Opened 4 years ago

Closed 4 years ago

#15159 closed enhancement (fixed)

Add meek support to ooni-probe

Reported by: dcf Owned by: hellais
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Keywords:
Cc: joelanders Actual Points:
Parent ID: #15170 Points:
Reviewer: Sponsor:

Description

It would be nice if ooni-probe could test current and potential front domains used by meek. This could be as simple as doing an HTTPS fetch and seeing if it completes successfully, with the expected certificate. The idea is, that the most likely way for a censor to block meek is to block the front domain somehow.

The current list of fronts is:
https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/PTConfigs/bridge_prefs.js

  • www.google.com
  • a0.awsstatic.com
  • ajax.aspnetcdn.com

Then, it would be good to test some potential future domain names, so we would know which ones are reachable in case we need to switch (like this mailing list post, What to do if meek gets blocked). For example,

  • www.gmail.com
  • www.google.com.mx
  • www.orkut.com
  • ssl.google-analytics.com
  • www.doubleclick.net
  • officeimg.vo.msecnd.net

It might be fun to test also the non-fronted domains, just in case a censor tried doing that:

  • meek-reflect.appspot.com
  • d2zfqthxsdq309.cloudfront.net
  • az668014.vo.msecnd.net

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by hellais

Parent ID: #15170

comment:2 Changed 4 years ago by dcf

Arturo pointed me to the upstream Citizen Lab test-lists repository from which ooniprobe gets its list of URLs. In one of the files is the list of Tor Browser bridges:

https://github.com/citizenlab/test-lists/blob/b725ceb0829dfdef80336b466d18356ce7315303/lists/services/tor/bridges.csv

Arturo says that ooniprobe has logic to parse out the bridge lines and try connecting to Tor using each of them.

I found a recent bridge_reachability report:

http://api.ooni.io/reportFiles/2015-05-27/20150527T040045Z-AS29182-bridge_reachability-v1-probe.yaml.gz

However it doesn't contain the word "meek" (nor "flashproxy", nor "obfs4"). Am I looking in the wrong place?

The other domains I mentioned in the description, I plan to handle by submitting them to the upstream test-lists repository.

Last edited 4 years ago by dcf (previous) (diff)

comment:3 Changed 4 years ago by dcf

Resolution: fixed
Status: newclosed

The relevant URLs were merged upstream in https://github.com/citizenlab/test-lists/pull/26.

Note: See TracTickets for help on using tickets.