Fabian Keil
2016-03-23 13:54:03 UTC
| Today the Open Observatory of Network Interference (OONI) team
| is pleased to announce the public beta release of OONI
| Explorer: a global map of more than 8.5 million network
| measurements which have been collected across 91 countries
| around the world over the last 3 years.
[...]
| 3. Blue Coat, Squid and Privoxy detected in 11 countries
|
| Transparent HTTP proxies can be used inside of small and large
| networks for various purposes: to intercept the web traffic of
| users, to implement caching or to speed up requests for
| commonly visited websites.
|
| Through OONI tests we detected 3 different types of proxy
| technology: Blue Coat, Squid and Privoxy. Blue Coat Systems is
| a US security and networking solutions provider which has been
| called out for selling network appliances capable of filtering,
| censorship, and surveillance to governments with poor human
| rights records. Its presence, along with Squid and Privoxy, has
| been reported in the networks of 11 countries: USA, Canada,
| Portugal, Spain, Italy, the Netherlands, Switzerland, Moldova,
| Iraq, Myanmar and Uganda. It remains unclear though whether
| such middle boxes were actually used for online censorship,
| surveillance and traffic manipulation, or if they were merely
| used for caching purposes.
|
| Furthermore, not all the detected instances of proxy
| technologies are necessarily deployed country-wide or even on
| an ISP level, but in some cases they might simply be running
| inside of the local network of the OONI user. It is interesting
| to note that the use of Blue Coat was first detected in Myanmar
| in 2012, but when another measurement was run from the same
| network in 2014 it was no longer detectable in the same
| way. This can either mean that it was removed or that it is no
| longer detectable.
Source: https://blog.torproject.org/blog/ooni-explorer-censorship-and-other-network-anomalies-around-world
Unfortunately "OONI Explorer" requires remote code execution
to work and the interface is a bit confusing (too me).
I haven't found a way to show all networks were Privoxy was
(supposedly) detected, but it's explicitly mentioned on the
report page for Canada in "AS0":
https://explorer.ooni.torproject.org/country/CA
The probe data seems to indicate that someone is still using
Privoxy 3.0.21 and could not be bothered to update to a more
recent version yet, despite the known security issues:
https://explorer.ooni.torproject.org/measurement/mXVZCoZqxXBVJzAWgGgMkLVqh8ljxhlVUb9RYrg20h7OYdZGVf196f58arCPIJh5
It's not obvious to me that the creators of the report ruled
out the possibility that the intercepting Privoxy instance
wasn't running in the ISP network, but on the box that was running
OONI. In the latter case the interception could be unintentionally.
Fabian
| is pleased to announce the public beta release of OONI
| Explorer: a global map of more than 8.5 million network
| measurements which have been collected across 91 countries
| around the world over the last 3 years.
[...]
| 3. Blue Coat, Squid and Privoxy detected in 11 countries
|
| Transparent HTTP proxies can be used inside of small and large
| networks for various purposes: to intercept the web traffic of
| users, to implement caching or to speed up requests for
| commonly visited websites.
|
| Through OONI tests we detected 3 different types of proxy
| technology: Blue Coat, Squid and Privoxy. Blue Coat Systems is
| a US security and networking solutions provider which has been
| called out for selling network appliances capable of filtering,
| censorship, and surveillance to governments with poor human
| rights records. Its presence, along with Squid and Privoxy, has
| been reported in the networks of 11 countries: USA, Canada,
| Portugal, Spain, Italy, the Netherlands, Switzerland, Moldova,
| Iraq, Myanmar and Uganda. It remains unclear though whether
| such middle boxes were actually used for online censorship,
| surveillance and traffic manipulation, or if they were merely
| used for caching purposes.
|
| Furthermore, not all the detected instances of proxy
| technologies are necessarily deployed country-wide or even on
| an ISP level, but in some cases they might simply be running
| inside of the local network of the OONI user. It is interesting
| to note that the use of Blue Coat was first detected in Myanmar
| in 2012, but when another measurement was run from the same
| network in 2014 it was no longer detectable in the same
| way. This can either mean that it was removed or that it is no
| longer detectable.
Source: https://blog.torproject.org/blog/ooni-explorer-censorship-and-other-network-anomalies-around-world
Unfortunately "OONI Explorer" requires remote code execution
to work and the interface is a bit confusing (too me).
I haven't found a way to show all networks were Privoxy was
(supposedly) detected, but it's explicitly mentioned on the
report page for Canada in "AS0":
https://explorer.ooni.torproject.org/country/CA
The probe data seems to indicate that someone is still using
Privoxy 3.0.21 and could not be bothered to update to a more
recent version yet, despite the known security issues:
https://explorer.ooni.torproject.org/measurement/mXVZCoZqxXBVJzAWgGgMkLVqh8ljxhlVUb9RYrg20h7OYdZGVf196f58arCPIJh5
It's not obvious to me that the creators of the report ruled
out the possibility that the intercepting Privoxy instance
wasn't running in the ISP network, but on the box that was running
OONI. In the latter case the interception could be unintentionally.
Fabian