[liberationtech] Appelbaum's Ultrasurf report

Griffin Boyce griffinboyce at gmail.com
Tue Apr 17 09:40:50 PDT 2012 

  I'm going to disagree with Jake on this one -- it's definitely *not* a
giant waste of time.  The more frequently and more publicly privacy-related
technologies are discussed, the more educated the general public will be.

  The research is very solid and *highly* condemning.  Both the original
findings and Ultrasurf's vague, defensive response are worth reading.

  Unfortunately, if something is easy-to-use, then it's frequently
perceived as effective -- or worse, "better than" -- competing products.
 Ultrasurf gets so many users because it's easy to install and use.  As
always, we're fighting against the stream of both censorship and marketing
messages from companies that suck.  Caveat lector.

  There's a major lesson on the after-effects of usability in this.  My
13-year-old sister figured out how to use web proxies to get around
filtering/censorship at school.  Pretty much *anything* is better than
using a web proxy, but they are easy-to-use and she can swap them out as
they get blocked.  The downside, of course, is that it's easy to see that
she's using it, easy to see what sites she's visiting, and occasionally
she'll get caught doing it.

  While it's a frivolous example, it's a large portion of the usability
issue surrounding circumvention.  And where does she get her information on
circumvention?  Via word-of-mouth from other people who also don't really
know what they're doing.  Something to think on, perhaps.

Best,
Griffin Boyce


On Mon, Apr 16, 2012 at 4:45 PM, Jillian C. York <jilliancyork at gmail.com>wrote:

> I would add to that that Ultrasurf is not just *used* in Syria, it's *
> popular* in Syria.  When I was there, it was installed in most cybercafes.
>
> On Tue, Apr 17, 2012 at 11:12 AM, Jacob Appelbaum <jacob at appelbaum.net>
 wrote:
>
>
> I'd like to add that Ultrasurf has replied:
> http://ultrasurf.us/Ultrasurf-response-to-Tor-definitive-review.pdf
>
> If that doesn't confirm a bunch of my findings in the paper, I guess
> nothing will!
>
> (What a giant waste of time, sigh)
>
> All the best,
> Jacob



> On Mon, Apr 16, 2012 at 1:40 PM, Andrew Lewis <andrew at pdqvpn.com> wrote:
>
>> I ran into Jacob at 28c3, and as he described the holes it terrified me
>> to know that people in Syria(the country I am focused on at the moment)
>> were using this software. I am just starting to read the actual papers, but
>> as I understand it the holes were/are pretty serious, and that the
>> monitoring software in Syria(Bluecoat) was picking up one of the major
>> holes as part of it's routine logging of all internet traffic, with no
>> special changes required.
>>
>> -Andrew
>>
>>
>> On Apr 16, 2012, at 4:33 PM, Rebecca MacKinnon wrote:
>>
>> "Ultrasurf is software produced by the UltraReach company for censorship
>> circumvention, privacy, security and anonymity. Unfortunately for them, I
>> found their claims to be overstated and I found a number of serious
>> problems with Ultrasurf."
>>
>> https://blog.torproject.org/blog/ultrasurf-definitive-review
>>
>> Would love to know people's comments and reactions.
>>
>> Best,
>> Rebecca
>>
>>

-- 
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman

PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120417/5295d1f1/attachment.html>

More information about the liberationtech mailing list