Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Tor censorship 2012, OONI
1. Tor e la Censura
Come i gorverni hanno censurato Tor e come i
pacchetti vengono liberati.
Saturday, June 30, 12
2. $ whoami
• Arturo `hellais` Filastò
• Tor Project hacker
• Random GlobaLeaks Developer
• I develop Free Software for Freedom
Saturday, June 30, 12
3. Surveillance
• Censorship is a
subset of
surveillance
• If you are censoring
something you are
surveilling everything
Saturday, June 30, 12
4. “The Net interprets censorship as damage and
routes around it.”
- John Gilmore; TIME magazine (6
December 1993)
Saturday, June 30, 12
5. What is Internet
Filtering?
• Is a form of non
democratic
oppression on
people
• It allows those in
power to subvert
reality
Saturday, June 30, 12
6. FilterNet
• It’s a distortion of what is in reality the
internet.
• Follows the subjectiveness of the
authorities
• This does not help humanity
Saturday, June 30, 12
7. There is no just
censorship.
• Internet filtering is happening in China,
Iran, Syria, but also in Italy, UK, Netherlands.
• The only solution to what is considered by
some wrong information is more
information.
Saturday, June 30, 12
8. Tor and Censorship
• Tor is born as
anonymity tool
• Censorship
circumvention
was a side effect
Saturday, June 30, 12
9. Brief Timeline of Tor
Censorship
• 2002 - The Source code for Tor is released
• 2006, April - Thailand - DNS Filtering of tpo
• 2006 - Websense/netfilter - Block Tor based on Tor GET requests
• 2007 - Iran, Saudi - Blocks Tor thanks to Websense
For more details on
• 2009, Iran throttles SSL these events see, “How
• 2009, Tunisia - Smartfilter to block all expect 443, 80 governments have tried
• 2009, China blocks public relays to block Tor”
• 2009 - Tor bridges are introduced
• 2010 - China starts collecting and blocking bridges
• 2011 - Iran by DPI on DH parameter in SSL
• 2011 - Egypt selected targetted sites for blocking
• 2011 - Lybia, throttling to limit use
• 2011 - Syria, DPI on Tor’s TLS renegotiation and killed connections
• 2011 - Iran DPI on SSL and TLS certificate timeline
Saturday, June 30, 12
10. What has happened in
the past months?
• 9 February 2012, Iran total SSL blockage
• 2012, China proactive censorship
evolutions
• February - March 2012, Kazakhstan
• 22 May 2012, Ethiopia
• 25 June 2012, UAE, Tor blocking via DPI
Saturday, June 30, 12
11. Iran SSL Blockage
• Deep packet inspection (DPI) of SSL traffic
• Selective blocking of IP Address and TCP
port combinations
• Some keyword filtering
• Not nationwide, certain areas no SSL traffic.
• February 2012, First real world deployment
of obfsproxy
Saturday, June 30, 12
13. China evolutions
• Blocking Techniques
• IP Blocking (layer 3)
• IP:Port blocking (layer 4)
• RST based filtering (layer 4, active, easy circumvention)
• HTTP blocking (layer 5)
• Detection techniques
• Active probing of *every* SSL connection (speaking Tor protocol)
• Tor fingerprints for TLS Helo
• Philip Winter, Fabio Pietrosanti worked on understanding active
chinese probing.
Saturday, June 30, 12
14. February - March 2012
Kazakhstan
• In response to protests in Zhanaozen
• Previously
• IP address blocking
• DNS based blocking
• DPI SSL blocking
• JSC KazTransCom starts blocking SSL traffic based on client
key exchange
• Some businesses affected (no SSL, no IPSEC, no PPTP, no
certain VPNs)
