13:58:13 <hellais> #startmeeting OONI Community meeting 2021-02-23
13:58:13 <MeetBot> Meeting started Tue Feb 23 13:58:13 2021 UTC.  The chair is hellais. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:58:13 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:58:46 <slacktopus> <agrabeli> <here> Hello folks! Welcome to the February 2021 OONI Community Meeting! :) :party_parrot:
13:59:16 <slacktopus> <agrabeli> My name is Maria, I work with OONI, and I'm happy to see you here today with us. :)
13:59:22 <slacktopus> <agrabeli> How are you doing?
13:59:26 <slacktopus> <agrabeli> How's joined us today?
13:59:38 <slacktopus> <agrabeli> Please feel encouraged to introduce yourselves in any moment. :)
13:59:54 <slacktopus> <sbs> Hi! I am Simone and I work at OONI! :ooni:
14:00:26 <slacktopus> <hellais> Hi folks! This is Arturo from :ooni: !
14:00:38 <slacktopus> <hellais> And I am doing very well :)
14:01:22 <slacktopus> <hitmanarky> Hey o/ I am Arky, an open source contributor and former community manager with Mozilla Firefox project.
14:01:40 <slacktopus> <cielitosaraviag> Hey there, I'm Cielito from the InternetBolivia.org Foundation. I work in digital security with them,
14:02:08 <slacktopus> <agrabeli> Welcome @hitmanarky and @cielitosaraviag! Thanks so much for joining us :)
14:02:29 <slacktopus> <agrabeli> The agenda for today's meeting is available here: https://pad.riseup.net/p/ooni-community-meeting-keep
14:02:50 <slacktopus> <agrabeli> If you haven't already, please add any topics you'd like to discuss in this pad :point_up_2:
14:03:24 <slacktopus> <agrabeli> So we can start off with the 1st topic
14:03:30 <slacktopus> <agrabeli> topic #1. Brief update: New OONI Probe CLI
14:04:01 <slacktopus> <agrabeli> Before we dive into the next agenda items, I wanted to start of by highlighting the importance of switching over to OONI Probe CLI if you're currently using legacy ooniprobe
14:04:11 <slacktopus> <sarath_ms> :wave:
14:04:20 <slacktopus> <agrabeli> (Welcome @ivalentovitch! Happy to see you here! :) )
14:04:57 <slacktopus> <sarath_ms> Hello I'm Sarath. I'm one of the developers at :ooni:
14:05:35 <slacktopus> <agrabeli> Are you running the old python version of ooniprobe (https://github.com/ooni/probe-legacy)?  If so, please switch over to the new OONI Probe Command Line Interface (CLI): https://ooni.org/install/cli :)
14:06:06 <slacktopus> <jiggasue> hello
14:06:07 <slacktopus> <agrabeli> Basically the legacy ooniprobe is being discontinued, which means that if you're still running it, in a few months from now you will no longer be able to contribute measurements :S
14:06:34 <slacktopus> <agrabeli> Which is why we recommend switching over to the new OONI Probe CLI (which also supported automated daily testing) ASAP :) :pray:
14:06:55 <slacktopus> <agrabeli> (Welcome @jiggasue! Thank you for joining us! <3)
14:07:04 <slacktopus> <jiggasue> where is the meeting link?
14:07:17 <slacktopus> <sbs> https://pad.riseup.net/p/ooni-community-meeting-keep
14:07:43 <slacktopus> <jiggasue> thank you @agrabeli
14:07:45 <slacktopus> <agrabeli> @jiggasue the meeting is taking place on this channel, but you can review (and contribute to) the agenda here: https://pad.riseup.net/p/ooni-community-meeting-keep
14:08:28 <slacktopus> <agrabeli> We're trying to reach all legacy ooniprobe users in order to encourage them to switch over to the OONI Probe CLI. Do you know any?
14:08:45 <slacktopus> <agrabeli> If so, we'd greatly appreciate it if you could please share the message :pray:
14:10:09 <slacktopus> <agrabeli> Are there perhaps any questions related to OONI Probe CLI..?
