[tor-talk] New OONI release: Test sites you care about!
Arturo Filastò
art at torproject.org
Wed Sep 27 18:21:34 UTC 2017
Hi Seth,
When you click on a link with OONI Run the user is presented with a page that shows them the list of URLs (if the test is web_connectivity) that they are about to test.
If a malicious URL is included in such list, the user will be able to avoid running it by simply clicking the X button.
The run.ooni.io links are also defined as a custom URI inside of both apps, so if the app is installed, the user will actually never be connecting to ooni.io servers.
That said, something to keep in mind, is that OONI Probe is not a privacy tool, but rather a tool for investigations and as such poses some risks (as we explain inside of our informed consent procedure).
We are not aware of any OONI Probe users having gotten into trouble for using our tool, but we prefer to air always on the safe side be sure that they understand very well the speculative risks that they could run into.
Hope this answers your question,
Feel free to contact me on and/or off-list if you have any follow up questions,
~ Arturo
On 27 September 2017 at 19:55:03, Seth David Schoen (schoen at eff.org) wrote:
Hi Maria,
I also posted this question as a comment on the blog post, but I was
wondering if OONI encounters adversarial activity from censors who
try to either locate and shut down OONI nodes, or return different
information to OONI nodes than to other Internet users. If so, the
OONI Run feature could make it extremely easy for censors to identify
where OONI probe nodes are located, by just setting up a site under
their control and submitting it to OONI Run. But maybe this isn't a
problem that the project has encountered so far.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 208 bytes
Desc: Message signed with OpenPGP using AMPGpg
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20170927/068a66c0/attachment.sig>
More information about the tor-talk
mailing list