#ooni log

13:58:43 <hellais> #startmeeting OONI Community Meeting 2020-04-28
13:58:43 <MeetBot> Meeting started Tue Apr 28 13:58:43 2020 UTC.  The chair is hellais. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:58:43 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:59:17 <slacktopus> <agrabeli> <here> Hello friends! Welcome to the April 2020 OONI Community Meeting. :ooni::party_parrot:
13:59:39 <slacktopus> <agrabeli> My name is Maria and I work with OONI.
13:59:46 <slacktopus> <agrabeli> How are you doing?
14:00:23 <slacktopus> <agrabeli> Please feel encouraged to introduce yourselves asynchronously as you join.
14:00:32 <slacktopus> <hellais> Hello!
14:00:39 <anadahz> Hello
14:01:05 <slacktopus> <sina> :wave:
14:01:26 <slacktopus> <agrabeli> The agenda for today's meeting is available here: https://pad.riseup.net/p/ooni-community-meeting-keep
14:01:39 <slacktopus> <agrabeli> Please feel encouraged to add any other topics you'd like to discuss. :)
14:02:13 <slacktopus> <agrabeli> So as we have quite a packed agenda today, I'll get started with briefly sharing 4 updates from the Ooniverse over the last month:
14:02:31 <slacktopus> <agrabeli> 1. We launched a new OONI Probe desktop app for Windows and macOS! :tada:
14:02:56 <slacktopus> <agrabeli> You can download & install the new app here: https://ooni.org/install/desktop
14:03:12 <slacktopus> <agrabeli> And learn all about it here: https://ooni.org/post/2020-ooni-probe-desktop-app/
14:03:33 <slacktopus> <agrabeli> Thanks to the amazing Localization Lab community, the app was translated to 12 languages! :tada:<3
14:04:30 <slacktopus> <agrabeli> 2. We're doing a usability study on OONI Run. Please complete our survey: https://ooni.typeform.com/to/r9c5ee (it should take around 7 minutes, and your feedback will help us improve the tool!)
14:05:14 <slacktopus> <agrabeli> 3. We're building a "smart URL list system" to prioritize the testing of certain URLs over others. Learn all about this (and our policy for URL prioritization) here: https://ooni.org/post/ooni-smart-url-list-system/
14:05:53 <slacktopus> <agrabeli> 4. Our team has created a new SNI blocking experiment and tried it out in Iran! Learn all about it here: https://ooni.org/post/2020-iran-sni-blocking/
14:06:22 <slacktopus> <agrabeli> And that's it from my end in terms of updates. Please feel encouraged to share feedback or questions anytime. :)
14:06:48 <slacktopus> <agrabeli> Perhaps we can proceed with the next agenda topic
14:07:10 <slacktopus> <agrabeli> #topic 2. Would you find it useful to be able to optionally log into Explorer from your workstation or phone and bookmark a list of interesting monitored websites? 2.1. ...or survey the output of a URL monitoring campaign you started? 2.2. If so, would you be comfortable with logging in with an email address? Also 3rd parties authentication (e.g. Google, Github, Facebook...)
14:07:22 <slacktopus> <agrabeli> @federico would you like to lead this discussion?
14:08:37 <slacktopus> <federico> Sure: do we want to do a poll regarding the questions? (does Slack support polls?)
14:09:24 <slacktopus> <xhdix> We can use emoji :))
14:09:30 <slacktopus> <hellais> I guess you can poll by asking people to react with :+1: or :-1:
14:09:39 <slacktopus> <federico> Is there any question around bookmarking monitored websites?
14:10:16 <slacktopus> <hellais> Maybe it’s good to first explain what this means
14:10:35 <slacktopus> <hellais> @federico would you like to give a bit of background context information on this topic?
14:11:48 <slacktopus> <federico> The idea is simply that people would be able to log into Explorer from desktops or phones and then create lists of (already) monitored websites that they care about
14:13:03 <slacktopus> <federico> Explorer would then show the lists and give quick access to searches. Perhaps show summaries or statistics in a dashboard.
14:13:53 <slacktopus> <federico> The point is to provide a quicker way to scan through the interesting websites instead of having to do multiple searches again and again
14:14:50 <slacktopus> <federico> Can people please vote for this use case so far with thumbs up/down?
