Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] OkayFreedom

Jacob Appelbaum jacob at
Fri Oct 26 04:03:52 PDT 2012

Eric S Johnson:
> The vast majority of netizens in cybercensored countries who use a
> VPN (or other form of proxy) are doing so in order to access
> otherwise-blocked content, without any particular expectation of (or
> need for) security. So, any VPN will do (and OkayFreedom’s as good as
> any other).

Do you have a citation for your statement about the expectations of a
majority of netizens? It is contrary to the experiences that I have with
users in Syria, Iran, and the rest of the Middle East.

For example - there is *explicitly* the concern that some VPN services
are operated by governments to spy on people.

Surely you don't mean to suggest that such concerns do not exist?

> Conceivably, a government which is trying to prevent access to
> certain content might be upset at cybercircumventing netizens, in
> which case issues of anonymity/privacy come into play. But I’ve never
> heard of a case in which a user has been punished merely for
> cybercircumventing. I’d love to hear of such a situation. (NB I’m not
> talking about an AUP or TOS or contract, or a regulation or decree or
> rule or law, or a declaration or assertion or speech, or … or … or
> …)

Conceivably? What. The. ...?

I've heard first hand of of Iranian users having their email printed out
and handed to them during interrogation. How do you suppose that
happened? Or do you doubt that such thing happen as well?

> Conceivably, a cybercensoring government could come up with all sorts
> of tricky ways to “poison” cybercircumventing citizens by, say,
> seeding local VPN resellers with a VPN that delivers a “fake” site
> loaded with malware. But again, that’s purely theoretical; I know of
> no cases in which a government has deviously provided a
> cybercircumvention service to its netizens in order to nefariously
> identify or spy on them. I’d love to hear of such a situation. (I’m
> not talking about merely setting up a mirror with slightly different
> content, or DNS poisoning, or MITMing, or socially-engineered
> malware-by-email, or targeted clickjacking, or … or … or …)

Why do you doubt that people are not only being targeted for
exploitation but also that they are under surveillance? You often make
such statements and I'm sorry to be blunt but it is completely
nonsensical. I don't mean to sound unfriendly but this kind of statement
is *extremely* dangerous.

That isn't theoretical - Syria and Iran have both been engaged in
exactly these kinds of issues. Just as the US has been engaged in
massive domestic surveillance.

However your statement disqualified so many things, I'm not even sure
what you are talking about - if targeted exploitation with the
FinFisher toolkit, wiretapping, acquiring more equipment for massive
data rentention, public statements by officials, backdooring (other
people's) software that claims to help people and MITM don't count, what

The New York Times, the EFF, CitizenLab, The Tor Project and even has been publishing, writing and discussing these issues from
every angle. Surely you didn't miss these stories, the reverse
engineering of malware, the exact methods the Iranian government says
they can foil and so on, right?

All the best,

More information about the liberationtech mailing list