[ooni-dev] Mining OONI reports to find server-side Tor blocking (e.g. CloudFlare captchas)

Roger Dingledine arma at mit.edu
Tue Jun 23 07:04:20 UTC 2015

On Fri, Jun 19, 2015 at 10:03:38AM -0700, David Fifield wrote:
> The attached script is my first-draft attempt at finding block pages.
> Its output is at the end of this message. You can see it finds a lot of
> CloudFlare captchas and other blocks.

Hi David,

Once you have a reliable cloudflare detector, please consider whether
you could do bulk scans of how websites handle Tor without even needing
to use Tor -- the idea would be to run a Tor exit relay, wait for it
to accumulate a bunch of hate from places like Cloudflare, and then do
much more efficient scans of the Internet using its IP address (as well
as in parallel a nearby but unrelated-to-Tor IP address).

In a sense this is exactly the same as the "is that website censored"
test that used Tor as the control, except it's the other way around.

(This is one of the few examples I've come up with where researchers
really genuinely do need to run a Tor exit relay, to do their research,
yet the research does not involve wiretapping other people's traffic or
similarly bad behavior.)


More information about the ooni-dev mailing list