OONI report released: The State of Internet Censorship in Thailand

SEATTLE, WA, USA – Monday, March 20th, 2017 – The Tor Project announces the release of The State of Internet Censorship in Thailand, a report from a joint research study by Open Observatory of Network Interference (OONI), Sinar Project, and the Thai Netizen Network. The study aims to increase transparency of Internet controls in Thailand and to collect data that can potentially corroborate rumors and reports of Internet censorship events. The key finding of this report reveal that Internet Service Providers (ISPs) in Thailand appear to be blocking websites at their own discretion.

"We hope the findings of this report will enhance public debate around the necessity and proportionality of information controls," said Maria Xynou, Research and Partnerships Coordinator for OONI. Adding further that "A dozen websites, including The New York Post (nypost.com), were blocked in some networks, while accessible in others, indicates that Thai ISPs are likely blocking content at their own discretion."

Multiple censorship events in Thailand have been reported over the last decade. More than 10,000 URLs were reportedly blocked by the Government in 2010. Following Thailand’s most recent coup d’etat, Citizen Lab reported that 56 websites were blocked between May and June of 2014. One importance of undertaking this study, which collects and analyzes network measurements, is to examine whether Internet censorship events are persisting in the country.

Anyone can contribute to the research efforts by OONI by installing and running ooniprobe, thus increasing the transparency of Internet censorship in Southeast Asia and beyond.

About Open Observatory of Network Interference

The Open Observatory of Network Interference (OONI) is a free software project under The Tor Project that aims to empower decentralized efforts in increasing transparency of Internet censorship around the world. Since 2012, OONI has collected millions of network measurements from more than 190 countries, shedding light on multiple instances of network interference.

About Sinar Project

Sinar Project is an initiative using open technology and applications to systematically make important information public and more accessible to the Malaysian people. It aims to improve governance and encourage greater citizen involvement in the public affairs of the nation by making the Malaysian Government more open, transparent and accountable. We build open source civic tech applications, work to open government with open data and defend digital rights for citizens to apply their democratic rights.

About Thai Netizen Network

Thai Netizen Network (TNN), founded in 2008, is a leading nonprofit organization in Thailand that advocates for digital rights and civil liberties. The group was officially registered as มูลนิธิเพื่ออินเทอร์เน็ตและวัฒนธรรมพลเมือง (Foundation for Internet and Civic Culture) in May 2014.

About Tor Project, Inc

The Tor Project develops and distributes free software and has built an open and free network that helps people defend against online surveillance that threatens personal freedom and privacy. Tor is used by human rights defenders, diplomats, government officials, and millions of ordinary people who value freedom from surveillance.

The Tor Project's Mission Statement: "To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding."

Media Contacts

Joshua Gay
Communications Director
Tor Project

Maria Xynou (OONI)

Arturo Filasto (OONI)

Tor at the Heart: OONI Highlights from 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

In this post we provide some highlights from OONI, a project under The Tor Project.

The Open Observatory of Network Interference (OONI) is a free software project under The Tor Project that aims to uncover internet censorship around the world. Recently we published an overview of OONI which can be found here.

Today we are providing some OONI highlights from 2016. These include our research findings in collaboration with our partners, and the new features we have developed and released to meet our users’ needs.

Research findings

As part of the OONI Partnership Program we collaborate with various local and international non-profit organizations around the world on the study of internet censorship. Below we provide some highlights from our research findings this year.

Censorship during elections

  • Uganda: Facebook and Twitter blocked during 2016 general elections. In collaboration with DefendDefenders we examined the blocking of social media in Uganda during its 2016 general elections and when the country’s President was inaugurated. View our findings here.
  • Zambia: Internet censorship events during 2016 general elections. OONI monitored internet censorship events during Zambia’s 2016 general election period in collaboration with Strathmore University’s Centre for Intellectual Property and Information Technology Law (CIPIT). A full report of our study can be found here.
  • The Gambia: Internet shutdown during 2016 presidential election. We attempted to examine whether websites were blocked during the Gambia’s 2016 presidential election. Instead, we came across a country-wide internet blackout. View our findings here.
  • Venezuela: Blocking of sites during elections. IPYS conducted a study of internet censorship in Venezuela through the use of ooniprobe. Their full report can be found here.