14:10:47 <slacktopus> <db1984> Hello I'm David and I'm new: less code more words i guess, considering that i got a law background (some general knowledge on code), anyway wasting words still not my preferred approach XD Interesting text-only approach for the meeting, i'll follow, thanks for your work
14:11:15 <slacktopus> <jiggasue> thank you
14:11:35 <slacktopus> <agrabeli> Welcome @db1984! Thanks for joining us! <3
14:12:11 <slacktopus> <agrabeli> As you join, please feel encouraged to add more agenda topics to this pad: https://pad.riseup.net/p/ooni-community-meeting-keep :)
14:12:32 <slacktopus> <agrabeli> So unless there are any OONI Probe CLI questions, we can move to the 2nd agenda topic
14:12:32 <slacktopus> <hitmanarky> Question:  Just a thought, Perhaps the new OONI Proble CLI will trip Windows Malware/Anti virus software. This is most common issue when I introduce digital security tools out here in SE.Asia. Perhaps I could file a bug to find a way to whitelist tool
14:13:18 <slacktopus> <sbs> my pleasure!
14:13:31 <slacktopus> <hellais> We aren’t currently planning to ship OONI Probe CLI on windows as a standalone executable, just as part of the probe-desktop app, which is signed using the microsoft codesign stuff
14:14:03 <slacktopus> <hellais> If there is enough demand we might also make it available as a standalone tool though. I have noticed that somebody has already made a chocolatey package for it: https://chocolatey.org/packages/ooniprobe-cli
14:14:30 <slacktopus> <hellais> Perhaps that is the way to go in terms of reaching the more advanced users on windows which want/need a CLI tool
14:14:53 <slacktopus> <sbs> (maybe we should adopt the chocolatey package, since 3.4.0 is < 3.5.2 and we probably want OONI to be up-to-date)
14:15:09 <slacktopus> <hitmanarky> +1 for Chocolatey
14:15:28 <slacktopus> <agrabeli> Great!
14:15:49 <slacktopus> <agrabeli> #topic 2
14:15:52 <slacktopus> <agrabeli> 2. Can it happen that OONI Probe will test URLs that are not on the Citizen Lab test list for given country during a standard test in that country? In a single run, does the probe test all URLs from given list or a sample of them? What variables determine the size of the sample? Is it possible to use the probe remotely and collect data similar in quality to that when using the probe locally? Thank you :)
14:16:10 <slacktopus> <agrabeli> ^^ Would the person who added this topic like to share more words...? :)
14:16:34 <slacktopus> <agrabeli> (or I can address these questions direclty)
14:17:14 <slacktopus> <ivalentovitch> Hi guys :)
14:17:43 <slacktopus> <ivalentovitch> I'm Igor and our project is geared towards updating Citizen Lab test lists. We are Netalitica
14:18:16 <slacktopus> <agrabeli> And you can learn all about @ivalentovitch’s work here: https://netalitica.com/
14:18:16 <slacktopus> <ivalentovitch> http://netalitica.com/
14:18:43 <slacktopus> <agrabeli> Netalitica do research on updating the Citizen Lab test lists, which is very relevant to the above questions.
14:18:55 <slacktopus> <agrabeli> I can try to answer the above questions briefly:
14:19:07 <slacktopus> <ivalentovitch> I received these questions from couple of ooni probe users
14:19:23 <slacktopus> <agrabeli> aaah perfect! Thanks Igor! :)
14:19:30 <slacktopus> <agrabeli> So in summary:
14:20:00 <slacktopus> <agrabeli> • By default, when you tap "Run", you only test the URLs included in the global + country Citizen Lab test lists
14:20:29 <slacktopus> <agrabeli> • However, you can also test the URLs of your choice through the use of the "Choose websites" button (included inside of the Websites card of the OONI Probe mobile app)
14:21:10 <slacktopus> <agrabeli> • Many community members also test their own custom lists of URLs through the use of the OONI Run platform (https://run.ooni.io/), which they use to generate mobile deep links for testing
14:21:36 <slacktopus> <agrabeli> • It is also possible to specify the list of URLs you want to test via the OONI Probe Command Line Interface (CLI)
14:23:07 <slacktopus> <agrabeli> • In a single run (on OONI Probe Mobile), you will test a *random* selection of URLs taken from the global + country test lists. By default, you will *test as many URLs as you can connect to within 90 seconds*. We have done this due to bandwidth constraints (to avoid testing 1,000 URLs in one go and eating up all of their data ,:)).