14:15:30 <anadahz> @federico Is this going to be a service with users and registration?
14:15:57 <anadahz> What are the database load implications?
14:18:02 <slacktopus> <federico> We need an ownership model for allowing people to access and modify their own lists. People will have to log onto Explorer in some way, but we are evaluating alternatives to the usual username/password combination to avoid the burden of password storage for both users and us
14:18:04 <anadahz> In general it is a neat idea but depending on the implementation it may get out of hand in term of resources.
14:18:28 <slacktopus> <federico> This is the topic for the last question, that I can ask right now:
14:19:07 <slacktopus> <federico> Would you be comfortable with logging in with: •  an email address • username/password? • 3rd parties authentication (e.g. Google, Github, Facebook...)
14:19:13 <slacktopus> <federico> Please vote :)
14:19:50 <slacktopus> <federico> [for those on IRC, feel free to vote by writing a comment]
14:19:51 <slacktopus> <hellais> @federico can you edit the message to include numbers for the bullets?
14:20:33 <slacktopus> <frppub> I can see how this would be helpful to verify access to certain sites who may be blocked in some regions and not others. For instance, in West Africa where I am based, LGBTI related sites are more likely to be banned than others. And for the moment there isn't a way, as far as I am aware to test specific LGBTI sites.
14:21:15 <slacktopus> <hellais> >  there isn’t a way, as far as I am aware to test specific LGBTI sites @frppub why do you say that?
14:21:36 <anadahz> +1 for separate credentials merely in case something goes wrong and to conceal (sensitive) identities.
14:22:24 <slacktopus> <frppub> However, I would not be confortable to add these sites individually with me signing on. May be one option would be to have lists of sites per sensitive topic that could be moderated by a dedicated user who is confortable to do this.
14:22:34 <slacktopus> <hellais> Off the top of my head there are several ways this can be done with OONI: 1. Adding the sites to the official test lists so everybody tests them: https://ooni.org/get-involved/contribute-test-lists 2. Using the choose websites button directly inside of the OONI Probe app  3. Creating an OONI Run link with the sites of your choice, see: https://ooni.org/get-involved/run for example of a specific OONI Run link for LGBTQI sites
14:23:40 <slacktopus> <frppub> Ah! Great if this already exists then! Didn't realise! I need to get up to speed!
14:23:54 <slacktopus> <hellais> No worries, happy to help out
14:24:38 <slacktopus> <agrabeli> @frppub the easiest way to test websites if your choice is by selecting the "Choose websites" button inside the Websites card in the OONI Probe mobile app. You can also configure the Websites settings to test categories of sites that you care about (for example, only enable the "LGBT" category).
14:24:50 <slacktopus> <hellais> The feature we speak of with the accounts I think would be most useful to folks who manage testing campaigns with OONI Probe and don’t want the ability to have native “bookmark” capabilities for OONI Run links that they generate.
14:25:34 <slacktopus> <federico> I can move to the last question:
14:25:52 <slacktopus> <agrabeli> Over the years several community members have mentioned that they would like to save the lists of sites that they test somewhere, so that they can easily test them over time.
14:26:50 <slacktopus> <federico> Is there interest in being able to create an URL monitoring campaign (oonirun URL) and being able to log into Explorer and track how successful the campaign is in terms of number of measurements generated?
14:27:03 <slacktopus> <feeblebiscuit> +1 @agrabeli especially for those websites that targeted in some countries.. I found it useful to save the lists tho
14:28:41 <slacktopus> <hellais> I pinned the two questions so folks can vote while we move on with the meeting agenda
14:29:02 <slacktopus> <agrabeli> #topic 3. There are tense elections planned in West Africa in 2020 (Côte d'Ivoire and Guinea in October, Burkina in November, Niger in December, etc.). It is likely Internet traffick will be disrupted. There was a social media shutdown in Guinea in March 2020 for the parliamentary election and consitutional referundum, there were full shutdowns in Benin for the 2019 parliamentary elections, in Mauritania for the 2019 Presidential
14:29:03 <slacktopus> elections, etc. Are there any specific plans to monitor potential shutdowns in these countries? Do you have enough people using Ooni there?
