[ooni-dev] On the ethics of soliciting measurements and informed consent

Arturo Filastò art at torproject.org
Mon Jan 5 13:44:45 UTC 2015

On 1/2/15 6:30 PM, Dan O'Huiginn wrote:
> Hi folks,
> Firstly, hello! Having met Arturo and Vasilis at the 31C3, I'm keen to
> get involved more.
> On consent: at an absolute minimum, I agree we need better warnings for
> users.

I fully agree!

> Below is some proposed text to inform users about the risks of OONI. I'm
> willing to take on the job of refining this based on feedback.
> IMO we need two versions. One short and simple, that users should have
> to read (and agree to?) before first running ooniprobe. The second
> comprehensive, to be put on the website and in the docs.
> WARNING: Running OONI may be illegal in your country, or forbidden by
> your ISP. By running OONI you will connect to web services which may be
> banned, and use web censorship circumvention methods such as Tor. The
> OONI project will publish data submitted by probes, possibly including
> your IP address or other identifying information. In addition, your use
> of OONI will be clear to anybody who has access to your computer, and to
> anybody who can monitor your internet connection (such as your employer,
> ISP or government).
> [link to long version]

This is music to my ears!

Really good job!

I think this is perfect. I would just replace the OONI with ooniprobe,
since you are running a specific tool part of OONI.

I would also add a note such as: "Please read more about the involved
with running ooniprobe here: " before the link to the long version.

> OONI does several things which may be illegal in your country, and/or
> banned by your ISP.
> OONI's http test will download data from controversial websites,
> specifically targeting those which may be censored in your country.
> These may include, for example, sites containing pornography or hate
> speech. You can find a list of sites checked at
> https://github.com/citizenlab/test-lists

We should create a specific repository for test lists and make that have
the ones we depend on as submodules.

It should point to this:

> Even where these sites are not blocked, it may be illegal to access
> them. It may also be illegal to bypass censorship, as OONI attempts by
> using Tor.
> In the most extreme case, any form of network monitoring could be
> illegal or banned, or even considered a form of espionage.
> [Include link to some resource on relevant laws globally. Someone like
> the EFF must have one of these; does anybody have a link?]
> about your internet connection to the whole world. Particular groups,
> such as your ISP and web services used by the ooni tests, will be able
> to discover even more detailed information about you.

What do you mean by this last statement? Are there things in particular
ooniprobe gives away about the user that would not have been given away

> THE PUBLIC will be able to see the information collected by OONIprobe.
> This will definitely include your approximate location, the network
> (ASN) you are connecting from, and when you ran ooniprobe. Other
> identifying information, such as your IP address, is not deliberately
> collected, but may be included in HTTP headers or other metadata. The
> full page content downloaded by OONI could potentially include further
> information, for example if a website includes tracking codes or custom
> content based on your network location.
> You can see what information OONI releases to the public at
> https://ooni.torproject.org/reports/. You should expect this information
> to remain online PERMANENTLY. [include details of retention policy, once
> we have one]
> THE OONI PROJECT will also be able to see your IP address [What other
> info do we get?]
> all web traffic generated by OONI, including your IP address, and will
> likely be able to link it to you personally. These organizations might
> include your government, your ISP, and your employer.
> ANYBODY WITH ACCESS TO YOUR COMPUTER, now or in the future, may be able
> to detect that you have installed or run ooni
> SERVICES CONNECTED TO BY OONI will be able to see your IP address, and
> may be able to detect that you are using OONI

I would say you create a new directory inside of ooni-probe/docs/source/
called "information" or something similar that we can use to put in
there also the data retention policy and other related information.

I would create two files called "risks-short.rst" and "risks-long.rst"
and put the content of what you have so far.

Then you can submit a pull request and I will merge it. Then I will make
it so they are included as part of the ooniprobe software and displayed
when needed.

~ Arturo

More information about the ooni-dev mailing list