14:23:26 <slacktopus> <agrabeli> (on OONI Probe Desktop, however, you test ALL URLs in one go)
14:23:52 <slacktopus> <agrabeli> • Every time you tap "Run" on mobile, you test a different sample of URLs -- as many as you can connect to in 90 seconds.
14:24:36 <slacktopus> <agrabeli> • If you'd like to avoid this limitation and test all URLs in one go (on mobile), you can do so by going to the OONI Probe mobile app settings => Websites => And *disabling the test duration* option. :)
14:25:52 <slacktopus> <ivalentovitch> @agrabeli Thank you! This is very helpful! Users from NED mentioned that they run the probe in country X and it tested URLs not included in the Citizen Lab test list for that state. I think this is not possible unless intentional on part of the tester.
14:26:21 <slacktopus> <agrabeli> • While it is possible to run OONI Probe remotely (e.g. via a VPS), we recommend running OONI Probe locally in order to ensure that what the local internet user experiences is what is measured (i.e. perhaps not all censorship experienced locally can be measured remotely). We try to capture what local users experience on the ground when connected directly to a network.
14:27:04 <slacktopus> <agrabeli> @ivalentovitch did they run OONI Probe through the use of a VPN?
14:27:19 <slacktopus> <ivalentovitch> yes - a local one
14:27:38 <slacktopus> <ivalentovitch> I mean VPN's servers were based in the country where the tests were run
14:28:23 <slacktopus> <ivalentovitch> I believe they are new to the OONI probe and got something wrong - but to be on the safe side, I decided to ask the above questions
14:28:26 <slacktopus> <hellais> One recent change that is worth mentioning on the sampling of the URLs is no longer purely random, but it’s weighed based on some priorities we are giving to certain categories in the testing lists. For example URLs in the NEWS category are more likely to end up being tested than those inside of the GAME category.
14:29:01 <slacktopus> <ivalentovitch> :+1:
14:29:14 <slacktopus> <hellais> @ivalentovitch did they run URLs that were not inside any testing list or did they end up testing URLs which were inside of the testing list of some other country?
14:29:54 <slacktopus> <hellais> If it’s the later it might be due to some issue in how the geolocation of the probe was done, which may be caused by them running OONI Probe though a VPN or possibly even the GeoIP resolution not being accurate.
14:30:34 <slacktopus> <hellais> To rule this out, they should look at where the measurement appears to be coming from in the probe. If the probe_cc key is set to something unexpected then that is the root cause of the issue
14:31:13 <slacktopus> <ivalentovitch> I don't know all the details, but what they mentioned was that they started the probe in its default settings and some of the URLs it tested may not have been in the test list for that country. I think they got confused by GitHub or something
14:31:40 <slacktopus> <agrabeli> `probe_cc` => Basically their OONI Probe measurements should say in which country (based on a country code) they were collected from.
14:32:05 <slacktopus> <agrabeli> @ivalentovitch perhaps they're referring to the testing of URLs included in the global test list?
14:32:15 <slacktopus> <agrabeli> Did they only expect to test URLs in the country list?
14:32:51 <slacktopus> <ivalentovitch> This might be it! Probably they are not aware of the existence of the Global list!
14:33:03 <slacktopus> <ivalentovitch> Thank you guys!
14:33:14 <slacktopus> <agrabeli> Thank *you* for sharing this feedback!
14:33:16 <slacktopus> <hellais> good point!
14:33:36 <slacktopus> <agrabeli> @ivalentovitch you can find further information on the testing of websites here: https://ooni.org/support/faq/#testing-websites
14:33:44 <slacktopus> <ivalentovitch> The cool point is that end users are interested and curious how the probe works
14:33:52 <slacktopus> <agrabeli> ^^ This includes answers to some of the questions you raised, and you can share it with your contacts. :)
14:34:13 <slacktopus> <agrabeli> yep! that's really cool :)
14:34:42 <slacktopus> <ivalentovitch> I think it would be very cool if there is a 30sec animation about how the OONI probe works
14:35:12 <slacktopus> <agrabeli> @ivalentovitch yep, that's an excellent idea! :heart_eyes:
14:35:36 <slacktopus> <ivalentovitch> I made a slide on this and it inspired a great interest. But if I had a link to animaiton - this would have answered most of the questions
14:36:06 <slacktopus> <hitmanarky> +1 Such an animation would be invaluable to promote OONI use in  SE. Asia.
