[liberationtech] if you are a circuvmention tool developer, please FREE it now for Iranian

Nariman Gharib nariman.gh at gmail.com
Sat Mar 15 16:48:02 PDT 2014 

Thanks Alster,


>
>
>
> 3. You're basically saying that your website is acting as a portal for
> people to regain access to the Internet. If that's so, you really should
> not give them a false sense of security:
> https://www.ssllabs.com/ssltest/analyze.html?d=secure.filtershekanha.com
>
> Currently, this SSL configuration is easily circumvented, allowing to
> man-in-the-middle all of your visitors. (Please message me off-list if I
> can help you fix your webserver configuration.)
>

I'll message to you about that in privately. but a quick note: I just used
the free SSL certificate not to encrypt the communication in website but
just for give a un-censored url to Iranian people. which is government
block my main domain not https:// secure.filtershekanha .com - and also I'm
emailing people circumvention tools via Mailchimp and those circumvention
tools are not hosted in my websites. just there is a link in emails.

>
>
> 4. You seem to currently recommend closed-source adware supported
> single-hop VPN clients as a workaround.
> This most likely means that
>
>  - the companies providing these VPNs can perfectly tell what the users
> using them are doing, may also log it, and are thus susceptible to
> traffic and log recovery by means of governmental interventions and hacking
>
>  - you can't really tell what this software does and where it and the
> servers it connects to may send all the traffic to (in addition to the
> intended locations)
>
>  - you can't really tell whether the sites you access through these VPNs
> are really the sites you want to access
>
>  - the ads allow the advertisement networks (and anyone who can convince
> them to share this information) to track precisely what the users are doing
>
> That is to say, while those tools may seem to provide a great way to
> overcome the censorship, using them may very well play into the hands of
> "security forces", enabling them to keep track of what activists (or
> just anyone with a non-official opinion) are doing, and to build files
> on them.
>
> People in other countries have been displaced, incarcerated, tortured
> and even killed due to exactly these mistakes (recommendation and use of
> bad censorship circumvention tools) in the past. I really hope this is
> not going to happen this time around.
>

I know about that and it's going to be dangerous for Iranian or other
people in similar country to Iran, but most of people in Iran doesn't CARE
about these things. they just want to go facebook,youtube,twitter and...(
actually most of websites are blocked :) ) . even we know who behind of
these tools,Personally actually from last week after I talked to a expert I
decided to give users all options/all tools and just saying that the
trusted and secure tool at this moment just is TOR.​​

>
>
> 5. I fully understand that recommending against something is of no use
> if no alternative is provided. I think Tor makes a great alternative if
> people care about both circumventing censorship and remaining anonymous
> (if used as documented). Yes, it does slow things down. But if you
> compare to the previous paragraph then it might be worth this?
>
​I recommended to people using TOR and for example from a week ago until
now thousands people now using ORBOT and TOR via my newsletter. ( I'm not
sure about the users but the clicks number goo.gl gave it to me are up to
10k clicks for these to tools )​

TOR is Good. but for example when government blocked the some TOR's ip, we
should provide bridges for users( IF  AM IF RIGHT). so Imagine I emailed to
my subscribers these new bridges so after 2days they will blocked, so
what's the next and good option?

>
> There may be other options, possibly including single and multi hop VPNs
> which are just not as bad as the ones currently in use. If you are
> willing to consider other options, I bet the contributors to this
> mailing list will be happy to provide more suggestions.
>

Yes, I'm in.​​

>
> Alster
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>



-- 
PGP: 084F 95C0 BD1B B15A 129C 90DB A539 6393 6999 CBB6
www.NARIMAN.Tel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140315/ed9c68de/attachment.html>

More information about the liberationtech mailing list