The long version of the presentation given at the European Parliament in occasion of the EU Hackathon http://www.euhackathon.eu/. Topic are Censorship, Internet Filtering, Tor and ooni-probe.

1. OONI-probe
Detecting internet filtering for a Free and Transparent
Internet
Tuesday, November 8, 2011

2. Surveillance
• Internet filtering is a
subset of Surveillance
• If they are filtering
something, it means
that they are surveilling
everything
Wednesday, November 9, 2011

3. Censorship
It’s a distortion of what is in reality
the internet.
Follows the subjectiveness of the
authorities
This does not help humanity
• Internet filtering is a form
of non democratic
oppression on people
• It allows those in power
to subvert reality
• FilterNet
Wednesday, November 9, 2011

4. FilterNet
• It’s a distortion of what is in reality the
internet.
• Follows the subjectiveness of the
authorities
• This does not help humanity
Tuesday, November 8, 2011

5. What we are doing?
• Help people circumvent censorship (Tor)
• Help people speak freely and anonymously
(Tor Hidden Services)
• Measure Internet filtering in the world
(OONI-Probe)
Tuesday, November 8, 2011

6. Tor
• Tor software downloads are currently
blocked from China, Iran, Lebanon, Qatar,
etc.
• Tor delivers via email, write to
gettor@torproject.org and we will send
you a client to bootstrap a Tor client
Tuesday, November 8, 2011

7. Hidden Services
• They allow a server to give access to
content anonymously
• This means people can publish content
even if filtering is in place
• No fear of retaliation
Tuesday, November 8, 2011

8. Tor Hidden Services
• am4wuhz3zifexz5u.onion
• Anonymity for the Server
• DoS protection
• End-To-End encryption
Tuesday, November 8, 2011

9. How HS work
Client
Hidden Server
IP
IP
IP
RP
Tuesday, November 8, 2011

10. Existing filter detection
tools
OpenNet Initiative
(rTurtle)
Herdict
Academic research
• Various captive portal software
• Windows/iOS/Android/Google Chrome
• ONI has a tool called “rTurtle”
• ...
• Herdict “The verdict of the herd”
• ...
• Some academic research
• GATech and UC Berkeley have the best work
• Methodology, tools and data are (usually) closed
Tuesday, November 8, 2011

11. OONI-probe:
Measuring filtering
• Open Observatory of Network
Interference
• Provide a methodology and framework
• Make our data and code publicly available
Tuesday, November 8, 2011

12. How filtering is
performed
• Varies by country and agency
• Lebanon uses Free Software (squid)
• Syria uses commercial software
(BlueCoat)
Tuesday, November 8, 2011

13. Filtering Techniques
Cost
Keyword Filtering
DNS Filtering
IP Filtering
Accuracy
Source: A Taxonomy of Internet Censorship and AntiCensorship - Princeton University
Tuesday, November 8, 2011

14. OONI-Probe Risk
Levels
• The tests that are run by OONI-probe are
divided into three categories:
• Active/High (High Risk)
• Active/Medium (Medium Risk)
• Active/Low (Low Risk)
• Passive (No Risk)
Tuesday, November 8, 2011

15. TTL walking
Active/High
Active/Low
• UDP, TCP, ICMP
• Common ports 0, 53, 80, 123, 443
• Compare the result of UDP, TCP with
common ports and ICMP traceroute
Tuesday, November 8, 2011

16. Keyword injection
Active/High
• Actively probe for blocking of particular
keywords
• Connect to unblocked IP address with fake
Host Header
Tuesday, November 8, 2011

17. DNS probing
Active/High
Active/Medium
• Compare a good DNS server with a test
one
• This is used in Italy
Tuesday, November 8, 2011

18. HTTP requests
Active/Low
Passive
• Manipulated HTTP requests
• HTTP GeT foo.html
• Check for altered response/request
headers
• This is used to detect squid
Tuesday, November 8, 2011

19. URL lists
Active/High
• Use URL lists of known blocked sites
Tuesday, November 8, 2011

20. TPO in lebannon
Network latency
Active/Low
• Check if the latency is congruent with the
destination
• A case is Lebanon
Tuesday, November 8, 2011