14:36:13 <slacktopus> <agrabeli> We would definitely love to create an animation (as soon as we're able to prioritize that)! <3
14:37:01 <slacktopus> <agrabeli> @ivalentovitch did you perhaps have any other questions? Did my answers cover you? May we proceed to agenda topic 3?
14:37:10 <slacktopus> <ivalentovitch> @agrabeli @hellais Thanks for answering all of my questions!
14:37:29 <slacktopus> <agrabeli> Thank you @ivalentovitch for sharing this feedback with us!
14:37:34 <slacktopus> <agrabeli> #topic 3
14:37:42 <slacktopus> <agrabeli> 3. We know that OONI is blocked in some networks (e.g., we have seen this happening in some Iranian ISPs) and we're working on adding circumvention [sbs]
14:37:50 <slacktopus> <agrabeli> @sbs the floor is yours :)
14:38:04 <slacktopus> <sbs> yes, thanks!
14:38:10 <slacktopus> <sbs> so, there isn't much more to add to the headline
14:38:22 <slacktopus> <sbs> we know of this problem, we're working to improve the situation
14:38:32 <slacktopus> <sbs> we have a plan and soon code that can be tested
14:38:40 <slacktopus> <sbs> thank you for your patience :pray:
14:39:14 <slacktopus> <db1984> Sorry for the noob question, how is blocked and why from a general standpoint?
14:40:02 <slacktopus> <agrabeli> (that's actually a great question!)
14:40:44 <slacktopus> <sbs> we don't know very well and for sure because we have only seen screenshots in bug reports
14:41:01 <slacktopus> <sbs> I suspect either there is intentional blocking of OONI or the blocking is accidental
14:41:12 <slacktopus> <sbs> (I mean, collateral damage)
14:42:18 <slacktopus> <db1984> ok.. it's risky there to do net measurements, that's why it's difficult to have a clear overview? And i guess with VPNs and VPS is not the same as mentioned above
14:43:22 <slacktopus> <sbs> I would not say that the problem is that it's risky
14:43:49 <slacktopus> <sbs> I suspect the main problem is that we need to roll out a new experimental APK to see what happens
14:43:57 <slacktopus> <sbs> This does not scale well and is tedious
14:44:28 <slacktopus> <sbs> so, we're just going to implement better circumvention for everyone and see what happens
14:45:30 <slacktopus> <db1984> ok! thanks, clear! it's always where it's more challenging that is more needed
14:46:22 <slacktopus> <agrabeli> Great! So proceeding with #topic 4
14:46:31 <slacktopus> <agrabeli> 4. Developing a new OONI Probe Signal experiment [Arky]
14:46:50 <slacktopus> <agrabeli> @hitmanarky was there anything else you wanted to add about the need for a new Signal test?
14:47:13 <slacktopus> <agrabeli> (I think @sbs also wanted to share thoughts on this?)
14:47:39 <slacktopus> <sbs> I wanted to mention that we know this is important to many of you and we are going to roll it out soon
14:47:45 <slacktopus> <hitmanarky> I think the tests I have added are not very useful. The OONI CLI patch will do the right checks.
14:48:07 <slacktopus> <sbs> (thank you @hellais for writing the Signal test implementation!)
14:48:44 <slacktopus> <hitmanarky> I have just started learning Go, @hellais let me know if I can pitch in and help with any testing.
14:48:47 <slacktopus> <hellais> WRT the signal test we have a specification written for it which is available here: https://github.com/ooni/spec/pull/210/files and a working implementation of the test over here: https://github.com/ooni/probe-cli/pull/230
14:49:23 <slacktopus> <hellais> I have also reached out to some people from Signal to see if they can also provide us with some more feedback on the test and understand if we are testing it in the best way possible
14:49:56 <slacktopus> <sbs> Writing tests for IM platforms is always not so pleasant because it's a reverse engineering effort and because things change
14:50:15 <slacktopus> <sbs> I suspect our initial implementation could be improved an adapted over its lifetime
14:50:26 <slacktopus> <hellais> There are some improvements that we may or may not do to the test depending on time and urgency for shipping it which might help reduce the false positive rate (checking prior to running the experiments if the signal platform is in fact up or not).
