-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday, March 15, 2014 11:49 PM, Griffin Boyce wrote: > Just a couple of things: > > -- Any project which is not transparent about its funding or > operations should never be trusted. I personally would classify > paid software in this. VPN is a bit different, but these vary > widely and there is not one paid service that I'd recommend. > Setting up your own VPN for yourself only is a far better option. > > -- Anything that says "Iran version is free and it works only if > you are in Iran." should be viewed with skepticism. For pure circumvention, where users want to access non-controversial content without their local ISPs knowing, a VPN provider in a different country helps. Griffin wisely points out that centralized services (which basically include any for-profit company) must respond to the government where they're based, and often also any government where they do business. I would counter that there is a role for commercial VPNs, and if these companies see a long-term market value in an open Iran, they might have a business interest in providing free services to a population unable to pay currently. > -- Tor currently works in Iran with either unblocked bridges or > flashproxy. (flash proxy requires either the pluggable transports > TBB or TBB beta 2.6+). Tor is obviously the gold standard when it comes to secure and private circumvention; its architecture is extremely robust and removes the problem of having to trust a third party. For any activist facing imprisonment or worse for their online activities, I'd suggest they start using Tor (and really, should consider TAILS). Other (open source) options are Lantern (again, more for circumvention, but uses your personal trusted contacts to proxy blocked sites, as opposed to a single commercial VPN), and Psiphon of course. > > -- You're right that more circumvention projects should open their > source and make it free. The idea of advertising to censored > people has always rubbed me the wrong way. These companies are > basically making money off of desperate people =/ Question: Let's say a well-meaning social-enterprise-style VPN company, whose servers are built using open source software wants to help provide services to a censored country (either free or at a reasonable price-point); how do they show good intentions and validate that they are following good practices and limited logging? > > -- Some US-based organizations block Iran IPs due to a > misunderstanding of UN export controls. If anyone comes across these roadblocks, please point them to NAF's blog post here: http://oti.newamerica.net/blogposts/2014/us_government_clarifies_tech_authorizations_under_iranian_sanctions-103425 , which gives a good plain-text explanation of this chunk of the new D-1 exceptions ( http://www.treasury.gov/resource-center/sanctions/Programs/Documents/iran_gld1.pdf), cropped here: " (a) Effective February 7, 2014, to the extent that such transactions are not exempt from the prohibitions of the Iranian Transactions and Sanctions Regulations, 31 C.F.R. Part 560 ("ITSR"), and subject to the restrictions set forth in paragraph (b), the following transactions are authorized: (...) (4) Internet connectivity services and telecommunications capacity. The exportation or reexportation, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran of consumer-grade Intemet connectivity services and the provision, sale, or leasing of capacity on telecommunications transmission facilities (such as satellite or terrestrial network connectivity) incident to personal communications. " Even more info and a FAQ here: http://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/pages/20140207_33.aspx > ~Griffin > > > - -- [email protected] PGP: 0020 1A37 47C0 0DEA C368 BCA5 A998 959F F926 BF8B Mobile/Skype/Ostel/XMPP on request OTR: FE0E870C 40A3B334 5E6E84F0 D013369F 3C064E4C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTTo0JAAoJEKmYlZ/5Jr+LXGgP/0qJCQK+owqY/ZqEDjpxvvkt 3q9ZJBdgbbOsuLYFR6HnQgv5lx/wHCHpPiDTg58lSd0ZDWgU3X3gv3ZtpllcCme3 vhQk14gzoLGYX8FS/C+dZCdeb5LElcBWrlU0+FdayJqxhMhDXlG/m1GGB+15tG2F DsamlV4Bauh6CwIHVjnojQ/kYdCdDauorOJANrhsra6GF6re0KPY1+MZBNx30+Ag biRboZdw3JpUtCuZNNOyOfNlCmSi32UB9k3PUTy4kDMP7m6m3H5LGVLqMjyKBJuS NkjfgnM9rhobA/mHummrNUz7j6bkPbmAeJ+cVkFvUPN5ej/h//HWy2o1JLBTTuDb af+ge4IRSf2OK8J9cSFPe/4GLlJ4CfJ1wipCaA7+rDQEGow9W1jwJsMpp2ZjgkL+ zQv9qfJn2br6/Vw8F7nCS2RolDfdXqkjuTVWwAySCQY01dzJwiBlbwj0ONWBYDX0 Pm+aiOtTFP9Yj+C3aoNHDItchtpNQhZYrTamRoaUHtuop7tomXd1OZygz9WL2ULX bb734HCmvt5kCIH2gSNG9aIiIVDyjYVnPUshZGwYr4TSwo9qlXm7xQwXDPUKJroR F2IsH/CuAjd6mVp8v5TM6or1rOPcUVwzBjFrwDCxO3rRLV4HENQD3HtDYxzn7Oyy n3/Nau/Wo1KaNX4ycIPJ =Cpno -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