14:29:20 <slacktopus> <agrabeli> Thank you @frppub for adding this topic. Is there anything else you would like to add?
14:31:04 <slacktopus> <frppub> Sure. Thanks! So, there are strong networks of bloggers and online activists in the region, but I am not sure to what extent they are familiar with ooni.  I was wondering if there were any plans for the region in particular.
14:31:42 <slacktopus> <agrabeli> @frppub that's a great question! We generally have some partners in the region, but more community engagement is always welcome and encouraged.
14:32:45 <slacktopus> <agrabeli> For those who may be interested in facilitating an OONI workshop to engage more people, we share OONI workshop slides here: https://docs.google.com/presentation/d/1UAxGeF1NhCXc8pT7cfWTp0NPdkWB5LInBkGfgW2syJA/edit (which you can download and adapt)
14:33:13 <slacktopus> <agrabeli> And answer questions related to OONI in our FAQ: https://ooni.org/support/faq/
14:33:31 <slacktopus> <agrabeli> And explain OONI terminology in our Glossary: https://ooni.org/support/glossary/
14:34:05 <slacktopus> <agrabeli> If there are communities you're in touch with who could potentially be interested in participating in censorship measurement research, we'd love to be in touch with them.
14:34:26 <slacktopus> <frppub> Great! Thanks! It would be useful to know who you are already in touch with here so that I don't duplicate. Of course, one of the issue is language. There are unfortunately still fewer training opporuntities for organizations/networks based in West Africa Francophone.
14:36:08 <slacktopus> <xhdix> It would be nice if we could see the tests made by oonirun in a group in the explorer. I test several addresses* at once. And after a few moments I run again. I want to see the difference.  [*] Different addresses associated with a specific service. like:
14:36:09 <slacktopus> https://run.ooni.io/nettest?tn=web_connectivity&ta=%7B%22urls%22%3A%5B%22https%3A%2F%2Fhangouts.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Fwww.gstatic.com%2Frobots.txt%22%2C%22https%3A%2F%2Fssl.gstatic.com%2Frobots.txt%22%2C%22https%3A%2F%2Flh3.googleusercontent.com%2Frobots.txt%22%2C%22https%3A%2F%2Fapis.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Fclients5.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Faa.google.com%2Frobots.txt%22%2C%22ht
14:36:09 <slacktopus> tps%3A%2F%2Fcontacts.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Fpeople-pa.clients6.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Fchat-pa.clients6.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Fclients6.google.com%2Frobots.txt%22%2C%22https%3A%2F%2F0.client-channel.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Fclients4.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Fogs.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Ffonts.gstatic.com%2Frobots.txt
14:36:10 <slacktopus> %22%2C%22https%3A%2F%2Flh6.googleusercontent.com%2Frobots.txt%22%2C%22https%3A%2F%2Flh4.googleusercontent.com%2Frobots.txt%22%2C%22https%3A%2F%2Fsignaler-pa.clients6.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Faccounts.google.com%2Frobots.txt%22%2C%22https%3A%2F%2Faccounts.youtube.com%2Frobots.txt%22%2C%22https%3A%2F%2Fplay.google.com%2Frobots.txt%22%5D%7D&mv=1.2.0
14:36:39 <slacktopus> <agrabeli> @frppub in West Africa we collaborate with Internet Sans Frontieres, Tuwindi Foundation (Mali), the Centre for Human Rights & Development International (Sierra Leone), COMPSUDEV (Cameroon), AUSUTIC (Senegal)
14:36:56 <slacktopus> <hellais> yeah that’s part of the plan. Where as the creator of that link (or even a user potentially), you would be able to see all the measurements that were gathered based on it.
14:37:23 <slacktopus> <agrabeli> We'd be happy to be in touch with any other groups you collaborate with in the region to prepare for censorship measurement campaigns, particularly leading up to elections and other political events.
14:37:27 <slacktopus> <frppub> Ok! Thanks! I have a few other suggestions. I will be in touch by email about this.
