan Internet Watch published here: https://www.az-netwatch.org/wp-content/uploads/2021/02/2021-02-Azerbaijan-I… Azerbaijan Internet Watch also published a blog post, summarizing the key findings from this report: https://www.az-netwatch.org/news/ooni-measurements-indicate-censorship-rema… ## OONI training Between 9th-11th February 2021, we organized and facilitated a 3-day OONI training for our partners: the Software Freedom Law Centre of India (SFLC.in). The goal of this training was to familiarize SFLC.in staff with OONI’s censorship measurement tools, dataset, and terminologies to enable their use as part of research and advocacy in India. We also facilitated this training with the goal of collecting feedback from SFLC.in on how to improve our methods to better serve community needs. In preparation for the training, we collected feedback from SFLC.in on how to structure the training to best meet their needs, we prepared a relevant agenda, created slides for each training session, and we created a document which lists relevant resources for further reading. The training consisted of the following 6 sessions: 1. Introduction to Network Measurement & Internet Censorship 2. Using the OONI Probe Mobile App 3. Using OONI Probe on GNU/Linux 4. Using OONI Run to coordinate censorship testing in your community 5. Using OONI Explorer 6. Interpreting and understanding OONI data We demoed all OONI tools, and walked participants through each setting with the goal of enabling them to become power users. This included hands-on exercises, as well as practice on coordinating censorship measurement (based on real-world scenarios). The sessions also included theoretical components with the aim of introducing participants to technical terms and concepts used by OONI and required for interpreting and understanding OONI data. At the end of the training, we shared a short survey with SFLC.in to collect their feedback and learn how we can improve future training. ## Ford Foundation Financial Innovation & Resilience Training Between 16th-18th February 2021, we participated in the Ford Foundation’s 3-day intensive Financial Innovation & Resilience training program. We were offered this great opportunity because we are a grantee of the Ford Foundation, who support OONI’s community-related work. The knowledge and skills gained through this training program have helped us rethink and improve OONI’s fundraising strategies. ## Community activities ### NDSS DNS Privacy Workshop 2021 On 21st February 2021, OONI’s Simone presented our academic paper, “Measuring DoT/DoH Blocking Using OONI Probe: a Preliminary Study”, at the 2021 DNS Privacy Workshop of the NDSS Symposium. Information about the event is available here: https://dnsprivacy.org/wiki/display/DNSPWS/2021%3A+NDSS+DNS+Privacy+Workshop We designed DNSCheck, an active network experiment to detect the blocking of DoT/DoH services. We implemented DNSCheck into OONI Probe, which we ran in Kazakhstan (AS48716), Iran (AS197207), and China (AS45090) with the help of volunteer OONI Probe users. Our paper presents preliminary results from measurements, having tested 123 DoT/DoH services, corresponding to 461 TCP/QUIC endpoints. We found endpoints to fail or succeed consistently. On AS197207 (Iran), 50% of the DoT endpoints seem blocked. Otherwise, we found that more than 80% of the tested endpoints were always reachable. The most frequently blocked services are Cloudflare’s and Google’s. In most cases, attempting to reach blocked endpoints failed with a timeout. We observed timeouts connecting, during, and after the TLS handshake. TLS blocking depends on either the SNI or the destination endpoint. Our paper has been published by the NDSS Symposium here: https://www.ndss-symposium.org/wp-content/uploads/dnspriv21-02-paper.pdf Information about Simone’s presentation (including the slides he used) is available here: https://www.ndss-symposium.org/ndss-paper/auto-draft-123/ We are working towards shipping DNSCheck as part of the OONI Probe apps. ### OutRight Action International webinar On 24th February 2021, OONI’s Maria participated in OutRight Action International’s webinar titled “Censored: How LGBTIQ People And Activists Are Threatened By - And Surviving In - Restrictive And Repressive Digital Environments”. As part of her participation in this webinar, Maria presented OONI’s work and discussed how OONI has been collaborating with OutRight Action International (https://outrightinternational.org/) and the Citizen Lab (https://citizenlab.ca/) on investigating the blocking of LGBTIQ websites around the world. This webinar included a presentation of our research findings, and we plan to co-publish a research report soon. ### OONI Community Meeting On 23rd February 2021, we hosted the monthly OONI Community Meeting on our Slack channel (https://slack.ooni.org/) during which we discussed the following topics: 1. New OONI Probe Command Line Interface (CLI). 2. Can it happen that OONI Probe will test URLs that are not on the Citizen Lab test list for a given country during a standard test in that country? In a single run, does the probe test all URLs from a given list or a sample of them? What variables determine the size of the sample? Is it possible to use the probe remotely and collect data similar in quality to that when using the probe locally? 3. Adding circumvention support to OONI Probe. 4. Developing a new OONI Probe Signal experiment. 5. OONI paper on measuring DoT/DoH blocking at the 2021 DNS Privacy Workshop of the NDSS Symposium (https://www.ndss-symposium.org/ndss-paper/auto-draft-123/) and making this test (DNSCheck) available on OONI Probe. ## Userbase In February 2021, 7,386,719 OONI Probe measurements were collected from 5,606 networks in 201 countries around the world. This information can also be found through our measurement stats on OONI Explorer (see chart on “monthly coverage worldwide”): https://explorer.ooni.org/ ~ OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

