A brief introduction to OONI
Federico Ceratto
2021-08-24
This is gentle introduction to OONI that does not require readers to have a technical background.
If you are familiar with how the Internet works and how it can be censored you can skip The basics.
For frequently asked questions and answers, please refer to the OONI FAQ.
The basics
You might be connecting to the Internet
from a local network
or using an Internet Service Provider (ISP).
ISPs are usually not connected to each other. Rather they connect to large
carriers or simply to a bigger ISP.
When visiting a website your data might go through your local network,
then your ISP, then one or two carriers,
another ISP, across a datacenter network
and finally reach a server.
Data is transmitted using various “formats” called protocols.
Multiple protocols are used together:
* The whole Internet uses the IP protocol.
* Most of the time, the IP protocol is used together with the TCP protocol.
* And finally, most applications use one or more application protocols.
For example, websites mainly use the HTTPS protocol, while emails
use a different application protocol. Instant Messaging and videogames often have their own protocols.
When browsing a website, you most often rely on IP, TCP, DNS and HTTPS.
Data can be lost or altered at virtually any location on the network (ISP, carrier, etc), both by accident and on purpose.
Additionally, devices called middleboxes can be deployed by third parties between ISPs and carriers or in other locations. They can be used to disrupt or block traffic based on source, destination and content.
Finally, a website (or another service) can block users by itself (e.g. depending on the location of the users). This case (server-side blocking) falls outside of what is called “network interference” because the blocking is done at the source.
How OONI Probe detects blocking
Most Internet traffic travels across different networks and often relies on multiple protocols. As such, it is possible to interfere with Internet traffic in different ways and at different locations in complex combinations.
Some common forms of interference include:
- IP blocking: An ISP prevents a user from connecting to the IP address of a website or app;
- DNS hijacking: An ISP prevents a user from connecting to a website or app by making them connect to an incorrect IP address (which is not the actual IP address of the website or app that the user is trying to access), which may host a block page or present a connection error;
- HTTP blocking: An ISP prevents a user from retrieving information from a website or app. This can be done in many ways, such as by serving a block page, intercepting the user’s HTTP request, or by resetting the connection.
These forms of censorship can be measured through OONI’s app, called OONI Probe.
Not all forms of traffic disruption represent censorship. Sometimes it is due to technical problems, and sometimes
it is done for security reasons (for example, to block spam, or to protect browsers from websites that serve malware).
Furthermore, there are forms of censorship that are out of scope for OONI, such as an article on a news website that is deleted by the author,
a movie streaming service that refuses services to users from a given country, and content takedowns by social media companies (such as Facebook).
OONI relies on a large number of volunteers worldwide who run OONI Probe on phones, desktops, laptops, and servers.
OONI Probe can test multiple protocols and includes a variety of different tests which check for:
- Blocking of websites (using lists of websites hosted publicly);
- Blocking of instant messaging apps (WhatsApp, Facebook Messenger, Telegram, Signal);
- Blocking of circumvention tools (Tor, Psiphon, RiseupVPN);
- Middleboxes on tested networks;
- Speed and performance of tested networks;
- Video-streaming performance.
The OONI Probe app communicates with the OONI backend: a centralized service that receives network measurement data from the probes, processes it, and provides public access to it through OONI Explorer and the OONI API.
OONI Probe test results are called “measurements”, and they are automatically processed by the OONI backend to detect blocking in real-time.
OONI measurements are classified as:
* normal: no interference detected
* anomaly: interference detected
* confirmed: automatically confirmed censorship (based on a block page)
* failure: an error occurred during the measurement and it is therefore ignored
Due to the complexity of the blocking mechanisms and the large number of measurements, false positives can emerge. Currently, OONI only automatically confirms cases of blocking when block pages are served.
However, we perform investigations of significant events and publish reports.