Risks: Things you should know before using ooniprobe

To our knowledge, no ooniprobe user has ever faced consequences as a result of using our software. Therefore, the potential risks described below are theoretical and quite speculative. If you are running ooniprobe from a “high-risk environment”, we strongly encourage you to read all of the documentation below.

Summary of potential risks

Therefore the potential risks associated to running ooniprobe depend on:

  1. Your threat model. A high-profile activist already under a lot of surveillance, for example, might attract more attention when running ooniprobe.

  2. The laws and regulations in the country that you are running ooniprobe from. Best to consult with local lawyers, and to learn whether that country has a record in prosecuting individuals engaging in similar types of activities.

  3. The types of ooniprobe tests run. Not all ooniprobe tests carry the same weight in terms of potential risk. OONI’s WhatsApp test, for example, merely attempts to connect to servers that are already connected by more than a billion people around the world. You can opt-out from having ooniprobe run automatically, and you can choose which tests to run through OONI’s web user interface.

  4. The types of sites that you test. You can test your own list of sites through the following command line option: ooniprobe <test-name> -f <your-test-list>. You can also contribute to test lists and suggest URLs to be added or removed.

  5. Whether you have ooniprobe data published. You can opt-out from having your data published through ooniprobe settings.

Understanding potential risks more comprehensively

OONI’s software tests (called ooniprobe) are designed to test networks for signs of censorship, surveillance and traffic manipulation. In some countries around the world using ooniprobe may result in criminal prosecution, fines, or even imprisonment. We therefore strongly urge you to consult with a lawyer licensed to practice in your country prior to downloading, installing and running ooniprobe, and to carefully read the documentation below.

Users run ooniprobe at their own risk. By installing ooniprobe, users agree to comply with OONI’s software license and Data Policy. Neither the OONI project nor its parent organization, The Tor Project, can be held liable, jointly or severally, at law or at equity, to ooniprobe users and other third parties, for any risks or damages resulting from the use of ooniprobe under any tort, contract, or other causes of action.

Note: The risks described below are quite speculative. To our knowledge, no ooniprobe user has ever faced consequences from the risks described below. Nonetheless, we strongly encourage you to read the following information regarding potential risks associated with the use of ooniprobe.

Potential Penalties and Sanctions

In some countries, any form of active network measurement may be illegal, or even considered a form of espionage.

Many governments have a lengthy history of subjecting digital rights activists to various forms of abuse that may make it dangerous for individuals in these countries to run ooniprobe. The use of ooniprobe may therefore subject users to severe civil, criminal, or extra-judicial penalties. Such sanctions can potentially include:

In view of these threats, we strongly encourage you to consult with a lawyer and to understand the legal risks prior to using ooniprobe. Potential risks of using ooniprobe are detailed below.

Risks: Detection of ooniprobe

Certain users may face severe penalties if these users are detected by third parties (such as governments) who view ooniprobe as a threat.

The use of ooniprobe may be detected by third parties through the following:

Surveillance

Third parties (such as your government, your internet service provider, or your employer) may be monitoring some or all of your internet activity. This may allow them to detect the web traffic generated by your use of ooniprobe and to link it back to you personally.

Many countries employ sophisticated surveillance measures that allow governments to track individuals’ online activities – even if they are using privacy- preserving services such as Tor, Psiphon, virtual private networks (VPNs), or proxy servers. In such countries, governments or third parties may be able to identify you as an ooniprobe user regardless of what measures you take to protect your online privacy.

Tested services

The services ooniprobe connects to will be able to see your IP address and may be able to detect that you are using ooniprobe. You can view which services ooniprobe tests here.

Physical or remote access to a user’s device

As with any other software, the usage of ooniprobe can leave traces. As such, anyone with physical or remote access to your computer may be able to see that you have downloaded, installed or run ooniprobe.

Publication of measurements

By default, all measurements generated through ooniprobe are sent to OONI’s measurement collector and automatically published through:

Consequently, the public - including third parties who view the usage of ooniprobe as a threat - will be able to see all user measurements, unless users opt out.