Censorship during other political events

  • Ethiopia: Deep Packet Inspection (DPI) technology used to block media websites during major political protests. OONI joined forces with Amnesty International to examine internet censorship events during Ethiopia’s wave of protests. We not only detected DPI filtering technology, but we also found numerous sites - including news outlets, torproject.org, LGBTI and human rights sites - to be tampered with. Now Ethiopia is in a state of emergency. Our report can be found here.
  • Turkey: Internet access disruptions during attempted military coup. In collaboration with RIPE Atlas we examined the throttling of social media in Turkey during the attempted military coup in July. View the findings here.
  • Ethiopia: Internet shutdown amidst political protests. Ethiopia’s government pulled the plug on the internet in the middle of heavy protests in August. We examined the internet shutdown in collaboration with Strathmore University’s Centre for Intellectual Property and Information Technology Law (CIPIT) and published our findings here.

Tor blocking

  • Egypt: Tor interference. Our community informed us that certain services were inaccessible in Egypt. We investigated the issue and also found Tor to be tampered with. View our findings here.
  • Belarus: Tor block. An anonymous cypherpunk helped us collect evidence of Tor blocking in Belarus. View the data here.

WhatsApp blocking and DNS censorship

  • Brazil: Blocking of WhatsApp. Thanks to Coding Rights who ran our newly developed WhatsApp test, we were able to detect and collect evidence of the blocking of WhatsApp in Brazil earlier this year. View the data here.
  • Malaysia: DNS blocking of news outlets, medium.com, and sites expressing political criticism. Following the 1MDB scandal, various news outlets were reportedly blocked in Malaysia. OONI joined forces with Sinar Project to examine and collect evidence of internet censorship events in Malaysia. Our report can be found here.

New releases

If you’ve known OONI for a while, you might be more familiar with ooniprobe as a command line tool. To meet our users’ needs, we developed a variety of features this year, including the following:

  • OONI Explorer: A global map to explore and interact with all of the network measurements that OONI has collected from 2012 to date.
  • Measurement API: Explore and analyze OONI’s data via its new API.
  • OONI web UI: Run censorship tests from your web browser!
  • WhatsApp & Facebook Messenger tests: Examine the reachability of WhatsApp and Facebook Messenger with OONI’s new tests!
  • Web Connectivity test: Examine DNS, TCP/IP, HTTP blocking of sites all in one test!
  • Lepidopter: Run ooniprobe from a Raspberry Pi!
  • OONI mobile: We have developed the beta version of ooniprobe for Android and iOS. Look out for ooniprobe’s mobile app in early 2017!

Over the last year, many non-profit organizations around the world have started running ooniprobe daily. The graph below illustrates the expansion of ooniprobe’s global coverage thanks to our users.

By supporting Tor, you’re also supporting the OONI project. Help us continue to increase transparency around internet censorship by donating to The Tor Project.

Written by Maria Xynou, OONI’s Research and Partnerships Coordinator.

Tor at the Heart: The OONI project

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

In this post we provide an overview of OONI, a project under The Tor Project.

The Open Observatory of Network Interference (OONI) is a free software project under The Tor Project that aims to increase transparency about internet censorship around the world. To this end, OONI has developed multiple free software tests (called ooniprobe) that are designed to examine the following:

  • Blocking of websites;
  • Blocking of Instant Messaging software such as WhatsApp and Facebook Messenger;
  • Blocking of Tor, proxies, VPNs, and sensitive domains;
  • Detection of systems responsible for censorship, surveillance and traffic manipulation.

