Arti · 2cc38800
--- a/ooni.md 0 → 100644

+ 68

− 0
+++ b/ooni.md 0 → 100644

+ 68

− 0
+## How to check if Bitmask/Riseup infrastructure is censored in your country
+
+Here we will guide you on how to measure availability of Riseup servers and openVPN protocol.
+To detect censorship attempts, we will be doing this **without use of obfuscation or Tor**.
+This document assumes the reader has a running setup of Docker
+
+### A word of caution
+Accessing `riseup.net` or Riseup gateways may be illegal in your country or break rules of your workplace or your ISP.
+If you suspect this to be the case, weigh the risks, plan risk mitigation and proceed.
+We say a big Thank You to all testers who check if the services are censored.
+
+### Simplest check
+Let's start by trying to access `black.riseup.net`, a server hosting our [Menshen]() API.
+The primary use of Menshen is to dispense [gateways and obfs bridges] (circumvention documentation link).
+Menshen is so called after chinese gatekeeper spirits.
+
+We will not only connect to it, but also cross-check how it is resolved across multiple DNS providers.
+
+To automate the testing, we use [Ooni probe](), more specifically `miniooni`. 
+Unfortunately, not all tests we need to run can be performed on unmodified miniooni.
+To enable OpenVPN testing, Leap forked ooni probe, but [merge request]() is not yet merged. 
+
+For your convenience, we made a docker container [ainghazal/miniooni-unofficial](https://hub.docker.com/r/ainghazal/miniooni-unofficial) which contains everything that we will need.
+It is a [single-executable]() container, and it is used almost like a normal miniooni binary.
+
+#### Run a connection test against `black.riseup.net`:
+`docker run ainghazal/miniooni-unofficial web_connectivity -y -n -i https://black.riseup.net`
+
+##### Breakdown
+* `docker run ainghazal/miniooni-unofficial` - Download and run our container. All that follows is arguments to miniooni.
+* `web_connectivity` - a test to run. This one performs DNS and connection checks.
+* `-y` - Answer `yes` to prompts. It confirms that you know the risks involved.
+* `-n` - Do not submit results to Ooni data collector.
+* `-i <input>` - Test input. For `web_connectivity`, it is an address to test connection to.
+* `https://black.riseup.net` - address of our Menshen. We try to connect to it.
+
+#### Sending a report
+If you feel comfortable sharing the report with Ooni community (and by extension, LEAP), re-run with `-n` flag omitted.
+If Ooni itself is censored in your country, <insert method for stashing results and sending over tor>
+
+
+### OpenVPN check
+Sometimes either OpenVPN protocol itself or Riseup gateways in particular can be censored.
+To figure out the exact situation with your ISP, we made miniooni talk OpenVPN, and also defined a roster of gateways to test connecting to.
+
+`docker run ainghazal/miniooni-unofficial oonirun -y -n -i https://raw.githubusercontent.com/ainghazal/vpn-test-lists/main/oonirun/010-riseup-us.json`
+
+#### Breakdown
+* `docker run ainghazal/miniooni-unofficial` - See previous secton
+* `oonirun` - we have a custom test to run (see below)
+* `-y` - See previous section
+* `-n` - See previous section
+* `-i <input>` - Test input. For `oonirun`, it is a json specification of the test
+* `https://raw.githubusercontent.com/ainghazal/vpn-test-lists/main/oonirun/010-riseup-us.json` - our test spec.
+
+#### (Optional) A closer look
+You can open `https://raw.githubusercontent.com/ainghazal/vpn-test-lists/main/oonirun/010-riseup-us.json` in your browser.
+There, one can see that we perform an `openvpn` test (possible in [our fork](), not in vanilla) against a number of Gateways.
+We also specify certificates to use for TLS.
+
+#### Sending a report
+See previous section
+
+### Conclusion
+
+Again, thank you for participating in censorship monitoring.
+Thanks to you we can bring freedom of information to more people.
+To leave feedback, open an Issue [here](issues)
+\ No newline at end of file