Eric, I think it is necessary to push back on the following statement as extensively as possible.
But I’ve never heard of a case in which a user has been punished merely > for cybercircumventing. I’d love to hear of such a situation. As Amin hints, there are strongly rooted concerns regarding the origin and affiliations of the individuals providing VPNs within Iran. If one takes, for example, the VPN provider Joorabhaa, which operates with a .ir domain, hosted in-country and accepts online payments from domestic banks, it should be clear that this VPN should be considered completely compromised. The difference between whether its run by the government or an entrepreneur is negligible, particularly absent an effective rule of law. Furthermore, in Syria there have been similar allegations of malicious VPN services and tainted binaries of popular tools that connect to suspicious servers. Let's be unequivocally clear, there is no evil bit -- no method of ascertaining the ownership of the records collected your antifiltering service -- until they are used against you. I would imagine we could build quite a list of suspect providers, if it were not for the fact that the people with that knowledge are sitting in Evin Prison. I believe this is very inappropriate advice and the scenario outlined should not be considered theoretical by anyone that is responsible for the security of endangered populations. Cordially, Collin On Thu, Oct 25, 2012 at 8:36 PM, Eric S Johnson <cra...@oneotaslopes.org>wrote: > The vast majority of netizens in cybercensored countries who use a VPN (or > other form of proxy) are doing so in order to access otherwise-blocked > content, without any particular expectation of (or need for) security. So, > any VPN will do (and OkayFreedom’s as good as any other).**** > > ** ** > > Conceivably, a government which is trying to prevent access to certain > content might be upset at cybercircumventing netizens, in which case issues > of anonymity/privacy come into play. But I’ve never heard of a case in > which a user has been punished *merely for cybercircumventing*. I’d love > to hear of such a situation. (NB I’m not talking about an AUP or TOS or > contract, or a regulation or decree or rule or law, or a declaration or > assertion or speech, or … or … or …)**** > > ** ** > > Conceivably, a cybercensoring government could come up with all sorts of > tricky ways to “poison” cybercircumventing citizens by, say, seeding local > VPN resellers with a VPN that delivers a “fake” site loaded with malware. > But again, that’s purely theoretical; I know of no cases in which a > government has deviously provided a cybercircumvention service to its > netizens in order to nefariously identify or spy on them. I’d love to hear > of such a situation. (I’m not talking about merely setting up a mirror with > slightly different content, or DNS poisoning, or MITMing, or > socially-engineered malware-by-email, or targeted clickjacking, or … or … > or …)**** > > ** ** > > Best,**** > > Eric**** > > PGP<http://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE0F58E0F1AF7E6F2> > **** > > ** ** > > *From:* liberationtech-boun...@lists.stanford.edu [mailto: > liberationtech-boun...@lists.stanford.edu] *On Behalf Of *Amin Sabeti > *Sent:* Friday, 26 October 2012 00:02 > *To:* Liberation Technologies > *Subject:* [liberationtech] OkayFreedom**** > > ** ** > > Hi team,**** > > ** ** > > Some users from inside Iran have used OkayFreedom VPN: > http://www.okayfreedom.com/**** > > ** ** > > I'd like to know is it secure or not? Because I haven't read any news, > review, etc. about it.**** > > ** ** > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