Anyone can run these tests to examine whether censorship is being implemented in their network. All data collected through ooniprobe is published and can serve as a resource for those who are interested in knowing how, when, and by whom internet censorship is being implemented. You can find OONI’s data in JSON format or via OONI Explorer: a global map for exploring and interacting with all the network measurement data that OONI has collected from 2012 to date.

Hundreds of volunteers have run ooniprobe across more than 100 countries around the world, shedding light on multiple instances of internet censorship. WhatsApp, for example, was found to be blocked in Brazil earlier this year, while Facebook and Twitter were censored during Uganda’s 2016 general elections. OONI data also shows that news websites were blocked in Iran and India, amongst many other countries, and that sites supporting LGBTI dating also appeared to be tampered with in Zambia.

OONI aims to equip the public around the world with data that can serve as evidence of internet censorship events. Such data not only shows whether a site or service was blocked, but more importantly, how it was blocked, when, where, and by whom. This type of information can be particularly useful to the following:

  • Lawyers: Examine the legality of the type of internet censorship implemented in your country, and use OONI’s data as evidence.
  • Journalists: Improve the credibility of your stories by referencing network measurement data as evidence of censorship events.
  • Researchers: Use OONI’s data to explore new questions. Researchers from the University of Cambridge and UC Berkeley, for example, were able to examine the differential treatment of anonymous users through the use of OONI data.
  • Activists, advocates, campaigners: Inform your work based on evidence of censorship events.
  • Circumvention tool projects: Inform the development of your tools and strategies based on OONI’s findings on censorship events around the world.

To empower participation in censorship research, OONI has established partnerships with local non-profit organizations around the world. Some of these organizations include:

These partnerships involve the daily collection of network measurements from local vantage points, determining which sites and services to test per country, and analyzing measurements within social, political, and legal context. Some partners, such as Sinar Project, even organize regional workshops to teach other groups and organizations how to measure internet censorship through the use of ooniprobe.

The Tor Project has supported the OONI project from day 1. Donate to The Tor Project today and help us continue to uncover internet censorship around the world.

Written by Maria Xynou, OONI’s Research and Partnerships Coordinator

OONI is looking for a UX designer!


Passionate about design and Internet freedom?

The Open Observatory of Network Interference (OONI), a free software project under The Tor Project that aims to uncover Internet censorship by monitoring its prevalence around the world, is seeking a UX designer.

Up until recently, users would run OONI’s software (ooniprobe) from the command line. Soon we aim to release both a desktop (web based) and mobile client that will enable users to run ooniprobe from a graphical user interface. We want to make the user interface as usable and graphically appealing as possible to engage more users.

If you’re interested in designing the interface of OONI’s new desktop and mobile clients, please don’t hesitate to apply! Information on how to apply can be found here.

The Tor Project is Hiring a Developer for OONI!

Are you a software engineer passionate about internet freedom and transparency? The Tor Project is hiring a full-time developer to work on OONI!

What’s OONI?

The Open Observatory of Network Interference (OONI) is a free software effort of the Tor Project which aims to detect online censorship and traffic manipulation around the world through the collection of network measurements.

OONI is based on free software tests that are designed to measure:

  • Blocking of websites
  • Systems responsible for censorship, surveillance and traffic manipulation
  • Reachability of Tor, proxies, VPNs, and other systems

Since 2012, OONI has collected more than 9.5 million measurements across 96 countries, all of which are public and provide evidence and data to back up claims of network manipulation.

Why join OONI?

OONI is in a unique position to bring transparency to technical censorship. You can play a key part in keeping the web free and neutral.

By joining the team, you will play an important role not only in paving the road for a better interference detection system, but you will also be responsible for software run by activists around the world. Your work will help reveal unlawful censorship and surveillance around the world and aid the work of human rights defenders.

Becoming an OONI-tarian

As a core OONI developer, you will contribute to some of our active development efforts, including:

These tasks will increase the impact of the millions of measurements that OONI is currently hosting, the hundreds of vantage points around the world, and the future of censorship measurement.