1 0

Sponsor 38 update (Shadow simulator)
by Jim Newsome 07 Apr '21

07 Apr '21

Our latest update on the Shadow simulator is in Shadow's Discussions forum: https://github.com/shadow/shadow/discussions/1274 Thanks, and happy simulating! The Shadow team (<https://github.com/shadow/shadow/blob/main/docs/nsf-sponsorship.md#people>)

1 0

minutes from the sysadmin
by Antoine Beaupré 07 Apr '21

07 Apr '21

Hi! This is a short email to let people know that TPA meetings are suspended for a while, as we are running under limited staff. I figured I would still send you those delicious metrics of the month and short updates like this to keep people informed of the latest. # Metrics of the month * hosts in Puppet: 87, LDAP: 90, Prometheus exporters: 141 * number of Apache servers monitored: 28, hits per second: 0 * number of Nginx servers: 2, hits per second: 2, hit ratio: 0.87 * number of self-hosted nameservers: 6, mail servers: 7 * pending upgrades: 0, reboots: 1 * average load: 1.04, memory available: 1.98 TiB/2.74 TiB, running processes: 569 * bytes sent: 269.96 MB/s, received: 162.58 MB/s * [GitLab tickets][]: 138 tickets including... * open: 0 * icebox: 106 * backlog: 22 * next: 7 * doing: 4 * (closed: 2225) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Note that the Apache exporter broke because of a fairly dumb error introduced in february, so we do not have the right "hits per second" stats there. Gory details of that bug live in: https://github.com/voxpupuli/puppet-prometheus/pull/541 # Quote of the week "Quoting. It's hard." Okay, I just made that one up, but yeah, that was a silly one. A. -- Antoine Beaupré torproject.org system administration

1 0

UX team monthly meeting notes, April 6th
by Duncan Larsen-Russell 06 Apr '21

06 Apr '21

1 0

looking for organizer for next DEMO day at the end of May
by Gaba 05 Apr '21

05 Apr '21

Hey! We are looking for somebody to organize next DEMO Day on May 26th. DEMO days are usually an hour long full of 5 minutes presentations. Each presentation is of something related to the Tor ecosystem. You can take a look at the last demo day we had in February in https://pad.riseup.net/p/tor-demo-day-february-2021-keep If you are interested in putting this together please send me a message to gaba at torproject dot org. thanks, gaba -- pronouns she/her/they GPG Fingerprint EE3F DF5C AD91 643C 21BE 8370 180D B06C 59CA BD19

