Set up a proxy for Iran citizens!
- Thread starter ravdin
- Start date
Um, no one in Iran has heard of Tor?
MattusMaximus
Intellectual Gladiator
- Joined
- Jan 26, 2006
- Messages
- 15,948
Ok some security concerns here, now that I have read this...
I see where they set trusted IPs incoming as what is presumably Iranian IPs, however I don't see where this proxy is anonymizing. IE: This doesn't seem to be distributed, you're providing direct 1:1 proxy for someone, and don't have much control over what they do.
This concerns me greatly. The point of Tor is that no one can be tracked back through the proxy, and the list of nodes is massive. This seems to me, on quick review, a process by which anyone tracking activity would see my IP and only if they followed up would notice a squid proxy running. This has legal implications for those in the US. Be forewarned of that. While I support the circumventing of oppressive censorship, I'm not sure I want to assume a legal liability to running an open proxy on this basis.
Why, exactly, has Tor not been suggested? This is already in place, already gets the Chinese folks around the great firewall of China, and is very effective. On top of that, I don't have to assume liability for use of tor nodes, since I don't know where the traffic comes from when I run it.
I see where they set trusted IPs incoming as what is presumably Iranian IPs, however I don't see where this proxy is anonymizing. IE: This doesn't seem to be distributed, you're providing direct 1:1 proxy for someone, and don't have much control over what they do.
This concerns me greatly. The point of Tor is that no one can be tracked back through the proxy, and the list of nodes is massive. This seems to me, on quick review, a process by which anyone tracking activity would see my IP and only if they followed up would notice a squid proxy running. This has legal implications for those in the US. Be forewarned of that. While I support the circumventing of oppressive censorship, I'm not sure I want to assume a legal liability to running an open proxy on this basis.
Why, exactly, has Tor not been suggested? This is already in place, already gets the Chinese folks around the great firewall of China, and is very effective. On top of that, I don't have to assume liability for use of tor nodes, since I don't know where the traffic comes from when I run it.
ravdin
Illuminator
- Joined
- Oct 16, 2005
- Messages
- 4,985
Agreed, there are some security concerns. These people are risking their lives, so I'm prepared to risk a little legal liability. If you would rather not, then don't.
You obviously miss my point. If you want to trust that an entire country now getting full internet access won't find CP somewhere on the net and it be tracked to your proxy, fine. Tor is an answer to do exactly what they want to do, it's in place, it works, and it protects those that run tor nodes by having the ability to deny knowledge as to where traffic comes from and what it is (the proxy can't tell much.)
As I said, I am all for helping circumvent oppressive censorship, but there is a smarter way to do this.
ETA: If I were an iranian government official and I wanted this to stop, all I would have to do is use the system to go get illegal content for those running the proxy and cause legal problems for these proxy owners. Tor stops that by only making the end point (which can be any point in the network) the only part that can be compromised, leaving thousands of other endpoints to use.
Ps: the cheap attempt at a guilt trip is obnoxious.
Last edited:
ravdin
Illuminator
- Joined
- Oct 16, 2005
- Messages
- 4,985
The message came across wrong: no guilt trip was intended. You're right that someone could cause problems for me if my public server address were to fall into the wrong hands. I'm willing to take a risk with the anonymity. The proxy doesn't need to be up long, and I'm trying to make it easy on non-experts trying to get the word out under less than ideal circumstances.
ravdin
Illuminator
- Joined
- Oct 16, 2005
- Messages
- 4,985
The blog has a comment section, if you want to contribute. You can also tweet the organizer (@austinheap).
Fair enough, I'll try not to be thin skinned
To the rest: It has implications for the success of this, though. What I'm worried about isn't just your legal problems, it's the success of the movement in a sustainable way. Eventually this needs to move to a system (like tor) that can survive attacks on end points or it will fail.
drainbread
Scholar
- Joined
- Sep 2, 2008
- Messages
- 101
Why not tor?
Because it's dog slow, the idea is to let the Iranians get their stories out in a timely manner and tor can't really handle that, could you imagine uploading a 40+ MB vid to Youtube at 5-15 kb/s max?
Tor is great for getting information in an anonymous fashion(good or bad) but sucks at providing information to the rest of the interwebs.
Because it's dog slow, the idea is to let the Iranians get their stories out in a timely manner and tor can't really handle that, could you imagine uploading a 40+ MB vid to Youtube at 5-15 kb/s max?
