The Green Machine... Facts vs Fiction

Discussion in 'News And Current Events' started by Unregistered, Sep 13, 2009.

  1. [size=+3]The Green Machine[/size]

    The authors of the Green Machine claim to allow users to access the uncensored Internet securely from inside Iran. The program does this, but in a dangerous and shortsighted way that can be easily blocked or even turned against the very people it is intended to protect.

    The Green Machine is actually a thin shell around the open-source SSH client PuTTY (not that it credits the PuTTY people). PuTTY is an excellent program, but the Green Machine uses it in a dangerous and inappropriate way that I will explain below.

    [size=+2]How It Works[/size]

    In order to understand how the program works, it is first necessary to understand how the Internet works. Please bear with me: for those not technically-minded, this is the minimum you need to know.

    Those more steeped in technology will realize I'm simplifying the situation somewhat for clarity. Also keep in mind that these connections are symmetric: what I describe for outgoing communication applies in reverse to replies.

    [size=+1]The Normal Internet[/size]

    When a web browser (or any other client program) sends information to a server over a network, the program first goes through the operating system. There, the information the program is divided into chunks called packets. To each packet, the operating system adds information about where the packet is coming from (the source) and where the packet is going (the destination). It also adds a number telling the server receiving the packet to which program it's supposed to send the information. This number is called the port. What the application originally wanted to send, which makes up most of the packet, is called the payload.

    Web traffic always uses port 80, so if you were connecting to, your packet would look something like this:

          | source      | your computer       |
          | destination |        |
          | port        | 80                  |
          | payload                           |
          |                                   |
          | Send me the your homepage         |
          |                                   |
    Now, if you were trying to block access to, the easiest thing to do is to block any packet with in the destination field. This approach is precisely what the government of Iran tried first.

    [size=+1]The First Stab: Proxy Servers[/size]
    To get around this blocking, people started using proxy servers. When a client uses a proxy server, instead of sending a packet directly to the destination, the client instead sends a packet to a third computer, the proxy, which forwards it to the originally-intended computer. So, the packet leaving the client looks like this:

          | source      | your computer       |
          | destination | proxyserver1        |
          | port        | 80                  |
          | payload                           |
          |                                   |
          | Tell to send the     |
          | homepage.                         |
          |                                   |
    Now put yourself back in the shoes of an Internet censor. Just looking for in the destination field no longer works because people are just using proxyserver1 instead. Now, you have two options:

    1. Find out what the proxy servers are and block them based on source.
    2. Look inside the payload and look for This called deep packet inspection because you're looking "deep" inside the payload of the packet, which ordinarily you're not supposed to care about if your job is to just move packets from one place to another.

    As it turns out, the Iranian government has been employing both techniques, which is why proxy servers quickly stop working (once the government learns what they're called), and why sites are often blocked even when they go through proxies (because the government can look inside the packet and its ultimate destination).


    It's still possible to get around even this level of blocking, but it takes more effort on the part of the client. The basic idea is twofold:

    1. Prevent the government from finding out what the proxy servers are called
    2. Make sure the payload doesn't have anything that looks like a proxy request

    There are several different ways of accomplishing these goals. What the Green Machine does is put the payload inside another kind of payload called SSH, which stands for Secure SHell and is mainly used by computer geeks. Because SSH encrypts (scrambles) the payload, the government can't look inside the packet and see who the user is trying to talk to. To try to fool the government further, the Green Machine uses port 80 for this payload, even through one normally sends SSH packets using port 22.
    The outgoing packet looks like this:

          | source      | your computer       |
          | destination | innocuousmachine42  |
          | port        | 80                  |
          | payload                           |
          |                                   |
          | SSH-CONNECTION-REQUEST            |
          | dsfa%!@3fjndaS213415!,,,,!@       |
          |                                   |
    When innocuousmachine42 receives this packet, it decodes "dsfa%!@3fjndaS213415!,,,,!@" into "connect to" and follows that instruction. So far, so good: you can connect to facebook.

    [size=+2]Fool's Gold[/size]

    While the Green Machine approach appears to work, it's actually chock full of problems and vulnerabilities that makes it quite detectable and dangerous to use even while it does work.

    [size=+1]Speaking Swahili in Finland[/size]

    First of all, it's running SSH traffic over port 80, not the usual port 22. Nobody can tell what's inside the SSH payload, but the government can tell that the packet is SSH, not the expected web traffic. It's a giant red flag that says "take a closer look at this connection!"

    Why not just use port 22 like most other SSH traffic, then? You run into the same problem: if the government sees a sudden spike in SSH traffic, it will know to focus on both the source and destination of the traffic and quickly learn to block it. Recall that the government can still block a packet based on its destination field even if it doesn't understand the payload.