Learn more and apply to join the OONI team as a core developer here.

Tracking The Impact of the WhatsApp Blockage on Tor

On May 2, 2016, a Brazilian judge ordered cell phone carriers to block access to the messaging service WhatsApp for 72 hours. The order applied to the whole nation of Brazil—100 million WhatsApp users. Worldwide, Internet censorship events happen frequently. They may occur in countries like Brazil or in oppressive regimes like Egypt or Saudi Arabia. We want to understand better what happens during these events.

If we can watch certain data points, we can observe, for instance, whether or not our tools are efficiently circumventing such blockages. The Tor Project has a set of tools that can help us learn these answers. We can not only identify whether a censorship event has happened, but see how it was accomplished by the censor, and observe if people are using our tool to bypass it.

The Open Observatory of Network Interference (OONI) is a Tor project focused on detecting censorship, surveillance, and traffic manipulation on the Internet. For the recent WhatsApp case, OONI published a report showing that the Brazilian mobile carriers blocked WhatsApp’s website through DNS hijacking.

OONI was able to determine this by running two tests on Brazil's network:
DNS-consistency tests
HTTP-request tests

While OONI tests are not currently designed to directly test instant messaging (IM) protocols, OONI did monitor access to the WhatsApp website. This data allows us to analyze the censorship mechanisms used, and to determine if tools like Tor can bypass the block.

In this case, an Android user could download Orbot, a Tor proxy tool for Android, and successfully bypass the censorship with its VPN mode.

As soon as the blockade was announced, we began promoting key tips in Portuguese on social media and elsewhere to instruct Brazilians about how to bypass the WhatsApp blockage on Android with Orbot.

For Orbot statistics, we don't use Google Analytics or other system to track Orbot users, other than what Google Play can show us about installs and uninstalls. Based only on that, Orbot's active install for Brazil on May 1st was at 33,458. On May 2nd it went up to 41,333.

Taking a look at the number of downloads for Orbot in Brazil, we saw a 20% to 30% increase in the rate of downloading on those days.

There was a similar increase on the Tor network, where the average number of daily direct connected users for Brazil, went from ~50,000 to 60,000 in 24 hours.

Our metrics.torproject.org portal, which hosts data visualizations from our network, also caught the circumvention event. The little blue dot represents the fact that something is happening in the region. Is great to see that even for very sudden and short-lived actions (the block was lifted in Brazil after about 24 hours), we were still capable of capturing it in our data. You can read here about how we do it and the precautions we take while collecting such data so we don't affect user privacy.

We know that we are talking about a small number of users in a world of 100 million, in the case of WhatsApp. There is still a lot of work to be done to help people become aware of such tools. However, it is great to see our projects coming together to tell this story.

Our experience with the WhatsApp blockage in Brazil demonstrates the potential these efforts have to provide us with information about censorship events and to help us build circumvention mechanisms against them.

We are working hard on new features for these tools; for instance, we want to deploy more mobile network tests for OONI and better visualizations of our data so that others can easily explore and learn from them, and we continue to improve user experience on our apps. Keep an eye on this blog as we develop this work!

OONI Explorer: Censorship and other Network Anomalies Around the World

Today the Open Observatory of Network Interference (OONI) team is pleased to announce the public beta release of OONI Explorer: a global map of more than 8.5 million network measurements which have been collected across 91 countries around the world over the last 3 years.

OONI is based on 15 free software tests which are designed to measure the following:

  • Blocking of websites
  • Detection of systems responsible for censorship, surveillance and manipulation
  • Reachability of Tor, proxies, VPNs, and sensitive domains

These tests have been run across 398 different vantage points by volunteers around the world since 2012. The OONI Explorer announced today provides a location to interact and - dare we say - explore all of the collected measurements.

Key Findings

Some of the highlights in the data:

1. Confirmed cases of censorship in 9 countries

Multiple HTTP request tests were run around the world and based on our heuristics, we were able to detect block pages in 9 countries: Iran, Saudi Arabia, Turkey, Greece, China, Russia, India, Indonesia and Sudan.