14:37:34 <slacktopus> <xhdix> cool. thanks
14:37:45 <slacktopus> <hellais> This is the relevant issue: https://github.com/ooni/probe/issues/818
14:37:59 <slacktopus> <agrabeli> @frppub with regards to complete internet blackouts, I'd recommend referring to IODA: https://ioda.caida.org/ioda/dashboard
14:38:30 <slacktopus> <hellais> We are also conducting a usability study on OONI Run itself. It would be great to have your input on our survey to learn how we can make it better: https://twitter.com/OpenObservatory/status/1253376570904936451
14:38:32 <slacktopus> <feeblebiscuit> I can also share some experiences how we organized election monitoring in Southeast Asia remotely if that's helpful.. :)
14:38:35 <slacktopus> <hellais> https://ooni.org/post/2020-ooni-run-survey-and-interviews/
14:38:45 <slacktopus> <agrabeli> They monitor internet blackouts (i.e. when the internet is shutdown completely) in near real-time and openly share their data. They're probably amongst the best projects out there to rely for this type of data. You can ping @alberto & @ramapad for more info.
14:40:40 <slacktopus> <agrabeli> #topic 4. There was a social media shutdown in Guinea in March 2020 (the social media shutdown started on 21 and ended on 23 March). A few organisations are exploring to challenge the shutdown in a strategic litigation case. Would you have any data and analysis you could share?
14:40:50 <slacktopus> <agrabeli> @frppub may we proceed to the next topic you added?
14:41:02 <slacktopus> <frppub> Yep
14:43:02 <slacktopus> <agrabeli> @frppub all OONI data is openly available on OONI Explorer: https://explorer.ooni.org/ (where it is published in near real-time)
14:43:23 <slacktopus> <agrabeli> I believe we have data on the blocking of social media in Guinea during the elections, but we'd need to look at the data more closely to confirm.
14:43:40 <slacktopus> <frppub> Yep, I saw, but for some reason, it only seems to start after the election.
14:43:54 <slacktopus> <agrabeli> We have plans to look into this, as documented via this ticket: https://github.com/ooni/ooni.org/issues/488
14:44:48 <slacktopus> <agrabeli> @frppub can you please share more info on what you were looking at via OONI Explorer? Which services, specifically?
14:45:08 <slacktopus> <xhdix> I did. The main problem is that this screen hangs too much and consumes a lot of CPU: https://github.com/ooni/run/issues/26#issuecomment-561764669
14:45:15 <slacktopus> <hellais> There are measurements for GN on the 20th and 21st: https://explorer.ooni.org/search?until=2020-03-22&probe_cc=GN&since=2020-03-20
14:46:20 <slacktopus> <hellais> Most of the data though is from the 22nd
14:46:38 <slacktopus> <hellais> I haven’t looked into this that much, but it seems like there is a fair amount of data available
14:48:05 <slacktopus> <agrabeli> This is an example of a measurement showing the blocking of WhatsApp in Guinea on election day: https://explorer.ooni.org/measurement/20200322T214022Z_AS37612_HTqeGP2zBp52m8NpP7NoBHxjxmN30qCT8B5w2xLvabSP1IrqT1
14:48:13 <slacktopus> <frppub> Yes, so we are looking for data between 21 and 23 March. Thanks to NetBlocks we have documented that the accessibility to social media sites, including Facebook, Twitter, Instagram and to some extend WhatsApp was blocked/disrupted.
14:48:46 <slacktopus> <agrabeli> The raw measurement data shows that WhatsApp is blocked, but the measurement itself is flagged as "accessible" due to a temporary bug at the time (where WhatsApp made changes to its infrastructure). But the data shows that it's blocked.
14:49:49 <slacktopus> <frppub> The questions that remain are: did this affect all the internet service providers in Guinea (Orange, MTN, CellCom, any other)? Did this affect only internet mobile users, or also those using landlines?
14:50:09 <slacktopus> <cmngounou> Sorry for being late. Here. @agrabeli but Reading all. Very great tech stuff. As we are new to Ooni
14:50:24 <slacktopus> <agrabeli> Here is a measurement that suggests facebook blocking in Guinea on election day: https://explorer.ooni.org/measurement/20200322T082959Z_AS37461_SxQlRL2sJyhZhh38BK4wyKOvPd6y6vN2oOOiAVhgjIwG3d0QN6?input=http%3A%2F%2Ffacebook.com
14:50:40 <slacktopus> <hellais> @frppub I would suggest a lot of caution in using netblocks as a basis for documenting the blocking of any website, social media platform or app.