1 0

hackweek starting this Monday at 15UTC!
by Gaba 01 Apr '21

01 Apr '21

Hi! Next week we are hacking on small projects all week! There are 10 proposals so far from visualizing metrics data to adding onion services v3 support to arti. To kickoff the week we will have an opening session on **Monday March 29th at 15UTC**. Projects will be presented at that session and teams will be created. The link for the opening session room will be posted on Monday. We will close the hackweek on Friday with a demo session where teams will be able to show the work done during the week. You can take a look at the proposed projects in https://gitlab.torproject.org/tpo/community/hackweek 1 Torify signal-cli with torsocks Summary: Work through blocking bugs for getting signal-cli working with torsocks. Interesting because signal is being blocked in some locales. Lead by jnewsome and/or dgoulet 2 Prometheus alerts for anti-censorship metrics Summary: We have BridgeDB exporting prometheus metrics so far, and we could implement this for Snowflake. It would be great if we could get alerts when usage changes to notify us of possible censorship events. Somewhat related, it would also be nice to get alerts when default bridge usage drops off suddenly or directly connecting Tor users from different regions. Lead by cohosh and anarcat 3 Prototype network-namespace-based torsocks Summary: Use network namespaces (or maybe something else?) to run target software in an environment where it can't talk to the real network; it can only talk to the tor socks port and/or some "shim" adapter. Might be able to remove or lessen dependence on LD_PRELOAD (which isn't available everywhere, can be "escaped", and can be a bit fragile). If we continued to use LD_PRELOAD could at least be used to prevent accidental connections to the real network. Lead by jnewsome and/or dgoulet 4 Add support for UDP sockets over onion services, possibly with enabling support for WebRTC in Tor Browser Lead by sysrqb 5 Visualize Tor metrics's data in ways that it can be useful for community Summary: The goal is to have a dashboard with Tor usage per country in a way that is easy to see big changes happening. Right now we need to select each country to see the Tor usage. It would be good to have a way to see all the countries and the onews where usage is increasing (via bridge and direct connection) Lead by gus and gaba 6 Prototype Rust+Arti-based HTTP frontend cache for directory authorities Summary: Directory authorities are under a lot of unnecessary load from excessive download requests. We have other projects in mind to reduce those requests, but one workaround is to add a frontend cache in front of one or more of the authorities' HTTP ports. With this project we'll write a Rust server use Arti's download and validation code to fetch directory information from an authority, and expose that information via a set of HTTP requests. With luck, our code will be reuseable in the future when relays or authorities are rewritten in Rust. Lead by nickm 7 Onionshare download accelerator Summary: Journalists are requesting ways to download large files from onion services faster. This is actually possible already with HTTP, without any Tor client modifications. By splitting up requests into 250k chunks using HTTP range requests, and using SOCKS username and password to allocate these requests properly onto different circuits, we can hit ~6 megabytes/sec per guard (so ~12 megabytes/sec with 2 gaurds), with a custom HTTP download acelerator. This download accelerator could be provided as part of onionshare. For more details, see https://github.com/micahflee/onionshare/issues/1295. Lead by mike 8 Vanguards doc updates, bugfixes, packages for onionshare and/or Tor Browser Summary: The vanguards Tor control port addon provides defense against Guard discovery attacks, as well as other attacks against onion services, onion clients, and even Tor Browser exit traffic. Vanguards is in need of some doc updates, bugfixes, and we could even package it for one of onionshare or Tor Browser. Packaging it with Onionshare also helps improve the security properties of the above download accelerator item. See the bugtracker for specific items: https://github.com/mikeperry-tor/vanguards/issues Lead by mike 9 Circuit Padding Simulator Summary: The Tor circuit padding framework is under active use by researchers to improve padding defenses against website traffic fingerprinting, and onion service circuit fingerprinting. The simulator is in need of update to the latest Tor release, as well as in need of performance improvements, and a more accurate way to deal with time-based features. See https://github.com/pylls/circpad-sim/blob/master/README.md Lead by mike 10 Onion service v3 support for arti Summary: arti currently does not do v3 onion services. Let's do some solid work towards making that possible. Lead by asn

