OONI: Let's Fight Internet Censorship, Together!
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Subtitle |
| |
Title of Series | ||
Number of Parts | 167 | |
Author | ||
License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/34810 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
| |
Keywords |
34th Chaos Communication Congress144 / 167
1
2
3
4
5
6
7
10
11
12
14
15
25
26
29
30
31
33
34
39
40
42
43
45
46
49
50
53
58
59
61
63
65
68
69
71
73
77
78
79
81
82
83
85
86
87
88
91
92
94
99
100
101
102
108
109
110
113
114
115
116
118
119
122
124
125
126
127
129
130
131
132
133
134
136
138
139
140
141
145
147
148
150
151
152
153
154
157
159
160
161
163
164
165
166
167
00:00
InternetworkingMereologyAssociative propertyInheritance (object-oriented programming)QuicksortProjective planeVideo gameWebsiteEvent horizonOffice suiteRoundness (object)Software developerComputer animationJSONXMLUML
01:52
InternetworkingSoftwareOpen setInternetworkingVideoconferencingConnected spaceForcing (mathematics)Physical lawQuicksortOpen setOrder (biology)MeasurementStaff (military)Metric systemSystem administratorArithmetic meanForm (programming)Scripting languageWebsiteResultantTerm (mathematics)Operator (mathematics)10 (number)Different (Kate Ryan album)Projective planePerspective (visual)Sampling (statistics)View (database)Right angleSoftwarePresentation of a groupPower (physics)WeightDigital mediaInternet der DingeField (computer science)Internet service providerFrequencyState of matterMultiplication signCASE <Informatik>Traffic reporting8 (number)Validity (statistics)Latent heatWeb serviceMixed realityTheoryFile formatObservational studyPoint (geometry)LengthConsistencyChainMusical ensembleBounded variationCategory of beingRevision controlThermal expansionOpen sourceLevel (video gaming)Finite differenceContext awarenessImplementationAuthorizationSystem callContent (media)Self-organizationUniformer RaumFront and back endsXMLUMLComputer animation
11:45
Public domainSynchronizationMeasurementLibrary (computing)Computer networkSoftwareSoftware testingWebsiteQuicksortClient (computing)Fraction (mathematics)InternetworkingSoftwarePublic domainCASE <Informatik>Form (programming)ImplementationConnected spaceUniform resource locatorPower (physics)BitIndependence (probability theory)Category of beingMeasurementMultiplication signoutputProcess (computing)Windows RegistryInformationLibrary (computing)Software development kitLatent heatMobile appMedical imagingComponent-based software engineeringOpen sourceSoftware testingTraffic reportingNumberWeb 2.0Projective planeSound effectEvoluteSeries (mathematics)Web pageCharacteristic polynomialProper mapDifferent (Kate Ryan album)FacebookResultantObject (grammar)Computer-assisted translationInferenceWindowPhysical systemEntire functionMetric systemArtificial lifeBlock (periodic table)Total S.A.State of matterSet (mathematics)Observational studyTheoryCuboidProxy serverEngineering physicsComputer animation
20:07
Uniform resource locatorSoftware testingLine (geometry)EmailInternetworkingClient (computing)Web 2.0Group actionWebsiteUser interfaceMobile appSubsetQuicksortSoftware testingElectronic mailing listLink (knot theory)Open setRight angleUniform resource locatorJSONXMLProgram flowchart
21:24
Uniform resource locatorSoftware testingFormal verificationEvent horizonGUI widgetInternetworkingSoftware testingUniformer RaumCartesian coordinate systemObservational studyInternetworkingComputer animationJSONXMLProgram flowchart
21:50
Open setFormal verificationEvent horizonInternetworkingGUI widgetElectronic mailing listObservational studyInternetworkingLevel (video gaming)WeightSoftware developerMeasurementTraffic reportingQuicksortVideoconferencingComputer animationXML
23:16
Spring (hydrology)Computer animation
23:38
VideoconferencingInternetworkingTraffic reportingLink (knot theory)Computer animation
24:18
Kerr-LösungCartesian closed categoryType theoryInternetworkingBitSpring (hydrology)Infinity
24:58
InternetworkingMultiplication signOffice suiteSpacetimeMeeting/Interview
25:24
Sigma-algebraInternetworkingQuicksortFamilyTelecommunicationCellular automatonPlastikkarteComputer animation
25:49
InternetworkingPlastikkartePoint (geometry)Extension (kinesiology)WebsiteMeasurementSoftwareSoftware testingVariety (linguistics)WeightSoftwareMeeting/Interview
26:22
VideoconferencingComputer fontSolid geometryAbsolute valueMach's principleWebsiteExpert systemMeasurementElectronic mailing listSoftware testingBlogRight angleProxy serverSoftware
26:57
WebsiteHost Identity ProtocolConnectivity (graph theory)Dependent and independent variablesMeasurementRevision controlKey (cryptography)SoftwareWebsiteMeasurementConnected spaceBlock (periodic table)Web pageJSONXML
27:24
GoogolOpen sourceInterior (topology)Server (computing)Connected spaceWebsiteRevision controlInformationBlock (periodic table)In-System-ProgrammierungWeb pageArithmetic mean
28:09
HyperlinkLink (knot theory)WindowOpen setFunction (mathematics)Set (mathematics)EmailInternetworkingBlock (periodic table)Task (computing)Web pageServer (computing)Group actionPoint (geometry)Software testingSoftware developerSource codeXML
28:37
VarianceInternetworkingGame controllerInformationUniverse (mathematics)Electronic mailing listSoftwareRoundness (object)Perfect groupAnalytic continuationJSONXML
Transcript: English(auto-generated)
00:02
Welcome everybody to our next talk, Ooni, let's fight internet censorship together.
