[ooni-talk] OONI Probe ASN Incident Report
Maria Xynou
maria at openobservatory.org
Fri Oct 23 12:23:56 UTC 2020
Hello,
Today we released OONI Probe Desktop 3.0.4: https://ooni.org/install/desktop
This release is important because it fixes the ASN-related bug that we
previously reported (discussed below).
Apologies for not releasing this sooner (we were facing some issues with
updating our code signing certificate, but this is now resolved).
Please update to the latest OONI Probe desktop version (3.0.4).
Thank you!
On 09/10/20 16:59, Maria Xynou wrote:
> Hello,
>
> Last week we discovered an ASN-related bug in OONI Probe.
>
> Today we published an Incident Report which shares details about the
> bug, what we did to fix it, and we document our next steps (as well as
> measures for limiting the possibility of similar bugs recurring in the
> future).
>
> You can read our Incident Report here:
> https://ooni.org/post/2020-ooni-probe-asn-incident-report/
>
> ## What you can do
>
> Please update to OONI Probe Mobile 2.7.0 (which fixes the bug):
> https://ooni.org/install/mobile
>
> If you're an OONI Probe desktop app user and you prefer *not* to share
> your network ASN, please refrain from running tests until we have
> released the fix -- hopefully next week (this requires third party action).
>
> If you're a legacy ooniprobe user, please use the OONI Probe Command
> Line Interface (CLI) instead. Version 3.0.8 contains the bug fix:
> https://github.com/ooni/probe-cli/releases/tag/v3.0.8
>
> Over the next year, we aim to release OONI Probe Linux packages which
> would serve as a replacement for legacy ooniprobe.
>
> ## The bug in summary
>
> When you run OONI Probe, by default your network ASN (e.g. AS30722 for
> “Vodafone Italia”) is collected and published, as this information is
> very important for examining internet censorship (i.e. it's important to
> know on which network internet censorship is implemented).
>
> Through the OONI Probe apps, you can opt out of ASN collection (and
> publication) by disabling the "Include Network Info" setting.
>
> The bug is that if you disabled this setting, your network ASN was not
> published in the OONI Explorer measurement page or in the raw JSON data
> (where it was displayed as AS0), but it was included in the report ID of
> those measurements.
>
> During our investigation, we also found that in some cases, the network
> name (such as "Vodafone Italia") was included in AS0 measurements, and
> that it may have been possible to retrieve the ASN through the resolver
> IP (which we previously didn't sanitize because it's useful for
> measuring DNS consistency).
>
> All of these issues have been fixed in our probe engine, and we have
> released a fix for OONI Probe Mobile (as mentioned above).
>
> ## Affected measurements
>
> Most OONI Probe users were *not* affected by this bug, since roughly 86%
> of OONI measurements collected from around the world did not disable the
> collection and publication of network information, which is enabled in
> the default settings.
>
> According to our analysis, only around 2% of global OONI measurements
> leaked the user network ASN in the report ID (this mainly involves new
> probes), and about 12% of global OONI measurements might have disclosed
> the ASN through the client resolver in OONI’s Web Connectivity test
> (this mainly involves legacy probes).
>
> We made changes to OONI Explorer to hide AS0 measurements, and further
> details are available through our Incident Report.
>
> The OONI team apologizes to the OONI community for this incident. We
> would never intentionally harm our users, we value and respect user
> choice, and we take seriously the trust our users have placed in us. We
> do our best to give you as much control over how you use OONI Probe, but
> sometimes we make mistakes. We will always be transparent when such bugs
> occur.
>
> To learn more about our data practices and about the principles that
> govern OONI data collection, please refer to our Data Policy:
> https://ooni.org/about/data-policy
>
> If you have any questions or concerns related to this incident, please
> don't hesitate to reach out.
>
> Thank you,
>
> Maria (on behalf of the OONI team).
>
--
Maria Xynou
Research & Partnerships Director
Open Observatory of Network Interference (OONI)
https://ooni.org/
PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E
More information about the ooni-talk
mailing list