14:50:41 <slacktopus> <sbs> We are grateful to the persons that have prodded us so far and we would love to continue the conversation on the Signal test once it's out there
14:50:59 <slacktopus> <hellais> But as @sbs says we might want to get this MVP out of the door sooner rather than later and not block on getting the perfect thing, but rather build upon it incrementally
14:52:06 <slacktopus> <hitmanarky> We have people watching OONI every day in Myamar. To have Signal Messenger test show up on the page would be a good start.
14:52:10 <slacktopus> <agrabeli> And if you folks are interested in reviewing the test specification + code and helping us improve the new Signal test, that would be greatly appreciated! :pray:
14:53:12 <slacktopus> <agrabeli> Is there anything else you'd like to discuss wrt Signal test, or may we proceed to the last agenda topic?
14:54:02 <slacktopus> <agrabeli> As we have 5 minutes left, let's transition to #topic 5
14:54:06 <slacktopus> <agrabeli> 5. We have presented a paper on measuring DoT/DoH blocking at the DNSPriv21 workshop of the NDSS Symposium (https://www.ndss-symposium.org/ndss-paper/auto-draft-123/) and we are going to make this test soon available to all OONI users [sbs]
14:54:16 <slacktopus> <agrabeli> @sbs ^^ :)
14:55:22 <slacktopus> <sbs> yes, I just wanted to mention that we did this research work (at the link you can find slides and the paper itself) and we're going to expose this new experiment to OONI users soon (I think in 1-2 releases, i.e., 4-7 weeks)
14:56:06 <slacktopus> <agrabeli> And this refers to the new DNSCheck experiment
14:56:24 <slacktopus> <sbs> (I like the :drum_with_drumsticks: because it gives me a feeling that we're moving ~fast)
14:56:43 <slacktopus> <hellais> You can find the specification of this test here: https://github.com/ooni/spec/blob/master/nettests/ts-028-dnscheck.md
14:56:52 <slacktopus> <agrabeli> haha! that was actually meant to show my excitement :P )
14:57:43 <slacktopus> <hellais> and we are going to ship it by introducing a new experimental test card which eventually will host these more bleeding edge reasearch-y type tests
14:58:22 <slacktopus> <agrabeli> Does anyone perhaps have any questions or thoughts/feedback they'd like to share? :)
14:58:27 <slacktopus> <sbs> I have a preview topic for future discussion, before we part ways
14:58:44 <slacktopus> <sbs> I've seen this PR here: https://github.com/citizenlab/test-lists/pull/714
14:58:56 <slacktopus> <sbs> it's adding support for testing stuff that is not directly a website
14:59:02 <slacktopus> <sbs> but may be used by a website
14:59:15 <slacktopus> <sbs> we need to keep this into the radar and perhaps think holystically
14:59:28 <slacktopus> <sbs> our current model of fetching the main URL of website is good
14:59:43 <slacktopus> <sbs> but it's lacking support for checking beyond the main URL
15:00:00 <slacktopus> <agrabeli> that's an excellent point
15:00:01 <slacktopus> <sbs> as this seems a complex discussion, I wanted to mention it now and we should probably all give it a thought
15:00:25 <slacktopus> <agrabeli> thank you @sbs!
15:00:59 <slacktopus> <agrabeli> As we're past the hour, I'd like to thank everyone <here> for joining us today! <3
15:01:28 <slacktopus> <sbs> Thank you all for joining us! :ooni: <3
15:01:35 <slacktopus> <agrabeli> Thanks so much for your time, feedback, and questions -- and please feel encouraged to continue sharing them here on this channel in general. :)
15:01:38 <slacktopus> <hellais> :raised_hands:
15:01:50 <slacktopus> <ivalentovitch> :+1:
15:01:58 <slacktopus> <agrabeli> I'll be sending out details for the next community meeting on mailing lists + Slack
15:02:09 <slacktopus> <db1984> :+1:
15:02:12 <slacktopus> <agrabeli> Hope you all have a great day/evening! <3:ooni:
15:02:21 <hellais> #endmeeting