14:50:55 <slacktopus> <frppub> Is there a way to know how this disruption happened (i.e. technical problem or sites being blocked by the ISP or other).
14:51:29 <slacktopus> <hellais> It is unclear how their data is being collected, what exactly the data means, how it is analysed and what the charts which they provide as technical “evidence” mean.
14:51:51 <slacktopus> <hellais> We have numerous times reached out to try to get some better understanding of this and it’s very much unclear.
14:52:15 <slacktopus> <hellais> There is also a lot of very serious ethical and methodological concerns which have been raised such as: https://netblocks.fyi/
14:52:26 <slacktopus> <agrabeli> @frppub you raise great questions. It's probably important to make a few distinctions first.
14:53:09 <slacktopus> <agrabeli> On the one hand, we have blocking of apps and websites, which is implemented by ISPs. This is something that OONI Probe can measure, and it may differ from one ISP to another.
14:54:04 <slacktopus> <agrabeli> On the other hand, there are total internet shutdowns, where there is no internet access. This is something that is measured by IODA: https://ioda.caida.org/ioda/dashboard
14:55:07 <slacktopus> <agrabeli> @frppub can you share more details on what was reported in Guinea around the elections?
14:55:38 <slacktopus> <frppub> Hi, thanks for the heads-up regarding NetBlocks. I am sorry to hear this. They have been super helpful on West Africa...
14:55:52 <slacktopus> <xhdix> (Also : https://map.internetintel.oracle.com/ )
14:56:15 <slacktopus> <agrabeli> OONI measurements suggest that access to various social media sites and apps were blocked in Guinea on election day, but our data is limited to the specific ISPs where OONI Probe users ran tests. We'd be happy to follow-up separately with you to share relevant data.
14:56:43 <slacktopus> <hellais> Yeah we are more than happy to assist in analysing the data
14:57:00 <slacktopus> <hellais> Moreover if you reach out to us during the event itself, we do our best to be responsive and assist even during it
14:57:33 <slacktopus> <hellais> There is a fairly large global OONI community and it’s sort of the go-to tool for collecting this type of evidence in a methodologically sound, open and verifiable way.
14:58:04 <slacktopus> <frppub> Yes, that would be great! Might be best to do this by email. I gladly take your kind offer to help analysising the data. I will follow-up by email.
14:58:19 <slacktopus> <hellais> Most often than not, there will already be OONI measurements for some blocking event even without us engaging people directly. We can however also assist in reaching out to local communities more directly.
14:59:08 <slacktopus> <agrabeli> Thank you @frppub for your very important work on this case!
14:59:21 <slacktopus> <frppub> Thanks @hellais and @agrabeli!
14:59:55 <slacktopus> <agrabeli> @frppub on a separate note: We recognize that using OONI Explorer is not as straightforward as we'd hope for it to be, and we'd love to collect your feedback in future usability studies. :)
15:00:25 <slacktopus> <agrabeli> (and ofc, please feel encouraged to share any feedback you may have anytime)
15:01:24 <slacktopus> <frppub> Yes, of course! Happy to share feedback!
15:01:46 <slacktopus> <hellais> We are running a bit tight on time. Let’s go through the last items in the agenda and if folks want we can go a 30mins over-time to cover them?
15:01:54 <slacktopus> <frppub> It is normal that technical tools need a bit of time to get used to.
15:02:00 <slacktopus> <hellais> >  5. WoW blocking in Spain request for comments and review of technical analysis [@anadahz]
15:02:18 <slacktopus> <hellais> So on this one, I quickly pulled up the data and did some plotting of it here:
15:02:21 <anadahz> will go
15:02:25 <anadahz> It came to my attention that the website of Women on Web is being blocked in multiple networks all over the Spain (and worldwide). I have been collaborating with some people to help spread the word and have been working in a technical analysis.
