Methodology · version 2

A signal is not a verdict from nowhere.

The report preserves the measurement window, sample size, source type, protocol pattern, and uncertainty behind every answer.

How a lookup works

The browser sends one normalized domain and a 7, 30, or 90 day window to our Cloudflare Worker. The Worker queries sources server-side and returns one bounded report.

01

Normalize

Protocols, paths, query strings, and letter case are removed. Internationalized names are converted to Punycode, and only a syntactically valid hostname is queried.

02

Measure

OONI Web Connectivity aggregation is grouped by probe country. The report retains measurement counts and DNS, TCP, and TLS fields.

03

Cross-check

Voidly's aggregated regional API is checked for China, Russia, Iran, and Türkiye. GreatFire is a link-only China reference.

04

Explain

The response shows each source separately. Aggregators that may reuse OONI are disclosed instead of presented as independent votes.

How the scanner overview works

The headline, explorer, country, incident, and feed surfaces read one scheduled, versioned snapshot. Opening those pages never starts source fan-out.

01

Scan on schedule

A bounded watchlist is measured by the scheduled scanner. Each run records its start, finish, successes, failures, and evidence window.

02

Confirm before publishing

Headline incidents require repeated confirmation and a publishable sample. Pending, stale, and failed rows never become attention-grabbing claims.

03

Publish one snapshot

The overview, rankings, incident collection, and Atom/JSON feeds use the same cached state and stable incident identifiers.

04

Keep provenance available

Headlines lead with the finding. Provider names, shared inputs, license constraints, and source limitations remain in evidence details and the source ledger.

Three report states

We avoid a binary claim because both positive signals and missing data need interpretation.

Signal detected

Access may be restricted

At least one OONI country crossed a 0.50 blocking score or an available regional cross-check reported a restriction. The report still shows sample size and provenance.

No strong signal

Available evidence looks clear

There was usable recent evidence, but no country or supplemental source crossed the restriction rule. This does not prove universal access.

Insufficient

Not enough evidence

No source returned enough usable data to support either state. Upstream failure is also never silently converted into “clear.”

Source disagreement

Mixed evidence stays mixed

Different networks, dates, methods, and source inputs can disagree. The interface flags that instead of averaging the conflict away.

Freshness and caching

Bounded caching protects upstream measurement services and keeps common reports responsive.

Report cache

Successful public API responses can be served from the Cloudflare edge for up to six hours. The report shows when its evidence was checked and whether it came from the hot-domain cache.

Hot domains

A small configured watchlist can be refreshed into KV for up to 24 hours. Live and failure-detail requests neither read nor write that stored result.

Overview and feeds

/api/v1/overview, country detail, incidents, and public feeds are KV-only reads. They expose generated and scan timestamps so clients can reject stale data.

Request limits

Normal lookups, uncached detail requests, and actual upstream fan-out have separate limits. A rejected request returns 429 with a one-minute retry window before any evidence source is called.

Known limits

Use the report as evidence for investigation, not as legal attribution or proof of nationwide policy.

Probe coverage is uneven. Ordinary outages, DNS configuration, hosting behavior, geoblocking, and test failures can resemble censorship. Conditions can differ by ISP, city, device, protocol, and minute. A government list describes an order or listing; it does not prove current network enforcement.