    [size=+1]Who's Bob? Why are you so very interested in this Bob?[/size]

    The Green Machine is configured to talk to exactly two servers. (There are two programs included in the package, each of which is hard-wired to talk to one server.). Once the government discovers what these servers are, either by observing traffic (which thanks to running over SSH, sticks out like a sore thumb) or just by getting a copy of the program for itself, these servers can be blocked by just looking for them in the destination field of each packet. All the encryption in the world won't stop that from happening.

    [size=+1]I'm the Bob you are looking for. Really. Trust me.[/size]

    The government can do far worse than block the traffic to innocuousmachine42, though. Once the government knows what the machine is called, it can redirect packets intended to that machine to its own machine and read what's inside, which means that every post, tweet, and email sent through this program could be read by the government without your ever knowing.

    The government would quite literally use what's called a man in the middle attack: it would, without your knowledge, send packets intended for innocuousmachine42 to its own machine and read them. It would then talk to innocuousmachine42 as if it were you, so you would never notice that anyone is wrong.

    The government can do this because the Green Machine doesn't take steps to make sure it's talking to whom it thinks it's talking to and will gladly talk to anyone who's speaking SSH on port 80. Consequently, using this program is dangerous.

    Post continued...
  2. (Continued from previous post.)

    [size=+2]A Better Alternative[/size]

    The fundamental idea of using a different protocol is a good one; the Green Machine just does it poorly. There's a much better alternative called Tor.

    First of all, instead of using SSH, Tor uses HTTPS, which is the protocol used for online banking, online shopping, and other secure web browsing. Every time you see the padlock icon in your browser, you're using HTTPS. Because HTTPS is so common, it sticks out a lot less than SSH. HTTPS is just as unreadable as SSH, however, so the government can't look inside the packet.

    Second, instead of two servers, Tor connects to thousands. With Tor, it's a lot harder for the government to detect that something unusual is going on: the traffic (which doesn't stick out) is spread among a lot more servers. It's also much easier for the Tor people to add a new server, in the event the government blocks some of them, than it is for the relatively small Green Machine group.

    Tor is secure against man-in-the-middle attacks. Instead of connecting to one server between you and, Tor connects to dozens before getting to the original destination. Each server along the path has to verify that it knows the secret key, which is rotated once per week. Even if the government found and blocked every Tor server on Earth and confiscated your Tor client, they could not read what you had already sent or received.

    In short, there is nothing the Green Machine does that Tor does not do in a way that is better, faster, and safer.


    The Green Machine is dangerous not only to its users, but to its developers as well. Supposing that its developers live in the United States, they are violating many laws by making software specifically intended for Iran without special clearance. These laws include the Code of Federal Regulations Title 31, sections 560.20 and 560.418; Title 15 parts 730-77; and U.S. Code title 50, Chapter 106. The authors face up to 20 years in federal prison and a fine of one million dollars for providing service to Iran, even indirectly. I am not a lawyer, but any intelligent person can read statutes. Look up the references yourself.


    The authors of the Green Machine meant well, but made many grave and serious errors that put their users and themselves at severe risk. Use Tor to protect your privacy, not some package made by developers who clearly don’t understand how to do threat assessment.
  3. This is extremely dangerous for the people of Iran

    I asked my son who is a Director of Programming at an IT company to look at this program and he came back with the response that this is extremely dangerous for the people in Iran. They can be traced very easily if they use this program and have not enough people been arrested and tortured by the government in Iran already. Whoever has done this and put it out there is jeopardizing anyone in Iran who uses this program. Whoever has put this program out there needs to take it down NOW.
  4. SanguineRose Member

  5. chwn Member

    Anyone who can make it so simple to understand is a HERO in my book!!

    Thank you for all your work, thank you for making it simple, thank you for saving lives.
  6. osumom311 Member

    Thanks for the explanation of how this stuff actually works...and for making it understandable for those of us who have no technical abilities at all.
  7. sos78tehran Member

    Thanks for your support of democracy in IRAN
  8. lol who knew this whole thing was such a joke, go "wishmaster" wish them into jail!
  9. Thx & a question

    Thx for clarifying so clearly!
    Do non-techie users know if they're using the Green Machine, or how to use Tor?
  10. Kruge Moderator

    A few thoughts, but mind, I'm just thinking aloud:

    If this tool can only connect to one "hardcoded" server and it's "all over twitter" as was said in the other thread one has to wonder why this one server isn't blocked by the govt. already.

    Who owns that server in the first place and started promoting the tool?

    What I mean is - could this be a setup from the very beginning?
  11. stop spreading fear please!

