Hi Seth, When you click on a link with OONI Run the user is presented with a page that shows them the list of URLs (if the test is web_connectivity) that they are about to test. If a malicious URL is included in such list, the user will be able to avoid running it by simply clicking the X button. The run.ooni.io links are also defined as a custom URI inside of both apps, so if the app is installed, the user will actually never be connecting to ooni.io servers. That said, something to keep in mind, is that OONI Probe is not a privacy tool, but rather a tool for investigations and as such poses some risks (as we explain inside of our informed consent procedure). We are not aware of any OONI Probe users having gotten into trouble for using our tool, but we prefer to air always on the safe side be sure that they understand very well the speculative risks that they could run into. Hope this answers your question, Feel free to contact me on and/or off-list if you have any follow up questions, ~ Arturo On 27 September 2017 at 19:55:03, Seth David Schoen (schoen@xxxxxxx) wrote: Hi Maria, I also posted this question as a comment on the blog post, but I was wondering if OONI encounters adversarial activity from censors who try to either locate and shut down OONI nodes, or return different information to OONI nodes than to other Internet users. If so, the OONI Run feature could make it extremely easy for censors to identify where OONI probe nodes are located, by just setting up a site under their control and submitting it to OONI Run. But maybe this isn't a problem that the project has encountered so far. -- Seth Schoen <schoen@xxxxxxx> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Attachment:
signature.asc
Description: Message signed with OpenPGP using AMPGpg
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk