Difference between revisions of "BasicInternet:White List"

From its-wiki.no

Jump to: navigation, search
(White List of Web Pages for InfoSpot)
(White List of Web Pages for InfoSpot)
Line 4: Line 4:
  
 
In Figure 1 you see the function of the entries in the Whitelist. The Whitelist is available on the [https://Owncloud.BasicInternet.org BasicInternet's Owncloud.]Your regional administrator can open the corresponding Whitelist, and the add e.g. to the file SDA_Whitelist.txt the entries for denied or allowed web pages
 
In Figure 1 you see the function of the entries in the Whitelist. The Whitelist is available on the [https://Owncloud.BasicInternet.org BasicInternet's Owncloud.]Your regional administrator can open the corresponding Whitelist, and the add e.g. to the file SDA_Whitelist.txt the entries for denied or allowed web pages
[[File:WhiteList_Entries.png|300px|left]] The naming of the Whitelist files are describec in the 00Readme.txt file on owncloud, e.g. <pre>Regions are taken from voucher.basicinternet.org
+
[[File:WhiteList_Entries.png|300px|left]] <pre>Naming convention for WhiteList files is XXX_Whitelist.txt
 
DED - Germany DENT Wireless - Thomas
 
DED - Germany DENT Wireless - Thomas
 
KYA - Kenya Aheri - Barrack
 
KYA - Kenya Aheri - Barrack
Line 11: Line 11:
 
SEG - Senegal Giertsen - Souleymane
 
SEG - Senegal Giertsen - Souleymane
 
TZA - TZ African Child - Catherine
 
TZA - TZ African Child - Catherine
</pre><br/><br/><br/><br/><br/><br/>
+
</pre><br/>
  
 
== White listed Web pages/Apps ==
 
== White listed Web pages/Apps ==

Revision as of 21:31, 22 July 2021

White List of Web Pages for InfoSpot

Our goal is to provide free access to information through the InfoInternet standard. The InfoInternet standard includes text and pictures, in addition to local videos. An example of a browser supporting the standard is Opera Mini, providing server-side compression of web pages into text and pictures. As long as we don't have a tool for analysing apps and web pages, we need to use white listing of Web pages.

In Figure 1 you see the function of the entries in the Whitelist. The Whitelist is available on the BasicInternet's Owncloud.Your regional administrator can open the corresponding Whitelist, and the add e.g. to the file SDA_Whitelist.txt the entries for denied or allowed web pages

WhiteList Entries.png
Naming convention for WhiteList files is XXX_Whitelist.txt 
DED - Germany DENT Wireless - Thomas
KYA - Kenya Aheri - Barrack
MYS - Mynamar Schools
NO - Norway - Basic Internet
SEG - Senegal Giertsen - Souleymane
TZA - TZ African Child - Catherine

White listed Web pages/Apps

Figure 1: The function of the Whitelist
  • google.com - needed for accept of Android devices
    • play.google.com %for app download such as Opera Mini
  • apple.com - needed for accept of iOS, macOS devices
  • http://captive.apple.com/hotspot-detect.html
    • includes: itunes.apple.com/pl/app  % App-store for download of Opera Mini
  • its-wiki.no % home wiki of DigI and other sites
  • wikipedia.org

Required hosts for Google play, Youtube and Facebook

Besides, authentication of vouchers works properly and I could login by using test voucher. The error is the result of HTTPS certificate so we require more information about which websites results in this certificate error? "ERR_CERT_COMMON_NAME_INVALID".

Google play uses different host in order to works properly. Following are required hosts:

  • *google.com
  • *googlecontent.com -> to load google play properly
  • *gvt1.com -> to download applications

The same happens for Youtube and Facebook service and they uses different hosts in order to work properly. Following are required hosts for Facebook:

  • *facebook.com
  • *fbcdn.net -> to load required contents and videos

Following are required hosts for Youtube:

  • *youtube.com
  • *googlevideo.com -> to play video


How to identify a hot-spot

From Iñaki: Mac Os tries to open the url which is configured in the following file "Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist". Which is "http://captive.apple.com/hotspot-detect.html". Not sure if this url has changed together with the Mac Os version. In the same way, I heard that Mac Os tries that url but with a randomized section...not sure.

What I would do is to implement that web page in the Mikrotik, put it in the walled garden and set the address in the DNS. So that is the Mikrotik which provides the web page instead of apple. Regarding iPhone, Android 7 and so on... the problem is that each OS version (not maybe in each version) they change the way to evaluate if they are under a captive portal and whether they have Internet connection or not. Thus, we would have to analyze using a network traffic analyzer (Wireshark) which web pages or addresses does each OS version check.

SDG and public information

  • BasicInternet.no,
  • BasicInternet.org
  • sustainabledevelopment.un.org % SDG 2030

Health related sites

  • ministry of health in TZ
  • global health media % and all other links on digi.futurecompetence.net

other projects with health info

thanks for Felix Sukums:
Please find details of Safe Delivery App and its implementation (RCT) in Ethiopia. May be we can develop app (s) for the target disease e.g. HIV/TB screening, or other diseases for health workers or self-screening app plus education materials for the rural communities. In most cases this requires already approved/existing guidelines to be converted into an app or digital health promotion materials http://www.maternity.dk/about-the-app/what-is-the-app/

We can also learn/use their experience on the RCT here http://www.maternity.dk/case/randomized-controlled-trial-in-ethiopia/


Vicious worm
Helena Ngowi was part of the team having developed the app for Android.

https://dig.watch/issues/gender-rights-online

The article describes Sophie Bot, which allows for anonymous consultation about sexual issues, offering information from Kenya’s National AIDS Control Council and the United Nations Population Fund’s (UNFPA) peer-mentor curriculum. According to Habib, Sophie Bot reaches outside of Kenya, with 30% of Sophie Bot’s 4,500 users in Kenya and reporting 18% from the United States.

A similar app, coming from Uganda, Ask Without Shame (link is external), uses Whatsapp, SMS, a toll-free line and their own app to offer answers to sex-related questions from medical experts. The app registered 50,000 users across East Africa in just three years. In another example, The 160 Girls Project (link is external) is an initiative by a Canadian nonprofit called the Equality Effect (link is external) that works to prevent sexual violence against girls in Kenya.

Habib goes on to explain that there is still a gender gap in Kenya and sub-Saharan Africa, and details how, In an effort to close this gap, Women and the Web Alliance (link is external), a public-private partnership, is teaching digital literacy to women in rural Kenya. In conclusion, she cites Florence Korir, from World Vision, a partner in the alliance: 'We know that there is a large technology gap between men and women, and that addressing the gender gap will allow women to benefit from the opportunities that technology and the web hold.'

% please add what you find appropriate

Hot-Spot Pages

  • HotSpot is a way to authorize users to access the network. (It does not provide traffic encryption!)
  • In order to login, users can use web browser (HTTP/HTTPS) without installing any additional software.
  • HotSpot systems provide authentication within local network (local users access the Internet) as well as to authorize access from outside network to access local resources (without authentication using Walled Garden).
  • Once HotSpot is enabled on an interface, the system sets up automatically everything (adds dynamic destination NAT rules). These rules are required to redirect all web (HTTP/HTTPS) request from any unauthorized users to the HotSpot proxy.
  • Commonly when we open any HTTP page, it will bring up the HotSpot servlet login page. (It is recommended to use DNS names to open web pages that also reqires DNS configuration).
  • DNS configuration should be setup on the HotSpot gateway.
  • If we do not require authorization for some services, we use Walled Garden. When a service listed in walled garden is requested by a not logged-in user, then the HotSpot gateway does not intercept that. For HTTP, it redirects to the requested destination.
  • If a user is logged-in, then Walled garden have no effect for them.
  • HTTP request for walled garden entries uses the embedded proxy server. (It means that all the parameters configured for the proxy server will be effective for the Walled Garden).

There are 6 different authentication methods are currently available. One method at a time can be used simultaneously.

  • HTTP PAP – Simplest method, uses HotSpot login page to get the authentication (username and password) in plain text.
  • HTTP CHAP – Standard method, uses CHAP MD5 hash challenge in login page
  • HTTPS – same as HTTP PAP but uses SSL encrypted transmissions.
  • HTTP cookie – cookies are stored and re-use for login
  • MAC address – Uses MAC addresses for authentication
  • Trial – Users are allowed to service for free for specific time.

How to identify DNS Address in Hot-Spot:

There are several ways to identify the correct DNS address or dependent server address for a particular website/service/app. But the following method is more effective and easy.

In order to check which websites are required to added into walled garden, follow these steps:

1) Go to MikroTik router, IP -> DNS -> Cache -> Click Flush DNS Cache. (It will clear the previous DNS cache and once we will open new website/app, it will fill the DNS cache) 2) Now keep it open, the DNS Cache window, and open any website or application on mobile (that is connected to hotspot), it will show some of the DNS (Web) address. 3) Now find the relevant DNS address and add it into the Walled Garden ( IP -> Hotspot -> Walled Garden -> click + (add new Walled Garden Entry) -> Select Server -> Enter Des. Host (type the DNS address that was shown in DNS cache) -> Click OK.

Example: In order to allow WhatsApp to work on walled garden, we need to check which websites are required to added into walled garden. For that follow the steps:

1) Go to MikroTik router, IP -> DNS -> Cache -> Click Flush DNS Cache.
2) Now keep the DNS Cache window open and open WhatsApp on mobile, it will show some of the DNS (Web) address.
3) Most likely the web address (*whatsapp.net) that is related to WhatsApp service is common so add it into walled garden.
4) Once this address is added to walled garden, WhatsApp will start working.
5) We can see from the above figure that the rue *whatsapp.net is hit 2 times, that shows that it is working.