Michael Altfield's gravatar

Detecting Censorship or ISP Network Tampering with OONI

This article will introduce a tool to detect censorship or network tampering using the Open Observatory of Network Interference (OONI) android app, which is part of the Tor Project.

The OONI project’s mission is to collect data on network providers to determine where the Internet is free and where it’s being manipulated. For example, the OONI Explorer displays a world map of such data.

OONI_Explorer_World_Map


On the OONI explorer, you can drill-down on the world map into a specific country to get a list of websites that were detected as being blocked from within that country.

For example, when I looked at the history of OONI probe runs within the US, I saw a list of the usual suspects: gambling sites, pornography sites, torrenting sites, etc. More surprising (at least to me) was the number of pastebin sites that were banned. And, despicably, there was a network in the US blocking The Internet Archive

When I looked at the data from scans within another great “free country” = India, I saw a lot of cherry-picked censorship on facebook and news articles as it relates to the 2017 genocide of Rohingya Refugees in Burma and various muslim/hindu conflicts.

OONI_Explorer_US3OONI_Explorer_IN3


Anyone can easily download and scan their network using the FOSS Android OONI Probe app on f-droid. Of course, this app necessarily attempts to access questionable content (ie: websites designed to bypass censorship, pornographic websites, etc) and necessarily uploads potentially personally-identifiable-information into their public database–something to keep in mind if you’re running an OONI probe within the boundries of an oppressive regime.

I did a test run of OONI Probe on a library’s public wifi, and the “HTTP Invalid request line” and “Web Connectivity” tests showed clear evidence of censorship and network tampering. Many websites (psiphon.ca — a tool for bypassing DPI censorship & ultimatebirthcontrol.com — a seemingly innocuous link farm for information on birth control) were entirely censored. Moreover, the server reported many packet headers that were manipulated by the “McAfee Web Gateway”.

ooniRunTestsooniPastTestsooniWebConnectivityooniHttpInvalidRequestLine


If OONI Probe shows that your network traffic is being manipulated, checkout my article on Bypassing DPI to learn how to use Tor Pluggable Transports to bypass such censorship.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>