Collin Anderson: > Eric, > > I think it is necessary to push back on the following statement as > extensively as possible. > > But I’ve never heard of a case in which a user has been punished merely >> for cybercircumventing. I’d love to hear of such a situation. > > > As Amin hints, there are strongly rooted concerns regarding the origin and > affiliations of the individuals providing VPNs within Iran. If one takes, > for example, the VPN provider Joorabhaa, which operates with a .ir domain, > hosted in-country and accepts online payments from domestic banks, it > should be clear that this VPN should be considered completely compromised.
Indeed. One does not need to wait for an activist to be tortured before we suspect that such a thing is safe without *any* evidence to support that assertion. Is it safe on a technical level? On a social level? On a fiscal privacy level? I'd wager the answer is *no* but I haven't even heard evidence that could be used to support it. > The difference between whether its run by the government or > an entrepreneur is negligible, particularly absent an effective rule of > law. Furthermore, in Syria there have been similar allegations of malicious > VPN services and tainted binaries of popular tools that connect to > suspicious servers. Let's be unequivocally clear, there is no evil bit -- > no method of ascertaining the ownership of the records collected your > antifiltering service -- until they are used against you. I would imagine > we could build quite a list of suspect providers, if it were not for the > fact that the people with that knowledge are sitting in Evin Prison. > And then those facts are ignored by people, such as we see with Eric's email - which is so frustratingly upsetting as to be beyond absurd. > I believe this is very inappropriate advice and the scenario outlined > should not be considered theoretical by anyone that is responsible for the > security of endangered populations. > Perhaps it is not very diplomatic but I can't agree strongly enough. All the best, Jacob -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
