Opened 5 years ago

Closed 20 months ago

#14762 closed defect (wontfix)

Redesign how we inform the user of the risks of running ooniprobe and get informed consent from them

Reported by: hellais Owned by: hellais
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Normal Keywords: archived-closed-2018-07-04
Cc: vasilis, cda Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


This is a topic that has been widely discussed on the ooni-dev mailing list: as well as on other more specific mailing lists that deal with ethics of network measurements.

Dan O'Huiginn has written a draft of proposed improvements to the ooniprobe README document and warning message when running the software ( that I quote here:


WARNING: Running OONI may be illegal in your country, or forbidden by
your ISP. By running OONI you will connect to web services which may be
banned, and use web censorship circumvention methods such as Tor. The
OONI project will publish data submitted by probes, possibly including
your IP address or other identifying information. In addition, your use
of OONI will be clear to anybody who has access to your computer, and to
anybody who can monitor your internet connection (such as your employer,
ISP or government).

[link to long version]



OONI does several things which may be illegal in your country, and/or
banned by your ISP.

OONI's http test will download data from controversial websites,
specifically targeting those which may be censored in your country.
These may include, for example, sites containing pornography or hate
speech. You can find a list of sites checked at

Even where these sites are not blocked, it may be illegal to access
them. It may also be illegal to bypass censorship, as OONI attempts by
using Tor.

In the most extreme case, any form of network monitoring could be
illegal or banned, or even considered a form of espionage.

[Include link to some resource on relevant laws globally. Someone like
the EFF must have one of these; does anybody have a link?]


about your internet connection to the whole world. Particular groups,
such as your ISP and web services used by the ooni tests, will be able
to discover even more detailed information about you.

THE PUBLIC will be able to see the information collected by OONIprobe.
This will definitely include your approximate location, the network
(ASN) you are connecting from, and when you ran ooniprobe. Other
identifying information, such as your IP address, is not deliberately
collected, but may be included in HTTP headers or other metadata. The
full page content downloaded by OONI could potentially include further
information, for example if a website includes tracking codes or custom
content based on your network location.

You can see what information OONI releases to the public at You should expect this information
to remain online PERMANENTLY. [include details of retention policy, once
we have one]

THE OONI PROJECT will also be able to see your IP address [What other
info do we get?]

all web traffic generated by OONI, including your IP address, and will
likely be able to link it to you personally. These organizations might
include your government, your ISP, and your employer.

ANYBODY WITH ACCESS TO YOUR COMPUTER, now or in the future, may be able
to detect that you have installed or run ooni

SERVICES CONNECTED TO BY OONI will be able to see your IP address, and
may be able to detect that you are using OONI

I suggest we use this as a starting point and discuss additions, improvements etc. on this via this ticket.

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by hellais

As stated in #14760 and #14761 we are in contact with a team of lawyers.

Since our last conversation we have requested that they develop an informed consent procedure for lepidopter and ooniprobe.

They have been given these texts and will give us a workflow of how to implement this in the upcoming months.

comment:2 Changed 2 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:3 Changed 20 months ago by teor

Keywords: archived-closed-2018-07-04 added
Resolution: wontfix
Status: newclosed

Close all tickets in archived components

Note: See TracTickets for help on using tickets.