    With all due respect to all the technical information provided here.
    You people are only spreading fear here not helping anyone but the Iranian Gov :(

    Iran's system is more complex than you think. It is very common in Iran for the government to pass some law and for people to either pay their way or find some ways to get around it.
  12. Fact: people in Iran are tortured for having dissenting political views
    Fact: this program is dangerous and ill-conceived
    Fact: using this program can get people killed

    If spreading fear is spreading facts, then by all means, go ahead. Are you claiming that we should suppress facts in order to give people a false sense of security? Just whose side are you on?
  13. news

    Unfortunately some one has posted yesterday a link about this program to website and today I have seen the linsk to this program in many many websites who announce it.
  14. echo-IRAN Member

    Comparing Green Machine with Freegate, TOR etc

    [size=+1]Speaking Swahili in Finland[/size]

    First of all, it's running SSH traffic over port 80, not the usual port 22. Nobody can tell what's inside the SSH payload, but the government can tell that the packet is SSH, not the expected web traffic. It's a giant red flag that says "take a closer look at this connection!"

    All others TOR, Freegate have their signature in the payload too. TOR is open source. And in general trying to obscure the nature of the traffic isn't secure.

    Why not just use port 22 like most other SSH traffic, then? You run into the same problem: if the government sees a sudden spike in SSH traffic, it will know to focus on both the source and destination of the traffic and quickly learn to block it. Recall that the government can still block a packet based on its destination field even if it doesn't understand the payload.

    The same applies to the number of users of the other services. You have no idea how many are using it.

    [size=+1]Who's Bob? Why are you so very interested in this Bob?[/size]

    The Green Machine is configured to talk to exactly two servers. (There are two programs included in the package, each of which is hard-wired to talk to one server.). Once the government discovers what these servers are, either by observing traffic (which thanks to running over SSH, sticks out like a sore thumb) or just by getting a copy of the program for itself, these servers can be blocked by just looking for them in the destination field of each packet. All the encryption in the world won't stop that from happening.

    All the TOR servers are listed publicly, and the other all have a pool of limited servers. Obscurity isn't secure.

    [size=+1]I'm the Bob you are looking for. Really. Trust me.[/size]

    The government can do far worse than block the traffic to innocuousmachine42, though. Once the government knows what the machine is called, it can redirect packets intended to that machine to its own machine and read what's inside, which means that every post, tweet, and email sent through this program could be read by the government without your ever knowing.

    The government would quite literally use what's called a man in the middle attack: it would, without your knowledge, send packets intended for innocuousmachine42 to its own machine and read them. It would then talk to innocuousmachine42 as if it were you, so you would never notice that anyone is wrong.

    The government can do this because the Green Machine doesn't take steps to make sure it's talking to whom it thinks it's talking to and will gladly talk to anyone who's speaking SSH on port 80. Consequently, using this program is dangerous.

    You don't need to pretend to be a TOR node, the govt can be a TOR node. Though TOR makes sure your content and your IP are not exposed to the same node. You can also redirect Freegate traffic to govt servers, and nobody knows if Freegate is cracked or not.

    To read some blocked websites, it doesn't really matter what is used. If you trust Freegate or Green Machine not to sell your IP, your twitter account can hardly be traced back to you. Man in the middle attack may link your twitter account to you, but the difference between Freegate and Green Machine is the degree of difficulty. A standard non-variable SSH protocol make it easier.

    Rule number zero, if you transmit something secret, it must have end to end encryption on top of whatever you use, even TOR, freegate.

    So I do think this guy is spreading unnecessary fear by the BIG claims and being unregistered. I think the FAQ will be a little different from say Freegate. That middle man attack is easier because of the standard protocol, which doesn't mean that you are perfectly safe with Freegate.
  15. echo-IRAN Member

    This is pure spreading fear

    No western govt will bother you supplying proxy client to Iranian individuals. Voice of America (US govt) is funding ultrasurf. SSH most likely is not under US export control, or else it will be laughable.

    Conclusion, the unregistered almost certainly work for the Iranian govt, or having the same effect. And the mod who put it in sticky is an idiot, or having some idiotic moments.
  16. Not true. Google, Microsoft, AOL have all suspended their services to Iran. I doubt they do this for fun. Here's some sources:

    Sanctions 2.0: Microsoft, Google suspend IM services to Iran, Cuba, Syria, Sudan and N. Korea

    Microsoft not only firm banning IM access to U.S. enemy nations

    Office or Foreign Asset Controls

    Under the Iranian Transactions Regulations (”ITR”) unless licensed by OFAC, goods, technology (including technical data or other information subject to Export Administration Regulations), or services may not be exported, reexported, sold or supplied, directly or indirectly, from the United States or by a U.S. person, wherever located, to Iran or the Government of Iran.
  17. echo-IRAN Member

    unregistered, are you stupid or do you think we are stupid?