• Obfsproxy used
Saturday, June 30, 12
16. 22 May 2012
Ethiopia
• Stateless DPI looking for Tor TLS Server
Helo
• Research conducted by phw, naif
• Patch for bridge #6045
Saturday, June 30, 12
18. 25 June 2012
UAE
• The Emirates Telecommunications
Corporation, also known as Etisalat, started
blocking Tor using DPI
• Evasion trough
• Special patch for bridges that removed
fingerprint
• Obfsproxy
Saturday, June 30, 12
19. What we are doing?
• Help people access information
Anonymously (Tor)
• Help people circumvent censorship (Tor, Tor
Bridges)
• Measure Internet filtering in the world
(OONI-Probe)
• Help people speak freely and anonymously
(Tor Hidden Services, APAF)
Saturday, June 30, 12
20. OONI
• Open Observatory of Network
interference
• Provide a methodology and framework
• Strong focus on Openness
Saturday, June 30, 12
21. Why OONI?
• A lot of tools exist, but are either:
• Closed source
• Closed methodologies
• Closed data
• OONI is to be:
• Free Software
• using Open and described methodologies
• publishing all the collected data with Open License
Saturday, June 30, 12
22. Open Methodologies
• This means that the research is
reproducible
• People seeing the results can evaluate the
accuracy of the testing strategy
Saturday, June 30, 12
23. Free Software
• Free software for freedom
• Means that anybody can base their
censorship research on OONI
• This allows code reuse and knowledge
sharing
• https://gitweb.torproject.org/ooni-probe.git
Saturday, June 30, 12
24. Open Data
• This allows people to independently verify
the results
• Open License (Creative Commons by
Attribution)
• People will independently draw their
conclusions based on the *data*
• Data driven journalism, Political Science
studies, Anti-Censorship activism.
Saturday, June 30, 12
25. What it detects
• It’s goals is to detect:
• Network filtering (“Is my network traffic
being tampered with?”)
• Content restrictions (“What is being
blocked?”)
• Filtering technique (“How is it being
blocked?”, “What software are they
using?”)
Saturday, June 30, 12
28. OONIB
• Distributed backend for:
• Assist in running of certain tests
• Two way traceroute
• Echo server
• DNS server
• HTTP server
• Control Channel
• Collect reports from probes
Saturday, June 30, 12
29. OONI-probe
• The actual measurement tool
• Includes the core of the test logic
• Takes an input and performs measurements
on the test network
• It can run the test on the local network or
send it to a remote Node (SOCKS,
OONIProxy, PlanetLab, etc.)
Saturday, June 30, 12
31. Test Categorization
• Traffic manipulation
• “Is there surveillance, of what kind?”
• Content blocking
• “Is there censorship?”
• “What is being censored?”
Saturday, June 30, 12
32. Traffic Manipulation
examples
• Two way traceroute If there is a difference
between an inbound traceroute and an outbound
traceroute for certain source and destination
ports this may be an indication of traffic being
routed to interception de- vices.
• Header field manipulation By varying the
capitalization and adding certain headers to layer 7
protocols it is possible to detect on the receiving
end if the traffic has been tampered with.
Saturday, June 30, 12
33. Content Blocking
examples
• HTTP Host This involves changing the Host header field of an HTTP request to
that of the site one wishes to check for censorship.
• DNS lookup This involves doing a DNS lookup for the in question hostname. If
the lookup result does not match the expected result the site is marked as being
censored.
• Keyword filtering This involves sending an receiving data that contains certain
keywords and matching for censorship. It is possible to use bisection method to
understand what subset of keywords are triggering the filter.
• HTTP scan This involves doing a full connection to the in question site. If the
content does not match the expected result then a censored flag is raised.
• Traceroute This involves doing TCP, UDP, ICMP traceroute for certain destination
addresses if there are discrepancies in the paths with locations in the vicinities then
a censorship flag is raised.
• RST packet detection This involves attempting to con- nect to a certain
destination and checking if the client gets back a RST packet.
Saturday, June 30, 12
34. Implementation details
• Written in Python
• Based on twisted
• Provides scapy twisted
integration
• Is currently a prototype.
• Expect problems and to need
to have to use the source
• Please kill bugs
• Parts of OONIB implemented,
no remote reporting, OONI-
probe runs only locally
Saturday, June 30, 12
37. Recent Impact
Handara Palestine
• Blockage of politically
oriented websites
Saturday, June 30, 12
38. Future
• Keep hacking on OONI
• Finish the architecture specification
• Get a beta release of OONI for December
2012.
• Perform measurements in all the world.
Saturday, June 30, 12
39. Come hack with us :)
• https://www.torproject.org/
• #tor, #tor-dev, #ooni irc.oftc.net
• https://ooni.nu/
• https://gitweb.torproject.org/ooni-probe.git
Saturday, June 30, 12