update centinel package to push minimal experiment with package install about centinel HOT 6 CLOSED

Is this different from #57 (which should be addressed by #75)?
It addresses the problem with running all available experiments everytime it's run.

from centinel.

As per the discussion I had with @ben-jones, there are two things we could add to address this issue:

1. the installation package/script should ship a set of standard experiments (e.g. connectivity checking experiment that is not finger-printable and has to be run every time). These experiments are part of the package and are updated when centinel package is.

2. also, the centinel package should be shipped without any extra experiments installed. The experiments can be downloaded from the server once the informed consent process is completed. This will prevent clients from running experiments before consent is given.

from centinel.

Do we still want to do this? Note that we currently don't have a non-finger-printable connectivity test inside Centinel and no experiment is shipped with Centinel when installing pip package.

from centinel.

I don't think ping would be that big a deal, especially if we send traffic to a common target like 8.8.8.8. This type of traffic should be fairly common, so I wouldn't think it would be too fingerprintable.

from centinel.

I agree with you on the target. But what about frequency? It might end up having a pattern that is detectable.

from centinel.

I suppose that's true, though there are innumerable attacks that the censor could hit us with (e.g. see how many people request the same sites as us or see if anyone else connects to the same Tor bridge. Regardless, we should consider this in terms of a larger framework; every measurement gives us some information but costs us stealthiness. We could be perfectly stealthy and never measure, but then we wouldn't have useful data. For every primitive and measurement target (e.g. 8.8.8.8) we send traffic to, we are going to need to consider this tradeoff.

Informally, there may be a better way to do this, but I think that pings to 8.8.8.8 would be pretty stealthy. We could make the measurement more covert by randomly selecting a target from a list or choosing not to measure with some probability. We lose some information with each approach because we don't get consistent reachability measurements to the same place, but either would be more stealthy than constantly pinging 8.8.8.8.

from centinel.