    The US govt is trying to sanction Iran. Green Machine and the like are helping the Iranian people against their govt. If the software developer got arrested, USA don't need a revolution, they have something called a recall. And as I say, the US govt is funding ultrasurf against all censors. There is no case.
  18. I wonder why unregister is so sensitive about greenmachine?
    and FYI it's ip was blocked as of yesterday from iran. Thanks to all the noise you guys made here.....

    So where is all these concerns for the posting below? it comes up on the first page of google if you search for iran proxy????

    How come there is only postings like this for greenmachine and all of the sudden all other methods of breaking iran firewall is safe?? this is ridiculous get a life unregister!

    It seems that some people here have different agenda's than helping Iran. You and the regim of Iran both represent the same thing: IGNORANCE!

  19. Not even wrong

    All traffic has a signature. You can't reasonably expect to send raw ciphertext (which appears to be random data) across the Internet and have it be generally understood. Even if you made prior arrangements for that ciphertext to be decoded in a certain way, the very fact that the information is random is itself a kind of signature, and a very suspicious one at that.

    The trick is choosing which signature to use. The HTTP-family protocols are good choices because so much Internet traffic is already HTTP. It is perfectly normal, in fact, for a person to use the Internet for weeks and send nothing but HTTP and a few bookkeeping packets (mainly DNS).

    For that reason, the programs you mentioned above all employ HTTP-family protocols for their work. HTTPS is especially nice because its payload is opaque. An attacker can detect an HTTPS connection, but not see inside it. Because HTTPS connections are common, they seem innocuous and don't arouse suspicion.

    To an observer, Tor traffic looks like HTTPS traffic. To restate a point I made in my original analysis: SSH is a bad protocol to use because it's so unusual, not because it has a "signature".

    Yes, Tor is open source. I'm not sure what normative idea you're trying to impart here, however. How do you want us to feel about Tor being open source software?

    Secure against what? Security isn't a checklisted feature, but a process of defending against certain attacks. Against some attacks, "obscuring" traffic is ineffective. Against others, it is quite useful. "Obscuring the nature of traffic" by itself is insufficient, of course, but it can certainly be a useful part of a complete system that is resilient to all the threats we're likely to face in Iran.

    Tor has a mechanism to use unpublished bridge nodes as a directory nodes, which in turn inform the Tor client of thousands of other potential relay points. All services have a finite number of servers. How many you need to step outside of "limited" territory depends on how you use them. Two, the number for Green Machine, is clearly too low.

    Yes, but being a Tor node doesn't buy you much because Tor is onion-routed. A Tor node doesn't necessarily know anything about a given piece of information's ultimate source or ultimate destination. (We can assume bootstrapping nodes are communicated security out of band the way they would be in any secure system of this type.) Also, Tor's security properties are little stronger than what you suggest: the system essentially erases information about the source of the traffic, or more accurately, dilutes that information to the point of uselessness.

    If you can either recognize Freegate traffic generally, or know the destination machines specifically, then you can redirect (or block) the traffic, that's true. However, being able to redirect or block the traffic doesn't necessarily grant you the ability to read the traffic. Those are separate security properties.

    As for not knowing whether Freegate is "cracked": I haven't seen any credible evidence that to that effect, and there is no particular reason to suspect a crack. The burden of proof is on you to provide evidence. (There are, however, persistent reports that the Freegate organization sells user data. In my book, that alone is a good, and different, reason to avoid Freegate.)

    My point isn't that Tor is a panacea. It's clearly not. In fact, Tor sucks. Freegate sucks. Every system sucks. But we can analyze how these systems suck, and in that analysis, Tor sucks less than the Green Machine in every way. In fact, the design of the Green Machine is so dangerously naive that most systems suck less than it does.

    You're being misleading here. If we're talking about merely being able to detect and block traffic, then it's not a matter of a little difference in difficulty, but a wide gulf. A good system can be exceptionally hard to intercept or block. If on the other hand, we're talking about being able to read the intercepted traffic, then a good design incorporating solid cryptography can make "difficult" mean "with mathematical certainty, the sun will go cold before it is done".

    Absolutely right. Everything should be encrypted and authenticated end-to-end. However, that end-to-end encryption won't help a bit if some grand firewall is preventing your being able to talk to the other end in the first place. End-to-end encryption prevents some attacks. The circuitous routing we're talking about here defends against other attacks. To protect against both, use both techniques, but don't pretend one is a substitute for the other.

    A man in the middle attack isn't easier because the protocol is standard. The attack is easy because the entire system is designed in a way that makes the attack possible. It's bad design, not standardization, that is the problem. Normal HTTPS traffic is standardized (see RFC 2818), but it was specifically designed to resist man in the middle attacks. (That's why we have certificates.)

    In general, it's unwise to depend on the largess of the government in not prosecuting something technically illegal. It's downright foolhardy to do that when the law you're violating deals with an area as volatile as international sanctions.

    You don't know that. Considering how absolutely trivial it is to find the server, it's just as likely the IRI did the work itself.

    A connection over an SSH tunnel is vulnerable to fewer attacks than one sent over an unencrypted HTTP proxy, yes. That doesn't make an SSH tunnel a good choice: it just makes the unadorned HTTP proxy even worse one. That's why HTTP proxies are no longer recommended.

    Because most other methods of bypassing the firewall are safer than the Green Machine. The Green Machine was a perfect storm of naive design and irrational hype, and letting it go unexamined would have been irresponsible. If other insecure techniques are proposed, then they should be called out too.
  20. SanguineRose Member

    Export of any encryption software into iran over 56-bits (40-bits for Public Key Crypto like RSA) is illegal. (I'm pretty sure the people who designed this came from America where this IS the LAW)

    This is the Law, there is no exceptions to this. Knowingly and deliberately breaking this law can end you in jail fairly easy. Breaking the law no mater what intentions you have is still breaking the law and it will still get you arrested. There is no 'blind eye' in America.

    How the encryption is implemented in it's design is faulty. It does not check the server's public key nor compares it to a known key. This means that they can simply run a instance of ssh right out of the box and simply pass the traffic through it, log everything sent, and then send it back out again. Basically the government box would negotiate a separate ssh session with the destination. Green Machine would 'try' to connect. The traffic being intercepted and routed to this government box, it will negotiate a session perfectly mimicking Green Machine's Server. It can use any public ssh key it wants because there is no validation. The data passed through this tunnel with the government box in the middle logging all the traffic. No one will of course never know it is happening until the person using Green Machine gets arrested.

    How hard is it to grasp how fucking easy it is to do this? It's literally one command on any Unix-based system to do this. Simple tweaking of the routers to send traffic to this box and making it 'transparent'.

    Also, because Green Machine's server uses SSH anyone using the username/password in the Original thread about Green Machine can LOGIN TO THE SERVER. By using 'lastlogin', 'finger', etc. due to it's design you can perfectly see what ips have and are connecting to their server. Since you are logged in, use a local root exploit and root the box, log the ips, and then send them 'home' via email or what ever means you wish.


    Last time I checked it was blocking ips not in Iran from sshing but before it allowed me to login like above.

    Want More? I am sure I can find even more ways.

    Forgot to mention, this takes less then one minute to do.
  21. echo-IRAN Member

    Responding a few issues at a time.

    Green Machine is "dangerous" depending on what you use it for. Diplomats were caught sending unencrypted email via TOR, leaking embrassing passwords and information. To some security geeks GM should be bad enough to cause an uproar, but to Iranians it shouldn't - you don't assume all users are naive and you don't know what they need.

    GM is one step over open proxy to allow someone to access blocked websites. The simple encryption simply avoid keyword detection and URL detection to avoid blocking. What's wrong with that? As long as the GM developer didn't claim anything more than it is, the response should be to make clear of the limitations rather than an uproar. The author didn't claim or compare GM with the other like Freegate, TOR, etc? You can always critize that an apple isn't as juicy as an orange.

    "There is no 'blind eye' in America." LOL, are you an Iranian?

    Now we have a geek's intepretation of the law, or a paralegal's technical review of GM. Everybody will have trouble with either.

    Why the GM developer has to be in US? The server is in Germany I heard?

    The fact is, Ultrasurf, Freegate are all developed by US companies for sure. Ultrasurf is funded by the US govt, Voice of America. Anybody can download a copy of the client and use it. Many TOR servers are in US soil, and I don't need no permission from anybody to be a relay server, and my IP is on the TOR public list. OpenVPN is open source, available to anybody. Certainly the encryption in these services should be way better than the minimum under export control. The issue is whether these things fall under export control. To me if an Iranian cannot download some SSH and use it on his comp, and that someone in US will be in jail for that, it's a joke. But if GM need a license, it will be given one just like Ultrasurf, Freegate, as "there's no blind eye in US", lol. And if the guy is in Europe, there's no such joking laws.
  22. Users are naive. Ever your diplomats were, and of all people, they should have known better. All your example shows is that a false sense of security is worse than none at all, and GM was a commensurate example of such an illusion. Users don't know about the nuances of security, and shouldn't have to. It's up to us to come up with a comprehensive security solution. No package is perfect, but Tor and other packages provide every security guarantee that GM did, and quite a few besides. GM's security guarantees were so slight, and the hype surrounding it was so great, that users would have been lured into endangering themselves.
  23. sorry if i'm a bit daft but where was the hype for green machine? first place i heard about this was on here.

    also i could not find any claim by the developers of any security guarantees? from the bit of research i've done others seem to have made those claims

  24. When you have people arguing that Green Machine is the "best-proxy", I'd call that hype. You might argue about what claims were and were not made, but that's not the point: the GM site does not inform users of the dangers and limitations of the sotware. You and everyone else here know damn well that normal users will think it's a comprehensive package that keeps them safe when in reality it's no such thing. There's also the fact that everyone seems to forget: there's simply no reason to use GM. Other packages provide strictly better security and defend against more threats.
  25. lissnup Member

    What I find hard to understand

    Previous post is the key point for me. Let's say someone wanted to help, but mistakenly employed naive methods that are easily proven to be less good that those already well known and freely available.

    If that person or group are interested in the safety of Iranian people, the mature, responsible reaction to such criticism is to accept, apologise, withdraw. Then by all means refine, improve, re-test, re-launch.

    The sheer volume of plausible technical detail provided here should be enough for any rational person to want to step back for a moment and reconsider.

    If Iran have blocked it already, good. Proves the point. By all means, take your ball and go home. Game over.
  26. echo-IRAN Member

    Crusaders are coming again! History said who were the naive ones?

    Iranians for example are much less naive than Americans or anybody else in the free world when it comes to proxy.

    GM is quite clear what it is internally, and the claim "best-proxy" is not inappropriate. Most people in Iran is looking for proxy, any proxy, to read Western news and twitter news for example. If guys are confused about what a proxy is, consult the dictionary or wikepedia. As long as you can read BBC, VOA, CNN, Twitter, it's a pretty good proxy. TOR has about an hour in the day that is usable for interactive browsing. And TOR is much more than just a proxy - at least it's an anonymizer.

    Haystack is the much bigger problem because it claims to be better but without specifics.

    Also, everything in US or the west is best, or you can't sell anything.

    Also, also, if you can list the faults and post the improvements, GM developer hopefully can patch it easily. Being on the cloud, I suppose it's not difficult to get different IP's. Basement webmasters, now is your chance.

    Also, also, also, I detected only a sheeer volume of stupidity and empty threats more than anything else.
  27. SanguineRose Member

    If Iranians were much less naive why would any of them use software that will jeopardize their life?

    Also, the proxy is not 'coded' exactly either. It basically uses automation on putty.
    AutoIt Script Home Page This is not true 'coding'. Also a 5 year old can 'code' like this.

    Threats and stupidity where? I have not seen any threats. As far as I can see being able to root the server is not intelligent to me.

    To answer your points on TOR. There is a possibility of people on exit nodes listening to traffic people send. This has been known for a while and also the story on the news about the guy who got all kinds of info which is what you are referring to. This doesn't invalidate TOR as being useful because there are some 'bad' exit nodes. If you learn a bit more about how things work... you can use https over TOR and it will be 100% protected. Most web-based email logins use this (hotmail, gmail, etc.) The email passwords he sniffed were very probably plain-text authentication via IMAP or POP3 email server. Even if you were in a middle and sniffed all the traffic for a https handshake you still can't decrypt any of the data. Learn about Public Key Cryptology. RSA - Wikipedia, the free encyclopedia

    Meaning if you use gmail, hotmail, etc. that uses https for the authentication even through TOR you can not get their password.

    As for the emails, it is possible to read their contents via a tor exit node that is sniffing. On every connect just about the IP and the exit node changes. So, the probability of an evil exit node sniffing anything of use is low. Yes, not 100% secure and perfect but it's still better then GM where you can login to the machine and see everything that it's sending and receiving. Also they can see the source IP and KNOW if you are being naughty. At least with using TOR it won't be the same exit node on every page click.

    Do I really have to explain the internet to you?

    The server location doesn't mater, it is STILL illegal if the server was anyplace in the world. Exporting a package FROM the USA to IRAN OR AIDING/KNOWINGLY IN IT'S EXPORT = ILLEGAL.

    Yes, they are from America.
  28. echo-IRAN Member

    Hi supermod

    The law is the same no matter how many times you quote. I'm challenging how the law applies to GM, Ultrasurf, Freegate, TOR, OpenVPN and SSH in general. I doubt if any of them need an export liscense for Iran, do you know? And if GM needs a license, sure they should be able to get it if they can afford the fees.