Tor is great for getting information in an anonymous fashion(good or bad) but sucks at providing information to the rest of the interwebs.
Ok the OP didn't mention what this is for. It said to help circumvent the firewalls, not that there is a timely immediate need for this.
You're right, Tor is slow. If you weren't trying to push large things out fast it would be the better answer. I was under the impression this was a generic need (like China's) and not a time-sensitive large-volume need.
That said, the risk is still there.
ravdin
Illuminator
- Joined
- Oct 16, 2005
- Messages
- 4,985
Fair enough, I'll try not to be thin skinned
To the rest: It has implications for the success of this, though. What I'm worried about isn't just your legal problems, it's the success of the movement in a sustainable way. Eventually this needs to move to a system (like tor) that can survive attacks on end points or it will fail.
That was my real concern- not that the mullahs will download CP, but that my proxy would be hit with DOS attacks. I see this as a temporary measure in any case- there's a short but critical window of opportunity for the uprising to work. I don't plan on keeping the proxy running for very long.
ravdin: I'm apparently not getting the full picture here (as evidenced by drainbred's post) can you detail what the specific need is here? My responses were under the assumption this was like helping the Chinese people get around the great wall, which is a general and sustained need. This appears more immediate, can you detail what the goals/technical needs are for me?
(ETA: Also what is going on. I have been face deep in a bash shell on a deadline for the past week or so and am totally out of touch.)
ETA2: Ok so apparently there's something between a riot and a revolution going on and some contention about a fixed election (color me unsurprised.) I assume then, that this is in place as a temporary measure to move large files (video, audio, pictures etc.) to blogs to document what's going on, not a suggestion to help subvert government oppression in a sustained and permanent way (like my example of China.)
In that case the security needs are still valid, however the time sensitive nature of what is going on may outweigh the issues and Tor may well indeed be completely ineffective for large volume traffic. I would, however, caution that a DDoS response either from sheer traffic pointed at your proxy, or in a way to cause you legal problems, is probably a real issue and should be mitigated. I'd love to suggest to the organizers a way to more quickly use a central registry to bring up more nodes and down ones attacked in the list. Who do I email these scripting ideas to (and they wouldn't take long to script with squid.)
(ETA: Also what is going on. I have been face deep in a bash shell on a deadline for the past week or so and am totally out of touch.)
ETA2: Ok so apparently there's something between a riot and a revolution going on and some contention about a fixed election (color me unsurprised.) I assume then, that this is in place as a temporary measure to move large files (video, audio, pictures etc.) to blogs to document what's going on, not a suggestion to help subvert government oppression in a sustained and permanent way (like my example of China.)
In that case the security needs are still valid, however the time sensitive nature of what is going on may outweigh the issues and Tor may well indeed be completely ineffective for large volume traffic. I would, however, caution that a DDoS response either from sheer traffic pointed at your proxy, or in a way to cause you legal problems, is probably a real issue and should be mitigated. I'd love to suggest to the organizers a way to more quickly use a central registry to bring up more nodes and down ones attacked in the list. Who do I email these scripting ideas to (and they wouldn't take long to script with squid.)
Last edited:
ravdin
Illuminator
- Joined
- Oct 16, 2005
- Messages
- 4,985
Ah! I forget this is not the Politics section.
Long story short: The Iranians recently held a fake "election" over the weekend. Even though the poll was a sham, there was an 85% turnout (compared to a 63% turnout with our last election in the USA). The current President, Mahmoud Ahmadinijad, was reportedly reelected in a landslide. The supposed results are highly dubious. A lot of angry protesters took to the streets today, even though the government imposed a ban. The police have been using live ammunition and beating protesters. There will certainly be more happening tomorrow.
Most significantly, the protesters have been using Twitter, Facebook, and Youtube to get the story out to the world. The regime is trying to block these sites, but they are failing miserably. Hence the call for proxy servers.
A bit more background:
http://news.bbc.co.uk/2/hi/middle_east/8102224.stm
http://andrewsullivan.theatlantic.com/the_daily_dish/ (live blogging the revolution).
ETA: Going to bed now, so I may not respond to your next post for a while.
Last edited:
drainbread
Scholar
- Joined
- Sep 2, 2008
- Messages
- 101
It's is like a mirror image of the China situation where as people in China can't get information the people in Iran can't release information.
ravdin
Illuminator
- Joined
- Oct 16, 2005
- Messages
- 4,985
Thanks. I'll contact and see how things are handled and if there's a way I can help.