[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New OONI release: Test sites you care about!



Hi Seth,

When you click on a link with OONI Run the user is presented with a page that shows them the list of URLs (if the test is web_connectivity) that they are about to test.
If a malicious URL is included in such list, the user will be able to avoid running it by simply clicking the X button.

The run.ooni.io links are also defined as a custom URI inside of both apps, so if the app is installed, the user will actually never be connecting to ooni.io servers.

That said, something to keep in mind, is that OONI Probe is not a privacy tool, but rather a tool for investigations and as such poses some risks (as we explain inside of our informed consent procedure).

We are not aware of any OONI Probe users having gotten into trouble for using our tool, but we prefer to air always on the safe side be sure that they understand very well the speculative risks that they could run into.

Hope this answers your question,

Feel free to contact me on and/or off-list if you have any follow up questions,

~ Arturo

On 27 September 2017 at 19:55:03, Seth David Schoen (schoen@xxxxxxx) wrote:

Hi Maria,

I also posted this question as a comment on the blog post, but I was
wondering if OONI encounters adversarial activity from censors who
try to either locate and shut down OONI nodes, or return different
information to OONI nodes than to other Internet users. If so, the
OONI Run feature could make it extremely easy for censors to identify
where OONI probe nodes are located, by just setting up a site under
their control and submitting it to OONI Run. But maybe this isn't a
problem that the project has encountered so far.

--  
Seth Schoen <schoen@xxxxxxx>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--  
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Attachment: signature.asc
Description: Message signed with OpenPGP using AMPGpg

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk