[Noisebridge-discuss] oh sysadmins of noisebridge, i have a question for ye

Ian ian at slumbrparty.com
Fri Jun 26 20:09:10 UTC 2009


jake,

thanks for your well constructed response. i agree with you that tor
is the superior technology in terms of anonymity. although i dont know
the details of this, is it possible for iran to block ips/ports so
that iranian citizens cannot use tor? i would imagine there was a
reason why they would ask for proxies in addition to tor. it could
also be hard for some people to get the tor client software.

whatever the reason, i hear you on all the complications of one-hop
proxies. i was thinking that they would be ssl and no logs be kept on
the server. it is, however, a high-risk proposal which is why i asked
for everyone's input.

thanks,

ian

On Fri, Jun 26, 2009 at 12:53 PM, Jacob Appelbaum<jacob at appelbaum.net> wrote:
> Hi,
>
> (A disclaimer: I am of course a Tor developer (
> http://en.wikipedia.org/wiki/Tor_(anonymity_network) ) - I have been
> working on access and censorship circumvention for many years. This is
> an important issue for me but I generally don't bring this type of stuff
> to Noisebridge-discuss.)
>
> Ian wrote:
>> do we have the bw to setup a squid proxy for http://nedanet.org ? it
>> is "a network of hackers formed to support the democratic revolution
>> in Iran. Our mission is to help the Iranian people by setting up
>> networks of proxy severs, anonymizers, and any other appropriate
>> technologies that can enable them to communicate and organize — a
>> network beyond the censorship or control of the Iranian regime."
>>
>
> A few Noisebridge people have been slightly involved with the nedanet
> people, I'm one of them but just barely. Largely, I've been hanging in
> their IRC channel and helping people to setup Tor. This has gone pretty
> well. Many users have setup Tor servers and bridges to add capacity to
> the network. Additionally lots of people in Iran are using Tor as a client:
> https://blog.torproject.org/blog/measuring-tor-and-iran
>
> Why am I suggesting/promoting/hacking on Tor over http proxies?
>
> I don't think it's a good idea to setup squid proxies, it's dangerous
> for *everyone* involved (more on that later) and pretty difficult to do
> properly.
>
> Using Tor in Iran works at the moment with and *without* bridges (
> https://www.torproject.org/bridges.html ). If Iran attempts to block
> Tor, they're in an arms race that they're unprepared to fight.
>
> Good news, Noisebridge runs more than one Tor server and has done so for
> quite some time! This is totally unrelated to Iran too, so it's pretty
> reasonable for a pending 501c3 as far as I understand the possible legal
> issues facing our non-profit. Here's our disclaimer page:
> http://tor.noisebridge.net/
>
> Here are two of the nodes (noisebridge.net and at 83c proper):
> http://torstatus.kgprog.com/router_detail.php?FP=3100a70862157e5f9136b6aaeb7571745d4dc055
> http://torstatus.kgprog.com/router_detail.php?FP=5d4883662b9443aa1c4efad1f04399e9b4b7d7ac
>
>> also, are there legal implications that we should be aware of with
>> associating this with noisebridge? (i have no idea)
>>
>
> I would strongly suggest not setting up one hop http (squid or
> otherwise) proxies. They're likely dangerous for everyone involved. At
> the very least:
> A single operator (say Noisebridge) can see all of the data
> A single operator can identify all of the parties involved
> A single operator can be easily blocked
>
>> anywho, they are #irantech on freenode and the config file for the
>> squid proxy is at http://nedanet.org/squid.html
>>
>> if can have access and such. i am willing to set this up. i just dont
>> have access or the blessing of NB.
>>
>
> I think running an open squid proxy is probably fine sometimes. In the
> case of Iran, I think it's an irresponsible action that may lead to
> serious consequences for users in Iran. I've heard rumors of data
> recording and of course punishment. Using a such proxy (especially as
> suggested by nedanet people without SSL) is just ripe for recording and
> later open for data analysis. There *is* a real issue of police
> repression, serious violence and (as in the case of Neda) outright
> murder. Help offer secure options for users. Giving one or two people a
> list of all single hop proxies (as is the past and current NedaNet plan)
> is a *really* bad idea. It creates lists and links between *everyone*
> involved.
>
> Many of the people involved in Nedanet seem to be working on
> circumvention issues for the first time. Many of them have so far missed
> out on some important developments in the field of circumvention,
> anonymity and privacy. They haven't really thought out long term
> consequences of some of their choices; perhaps their bets will pay off,
> if not, who's left holding the bag? Likely it's the people in Iran and
> those people will probably be in serious trouble.
>
> Part of why I advocate for Tor is that we've been thinking long and hard
> about these specific issues (though not for Iran per se). The Tor
> project imperfect but we're orders of magnitude better than an open http
> proxy. Especially one that is specifically setup to help people in Iran
> as opposed to a shared anonymity network where users are all blending in
> together.
>
> It's trivial to setup a Tor server or a bridge and I highly suggest that
> you do:
> http://www.torproject.org/docs/tor-doc-relay.html
> https://www.torproject.org/bridges.html#RunningABridge
> https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ
>
> This is also a nice GUI centric walk through:
> https://www.sesawe.net/Setting-up-a-Tor-Bridge.html
>
> It's easy to rate limit Tor too, so your network isn't destroyed by
> helping others. Generally, the network heals itself (so you can turn it
> off without leaving users hanging with dead links, etc) and it's
> generally designed to keep your risk as a relay operator at the level
> you they configure.
>
> There are lots of places in the world with filtering, outright blocking,
> monitoring and other major real world dangers for users. If you're
> interested in helping those users - please jump in!
>
> Best,
> Jake
>



More information about the Noisebridge-discuss mailing list