Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] OkayFreedom

Collin Anderson collin at averysmallbird.com
Thu Oct 25 20:57:21 PDT 2012


Eric,

I think it is necessary to push back on the following statement as
extensively as possible.

 But I’ve never heard of a case in which a user has been punished merely
> for cybercircumventing. I’d love to hear of such a situation.


As Amin hints, there are strongly rooted concerns regarding the origin and
affiliations of the individuals providing VPNs within Iran. If one takes,
for example, the VPN provider Joorabhaa, which operates with a .ir domain,
hosted in-country and accepts online payments from domestic banks, it
should be clear that this VPN should be considered completely compromised.
The difference between whether its run by the government or
an entrepreneur is negligible, particularly absent an effective rule of
law. Furthermore, in Syria there have been similar allegations of malicious
VPN services and tainted binaries of popular tools that connect to
suspicious servers. Let's be unequivocally clear, there is no evil bit --
no method of ascertaining the ownership of the records collected your
antifiltering service -- until they are used against you. I would imagine
we could build quite a list of suspect providers, if it were not for the
fact that the people with that knowledge are sitting in Evin Prison.

I believe this is very inappropriate advice and the scenario outlined
should not be considered theoretical by anyone that is responsible for the
security of endangered populations.

Cordially,
Collin

On Thu, Oct 25, 2012 at 8:36 PM, Eric S Johnson <crates at oneotaslopes.org>wrote:

> The vast majority of netizens in cybercensored countries who use a VPN (or
> other form of proxy) are doing so in order to access otherwise-blocked
> content, without any particular expectation of (or need for) security. So,
> any VPN will do (and OkayFreedom’s as good as any other).****
>
> ** **
>
> Conceivably, a government which is trying to prevent access to certain
> content might be upset at cybercircumventing netizens, in which case issues
> of anonymity/privacy come into play. But I’ve never heard of a case in
> which a user has been punished *merely for cybercircumventing*. I’d love
> to hear of such a situation. (NB I’m not talking about an AUP or TOS or
> contract, or a regulation or decree or rule or law, or a declaration or
> assertion or speech, or … or … or …)****
>
> ** **
>
> Conceivably, a cybercensoring government could come up with all sorts of
> tricky ways to “poison” cybercircumventing citizens by, say, seeding local
> VPN resellers with a VPN that delivers a “fake” site loaded with malware.
> But again, that’s purely theoretical; I know of no cases in which a
> government has deviously provided a cybercircumvention service to its
> netizens in order to nefariously identify or spy on them. I’d love to hear
> of such a situation. (I’m not talking about merely setting up a mirror with
> slightly different content, or DNS poisoning, or MITMing, or
> socially-engineered malware-by-email, or targeted clickjacking, or … or …
> or …)****
>
> ** **
>
> Best,****
>
> Eric****
>
> PGP<http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2>
> ****
>
> ** **
>
> *From:* liberationtech-bounces at lists.stanford.edu [mailto:
> liberationtech-bounces at lists.stanford.edu] *On Behalf Of *Amin Sabeti
> *Sent:* Friday, 26 October 2012 00:02
> *To:* Liberation Technologies
> *Subject:* [liberationtech] OkayFreedom****
>
> ** **
>
> Hi team,****
>
> ** **
>
> Some users from inside Iran have used OkayFreedom VPN:
> http://www.okayfreedom.com/****
>
> ** **
>
> I'd like to know is it secure or not? Because I haven't read any news,
> review, etc. about it.****
>
> ** **
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121025/d74f486e/attachment.html>


More information about the liberationtech mailing list