    There are always at least three separate issues, circumvention, anonimity, and secrecy. You are not likely to get into trouble if you get through to read BBC, CNN, VOA, TWITTER. There are always users for that.
  29. echo-IRAN Member

    I read with interest about the US embargo on hostile countries like Iran. The rules are fairly strict. "You can't even send a pen or pencil to people in those countries," A lawyer who advises companies on OFAC compliance said.

    Providing an IM service to Iran is legal, but the free download IM client is illegal. This is another joke after the export of encryption, making the EU richer. Haystack is domed and so is everything else from US. Does Iran have Windows? Linux? Firefox? Any browser? Do you think the OFAC have time to go after tiny flies like GM?

    Again Ultrasurf is funded by the US govt. If you provide something similiar for free, the govt should be happy to give you a liscense, in principle.

    I have a TOR relay, and an Iranian TOR client connects to me. Am I going to jail or the TOR people?
  30. echo-IRAN Member

    To the unregistered guy who obviously have an agenda.

    It's easy to know if you are using GM, Ultrasurf, TOR or others, if you look into the content of the packets, or look at the IP of the servers that you connect to. TOR is open source and there isn't anything to hide that it is not TOR protocol. Ultrasurf packets once (recently) use an SSH v3 protocol that stands out from the rest, that you don't even need to look inside the packet to know that it's Ultrasurf. If anything tells you that they can stealth through without anybody knowing that you are using it, it's dangerous, because generally obscurity is not security. TOR bridge makes no different because the same TOR protocol is used. There have been millions of Ultrasurf Freegate users and it doesn't matter if you use GM, but be careful what you use it for, other than reading news.

    OK, assume all the GM details are correct, if it allows you to get through to BBC, then it's better than most other things. TOR is only usable for me in an hour each day. As I said, people don't call it proxy for nothing - it circumvents. If it is a bad way to protect your ID or a bad way to keep the URL and content secret, just don't rely GM on that.

    TOR doesn't compare with Ultrasurf or Freegate, because TOR cannot sell you to the FBI, but the others can. As long as GM claims that it's a better proxy, you cannot really compare it to Freegate. IMHO, it's way better than squid, and the govt have to mount a sophsicated attack to get anything from you, while you are just trying to read twitter like million others.
  31. It's called "Tor". That's how the Tor people spell it.

    Tor being open source has nothing to do with the bytes it sends over the wire. What Tor ends over the wire looks just like normal HTTPS traffic. HTTPS (which simply stands for HTTP over SSL) is encrypted. Like all encrypted communications, the ciphertext (what you get after performing the encryption) looks completely random. In fact, on of the better ways of generating random numbers of a computer is to encrypt a counter. All SSL traffic looks alike. An observer can't tell the difference between Tor, IE, Firefox, stunnel, and any other program that uses SSL. The only thing an observer can learn about an SSL traffic stream is that it's SSL. SSH is also encrypted, but because it uses a different way of transmitting the encryption parameters (specifically, session initialization and key exchange), you can tell it apart from SSL.

    I'm not sure what you mean because there is no "SSH v3" protocol. SSH comes in two versions: the insecure version 1, and the much better 2. There's an OpenSSH version 3, but there was no protocol change involved. SSH does have the equivalent of a user-agent string (try connecting to an SSH server via telnet), but I doubt that's what you're talking about.

    Obviously, obscurity alone is no protection. But like I've been saying, as part of a system, it's very helpful. The only people proposing a system that relies on obscurity alone are the Green Machine authors: because they don't use rudimentary cryptographic authentication, all they have is the hope that the IRI doesn't know or care enough to redirect traffic.

    Yes, the Tor protocol. Which, again, is indistinguishable from HTTPs or any other SSL application.

    Pushing a tool that doesn't offer any real security is negligent. Merely being caught bypassing the firewall is a likely cause of persecution. Pushing a tool like this without even informing users that it offers all the security of a blanket fort is simply reckless.

    Funny how many other tens of thousands of people manage to use it, then. If you have concerns about the public network, then set up your own directory server. It's still be better than relying on SSH.

    And do you think anyone who doesn't already know how to set up an SSH tunnel himself knows the difference? If you tout a security product, people will assume it protects them against the threats they've become familiar with. The nuances will be long, and you'll endanger people. I don't think many people would use GM if it came with the accurate notice "USE ONLY FOR TRAFFIC YOU ARE COMFORTABLE WITH THE GOVERNMENT READING".

    Please, stop spreading ignorance.
  32. I have never heard or read about anyone ever being prosecuted in Iran for that. There is no law in Iran for that.

    The only activities that could get you in trouble through the internet in Iran are:
    1. Sending secret information on the web. Such as secret documents that would prove horrible crimes committed by the government.
    2. Posting / blogging political material to public against the government.

