OONI: Mapping Internet Censorship Through Open Measurement

The Open Observatory of Network Interference (OONI) is a free software project that measures internet censorship and network interference at scale. Since its launch in 2012, OONI has collected millions of network measurements from volunteers in over 200 countries and territories, producing publicly accessible data on blocking patterns, techniques, and geographic variation. The project's core contribution is not ideological argument but empirical measurement: documenting which websites are blocked, how blocking occurs, and where blocking infrastructure sits in the network stack.

OONI emerged from research at the Tor Project and the University of Cambridge, responding to a gap in censorship documentation. Until systematic measurement became possible, accounts of internet blocking relied on anecdotal reports, user complaints, or ISP statements. No standardized method existed to verify whether a website was actually blocked, where the block occurred, or what technical mechanism enforced it. In 2012, OONI began deploying network probes—software that could run on volunteer machines and perform standardized tests against lists of websites, messaging platforms, and circumvention tools. By 2016, OONI had expanded its probe network significantly and began publishing findings that would be cited by human rights organizations, journalists, and regulators documenting censorship in countries including Egypt, Turkey, Russia, China, and Iran.

The technical landscape of censorship enforcement varies by jurisdiction and ISP infrastructure. OONI's measurement suite can detect several distinct blocking methods. DNS filtering—the most common and easiest to deploy—intercepts DNS queries and returns NXDOMAIN responses or redirect to ISP-controlled landing pages. SNI (Server Name Indication) inspection and blocking observes the TLS handshake before encryption completes, allowing middleboxes to block based on the hostname without seeing encrypted traffic. HTTP/HTTPS blocking at the application layer intercepts unencrypted HTTP requests. IP-based blocking blacklists entire server addresses, typically via BGP-level filtering at border gateways or firewalls at major ISP chokepoints. Deep packet inspection (DPI) examines packet headers and payloads to identify protocols, domains, or keywords regardless of encryption. Throttling and latency injection deliberately degrade performance to specific services without outright blocking. OONI's probe software tests for each mechanism by issuing requests and analyzing responses, latency patterns, and error messages.

Documented censorship patterns show significant regional concentration and temporal variation. According to OONI's public data repository, DNS filtering dominates in many regions as the initial line of defense, often combined with SNI blocking for HTTPS traffic. During 2022-2024, OONI measurements documented widespread SNI-based blocking in Russia following Roskomnadzor orders; in Iran, a combination of DNS filtering and DPI-based throttling targeting certain VPN protocols; and in several Southeast Asian jurisdictions, application-layer filtering of social media platforms. Access Now's KeepItOn project has documented over 200 documented internet shutdowns globally since 2016, many preceded by OONI measurements showing progressive blocking of news outlets or messaging services. OONI data has also tracked circumvention tool blocking—probes testing access to Tor, Shadowsocks servers, and other tools have shown increasing blocking sophistication, with some jurisdictions moving from blocking known proxy exit addresses to detecting and blocking traffic patterns characteristic of circumvention protocols themselves.

Circumvention approaches vary in effectiveness depending on the blocking method encountered. Against DNS filtering, encrypted DNS (DoH/DoT) or alternative resolvers can bypass ISP-level filtering, though they require an already-accessible endpoint. SNI inspection can be partially circumvented using ECH (Encrypted Client Hello), which moves the hostname outside the plaintext SNI field, though ECH deployment remains incomplete. Protocol obfuscation tools like obfs4 were designed to make VPN and Tor traffic resemble benign traffic (HTTPS, WebRTC), but sophisticated DPI systems have increasingly detected and blocked obfuscated flows. WireGuard and OpenVPN offer encryption but not inherent obfuscation; their effectiveness depends on whether the blocking authority inspects encrypted payloads. More recent pluggable transports like Snowflake and WebTunnel aim to route circumvention traffic through legitimate HTTPS connections to distributed bridges, making blocking equivalent to blocking HTTPS itself—a costly measure for most governments. Shadowsocks and V2Ray/Xray variants similarly attempt protocol mimicry. Against BGP-level or border-gateway filtering, no protocol-level technique provides complete defense; circumvention requires either access to infrastructure outside the filtering jurisdiction or cooperation from ISPs themselves.

OONI's value lies not in providing a single answer to censorship, but in creating verifiable, reproducible measurement data. Its findings are used by journalists reporting on blocking incidents, researchers modeling censorship evolution, and advocacy organizations documenting rights violations. The measurement data remains imperfect—sampling bias toward urban areas with better connectivity, volunteer selection effects, and the difficulty of distinguishing intentional blocking from poor routing or misconfiguration. Nevertheless, OONI provides what was absent before: independent, technical evidence of what is actually reachable from networks where citizens live.