15:02:31 <anadahz> I would like some help with the TLS interceptions and TCP resets if you have any tools that we can use to collect more evidence (like the one in https://ooni.org/post/2020-iran-sni-blocking/) that will be very helpful
15:02:37 <slacktopus> <hellais>
15:02:47 <slacktopus> <hellais> It seems like the blocking is happening mostly by means of DNS based interference
15:03:03 <slacktopus> <hellais> On some providers there are some http-failures, but I haven’t really dug too much into it
15:03:17 <slacktopus> <hellais> What is clear, though, is that since ~Jan 2020 Spain has in fact started blocking access to these sites
15:03:30 <anadahz> TCP resets and TLS interception has been confirmed also.
15:03:32 <slacktopus> <hellais> I heard from some people from the spanish hackmeeting community that are working on that
15:03:49 <anadahz> I'm aware of this.
15:04:22 <anadahz> Can we use the SNI tool to get evidence of the TLS interception.
15:04:26 <slacktopus> <hellais> Are you working with them?
15:04:28 <anadahz> It's SNI based blocking.
15:04:31 <anadahz> yes
15:05:06 <slacktopus> <sbs> the tool used in the blog post is called `miniooni` and you can download a binary from GitHub or compile one yourself (more info follows)
15:05:07 <slacktopus> <hellais> What tests did you run to determine that it’s SNI based blocking?
15:05:17 <fadelkon> hi, I came from there. we are organized and willing to dig more and raise the voice
15:05:58 <fadelkon> we tried getting TLS certs with and without SNI
15:05:59 <slacktopus> <sbs> anadahz: if you want to use the tool in the Iran blog post, you can either download it from GitHub (it's rebuilt for every commit) or build it yourself
15:06:05 <fadelkon> see https://framagit.org/snippets/5604
15:06:32 <anadahz> @sbs thanks
15:06:36 <slacktopus> <agrabeli> Thank you @fadelkon & @anadahz for working on this case. We also previously reported the blocking of Women on Waves and Women on Web in several other countries here: https://ooni.org/post/2019-blocking-abortion-rights-websites-women-on-waves-web/
15:06:57 <slacktopus> <sbs> anadahz: for the first task, https://github.com/ooni/probe-engine/actions?query=workflow%3Acli-linux (<- every build here, if you click, allows you to download the 64 bit command as an asset)
15:06:59 <fadelkon> yeah, that was a great job
15:07:19 <slacktopus> <hellais> @fadelkon is there a reason to use this shell script instead of something like OONI Probe?
15:07:23 <slacktopus> <sbs> anadahz: to build, instructions here: https://github.com/ooni/probe-engine#building-miniooni (you need Go 1.14)
15:07:43 <anadahz> @sbs great that
15:07:49 <slacktopus> <hellais> By running the checks using OONI Probe you also get the fact that all the data is published and archived on OONI Explorer right away
15:07:56 <fadelkon> we are usign mostly ooni probe, but some people were using unix tools anyway so we scripted them to fit exact needs
15:08:06 <anadahz> @sbs great that's what I need as people are asking me for CLI tools.
15:08:14 <fadelkon> i'm aware of that, hellais
15:08:51 <slacktopus> <sbs> anadahz: yeah, only word of warning is that `miniooni` is and will always be experimental: it's the facility we use to test alpha stuff
15:09:13 <slacktopus> <sbs> anadahz: that said, `./miniooni sni_blocking` is what you want
15:10:11 <slacktopus> <sbs> anadahz: actually `./miniooni -i https://SNI_TO_TEST sni_blocking`
15:10:20 <anadahz> Thanks, I 'll try to get some measurements from miniooni and report any bugs (as always).
15:10:40 <fadelkon> just an inocent question: are you aware of some commercial, public catalog of services that companies like Allot and Fortinet are offering? That would help us a lot too as they are who do the dirty work.
15:11:19 <slacktopus> <hellais> fadelkon perhaps the wikileaks spy files has some of this
15:11:21 <fadelkon> We are afraid that this wow thing is just the beginnning of a further use of the full toys
15:11:40 <slacktopus> <hellais> though it’s a bit old at this point
15:12:01 <slacktopus> <hellais> a lot of the surveillance companies are the some ones making censorship tech
15:12:03 <anadahz> Something else will be to try and pinpoint the DPI devices of Fortigate that Movistar is using. Perhaps in Shodan or Censys?
