backend icon indicating copy to clipboard operation
backend copied to clipboard

https version of site not marked as anomoly despite same fingerpint

Open kaerumy opened this issue 5 years ago • 1 comments

http://explorer-beta.ooni.io/search?until=2019-08-01&input=https%3A%2F%2Fwww.gaystarnews.com%2F&probe_cc=MY&since=2017-06-01

https://www.gaystarnews.com for Malaysia is marked as anamoly

  • https://explorer-beta.ooni.io/measurement/20190721T105616Z_AS4818_BTmbtJBZKG8XxS5jFnvULtBun1EafR62hooaLWbD1zYKSVicpJ?input=https://www.gaystarnews.com/

http://www.gaystarnews.com for Malaysia is marked as confirmed

  • https://explorer-beta.ooni.io/measurement/20190619T024122Z_AS4788_u8hzWglxR8DTfzIsgR34QQM0JsEXiPKKZTbO715obVRQJKTDJh?input=http://www.gaystarnews.com/

Both of these results have results that should match the fingerprint for a block page in Malaysia:

"175.139.142.25"

kaerumy avatar Aug 01 '19 16:08 kaerumy

Thanks for reporting this!

This is because we currently only look at the HTTP response body for detecting the fingerprint and not the DNS queries. The HTTPS request is failing, because there is no HTTPS server running on the blockpage server.

We should start using DNS anomalies to compute these flags too in the future.

hellais avatar Nov 19 '19 14:11 hellais