00:21
When you think about internet censorship, I guess that a lot of people would just have an association with countries like China or Iran or Saudi Arabia, but not a lot of people are aware that filtering and blocking of websites and internet censorship also takes place in almost all the other countries around the world, and this talk will educate
00:42
you about this. Our speaker is Arturo Felastro, he is the founder and developer of Ooni, and he will tell you more about this super interesting project of his in this talk, please give him a warm round of applause. Thank you Miriam.
01:02
Hi, I guess I would like to start with thanking you and sort of expressing how much this is an honor for me to present this project in front of an audience like CCC. I've been coming to these events since I was just over 18 years of age, and so I
01:23
think this project and also a large part of my adult life is also due to the encounters and the things I have learned at events like this. And so to get right into it, I think the first thing that we should start with when talking
01:44
about a project like Ooni is understand what we are talking about, so to frame what we mean when we say internet censorship, because these, there is some video connection, okay,
02:08
so what is internet censorship? Within the context of Ooni, when we talk about internet censorship, what we mean is some form of network interference that comes with intent to disrupt or distort the reality
02:28
of the internet from the perspective of a country or a network. So it means that it requires intent from the sensor to create this altered view of
02:43
what is the internet. Another term that we use to define internet censorship is a filter net, and what we will see during the course of this presentation is that there are in fact many filter nets around the world, and that depending on which country you are in, and depending on the regime or the ideology
03:07
of those in power, different views of what is acceptable and not acceptable to be done on the internet are enforced. And so Ooni, or the open observatory of network interference, is this network measurement
03:26
project that was started back in 2012, and it's a community-led project that's composed of a network of volunteers that install the software and collect evidence of internet
03:43
censorship around the world. Since until today, we have gathered measurements from over 200 countries, and we have measurements coming in from tens of thousands of different networks every month.
04:02
But the sort of founding principles around Ooni and the reason why we decided to work on this project is that we want to sort of bring to the field of network measurement, and in particular, the field of network measurement applied to detecting network interference
04:24
and or internet censorship, the principles of openness and transparency. So Ooni is open methodologies, which means that all of the tools and techniques that we use in order to examine internet censorship are openly documented and specified, sort
04:44
of like in RFC format, and these allow people to validate that what we are claiming to do is actually reasonable and fair. The methodologies that we specify are then implemented using open source software, so
05:08
you can verify that what we define in the specification is in fact consistent with what is implemented, and all the data that is collected by the thousands and tens of thousands and hundreds of thousands of volunteers around the world are made available openly
05:24
as open data, so anybody can use this data for their own purpose, and sort of from the beginning to the end of the chain, validate that what we are doing is in fact correct and reasonable, and hopefully, by doing all of this, we will reach at some point
05:45
a stage in which we can say that what we are doing is in fact reproducible research so that every step from the definition of what you do to the implementation to the publication of the data is entirely reproducible.