15:12:17 <slacktopus> <agrabeli> Also the Privacy International Big Brother Watch Inc. project has a bunch of brochures on surveillance & censorship tech
15:12:33 <fadelkon> good tracks to follow, thanks!
15:12:56 <slacktopus> <sbs> anadahz: thanks
15:13:12 <slacktopus> <agrabeli> https://sii.transparencytoolkit.org/
15:13:34 <slacktopus> <agrabeli> ^^ This is probably one of the best resources
15:13:37 <slacktopus> <sbs> wow, that's beautiful!
15:13:49 <slacktopus> <agrabeli> yep
15:13:57 <anadahz> thx @agrabeli
15:14:06 <fadelkon> impressive!
15:14:23 <slacktopus> <hellais> yay MC!
15:14:26 <anadahz> Unfortunately it hasn't been upgraded for some time but still it's good.
15:15:11 <slacktopus> <agrabeli> Quick question: Do we know why Women on Web is now blocked in Spain...? :S
15:15:19 <slacktopus> <agrabeli> What has changed in recent months?
15:15:32 <fadelkon> agrabeli, we have no clue
15:15:54 <anadahz> @agrabeli there are couple more websites being blocked
15:15:57 <slacktopus> <agrabeli> I've connected @anadahz with the director of WoW so that you folks can coordinate further with them
15:15:59 <anadahz> in Spain
15:16:04 <slacktopus> <hellais> As I was digging into the data I found this blockpage: https://explorer.ooni.org/measurement/20200128T115413Z_AS3352_278HqGsnr9IQQHD9HhlvSG5xZ9aS2GO2eWPj6JL96232jr12WY?input=http%3A%2F%2Fwww.womenonweb.org%2F
15:16:14 <anadahz> thx again @agrabeli
15:16:19 <anam> Right now the ISPs some in the Spanish hacklabs network are contacting, as customers, are even denying the fact that they are blocking access
15:16:43 <slacktopus> <hellais> There is a reference to some fingerprint in this movistar forum: https://comunidad.movistar.es/t5/Soporte-Fibra-y-ADSL/Bloqueo-de-pagina-web/td-p/3963231
15:16:52 <anam> We are at the stage of gathering information to go forward in the "argument". btw I'm ana from this hackmeeting community too
15:17:09 <anadahz> @hellais yeah Fortigate DPI
15:17:53 <anadahz> I have found 3 different such "block pages" with separate Fortigate hostnames (FGT_HOSTNAME).
15:18:00 <slacktopus> <agrabeli> So as we're already very much over-time, perhaps we can proceed to the final agenda topic?
15:18:13 <anadahz> If anyone would like to review the technical analysis or find out more about the topic, please msg me.
15:18:14 <slacktopus> <agrabeli> #topic 6. https://github.com/ooni/backend/issues/386 ?
15:18:21 <slacktopus> <agrabeli> ^^ @xhdix
15:18:36 <slacktopus> <agrabeli> Perhaps this is a question for @federico?
15:18:53 <slacktopus> <xhdix> Yes. The explanation and the question are quite clear and I am waiting for the answer.
15:20:26 <slacktopus> <federico> yes, IIRC we can investigate detecting new custom URL and updating domain_input automatically
15:20:44 <slacktopus> <federico> and/or running timed updates more frequently
15:22:04 <slacktopus> <hellais> @federico I think this is mostly about the experimental tests, like sni_blocking not appearing
15:22:26 <slacktopus> <hellais> Could it be that the fastpath does not know of this particular `test_name` and as a result does not publish the data?
15:22:30 <slacktopus> <sbs> anadahz: yes, ping me, I can take a look
15:24:32 <slacktopus> <federico> we are mixing 2 different topics: new URLs vs new test_name
15:24:59 <slacktopus> <federico> lag around new URLs is due to the domain_input refresh
15:25:50 <slacktopus> <federico> and the (persistent) absence of experimental tests is due to the unknown test_name (and it's by design)
15:26:16 <slacktopus> <hellais> how much is the domain_input refresh lag?
15:26:31 <slacktopus> <hellais> what is the process of adding experimental tests to the fastpath?
