How a Hacker Launched a Decentralized Network to Track Internet Censorship


The Takeaway

  • Political and social upheaval around the world can lead to internet censorship and interference by powerful actors.
  • The Open Observatory of Network Interference (OONI) is allowing people around the world to monitor internet censorship and interference in their countries in a decentralized manner for free.
  • It has created the world’s largest open dataset on internet censorship, with millions of measurements collected from more than 200 countries since 2012.
Belarus residents are fighting back against the alleged illegitimate re-election of leader Alexander Lukashenko, otherwise known as the “last dictator of Europe,” since the election occurred Aug. 9. Lukashenko’s contested victory has led to widespread protests and violence against protestors by the military, and caused Lukashenko’s opponent to flee the country.

Amid the protests, which have been ongoing, various parts of the internet were also shut down across the country including social networks and message sites such as Telegram and Facebook, as well as some news outlets. Lukashenko has denied shutting down the internet, blaming foreign interference, but further reporting suggests the government is, in fact, responsible.

In a new report shared exclusively with CoinDesk, the decentralized internet censorship testing network Open Observatory of Network Interference (OONI), found 86 websites were blocked in Belarus in August, including 19 communications platforms such as Telegram and encrypted email services.

“These include news media, political opposition, pro-democracy, and election related websites, as well as communication and circumvention tool sites,” the report found.

The origins of OONI

OONI has been working as a global community to document internet censorship and interference since 2012. Using a free and open source software it developed called OONI Probe, the organization has built a “decentralized, citizen-led, Internet censorship observatory.” It publishes measurements in order to develop a public archive on network interference and increase transparency about censorship. The data for the Belarus report, for example, was gathered from OONI probe users on the ground in the country.

With rising authoritarianism around the world, information crackdowns due to COVID-19 and states constantly developing more advanced methods of suppressing information and engaging in censorship, the work OONI and the network using its software are doing has a renewed sense of urgency.

“A lot of our principles and ideas come from being cypherpunks basically,” said Arturo Filastò, a Rome-based hacker who founded and leads OONI.  “The concept is that we can build tools and technology that empower people to take actions and bring about change. A core concept of that is decentralization and the fact that everybody should be able to use our tool.”

Filastò was a hacker from his teen years. In a recent call with CoinDesk over Signal, he made it clear he espoused the ideas of, and aligned himself with, the cypherpunk mentality.

The original idea for OONI, which Filastò now describes as more a manifesto than an academic paper, was written while he was still at the Tor Project, which maintains the Tor browser.

Filastò said OONI definitely doesn’t want to be a central authority declaring how bad internet censorship is around the world. Rather, they want to empower people to document internet abuse wherever they see it.

“We want to build tools that empower anybody who wants to go out and say, ‘Okay, in my country there’s something wrong with respect to how the internet is being filtered and how it’s being interfered with,’” said Filastò.

A hard-data approach

The OONI probes focus not on anecdotal evidence but rather on hard, quantitative data. This approach prevents governments from claiming ignorance when they do, in fact, block something.

As a result, OONI has become the world’s largest open dataset on internet censorship with millions of measurements collected from more than 200 countries since 2012. There are tens of thousands of volunteers using it on the ground in authoritarian states such as Iran, Venezuela and Malaysia, according to Filastò.

“We intend to apply the scientific method to the realm of network surveillance and filtering detection,” read that initial paper. “In order to ensure reproducibility, all experiments conducted shall be properly documented and all data collected made available to the public in a timely manner. The same observations should be possible to reproduce independently, in line with standard full disclosure practice.”

How OONI’s tech works

The OONI probe runs a number of preprogrammed tests on the network. A user can decide which ones to run and how extensive they can be. Sometimes a single test can take hours, but tests can also be broken down among a network of users in a country to be run faster. Alternatively multiple devices could be set up to run them.

The OONI probe can test a wide array of factors.

In Belarus, blocking by internet service providers appeared to be implemented during the TLS handshake, which OONI attributes to either Deep Packet Inspection (DPI), an advanced method of tracking and managing traffic on a network, or that all traffic was going through a “proxy that blocks undesired connections,” according to the report.

The Server Name Indication (SNI) is seemingly being used to decide whether to block or let connections go through, according to OONI. The SNI is the method through which you’re able to make sure you end up on the proper domain by allowing you to specify it during the TLS handshake, or when a client (your device) and a server acknowledge and verify each other before establishing a connection.

It’s not just things like political or media sites that are blocked. Connections to things like virtual privacy networks (VPN) or encrypted email are also often disrupted, as these are the very tools that can be used to circumvent government censorship. Numerous proxies for the encrypted messaging app Telegram served as an organization and communication platform amid the ongoing protests in Belarus, particularly as other parts of the web were shut down. A number of privacy-preserving email providers were also blocked.

