in Southeast Asia and Beyond RightsCon, 30 th March 2017 Ng Swee - - PowerPoint PPT Presentation

in southeast asia and beyond
SMART_READER_LITE
LIVE PREVIEW

in Southeast Asia and Beyond RightsCon, 30 th March 2017 Ng Swee - - PowerPoint PPT Presentation

Dec 12, 2022 206 likes •556 views

Collecting Evidence of Internet Censorship in Southeast Asia and Beyond RightsCon, 30 th March 2017 Ng Swee Meng (Sinar Project) & Maria Xynou (OONI) Sinar Project is an initiative using open technology and applications to systematically make

slide-1
SLIDE 1

Collecting Evidence of Internet Censorship in Southeast Asia and Beyond

RightsCon, 30th March 2017 Ng Swee Meng (Sinar Project) & Maria Xynou (OONI)

slide-2
SLIDE 2

Sinar Project is an initiative using open technology and applications to systematically make important information public and more accessible to the Malaysian people. Our project relies are web services, thus censorship can affect our project. Thus we start investigating censorship situation in Malaysia more deeply. Thus we use ooni for this work

slide-3
SLIDE 3

OONI: Open Observatory of Network Interference

Free software project (under the Tor Project) aimed at empowering decentralized efforts in increasing transparency of Internet censorship around the world. Since 2012, OONI has collected millions of network measurements across more than 100 countries around the world, shedding light on various instances of network interference. https://ooni.torproject.org

slide-4
SLIDE 4

OONI Software Tests

Blocking of websites Blocking of instant messaging apps Blocking of censorship circumvention tools Detection of middle boxes Measurement of network speed & performance

slide-5
SLIDE 5

Examining Internet censorship in Southeast Asia Examining Internet censorship in Southeast Asia

slide-6
SLIDE 6

39 websites found to be blocked through the DNS injection of block pages. News outlets, blogs, and medium.com blocked for covering the 1MDB scandal.

Malaysia

https://ooni.torproject.org/post/malaysia-report/

slide-7
SLIDE 7

21 Million internet user as of 2016 68% internet penetration Five ISP each provide mobile and/or fiber to home

Network Landscape

https://ooni.torproject.org/post/malaysia-report/

slide-8
SLIDE 8

Law on site blocking is via Communication Multimedia Act There’s other law, mostly involve jail time but not internet shutdown, thus out

  • f scope of ooni

Legal background

https://ooni.torproject.org/post/malaysia-report/

slide-9
SLIDE 9

Blocked sites include:

  • News outlets (nypost.com,

dailymail.co.uk)

  • Wikileaks.org
  • Circumvention tool sites (e.g.

hotspotshield.com)

Thailand

https://ooni.torproject.org/post/thailand-internet-censorship/

slide-10
SLIDE 10

7 major ISP 6 providing mobile internet 59.8% internet penetration rate in 2016 Because of relationship between ISP and official, ISP will cooperate with censorship

Network

landscape

https://ooni.torproject.org/post/thailand-internet-censorship/

slide-11
SLIDE 11

Law that create censorship: Lèse-majesté law Computer Related Crime Act ISA

Legal

Background

https://ooni.torproject.org/post/thailand-internet-censorship/

slide-12
SLIDE 12

The sites of the U.S embassy in Myanmar and of the Organization of American States (OAS) presented strong signs of TCP/IP and HTTP blocking. Blue Coat software was detected by

  • oniprobe in 2012. No signs of this

software appeared to currently be present in the 6 networks where tests were recently run.

Myanmar

https://ooni.torproject.org/post/myanmar-report/

slide-13
SLIDE 13

19% internet penetration on 2016 Only Myanmar Posts and Telecom (MPT) and Bagan Cybertech (currently Yatanarpon Telecom) are available to user Both are controlled by government

Network landscape

https://ooni.torproject.org/post/myanmar-report/

slide-14
SLIDE 14

Telecommunication Law 2013 allows the government to censor information/setup surveilance There is also other law, like Computer Science Development, for permit to import computing equipment, defamation law etc. This involve jailtime

Legal background

https://ooni.torproject.org/post/myanmar-report/

slide-15
SLIDE 15

How to collect evidence of Internet censorship in your country

slide-16
SLIDE 16

Running ooniprobe

Linux or macOS Android iOS RaspberryPi

slide-17
SLIDE 17
  • oniprobe Web User Interface

(macOS & Linux)

slide-18
SLIDE 18

Raspberry Pi

slide-19
SLIDE 19
  • oniprobe mobile app
slide-20
SLIDE 20

Risks: ooniprobe is a tool for investigations!

