ooni-probe and Tor (Long Version)

2,714 views

Published on

The long version of the presentation given at the European Parliament in occasion of the EU Hackathon http://www.euhackathon.eu/.
Topic are Censorship, Internet Filtering, Tor and ooni-probe.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,714
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
44
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

ooni-probe and Tor (Long Version)

  1. 1. OONI-probe Detecting internet filtering for a Free and Transparent InternetTuesday, November 8, 2011
  2. 2. Surveillance • Internet filtering is a subset of Surveillance • If they are filtering something, it means that they are surveilling everythingWednesday, November 9, 2011
  3. 3. Censorship It’s a distortion of what is in reality the internet. Follows the subjectiveness of the authorities This does not help humanity • Internet filtering is a form of non democratic oppression on people • It allows those in power to subvert reality • FilterNetWednesday, November 9, 2011
  4. 4. FilterNet • It’s a distortion of what is in reality the internet. • Follows the subjectiveness of the authorities • This does not help humanityTuesday, November 8, 2011
  5. 5. What we are doing? • Help people circumvent censorship (Tor) • Help people speak freely and anonymously (Tor Hidden Services) • Measure Internet filtering in the world (OONI-Probe)Tuesday, November 8, 2011
  6. 6. Tor • Tor software downloads are currently blocked from China, Iran, Lebanon, Qatar, etc. • Tor delivers via email, write to gettor@torproject.org and we will send you a client to bootstrap a Tor clientTuesday, November 8, 2011
  7. 7. Hidden Services • They allow a server to give access to content anonymously • This means people can publish content even if filtering is in place • No fear of retaliationTuesday, November 8, 2011
  8. 8. Tor Hidden Services • am4wuhz3zifexz5u.onion • Anonymity for the Server • DoS protection • End-To-End encryptionTuesday, November 8, 2011
  9. 9. How HS work Client Hidden Server IP IP IP RPTuesday, November 8, 2011
  10. 10. Existing filter detection tools OpenNet Initiative (rTurtle) Herdict Academic research • Various captive portal software • Windows/iOS/Android/Google Chrome • ONI has a tool called “rTurtle” • ... • Herdict “The verdict of the herd” • ... • Some academic research • GATech and UC Berkeley have the best work • Methodology, tools and data are (usually) closedTuesday, November 8, 2011
  11. 11. OONI-probe: Measuring filtering • Open Observatory of Network Interference • Provide a methodology and framework • Make our data and code publicly availableTuesday, November 8, 2011
  12. 12. How filtering is performed • Varies by country and agency • Lebanon uses Free Software (squid) • Syria uses commercial software (BlueCoat)Tuesday, November 8, 2011
  13. 13. Filtering Techniques Cost Keyword Filtering DNS Filtering IP Filtering Accuracy Source: A Taxonomy of Internet Censorship and AntiCensorship - Princeton UniversityTuesday, November 8, 2011
  14. 14. OONI-Probe Risk Levels • The tests that are run by OONI-probe are divided into three categories: • Active/High (High Risk) • Active/Medium (Medium Risk) • Active/Low (Low Risk) • Passive (No Risk)Tuesday, November 8, 2011
  15. 15. TTL walking Active/High Active/Low • UDP, TCP, ICMP • Common ports 0, 53, 80, 123, 443 • Compare the result of UDP, TCP with common ports and ICMP tracerouteTuesday, November 8, 2011
  16. 16. Keyword injection Active/High • Actively probe for blocking of particular keywords • Connect to unblocked IP address with fake Host HeaderTuesday, November 8, 2011
  17. 17. DNS probing Active/High Active/Medium • Compare a good DNS server with a test one • This is used in ItalyTuesday, November 8, 2011
  18. 18. HTTP requests Active/Low Passive • Manipulated HTTP requests • HTTP GeT foo.html • Check for altered response/request headers • This is used to detect squidTuesday, November 8, 2011
  19. 19. URL lists Active/High • Use URL lists of known blocked sitesTuesday, November 8, 2011
  20. 20. TPO in lebannon Network latency Active/Low • Check if the latency is congruent with the destination • A case is LebanonTuesday, November 8, 2011

×