1 2

Anti-censorship meeting, 2021 March 25
by Cecylia Bocovich 25 Mar '21

25 Mar '21

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-03-25-15.58.html and our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday March 25th 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly checkin about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at Tor. == Links to Useful documents == Our anti-censorship roadmap: Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards The anti-censorship team's wiki page: https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home Past meeting notes can be found at: https://lists.torproject.org/pipermail/tor-project/ Tickets that need reviews: from sponsors we are working on: All needs review tickets: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… Sponsor 30 https://gitlab.torproject.org/groups/tpo/-/milestones/4 https://gitlab.torproject.org/groups/tpo/-/milestones/7 https://gitlab.torproject.org/groups/tpo/-/milestones/5 https://gitlab.torproject.org/groups/tpo/-/milestones/6 Sponsor 28 must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… Public bug-reporting pad: https://pad.riseup.net/p/tor-anti-censorship-bugs-keep <-- we have anonymous tickets handling now. Let's see which anti-censorship repos to include. == Announcements == == Discussion == Do we need to upgrade bridges for today's OpenSSL advisories? https://www.openssl.org/news/secadv/20210325.txt Next week is hackweek and we're working on anti-censorship alerts == Actions == == Interesting links == == Reading group == We will discuss "" on Questions to ask and goals to have: What aspects of the paper are questionable? Are there immediate actions we can take based on this work? Are there long-term actions we can take based on this work? Is there future work that we want to call out, in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2020-03-25 Last week: - merged snowflake!30 - updated the link to our snowflake documentation wiki on snowflake.torproject.org - updated wiki to include a link to jacobo's ansible playbook - updated pion webrtc version in snowflake (snowflake#40037) - started a tor browser build for it - worked on candidate refactor of snowflake (snowflake#40036) - responded to bridgestrap outage (bridgestrap#16) - sponsor 28 integration prep - tried out new private bridges This week: - hackweek work on anti-censorship alerts Ongoing: - connect bridgedb to rdsys (rdsys#12) - congestion logging patches for snowflake#40026 - install our snowflake app on android and try it out for a few days - prepare snowflake for sponsor 28 evaluations Needs help with: - review of snowflake!31 arlolra: 2020-10-29 Last week: - Next week: - getting back up to speed - follow ups to #33365 - start on #31201 Help with: - dcf: 2021-03-25 Last week: Next week: - snowflake CDN accounting - look at PT v2 branch https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: Antonela: 2020-08-27 This week: agix:2021-03-25 Last week: -Been busy with university stuff for the last few weeks Next week: -Work on bridgebox for rdsys -More research on httpt #4 Help with: - hanneloresx: 2021-3-4 Last week: - Submitted MR for bridgestrap issue #14 Next week: - Finish bridgestrap #14 - Find new issue to work on Help with: - HashikD: 2021-01-22 This week: - Next week: - Help with: -

1 0

Fwd: Using tor as transport network for LBRY
by Antonela D 24 Mar '21

24 Mar '21

---------- Forwarded message --------- From: Ole Tange <ota(a)prosa.dk> Date: Sat, Mar 20, 2021 at 4:36 PM Subject: Using tor as transport network for LBRY To: antonela(a)torproject.org <antonela(a)torproject.org> LBRY is a distributed, open source alternative to YouTube. They currently use their own protocol for data transfer and has problem with hole punching (through NAT walls). I have raised this ticket with LBRY (there are also other privacy concerns that Tor would solve): https://github.com/lbryio/lbry-sdk/issues/3235#issuecomment-800547084 Given that you said you are willing to help others using the tor network, I hope you will ask one of your technicians to post a note, saying you are here to help them out. /Ole -- Antonela Debiasi UX Team Lead torproject.org @antonela E2330A6D1EB5A0C8

1 0