06:01
All of our tooling, like all of our backend infrastructure, even our sysadmin scripts are made available openly so anybody can set up their own Ooni if they wish. But before going more into what Ooni is, I would like to give you a taste of what
06:21
is possible with this sort of research, as in what are the sorts of things that can be discovered by collecting network measurements around the world? And these are obviously just some small samples. You can learn more about each of these cases by reading our full-length reports,
06:41
but this is sort of more to show you what is the kind of impact that a tool like Ooni probe can have in the world. So the first case I would like to talk to you about is one that maybe you have heard in the news, or maybe not, because it was not covered as well, and it's around
07:02
the protests in Ethiopia in December of last year, 2016. These protests sparked in a particular region of Ethiopia called the Oromo region, and they were around some conflict related to the expansion of a certain city, of the borders
07:23
of the city of Elisabada that would, in a way, sort of basically kick people out of their homes because they would suddenly have a big house, like a big city where they live. And so this led to some very serious protests that were very violent, and the police was
07:47
also very brutal to the protesters, and it led to many deaths. And as a result of these protests, also some network interference was done, so in order
08:01
to stop the protesters from communicating and organising, WhatsApp was blocked, so the protesters could no longer coordinate or organise themselves, and with UNI, we gathered evidence of this so we could prove in an undeniable way that WhatsApp was blocked, that deep
08:21
packet inspection technology was being used, and we were also able to understand precisely how it was working, that allowed us even to give some advice of what some site operators could do to even circumvent it in some way. And many websites, from media outlets, human rights websites, and obviously political opposition
08:44
websites were found to be blocked during this period. Following this, in Ethiopia, the state of emergency was declared, starting from October 8th, 2016, just until a couple of some months ago, August 2017, so lasting 10 months.
09:05
But what is interesting from this sort of case is that what we found evidence of is actually blocking and censorship being implemented before the state of emergency, which in theory was something that was not supposed to be allowed.
09:24
And together with Amnesty International, we published a research report outlining our findings, and sort of providing evidence that this was something that was in fact happening, and was clearly not something that a clear human rights violation.
09:49
Another interesting case that we worked on together with our partner, our Malaysian partner, Senor Project, was published in May 2017, and it was sort of a study of internet
10:03
censorship in Indonesia. We found that many sites of various categories were blocked, but I think one of the most interesting things from this particular report was the fact that we collected measurements
10:24
from around 60 different networks, and based on these, we were able to see that there was actually very much some difference between the different operators in terms of what was being blocked and what was not being blocked. So as an example, Vimeo and Reddit were found to be blocked on certain internet service
10:44
providers in Indonesia, although the ban for blocking such websites was supposedly lifted two years ago. And this stems, I guess, from the fact that the Indonesian legislation states that internet
11:01
service providers are granted the authority to inhibit or block content that is considered negative content, and they are left on their own to make this judgment call of what constitutes negative content. And as a result, you see quite some variation in terms of which sites are blocked and which
11:25
are not blocked. And this is why it's important, even in places where you may say you know that censorship is happening, yes, you may know that censorship is happening, but you don't necessarily know what the censorship of your neighbour looks like, even if they live in the same country.
11:46
Another very interesting report that I think we could spend an entire one-hour talk just discussing about this particular country was published in September 2017, and it was on
12:05
the country of Iran. And there we found an astounding number of websites to be blocked. I think, in total, we counted 1,020 URLs blocked, ranging from all sorts of various
12:26
different categories, and without going too much in-depth into this, what I should say on Iran is that it's definitely one of the countries that has the most state-of-the-art internet censorship apparatuses, and they implement the most sort of advanced forms of
12:46
internet censorship, and two interesting aspects that are unique to this country, I think, are one, that the censorship that they implement is done in a, let's say, non-deterministic fashion.