Published data will include your approximate location, the network (ASN) you are connecting from, and the time when you ran ooniprobe. Other identifying information, such as your IP address, is not deliberately collected, but may be included in HTTP headers or other metadata. The full page content downloaded by ooniprobe may include such information if, for example, a website includes tracking codes or custom content based on your network location. Identifying information could potentially aid third parties in detecting you as an ooniprobe user.

Risks: ooniprobe tests

OONI has developed multiple free software tests, each one of which is designed to perform a different function. Therefore these tests potentially entail different types of risks to the user.

Generally, ooniprobe is designed to:

We urge you to review the specifications for each ooniprobe test carefully, prior to running them.

Legality of tested websites

When running OONI’s web connectivity test you will connect to and download data from various websites which are included in the following two lists:

Many websites included in the above lists are controversial and may include pornography or hate speech. This content may be illegal to access in your country. In some countries, accessing illegal content has severe consequences, such as imprisonment. We therefore recommend that you carefully examine whether you are willing to take the risk of accessing and downloading data from such websites through ooniprobe tests.

If you are uncertain of the potential implications of connecting to and downloading data from the websites listed in the above lists, you can choose which websites to test by running ooniprobe web_connectivity -u <url>.

Legality of ooniprobe tests

Some network tests performed by ooniprobe may violate your country’s computer misuse laws or terms of service of your internet provider.

Specifically, the operators of network components affected by ooniprobe tests may view these tests as attacks. OONI’s HTTP-invalid-request-line test, for example, might trigger suspicion when sending out-of-spec messages to an echo service and could be viewed as a form of “hacking”. If network components affected by this test view these out-of-spec messages as attacks, you may face severe consequences, such as prosecution under computer misuse laws.

Legality of anonymity software

By default, ooniprobe network measurements are sent to OONI’s measurement collector through the use of Tor hidden services which are designed for online anonymity.

Furthermore, OONI’s Vanilla Tor test is designed to examine the reachability of the Tor network, while OONI’s bridge-reachability test is designed to check whether Tor bridges are blocked or not. Both tests require the installation of Tor software.

Similarly, the following OONI tests require the installation of circumvention software:

We therefore encourage you to consult with a lawyer on the legality of anonymity software (such as Tor, a VPN or a proxy) in your country prior to running the above tests and to consider uploading your measurements via HTTPS collectors or cloud-fronting (instead of Tor hidden services).

Third-party services

Our Network Diagnostic Test (NDT) is a general-purpose performance test conducted against third-party servers provided by Measurement Lab (M-Lab). M-Lab’s NDT services require the retention and disclosure of IP addresses for research purposes. For more about M-Lab’s data governance, see its privacy statement.

The legal risks of downloading, installing and running ooniprobe can vary from country to country, which is why we advise you to consult with lawyers who are licensed to practice in your country.

Some questions you may want to ask your lawyers relating to the use of ooniprobe include:

Note, this is not an exhaustive list of questions to ask your lawyers.

Additionally, while many countries do not have laws specifically prohibiting the use of network measurement software, the use of ooniprobe may still be criminalized in certain countries under other, broader laws. For example, using ooniprobe may be viewed as illegal or anti-government activity. ooniprobe users may also face the risk of being criminalized on the grounds of national security if the data obtained and published by running ooniprobe is viewed as “jeopardizing” the country’s external or internal security. You may want to consult with a lawyer about these matters as well.

In addition to consulting with a lawyer, you can also reach out to us with specific inquiries at contact@openobservatory.org. Please note that we are not lawyers, and any information we give you does not constitute legal advice. Additionally, your communication with us is not protected by any legal privilege so law enforcement may subpoena and obtain any information you give us. However, we may be able to put you in touch with lawyers who are capable of addressing your questions and/or concerns.

Some relevant resources include:

Note: These resources do not constitute legal advice and may be out of date. Please confirm you are reading the latest version before relying on any advice.

Again, users run ooniprobe at their own risk. By installing ooniprobe, users agree to comply with OONI’s software license and Data Policy. Neither the OONI project nor its parent organization, The Tor Project, can be held liable, jointly or severally, at law or at equity, to ooniprobe users and other third parties, for any risks or damages resulting from the use of ooniprobe under any tort, contract, or other causes of action.