Hi all,
I'm running ooniprobe on a Raspberry Pi with Pi-Hole and CloudFlare as the upstream DNS, and it seems to be working fine with the exception that it appears to be detecting the wrong country. It's showing "Country: BE". I initially thought it was showing the wrong ASN, too, but lookups using multiple tools confirm it's the correct one.
I assume "BE" means Belgium, but those 2 letters are also the first two of the county in which I live in the UK. Is it possible that ooniprobe is pulling in the state/province/county data as Country rather than the actual country by mistake? (Just guessing).
It's uploading the measurements with this same BE Country information, and I'm concerned that it's polluting OONI data.
I've read the documentation, searched online, etc, but I can't find how to stop the bad detection or to override those values in the ooniprobe.conf file. Assuming I shouldn't just ignore this, can anyone steer me in the right direction, please?
Thanks, Matt
On 2 Nov 2019, at 23:52, Matt Bruce mattb@sent.com wrote:
I'm running ooniprobe on a Raspberry Pi with Pi-Hole and CloudFlare as the upstream DNS, and it seems to be working fine with the exception that it appears to be detecting the wrong country. It's showing "Country: BE". I initially thought it was showing the wrong ASN, too, but lookups using multiple tools confirm it's the correct one.
I assume "BE" means Belgium, but those 2 letters are also the first two of the county in which I live in the UK. Is it possible that ooniprobe is pulling in the state/province/county data as Country rather than the actual country by mistake? (Just guessing).
It's uploading the measurements with this same BE Country information, and I'm concerned that it's polluting OONI data.
I've read the documentation, searched online, etc, but I can't find how to stop the bad detection or to override those values in the ooniprobe.conf file. Assuming I shouldn't just ignore this, can anyone steer me in the right direction, please?
This is a very good point and unfortunately we currently don’t have a good answer to how to correct bad GeoIP location.
The OONI Probe version which you are using (should be the python 2.x series) is using at this point pretty old max mind GeoIP database which have been deprecated.
We are now working on a new version of OONI Probe for desktop and the command line (OONI Probe 3.x) which will have updated GeoIP databases, but we don’t yet make arm/raspberry pi builds (see: https://github.com/ooni/probe/issues/807).
My suggestion to you would be, if your threat model allows us, include your IP address in the report. This will allow us, once we add support for doing this in the pipeline, to look back at your measurements and properly annotate them with the correct country code.
You do raise however a very good point which is:
How does a user report in the measurement itself wrong GeoIP information even in the case in which the GeoIP database is up to date, but just wrong?
We are thinking of something automated which is somewhat connected to this and is about coming up with a way of “fudging” GPS information so that we can include some higher resolution, yet still say, location information in measurements. For this see this issue: https://github.com/ooni/spec/issues/108
I do see however what you propose being an easier thing to solve and maybe that can be done by standardising a specific annotation field which allows the user to provide the country code (maybe `{“annotations”: {“user_probe_cc”: “GB”`}?).
So the bottom line is:
* If your threat model allows us please enable the `include_ip` privacy setting so we can fix these measurement in the future * If not, then maybe set a custom annotation in the measurement called `user_probe_cc` so that we can look into parsing that in the future or at least it’s inside of the measurement. You can do that using the `-a` option of the ooniprobe 2.x client.
I also wonder if other people on this list have had similar issues and if they have maybe dealt it with some other strategy.
~ Arturo
Hi Arturo,
Sorry for the delay on this. I worked out what was causing it: ooniprobe running on my Raspberry Pi uses the localhost's DNS configuration, which is Pi-hole and so a number of sites were blocked by its blacklist settings. Those destinations that weren't blocked use the upstream DNS configured in Pi-hole, which was CloudFlare. This would explain the intermittent destination access, and the unexpected ASN and geoIP information.
I've tested from a Windows PC with my ISP's DNS configured and it works as expected: "probe_asn":"AS6871","probe_cc":"GB" (from one of the msmt-web_connectivity JSON files).
But as that requires manually editing the network settings on my primary PC, I've since downloaded the new tarball to a Linux VM and am running it from there instead. I've got it running the full range of tests right now, so we'll see how it goes.
As most home environments have no egress filtering, and people are increasingly moving away from their ISP's DNS servers, it would be useful if ooniprobe had the ability to specify the DNS servers to use at runtime or in a config file.
In short, the original problem was a PICNIC issue. :) But it would be nice to have some configurability when running the binary.
-Matt
ooni-talk@lists.torproject.org
-
Arturo Filastò -
Matt Bruce