[Noisebridge-discuss] oh sysadmins of noisebridge, i have a question for ye

Fri Jun 26 19:53:14 UTC 2009

Hi,

(A disclaimer: I am of course a Tor developer (
http://en.wikipedia.org/wiki/Tor_(anonymity_network) ) - I have been
working on access and censorship circumvention for many years. This is
an important issue for me but I generally don't bring this type of stuff
to Noisebridge-discuss.)

Ian wrote:
> do we have the bw to setup a squid proxy for http://nedanet.org ? it
> is "a network of hackers formed to support the democratic revolution
> in Iran. Our mission is to help the Iranian people by setting up
> networks of proxy severs, anonymizers, and any other appropriate
> technologies that can enable them to communicate and organize — a
> network beyond the censorship or control of the Iranian regime."
> 

A few Noisebridge people have been slightly involved with the nedanet
people, I'm one of them but just barely. Largely, I've been hanging in
their IRC channel and helping people to setup Tor. This has gone pretty
well. Many users have setup Tor servers and bridges to add capacity to
the network. Additionally lots of people in Iran are using Tor as a client:
https://blog.torproject.org/blog/measuring-tor-and-iran

Why am I suggesting/promoting/hacking on Tor over http proxies?

I don't think it's a good idea to setup squid proxies, it's dangerous
for *everyone* involved (more on that later) and pretty difficult to do
properly.

Using Tor in Iran works at the moment with and *without* bridges (
https://www.torproject.org/bridges.html ). If Iran attempts to block
Tor, they're in an arms race that they're unprepared to fight.

Good news, Noisebridge runs more than one Tor server and has done so for
quite some time! This is totally unrelated to Iran too, so it's pretty
reasonable for a pending 501c3 as far as I understand the possible legal
issues facing our non-profit. Here's our disclaimer page:
http://tor.noisebridge.net/

Here are two of the nodes (noisebridge.net and at 83c proper):
http://torstatus.kgprog.com/router_detail.php?FP=3100a70862157e5f9136b6aaeb7571745d4dc055
http://torstatus.kgprog.com/router_detail.php?FP=5d4883662b9443aa1c4efad1f04399e9b4b7d7ac

> also, are there legal implications that we should be aware of with
> associating this with noisebridge? (i have no idea)
> 

I would strongly suggest not setting up one hop http (squid or
otherwise) proxies. They're likely dangerous for everyone involved. At
the very least:
A single operator (say Noisebridge) can see all of the data
A single operator can identify all of the parties involved
A single operator can be easily blocked

> anywho, they are #irantech on freenode and the config file for the
> squid proxy is at http://nedanet.org/squid.html
> 
> if can have access and such. i am willing to set this up. i just dont
> have access or the blessing of NB.
> 

I think running an open squid proxy is probably fine sometimes. In the
case of Iran, I think it's an irresponsible action that may lead to
serious consequences for users in Iran. I've heard rumors of data
recording and of course punishment. Using a such proxy (especially as
suggested by nedanet people without SSL) is just ripe for recording and
later open for data analysis. There *is* a real issue of police
repression, serious violence and (as in the case of Neda) outright
murder. Help offer secure options for users. Giving one or two people a
list of all single hop proxies (as is the past and current NedaNet plan)
is a *really* bad idea. It creates lists and links between *everyone*
involved.

Many of the people involved in Nedanet seem to be working on
circumvention issues for the first time. Many of them have so far missed
out on some important developments in the field of circumvention,
anonymity and privacy. They haven't really thought out long term
consequences of some of their choices; perhaps their bets will pay off,
if not, who's left holding the bag? Likely it's the people in Iran and
those people will probably be in serious trouble.

Part of why I advocate for Tor is that we've been thinking long and hard
about these specific issues (though not for Iran per se). The Tor
project imperfect but we're orders of magnitude better than an open http
proxy. Especially one that is specifically setup to help people in Iran
as opposed to a shared anonymity network where users are all blending in
together.

It's trivial to setup a Tor server or a bridge and I highly suggest that
you do:
http://www.torproject.org/docs/tor-doc-relay.html
https://www.torproject.org/bridges.html#RunningABridge
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ

This is also a nice GUI centric walk through:
https://www.sesawe.net/Setting-up-a-Tor-Bridge.html

It's easy to rate limit Tor too, so your network isn't destroyed by
helping others. Generally, the network heals itself (so you can turn it
off without leaving users hanging with dead links, etc) and it's
generally designed to keep your risk as a relay operator at the level
you they configure.

There are lots of places in the world with filtering, outright blocking,
monitoring and other major real world dangers for users. If you're
interested in helping those users - please jump in!

Best,
Jake