Blocked websites include media, gambling and over-the-counter money exchanges. In Greece, for example, all of the tested ISPs employed DNS hijacking to block such websites, with the exception of Vodafone that also used Deep Packet Inspection. OONI tests in Turkey illustrate that 62 websites were blocked, including piratebay.com, livescore.com and 4shared.com, possibly under Law No. 5651 on the ‘Regulation of Publications on the Internet and Suppression of Crimes Committed by means of Such Publication’. Notably, 362 blocked websites were detected as blocked in Iran and 50 in Saudi Arabia, including arabtimes.com, mossad.gov.il and anonym.to, a URL shortening service with privacy properties.

Some of our tests for domains were focused on specific websites which were rumored or reported to be blocked. In January 2015, for example, the Government of India ordered the blocking of 32 websites under Section 69A of the Information Technology Act, 2000, and under the Information Technology (Procedures and Safeguards for Blocking of Access of Information by Public) Rules, 2009. Following these reports, OONI tests run on those websites were able to confirm that 23 of those websites were in fact blocked in the network that was tested, including websites such as pastebin.com, dailymotion.com and archive.org.

Leading up to the 2016 general elections in Uganda, OONI volunteers ran HTTP request tests in response to reports that Facebook and Twitter were being blocked. We did not detect block pages, but we did detect general network anomalies which indicate that it's likely the case that Ugandan ISPs were blocking some requests, but not others. It is also possible that Facebook and Twitter were only blocked in specific networks, and not countrywide.

2. Network anomalies in 71 countries

Out of the 91 countries with reported data, network anomalies were detected in 71 of them.

“Network anomalies” and “network interferences” are broad terms that we use to describe symptoms of censorship through the manipulation of internet traffic. These anomalies can take many forms, including connectivity failures, timeouts and unusual slowness, or unexpected error messages.

Not all HTTP request tests allow us to conclusively know that interference has occurred, because not all interference looks like a clear block page. Sometimes, censorship is hidden as connection failures instead. To gain confidence in detecting this type of interference, we can look at repeated failures to websites that are known to be operating normally. In Cuba, for example, it is interesting to see that while no block pages were detected, HTTP requests to cubafreepress.org failed multiple times.

Symptoms of traffic manipulation were detected in multiple countries around the world through HTTP invalid request line and HTTP header field manipulation tests, which look for middle boxes: network equipment that intercept and sometimes alter the traffic passing through them. Multiple HTTP invalid request line tests run in Vietnam from 2013 to 2015 triggered errors and indicate that middle boxes were regularly observing the traffic in the country. Similarly, many HTTP invalid request line tests in Pakistan and elsewhere indicate the presence of software which is capable of traffic manipulation.

3. Blue Coat, Squid and Privoxy detected in 11 countries

Transparent HTTP proxies can be used inside of small and large networks for various purposes: to intercept the web traffic of users, to implement caching or to speed up requests for commonly visited websites.

Through OONI tests we detected 3 different types of proxy technology: Blue Coat, Squid and Privoxy. Blue Coat Systems is a US security and networking solutions provider which has been called out for selling network appliances capable of filtering, censorship, and surveillance to governments with poor human rights records. Its presence, along with Squid and Privoxy, has been reported in the networks of 11 countries: USA, Canada, Portugal, Spain, Italy, the Netherlands, Switzerland, Moldova, Iraq, Myanmar and Uganda. It remains unclear though whether such middle boxes were actually used for online censorship, surveillance and traffic manipulation, or if they were merely used for caching purposes.

Furthermore, not all the detected instances of proxy technologies are necessarily deployed country-wide or even on an ISP level, but in some cases they might simply be running inside of the local network of the OONI user. It is interesting to note that the use of Blue Coat was first detected in Myanmar in 2012, but when another measurement was run from the same network in 2014 it was no longer detectable in the same way. This can either mean that it was removed or that it is no longer detectable.