13:01
What this means is that you will visit a website, and it's not that every connection to that website will be terminated immediately, or every time you visit it. They will just selectively drop some packets, every certain number of requests, leading the user to think in some cases that the website is not in fact blocked, but is just
13:22
unreliable, or not functioning properly. The other aspect that we found that was quite interesting is given the fact that we analysed the corpus of data dating back to 2014, we were also able to track the evolution of censorship over the course of these years, and one of the things that we found was
13:44
that certain websites, such as Instagram, that previously they were blocking only specific posts, so specific images or specific pages on the site that were deemed sort of unacceptable or against the, you know, the morale of the majority, but as
14:08
Instagram rolled out HTTPS on all of their websites, the Iranian government was put in a situation where they either blocked all the website, or they could not block the specific pages, and so, I mean, I guess this is more something to reflect upon of
14:26
how sometimes something that you take as just a positive thing, and it clearly is a positive thing to have websites implement HTTPS and have secure connections to them, but it does also lead sometimes to some effects that are not expected, maybe, and this is
14:47
an example of it, so now Instagram is entirely blocked in certain networks in Iran. Another case that probably you have heard about happened in Spain just a couple of months
15:05
ago, and it was around the Catalonia independence referendum, and there was some movement to do a referendum to claim independence from Spain for the Spanish region Catalonia,
15:23
and, as a result of this, the Spanish government decided that one way to sort of create an obstacle for the success of this movement was that of implementing censorship and blocking
15:41
websites. I think the reason why this is something important to talk about here in Europe is that we should not forget that these things also happen in our home, and that oftentimes when we talk or think about internet censorship, we think as it is something that happens only over there, but, in fact, many countries in Europe implement
16:05
censorship for gambling or other reasons, and it's kind of a slippery slope, because once you have the infrastructure in place that can be used to implement internet censorship, those in power can possibly abuse it to, you know, do things that are clearly not acceptable,
16:27
and so during the Catalan referendum, 25 websites were blocked, the .cat registry was raided by the police, and they forced them to take down or block a series of .cat
16:42
domains that were hosting just information about the Catalonia independence referendum. So I hope this has given you an idea of what are the sort of things that can come out of running a software like UniProbe and collecting this sort of evidence.
17:05
So now what I would like to talk to you a bit about is the sort of ecosystem of uni software. So the various software components that make up UniProbe, and all of the things you see here are open source. You can, like, you know, git clone them and hack on them to
17:29
your pleasing. And the first thing that I will tell you a bit about is the sort of engine that UniProbe, the client that we use to run the network experiments, is based
17:45
on, and it's called Measurement Kit. This is a C++ library that we use to implement all of our network measurement experiments, and it currently supports Android, iOS as our two primary targets, but it also works on any UNIX system, and we are in the process
18:07
of ensuring that it works properly on Windows as well. We have JNI and Node.js bindings, so you can include this library inside of a project of yours where you need to do some particular experiments that involve measuring networks.
18:28
As I said, the tool that we use to collect network measurement data is UniProbe. We have an Android and iOS app that you can download on your phone. It's also available
18:40
on AfDroid. We have Mac OS and Linux as well in the form of a web UI, but we are also working on a more fully-featured proper desktop client that will support also Windows as well as Mac and Linux. And the sort of tests that we do, as I guess
19:09
someone understood from the case studies, are mainly around these sorts of categories. So we have tests that examine web censorship, so whether or not a particular website is
19:23
blocked or is not blocked. We check to see if instant messaging apps like Facebook Messenger, Telegram, WhatsApp, et cetera, work or do not work. We have a series of tests for censorship circumvention tools like Tor, VPN, Lantern, Siphon, et cetera.
19:42
Then we have some tests that are more trying to understand certain characteristics about your network, so whether or not a middle box, so something like a transparent HTTP proxy, or something that is intercepting your connections and forwarding on them for you is present on your network. And more recently, we've started to have also tests
20:05
for examining speed and performance. This is how our mobile app looks like. You can run it on your phone, and check to see what is blocked or not blocked on your network, and by doing so, you're contributing to our global understanding of internet censorship
20:24
around the world. This is our desktop client that, as I was saying, is a web user interface, and this is another interesting thing that we have recently launched, which is sort of a way for you to also engage other people to monitor or stand up against
20:49
internet censorship for the things that you care about. So, with Unirun, what you can do is you can add a list of URLs that you want to monitor, so, for example, let's
21:00
say animal rights activist group in Germany wants to monitor some German websites. They will create an Unirun link, and when people click on this, if they have the app installed, the app will open, and will offer to test the sites that they want to test. So, we obviously
21:21
also accept contributions for, or suggestions on what we should be testing, but you can also do this on your own with Unirun. As I was saying, all the data is available as open data, so you can access the uni API, visit the uni Explorer, and use the data
21:49
in your own studies to uncover evidence of internet censorship. So this is uni Explorer.
22:04
This is a global data map, and it shows all the measurements that we have. You can browse through it to understand what is blocked, and what measurements and what data is available in the various countries around the world. As I said, we also have an API that's more
22:21
oriented towards, let's say, developers or data scientists, so you can query this API and obtain the raw data, and all the research reports that we write are actually all based on the same data, so you can write your own research report on a country that you care about just by accessing our data, which is all as open as it can be. So, get out there
22:47
and use uni data to understand better what is happening in the countries that you care about. And to close, what I would like to leave you with is sort of another story,
23:03
I guess, about a trip that some of the uni team did to Cuba. And I have a video here that I will use to support the narration of the story in a way. And, yes, so, this
23:26
was in spring, 2017, and let's see if we can get this in here. So, this is the
23:44
video. So, without further ado, I will tell you the story of our trip to Cuba, and the data that you see here is, and the facts here are obviously during the trip. Some things have changed since we went there, but you can find more information inside
24:08
of our research report. Many of us take the internet for granted. Many of the things here at CCC would not be possible without it. But imagine living in a world where
24:25
access to the internet is not ubiquitous. That's the type of world most Cubans live in. This is a story of our spring, 2017, trip to Cuba, exploring its internet landscape.
24:41
Simone, Maria, Leonid, Joe, and all of the other Unitarians that are here, this would not be possible without them, so this is also for all of them. Most Cubans cannot access the internet from the comfort of their homes, rather they need to visit
25:01
designated public spaces that offer internet access. Welcome to Parknet. This park, along with many others across the country, serves as a public Wi-Fi hotspot. Such hotspots were set up two years ago in 2015 when the Cuban government provided public access to the internet for the first time. Most hotspots are located in parks, while others
25:22
are located in other public spaces like post offices and airports. In a way, Cubans don't access the internet, they visit it, and so it becomes a sort of collective experience. Especially at night, when the heat is more tolerable, dozens of Cubans gather in these hotspots to use the internet and to chat online with their friends and family.
25:43
To start browsing the net, you need to have an account issued by Etexa, Cuba's only telecommunications company. Etexa sells these cards at $1.5 for one hour of internet access. You can also purchase these accounts from resellers who lurk around in park nets, but they will
26:04
mark up the price to even $3 or $4 for only one hour of internet access. We are curious to explore whether and to what extent internet censorship was implemented in Cuba, and so we run our network measurement software called UniProbe, as well as a variety of
26:20
other network tests. Based on our measurements, we found 41 websites to be blocked. More might be blocked as we limit their testing to a list of sites created by country experts. Most of the sites that we found to be blocked include news outlets and blogs, as well as pro-democracy and human rights sites. Many of them seem to have one main thing
26:44
in common. Directly or indirectly, they express criticism towards the Cuban government. Other tools were found to be accessible across Cuba. Our software not only allowed us to confirm whether sites were blocked, but it also allowed us to collect network
27:03
measurement data that clearly shows how censorship is implemented. Etexa appears to be blocking sites through the use of technologies that resets connections or serves block pages instead of the intended web page. In many countries around the world, when a website is blocked, you know it, because it often looks something like this, or this. Block pages usually
27:29
include some information notifying you that the site is blocked and sometimes even include a reference to the legal justification, which means that it may not always be clear that the site is intentionally being blocked. Users might assume that it's a connectivity
27:43
issue rather than government-commissioned censorship. But Etexa isn't the only ISP in the world to serve blank block pages. You see this in many countries as well. Interestingly enough, we only found the HTTP version of the sites to be blocked, and the HTTPS is unblocked, meaning that people could circumvent it using HTTPS. However, many sites
28:06
that we found to be blocked do not support HTTPS. Chinese vendor Huawei appears to be supporting Kuber's internet infrastructure, and you don't even need to run any tests to find this out. The server header of the block pages, for example, points to
28:20
Huawei equipment. Even Etexa's captive portal itself seems to be written by Chinese developers, since they left over some comments in the source code of the captive portal page. Overall, internet censorship in Cuba does not appear to be particularly sophisticated. Given the high cost of the internet, rendering it inaccessible to most Cubans, perhaps the
28:41
government doesn't even need to invest in sophisticated internet censorship. But Cuba's internet landscape is changing, and so might internet censorship. That's why we think it's important to monitor networks continuously. Users in Cuba and around the world can run
29:00
uni-probe to shed light on information controls. Thank you.
29:20
I think I finished right on the dot, so I suspect that... Thank you very much. So everybody in the audience who now got curious about uni, maybe you want to consider if you want to contribute by running an uni-probe in your own country, or when you're on holidays in some interesting places. Just think about whether you would like to contribute and help uni out.
29:42
And we have an assembly in the CCL at the second floor, the Universe. If you have more questions about uni, you should come and join us upstairs, and we will be happy to answer any questions you may have. Exactly. Perfect. Check them out in their uni assembly. Please give another big round of applause to Arturo. Thank you very much.