    There is talk that the government may start also cracking down on people who just share #IranElection videos and pictures and links etc. but there is no evidence that the government has actually started doing that. It seems unfeasible for the government to do that do the scale of sharing activity going on, and the fact that there is no formal law that prohibits it.

    Users of Green Machine should be told that this software does not provide them with full proof protection. But for normal internet activity like just reading news and blogs and downloading files most people in Iran weren't looking for full proof protection in the first place. They just wanted something that would open the filtered sites. Green Machine does that, it does it quick, it is simple, easy to use, and it has very low file size and its easy to download and distribute.

    It is definitely an improvement over using the normal internet connection you would get in Iran. So someone who has no other software, starting to use Green Machine adds no danger to what they were previously faced with. But the users should know that if they want to do really dangerous stuff they might want to consider more secure alternatives.
  33. There is no law in Iran

    Regarding the last post by Iran Reporter

    There is no law in Iran - you got that right!!!

    Show trials, people held without charge, 72 at least who have been killed, Neda shot while standing in the street, young girls raped, killed and acid poured on their bodies, young men shot in the street, others raped and beaten, how many tortured, how many families threatened. Some of the dead buried at night, their families not even informed of their deaths or how they died. Please tell me what they did that was illegal in Iran? There are warnings from Iranian IT experts on the internet telling the Iranian people not to use "greenmachine". How much more evidence do you need when the Iranian's themselves are trying to warn people not to use it. Get it taken down NOW before anyone ends up in Evin or worse because of it. The people in Iran have no need to read BBC news, their need is to get information out of Iran and that is what is dangerous for them.
  34. SanguineRose Member

    Sophisticated is me, under a minute, logging into the machine and able to see IPs and full data on what everyone was doing?

    What is Rocket Science? Using FireFox?
  35. Side1

    If the government is filtering websites because they don't want the citizens using them, and greenmachine provides a way around it, isn't greenmachine helping citizens break their government's wishes? Hasn't Iran demonstrated it will retaliate when people do that?

    Isn't that like selling people a "bullet proof vest" that doesn't work?
  36. echo-IRAN Member

    Is it easy to detect TOR, ultrasurf, freegate users?

    It's partially true if you say these all use standard SSL protocol so the censor can't tell them apart from banks. At least nobody seem to claim that they are indistingishable from other https traffic. Because they aren't in general.

    In earlier versions of TOR, it's trival to detect by looking at the certificate. So GM didn't commit a big sin by using SSH if the censor bothers to look into the packets. And GM is just a proxy, hiding the destination url by encryption (and more).

    TOR is open source, so the listening ports have to be public. Most of the relays use one of two standard port numbers. If you capture the port numbers, that means someone is trying to make connections to the TOR network.

    Ultrasurf, on one or two earlier versons ago, use SSL (was typing mistake) v3, and they made a strong point out of it because it's newer and stronger. But the latest version use TLSv1, same as the others and banks.

    The bottom line is that you can always look at the server ip's. TOR has over a thousand so it's expensive to ban or log.

    I have heard that they manage to ban freegate, ultrasurf, or even https altogether. If they can ban freegate without banning all https, that means they can detect freegate.

    If they ban https altogether, and block http access to some sites, GM is just the ticket.

    Do you know how many Iranians are willing to use any proxy to read real news? I would guess the sheer number make it not a deterrent to punish anybody who get caught reading BBC. It may have the opposite effect. But I'm not in Iran and I don't know, do you?
  37. im sorry, did u just say this program is made with autoit??? a++ :D
  38. SanguineRose Member

    A picture means 1,000 words.

  39. The issue of laws

    Regarding the issue of laws in Iran, I would like to point out that even though it seems like total chaos and people are being arrested for no good reason, the regime still has to build a case against them, at least to satisfy insiders who believe the system is just. People who have been convicted for political reasons are usually charged with "Acting against national security". The regime has NEVER been able to build a case arguing that just surfing filtered sites or using anti-filtering software is acting against national security. Even in the recent show trials where facebook and twitter are being pointed out as tools that were used to endanger national security, there is no mention that solely using anti-filtering software would be considered crime. However, if you start blogging political stuff or uploading material that would hurt the regime, or tweeting and facebooking extensively against the regime, then you start being an easier target should the regime want to persecute you IF they could see this activity and track it back to you.
  40. SanguineRose Member

    To your last few sentences:
    This is why GM can be dangerous if it's used to do that. How the encryption is implemented it's easy as hell to decrypt and read the traffic (If you are in the middle which the government is). Being able to login to the server, look at what everyone is doing, and being able to root the server to get all the traffic coming in and out... Still not secure.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins