search

ooni / ooni.org

The ooni.org homepage and all cross organisational issues
https://ooni.org
Other
75 stars 62 forks source link

Community questions raised during OONI Partner Training 2021 (Group 1) #1056

Open agrabeli opened 2 years ago

agrabeli commented 2 years ago

During the OONI Partner Training 2021 (https://ooni.org/post/ooni-partner-training-2021/), participants (Group 1) raised the following questions during the session on "Introduction to Internet Censorship":

  1. Is OONI's definition of Middlebox the same as it in cybersecurity?

  2. Are outside measurements as reliable as those done inside a country?

  3. It was helpful to have the overview of how censorship works -- will you also give an overview of how the OONI app works to detect it?

  4. Do we run any legal risk by running the measurements?

  5. Sometimes users are using software that may be intercepting or messing up their internet traffic (for example, some antivirus), how can we evaluate the measurement or suspect that something like this is happening and a blocked site is actually a false positive?

  6. Do you have any documentation for threat modeling specifically around using OONI Probe? Or like, sample use cases where you would recommend against using OONI?

  7. Has OONI Project been targeted by censors and can they tamper remotely with the performance of the OONI App?

  8. Does OONI tunnel measurements when the pipeline is interfered with?

  9. Have there been any requests to take the app binary down in app stores in any jurisdiction/stores?

  10. If you were not the target when looking for golang TLS fingerprint, do you have any idea of who might be targeted?

  11. Does OONI have a “stealth” mode where the OONI client IP is hidden to protect probe host?

  12. How can you tell if certain features of an app are blocked? For example, WhatsApp messaging is unblocked in a region however its VOIP services are blocked. Does OONI identify that?

I am documenting the above questions in this ticket so that we can more easily come back to them.

hellais commented 2 years ago

What is the definition of done for this issue?

Perhaps it should be about adding answers to these questions to the FAQ on our website. If that is the case we should update the description and title of the issue to reflect that.

agrabeli commented 1 year ago

@hellais Great question. I don't they should be included in the FAQ (at least not all of them), as they don't strike me as "frequently asked questions" by the community. I mainly opened this ticket so that we can have these questions documented to refer to (which may inform some of our work). I'd need to look at this more carefully at some point (hopefully soon).