15:28:22 <slacktopus> <hellais> We can also discuss this out of the meeting
15:28:35 <slacktopus> <federico> IIRC the update runs every 2 hours
15:28:47 <slacktopus> <hellais> There is a last topic brought up by @gurshabad
15:29:11 <slacktopus> <hellais> @gurshabad Related to SNI Blocking. Did you want to mention what aspect of that you would like to discuss?
15:29:15 <slacktopus> <gurshabad> Thank you! (I see that we're already running over time. I'll quickly add my thoughts here, and we can continue the discussion later as well.)
15:29:20 <slacktopus> <gurshabad> Overall: great to see OONI running tests to detect SNI-based blocking!
15:29:29 <slacktopus> <gurshabad> I quickly skimmed through the blogposts and tech spec before the meeting. When a colleague and I were testing for SNI-based blocking in India in early November 2019, we proposed and documented a very similar test.
15:29:39 <slacktopus> <gurshabad> i.e. We proposed attempting to establish a TLS connection with a known server that supports TLS and responds even though it might not host the website entered in the SNI.
15:29:50 <slacktopus> <gurshabad> You can read the blogpost here: https://cis-india.org/internet-governance/blog/reliance-jio-is-using-sni-inspection-to-block-websites  Additionally, you can find the logs for the test here: https://gist.github.com/kush789/3e1ce7901591225d7e7b4d89935ceaf0
15:30:04 <slacktopus> <gurshabad> It might be also be good to have a discussion on TLS-based blocking generally (which might rely on the certificate in addition or instead of the SNI). For instance, we use TLS 1.3 instead of TLS 1.2: probably doesn't matter a lot in this test, but it eliminates possibility of anything happening from the ISP relying on the certificate. The blogpost discusses that aspect.
15:30:27 <slacktopus> <gurshabad> And I'm very happy to discuss this further with @fortuna (who I noticed has already seen the blogpost and commented on the logs), @sbs, @hellais or anyone else working on this. Please let me know if I can be of help in any way!
15:31:00 <slacktopus> <hellais> Thanks for sharing this with us @gurshabad!
15:32:03 <slacktopus> <hellais> We are working on significantly improving our methods for measuring interference that affects TLS and eventually the SNI Blocking, but also TLS cert retrieval, will be part of the stock OONI Probe tests.
15:32:13 <slacktopus> <hellais> I think @sbs is probably the best person to speak about this work going forward
15:33:09 <slacktopus> <gurshabad> Awesome, excited for this in OONI as more and more ISPs are using these methods
15:33:27 <slacktopus> <gurshabad> will ping @sbs separately to see if I can be of any assistance
15:33:39 <slacktopus> <agrabeli> thank you @gurshabad :)
15:34:11 <slacktopus> <hellais> You can find some more details about our thoughts about these topics in ooni/spec: https://github.com/ooni/spec/blob/master/techniques/tq-021-TLS-cert-recording.md https://github.com/ooni/spec/blob/master/techniques/tq-026-SNI-free-and-fake-SNI-TLS-ClientHello.md https://github.com/ooni/spec/blob/master/techniques/tq-027-stuffed-TLS-ClientHello.md https://github.com/ooni/spec/blob/master/nettests/ts-024-sni-blocking.md
15:35:01 <slacktopus> <hellais> @gurshabad ^
15:35:19 <slacktopus> <hellais> Ok folks, I guess that’s a wrap!
15:35:23 <slacktopus> <gurshabad> ooh, nice, thank you
15:36:10 <slacktopus> <agrabeli> <here> Thanks so much everyone for joining us today! Apologies for the delay, and thank you for staying for the extra 37 minutes. :)
15:36:23 <slacktopus> <agrabeli> The next OONI Community Meeting will take place on the last Tuesday of May 2020.
15:36:34 <slacktopus> <agrabeli> For updates, please subscribe to the ooni-talk mailing list: https://lists.torproject.org/cgi-bin/mailman/listinfo/ooni-talk
15:36:52 <slacktopus> <agrabeli> And share any other updates and participate in discussions on this channel in the meanwhile. :)
15:37:03 <slacktopus> <agrabeli> Please stay safe and healthy!!! <3
15:37:16 <slacktopus> <agrabeli> Hope you all have a great day/night! :ooni:
15:37:29 <hellais> #endmeeting