➢ ➢ Anyone monitoring your internet activity (e.g. ISP) will know that

you are running ooniprobe.

➢ ➢ Types of URLs tested include provocative or objectionable sites (e.g.

pornography).

➢ ➢ OONI's “ HTTP invalid request line” test could be viewed as a form of

“ hacking” .

➢ ➢ The use of ooniprobe might potentially be viewed as illegal or

anti-government activity.

➢ https://ooni.torproject.org/about/risks/

slide-21
SLIDE 21

Choices you can make

Contribute to test lists Types of test to run Privacy settings How you upload data Platform for running ooniprobe

slide-22
SLIDE 22

Test lists: Determining which sites to test for censorship

➢ ➢ Global list: Internationally relevant websites ➢ ➢ Country-specific lists: Websites that are relevant to a

specific country

➢ ➢ How to contribute to test lists:

➢https://ooni.torproject.org/get-involved/contribute-test-list

s/

➢ ➢ Citizen Lab github repo:

➢https://github.com/citizenlab/test-lists

slide-23
SLIDE 23

Web Connectivity

Website

D N S l

  • k

u p H T T P R e q u e s t T C P C

  • n

n e c t i

  • n

Probe network Uncensored network Control Probe If Control != Experiment Possible censorship OK

slide-24
SLIDE 24

HTTP Invalid Request Line

Network with no middle box Control Probe ส ว ั ส ด ี ค ุ ณ ไ ด  ย ิ น ไ ห ม สวัสดีคุณไดยิน ไหม Network with middle box Probe สวัสดีคุณไดยิน ไหม

Middle box ????

ERROR!

slide-25
SLIDE 25

HTTP Header Field Manipulation

Network with no middle box Control Probe

GET example.com GET example.com

Network with middle box Probe

GET example.com Middle box G E T e x a m p l e . c

  • m

X

  • V

I A

  • M

I D D L E B O X G E T e x a m p l e . c

  • m

X

  • V

I A

  • M

I D D L E B O X GET example.com X-VIA-MIDDLEBOX

= ⍯

slide-26
SLIDE 26

Data ooniprobe collects

➢ ➢ Country code (e.g. BR for Brazil) ➢ ➢ Autonomous System Number (ASN) ➢ ➢ Date & time of measurements ➢ ➢ Network measurement data (depending on the type of test) ➢ ➢ Note: IP addresses & other potentially identifying information might

unintentionally be collected.

➢ ➢ OONI Data Policy: https://ooni.torproject.org/about/data-policy/

slide-27
SLIDE 27

Uploading data to OONI servers

➢ ➢ Tor hidden services (recommended!) ➢ ➢ HTTPS collectors ➢ ➢ Cloud-fronting

slide-28
SLIDE 28

Open Data

➢ ➢ Evidence of censorship events ➢ ➢ Transparency of global internet controls ➢ ➢ Allows researchers to conduct independent studies & to

explore other research questions

➢ ➢ Allows the public to verify OONI's findings

slide-29
SLIDE 29

OONI Explorer

https://explorer.ooni.torproject.org/

slide-30
SLIDE 30

Measurement API

https://measurements.ooni.torproject.org/

slide-31
SLIDE 31

Interpreting the data

➢ “ Normal” and “ anomalous” measurements. ➢ “ Anomalous” measurements MIGHT contain evidence of

censorship, but not necessarily (i.e. false positives).

➢ We only confirm a case of censorship when we have

detected a block page.

slide-32
SLIDE 32

Get involved!

  • OONI Partnership Program
  • Monthly community meetings on https://slack.openobservatory.org
  • Run ooniprobe
  • Contribute to test lists
  • Analyze the data
  • Tell stories
  • Host an OONI workshop, spread the word! :)
slide-33
SLIDE 33

Resources & contacts

  • OONI: https://ooni.torproject.org/
  • Sinar Project: http://sinarproject.org/
  • OONI Explorer: https://explorer.ooni.torproject.org/
  • Measurement API: https://measurements.ooni.torproject.org/
  • Software: https://github.com/TheTorProject/ooni-probe
  • Email:contact@openobservatory.org
  • Twitter: @OpenObservatory, @sinarproject
  • IRC: #ooni (irc.oftc.net) - https://slack.openobservatory.org/