bassosimone
commented
2 years ago Today I reached out to the paper's authors to understand if they already have a distributed Disguiser-server deployment (and whether they are okay for us using it) or we could collaborate on making such a deployment happen.
This issue is about implementing a methodology called disguiser inside ooniprobe. We are going to use this methodology along with webconnectivity/websteps to increase our confidence and accuracy with respect to specific middleboxes. We will close this issue once we have fully implemented this methodology. As such, this issue is an umbrella for several activities.
With @hellais we have recently read Understanding the Practices of Global Censorship through Accurate, End-to-End Measurements. It's definitely an interesting paper that proposes an IMHO good methodology for detecting censoring middleboxes. (Though, it is sad that the paper says that OONI is not able to detect TLS blocking and I'm wondering whether this depends on us not having published a paper on OONI as a whole since 2012, even though we have been working on DoT/DoH blocking and QUIC blocking recently, so maybe we should just have a section of our website that lists the most recent papers we've been working on?)
The TL;DR about this methodology (called "disguiser") is that it rests on a server returning static DNS, HTTP and HTTPS responses and flags all responses that do not match the expected static responses as blocking. On top of that, disguiser has also code to deal with non-malicious transparent proxies (e.g., performance enhancing proxies) to single them out.
We think that it would be cool to integrate disguiser along with the methodologies we are currently using. Because disguiser is quite good at showing some kinds of censoring middleboxes, we are going to produce better measurements by also including it as a signal to determine blocking.
We will extend this issue to have a list of activities (possibly as sub-issues) required to integrate disguiser.