A global effort

OONI has a global testing website list, and country-specific lists in collaboration with Citizen Lab, a research group from the University of Toronto that studies the intersection of information and communication technologies, human rights, and global security, as well as other projects to develop metric measurements.

The tests are run on the users network and the control to check it is run on an OONI server in a location known not to be facing censorship. Users can also choose what websites, or categories of websites they don’t want to test if they so choose. Filastò said OONI is dedicated to informed consent, and lets users really shape tests how they see fit.

At a high level, Filastò said when it comes to websites, users test DNS resolution and compare for consistency. A DNS (Domain Name Server) resolution is the system by which an IP address is translated to domain names.

“This is a huge rabbit hole; it’s not so trivial as just matching IP addresses because of geolocation, timing, load balancing and a lot of other things,” said Filastò. “I won’t go into details, but the basic tactic is a DNS resolution and then check for consistency.”

This helps determine whether they’re consistently reachable or unreachable because tests also want to eliminate the cases in which there are false positives due to the website being down for reasons other than interference or manipulation.

Censorship on the ground in Malaysia

Khairil Yusof is the coordinator for the Sinar Project in Malaysia, which started out as a volunteer effort with a few tech activists who were at the Bersih 2.0 pro-democracy rally in 2011. The group’s focus was on open government and civic tech, but under an increasingly authoritarian government they also needed to pay attention to the possibility of online censorship.

They started seeing instances of censorship prior to Malaysia’s 2013 general election, and since then it’s only continued. As part of their efforts, Yusof said, they tried to build a monitoring site backed by data and tests.

“We ran into problems, and that’s when we discovered that OONI was also working on the same idea and at a global scale,” said Yusof. “It was an open project [that] had done much more research into this, and we were like, ‘Great, let’s work with them and then shift our efforts to working with OONI and the OONI community.’”

Many censorship reports in the media are anecdotal, said Yusof. These anecdotal reports are then used to generate various “Internet Freedom” indices. The problem with anecdotal evidence is that it’s easy to brush off or dismiss by saying, for example, a person’s internet was slow or the site was probably down. The purpose of the Sinar Project is to verify and support anecdotal claims with hard evidence that cannot be refuted.

The project focuses both on long-term data collection to track trends as well as on real-time data collection during key events like general elections.

“Our testing efforts, for example, allowed us to prove that election results sites were being blocked, and which was later used by journalists to track down the official [government] request to ISPs leading to the resignation of a few people at the Communications and Multimedia Commission (MCMC),” said Yusof.

Yusof noted he hasn’t seen any rise in censorship since the onset of the global pandemic but says sometimes, when the technical challenges of censorship are too high, Malaysia is resorting to more “analog” methods of silencing people, such as throwing them into prison.

“Mostly when the technical and economic costs of online censorship are too high, what we’ve seen in Southeast Asia is that offline actions such as arrests and jailing of activists or media for comments or reporting online has far more chilling effects on self-censorship than technical measures,” said Yusof.

Phishing in Venezuela

When Juan Guaido formed an interim legislative administration in Venezuela, he and his party were challenged by incumbent president Nicolás Maduro and labeled the “opposition party.” (Guaido is recognized as Venezuela’s legitimate leader by more than 50 countries.)

Health care is a state-run industry in Venezuela. The “Héroes de la Salud” platform was created in 2020 by Guaido’s disputed interim administration so that members of the public health-care system could share their information on its website and receive monthly financial assistance at a time of difficult working conditions and low wages.

However, visitors to the site were being inadvertently redirected by a state-run ISP to a different one: a phishing site cloned from the original ““Héroes de la Salud” by malicious actors opposed to Guaido, according to a late April report from Venezuela Inteligente, an organization that tracks network interference and censorship on the internet in Venezuela.

The users were rerouted through a domain name system (DNS) redirect, which is an attack that shows a web page to a user that is different from the one requested.

The phishing site was gathering personal information (including the Venezuelan equivalent of U.S. Social Security numbers) of public health workers, who could then face backlash if they were known to have asked for financial assistance from the “opposition.”

“These were public health workers redirected to a website designed with the sole purpose of tricking them and collecting their data,” said head of Venezuela Inteligente Andres E. Azpurua. “I don’t have any specifics on what has happened to some of those people. But we do know that that data was collected and published online. So there’s a list of highly sensitive information that’s just out there.”

Using OONI’s software, Azpurua was able to help document the discovery in a standardized and open fashion.

Going forward, OONI is hoping to continue to expand its network and build on the progress it has seen since 2012.

“Our real goal is empowering decentralized efforts of uncovering network interference around the world,” said Filastò. “That’s really what we strive for at the end of the day.”

Leave a Reply

Your email address will not be published. Required fields are marked *