Contribute to OONI Explorer

OONI Explorer was made possible by the growing community of volunteers around the world who have contributed to the project. You can contribute too by:

Happy OONI exploring!

OONI Bridge reachability study and hackfest

Has a Tor bridge already been blocked in a given country? Being able to answer that question would allow Tor to provide more efficient circumvention methods to those who need them. OONI, the Open Observatory of Network Interference is now actively collecting data on bridge reachability. We are also interested in having a better understanding of how reactive censors are in blocking new bridges distributed via Tor Browser and how effective they are at inhibiting usage of particular pluggable transport.

The countries we are focusing on in this survey are China, Iran, Russia and Ukraine. We call these our test vantage points.

From every test vantage point we perform two types of measurements:

To establish a baseline to eliminate the cases in which the bridge is marked as blocked, while it is in fact just offline, we measure also from a vantage point located in the Netherlands.

So far we have collected about a month worth of data and it is as always publicly available for download by anybody interested in looking at it.

To advance this study at the end of October we did a OONI hackfest in Berlin. Helped by the ubiquitous sticky notes we were able to come up with a plan for those days of work and for continuing the project.

The first visualisation we produced is that of the reachability of bridges categorised by country and pluggable transport over time. This simple visualisation already conveys a lot of information and has proven itself a useful tool also in debugging issues with ooniprobe and the tools we use.

You can visit the actual page by clicking on the picture above.
Please note that because the tests are new and experimental you might find inaccuracies or bugs, so don't seriously rely on it for research just yet.

We also developed a data pipeline that places all of the collected OONI reports into a database. This makes it much easier to search/aggregate and visualise the data of the reports.

To read more about this project check out the ooni-dev mailing list thread on this topic.

This project is still in it's very early stages of development, but we would love to hear feedback on it or your cool visualization ideas, as well as any questions regarding Tor bridge reachability (or more in general on Internet censorship) that you would like us to answer!

Politically motivated censorship in Bethlehem, Palestine

The internet agency Hadara is restricting access to certain content for users in Bethlehem, Palestine. The content of the websites in question appears to be in support of Muhammad Dahlan, the former leader of Fatah.

The Hadara network in Palestine is using a transparent HTTP proxy to inspect content and to censor the content of specific sites. A transparent HTTP proxy intercepts all of the customer's access attempts, technically the HTTP requests being done on the network by the customer's browser, and then the proxy makes requests in place of the client. Sometimes this is a good thing, especially on congested networks or very expensive network connections. This is useful because the proxy can serve the cached version of the requested object if it already has the most up to date version of the requested page; therefore an ISP may minimize the amount of traffic that needs to leave it's network. Sometimes it's a bad thing, such as when the ISP censors access to an otherwise normally available resource.

We've found that the Hadara transparent HTTP proxy is not being used simply to decrease webpage loading times or to reduce costs. It is also being used to censor access and to block content. The Open Observatory of Network Interference (OONI), did a scan of over 1 million websites to understand which ones where being censored and which were freely accessible.

The OONI scanning techniques involved connecting to a known good HTTP server and making HTTP GET requests. Each GET request contained specially crafted Host header field that contained a given possibly blocked website. These requests were intercepted by the transparent HTTP proxy and when the site was present inside of the blocklist, it would return an error page, rather than the expected content.

In each case of a blocked page, the error page would be served immediately (without requiring a connection to the outside network) it was possible to parallelize a large amount of simultaneous connections and to set a very low timeout value. Because of this we were able to probe access for the Alexa top 1 million domains in less than 7 days.

At the moment there has not been any official response from the ISP in question and the actors responsible for the censorship have not come out. We believe that the access to information is an intrinsic human right and measures that limit people ability to read should be fought.

For more technical details check out the full report on the OONI webpage.

For the journalistic stories relating to this filtering, please see the article on Ma'An and this post on EFF.

Syndicate content Syndicate content