openinternet / copilot Goto Github PK

Currently the Co-Pilot profile config file is a csv file. This will need to be changed to support a better format. I am currently thinking that YAML or JSON would be easy to implement and readable config file formats for copilot.

We need to clearly test and document the capabilities of various platforms so that developers and trainers know what capabilities they will get with various devices.

After presenting Co-Pilot in the demo room at RightsCon https://www.rightscon.org/index, several more in-depth conversations with trainers occurred. Current Co-Pilot capabilities, modifications, different use-cases and the future of a training aid like Co-Pilot were also discussed.

The ability to share resources (such as word docs or pdf files), executable files for tool downloads, or html pages would all be very valuable so as not to use bandwidth on downloading these things during a training.

When creating a rule the following error occurs.

File "/home/www/copilot/copilot/models.py" line 182, in apply_it
dnsc_rule = eule.get_dns()
File ..../models.py line 218 in get_dns
reutrn _parsed
NameError: global name _parsed not defined.

During a follow up interview, one trainer suggested making a "Tor" switch so the trainer can choose when to send all traffic through the Tor network. This is so when participants are passively connecting to the Internet during a training session - checking email, news, social media, etc - the connection is encrypted and more anonymous. Once the trainer goes to use Co-Pilot profiles to block and censor, they would be able to turn this feature off so connection speeds will be faster.

We will be useing supervisord to run all scripts including dnschef and create_ap to make a simple system for managing service manipulation. This will leverage pythons' watchdog library monitoring config files to restart the major scripts when needed.

Documentation to show a trainer how to use the tool

In netfilter, If a chain doesn't decide the fate of the packet, then once traversal on that chain has finished, traversal resumes on the next rule in the current chain. This means that the first rule that blocks, discards, or forwards a packet on will be carried out without concern for any later rules. The Co-pilot interface must make sure that the interface provides a logical way to prevent incompatible rule sets that may cause inconsistent behavior.

Pre populating Co-Pilot with a few sample profiles will provide trainers with a variety of examples and will also help trainers get a glimpse of some of the different ways they can use it during their trainings.

Co-Pilot Hardware Research

Review Modifying Your Access Point with a High-Gain Antenna

Review Introduction to Wi-Fi Wireless Antennas

Review Selecting the right WiFi antenna for your application - Selecting-the-Right-WiFi-Antenna-for-your-application.pdf

Review Comparison of single-board computers - Wikipedia, the free encyclopedia<

Review report.pdf

Review parco2013.pdf

COST

Boards

Overestimate: 75$

Wifi

802.11AC Devices

Comparison 55-70$

Overestimate: $75

Cases

Overestimate: 17.00 Per

Misc

A wifi router to test client bridged AP: 40$
Batteries: 55$

Review Very High Throughput (VHT) Wi-Fi or Gigabit Wi-Fi or Giga Wireless or 5G WiFi5. Number of devices

Cost per Piece: 157

The co-pilot needs to be easy for many trainees to use. As such, we have decided that the co-pilot should put out a wireless access point for students to connect to.

References

debian access point
debian & ubuntu wifi access point
Linux Wireless Access Point
How to setup Access Point (WiFi hotspot) on Debian
ODROID U2 as a wireless access point
SOLVED - Odroid X2 Running Arch Linux Cannot Start hostapd
Arch Linux tutorial for turning a computer into an internet gateway/router.
Building a Linux Router

Identification of interviewees for the user interface design is under way.

Using the list of user-interface elements as a guide create a document describing the outputs of the user think aloud testing.

This write-up will be a condensed version of main takeaways from the follow up interviews that took place in Feb.

During the think aloud testing interviews, several trainers wanted the ability to not only save profiles to a USB, but also be able to save straight to Co-Pilot's SD card.

Per the needs assessment survey Sharable Trainer Profiles are desired for creating region specific blocking simulations and updating and sharing them.

• I'd want to be able to switch very easily between environments for two situations. 1) For people living along a border who have access to two providers from different nations, under different restrictions; 2) for countries that have one set of restrictions most of the time, and then a tougher set during, say, elections. Anyway, I should probably put the emphasis on switching easily - I just want to push a button and -- voila! -- the change happens.
• would need the tool to create censorship environments that are as realistic as possible - preferably by offering the ability to chose among simulations of various real-world censorship regimes (ie, "corporate firewall, Great Britain's content filter, China).
• Being customizable, and folks sharing the profiles they've created.
• guidance on real-world scenarios where such blocking could be in place and guidance on advising which tools can overcome the blocking.
• Accuracy to actual censoring environments
• The ability to turn on and off specific types of censorship in a very granular way -- AND have a list of notable censorship regimes that are known to rely on any particular technique (so as to make it clear that the trainee's experiences in the training session are actually very realistic and applicable to real-word environments).

Starting with a ODROID-U3+

References

ODROID software Mirrors_and_File_Servers
Debian Wheezy Instructions
Step-by-step Ubuntu SD Card Setup

When dnschef is restarted https://github.com/OpenInternet/co-pilot/blob/15404dcd614cec555ca0f166a2f2108a3787c1b4/copilot/models.py#L193 the service is not being found by the service command.

Per the needs assessment survey:

Whatever case we decide upon should make the co-pilot look like as generic as a travel wireless access point.

Trainers work in a wide variety of environments and there may be some instances where there will not be direct ethernet port to plugin Co-Pilot. Documentation is needed for cases such as this.

Draft of initial survey results has been completed. Will work on polishing this draft today and tomorrow.

Selecting a specific action, should recompute the available options in the target. Selecting a target should recompute the type and options in the sub-target selector. We will need this as we add features and it will be harder and harder to implement as we move forward.

We should work on a way for co-pilot to be able to work without needing a trainer to facilitate.

This way people in high risk, or trainer-less areas can train themselves. Trainers are spread very thin (see the needs survey) and we can't reach all the possible interested users with these types of experiences.

(edited by s2e)

Additional UI enhancements were suggested during follow up interviews. For example, when a trainer goes to configure a profile they wish to demonstrate or simulate during a training, several trainers suggested if you hover over DNS blocking, an explanation/definition bubble would then pop up automatically, in order to provide more information to trainer so they can select the best configuration for their specific use-case.

Co-Pilot needs a color/design scheme and basic UI design specs

A user facing interface to show what the co-pilot tool is currently doing.

Both through follow up interviews and the initial needs assessment it was mentioned that building out a sample curriculum incorporating Co-Pilot into training would be very valuable.

Develop wire frames for User Interface

• Simple wire frames of the user interface will be developed by @elationfoundation in order to get a sense of the flow of the design.
• After initial review, wire frames will be sent over to @megdeb, reviewed, printed and used in UI design interviews

The proposed architecture should be sent out to a set of communities to get review before major technical work begins. This will help us streamline the development process and learn from problems faced by other groups.

There need to be sepearate paths into the application so that users can be served blockpages and trainers can be served the trainer interface.

This feature may be a future enhancement to Co-Pilot, but having the ability to load these on the device to use during training may also be useful, as long as there is a smooth transition between the different components.

(in)security demos show participants specific vulnerabilities and risks associated with different behaviors, while then providing information to participants on how to mitigate them. These demos focus on a more hands-on learning experience, rather than a lecture style training session.
https://github.com/schloss/insecurity-demos

Another component that would be useful to incorporate into Co-Pilot are COGS (Challenges, Observations, Games and Simulations). COGS focus on actively engaging with participants through different drills and games, while allowing them to practice the new set of skills they have acquired.

Guide for simple implementation:
https://devcentral.f5.com/articles/v111-dns-blackhole-with-irules#.U2M6-lea8Tg

Blockpages:
https://github.com/NullHypothesis/blockpages
https://github.com/citizenlab/blockpages

The Co-Pilot needs a user-interface for the customization and management of the co-pilot device.

References

Cross Compiling a Kernal

Create a flow chart out of the wireframes to outline the detailed user experience within the co-pilot trainer interface.

Existing tools on the Kali distribution provide the same functionality that we will want to implement through the current iptables design. These tools are externally supported and provide sustainability to the tool.

The specific rule actions are currently contained with a profile. They should be more clearly separated so that the path for each is clearer.

The current url validator does not handle many of the edge cases that are needed to properly apply co-pilot rules. These need to be able to parse various parts of an address to provide different blocking scenarios.

More so than any of the other embedded platforms there has been a huge amount of interest in the raspberry-pi as a co-pilot platform.

I have serious concerns about the general lack of computing power supplied by the Raspberry-pi. We need to be able to provide a clear capabilities/limitations overview of this platform so that those who will eventually get it running on the Raspberry-pi understand its limitations.

This would allow a developer to add additional functionality to the co-pilot platform.

References:
We will need extra storage as it only has 4gb by deafult.

EDIT: it can use a sd card so it is not limited to the 4gb on the board.

List of potential interviewees includes: 2, 5, 9, 16

Needs Assessment Interviews with trainers will guide the development of rough interface prototypes. The interviewees will be chosen from survey participants.

Needs Assessment will be conducted a survey of digital security trainers.

Includeing:

• Circumvention tools being trained on.
• Circumvention tools that are currently difficult to train on, or assess user understanding of.
• Circumvention tools which might benefit from hands on practice.
• Interest in using a tool like co-pilot.
• Concerns about adding training technology into their existing practice.