[liberationtech] OkayFreedom

Jacob Appelbaum jacob at appelbaum.net
Fri Oct 26 04:03:54 PDT 2012 

Collin Anderson:
> Eric,
> 
> I think it is necessary to push back on the following statement as
> extensively as possible.
> 
>  But I’ve never heard of a case in which a user has been punished merely
>> for cybercircumventing. I’d love to hear of such a situation.
> 
> 
> As Amin hints, there are strongly rooted concerns regarding the origin and
> affiliations of the individuals providing VPNs within Iran. If one takes,
> for example, the VPN provider Joorabhaa, which operates with a .ir domain,
> hosted in-country and accepts online payments from domestic banks, it
> should be clear that this VPN should be considered completely compromised.

Indeed. One does not need to wait for an activist to be tortured before
we suspect that such a thing is safe without *any* evidence to support
that assertion. Is it safe on a technical level? On a social level? On a
fiscal privacy level? I'd wager the answer is *no* but I haven't even
heard evidence that could be used to support it.

> The difference between whether its run by the government or
> an entrepreneur is negligible, particularly absent an effective rule of
> law. Furthermore, in Syria there have been similar allegations of malicious
> VPN services and tainted binaries of popular tools that connect to
> suspicious servers. Let's be unequivocally clear, there is no evil bit --
> no method of ascertaining the ownership of the records collected your
> antifiltering service -- until they are used against you. I would imagine
> we could build quite a list of suspect providers, if it were not for the
> fact that the people with that knowledge are sitting in Evin Prison.
> 

And then those facts are ignored by people, such as we see with Eric's
email - which is so frustratingly upsetting as to be beyond absurd.

> I believe this is very inappropriate advice and the scenario outlined
> should not be considered theoretical by anyone that is responsible for the
> security of endangered populations.
> 

Perhaps it is not very diplomatic but I can't agree strongly enough.

All the best,
Jacob

More information about the liberationtech mailing list