Discussion in 'Keeping Your Anonymity In Iran' started by Commissar, Jun 15, 2009.
Is a proxy hard to creat if you are Dyslexic?
Who knows where to download XRumer 5.0 Palladium?
Who knows where to download XRumer 5.0 Palladium?
Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!
How would that help Iran?
One to try also
Perhaps try YouSAB Community VPN Messenger|VPN service|Anonymous Surfing which is similar to Tor but has VOIP and messenger function in built into the service
I have updated the instructions on how to set it up.
You can find it here:
Hopefully this shall clear up the confusion.
News from Tehran: Tor and Squid
during the last days I installed Squid under Windows XP and TOR server. I gave all the information about my Squid-Proxy and installation of Tor to my brother in Tehran.
- Squid works well. Facebook and all other filtered sites are accessible via Squid except youtube. It seems that they use deep scanning only for youtube.
- Tor works properly for all addresses, also for youtube.
Good to hear.
Tor exit nodes
Please understand that TOR only guarantees obscuring origin IP.
TOR can be spoofed at the exit node, and intelligence units
have been running rogue exit nodes which sniff the traffic
going out of the cloud.
This is the tradeoff for a public open peer-o-peer network.
A network like haystack, in which the server nodes are private
ISPs of trust, will not be as vulnerable (if said trust is solid).
But TOR has much more bandwidth, fewer limitations, a much
bigger cloud of nodes with which to hide connections in.
So if you don't explicity trust a specific exit node, do use TOR
but stay pseudonymous or anonymous. never reveal sensitive
or personally identifiable information.
dont use torir.org
I am sure Lynx though he was doing a service with torir.org,
but unless there's an evident reason, please don't trust any
downloads from any adhoc sites, regardless of signature.
the only TOR you should installing is the one from
the canonical TOR project page:
Tor: anonymity online
Do we have to have this conversion about how a gnupg sig works again?
Please, I know how a sig works, I worked in a top crypto firm for 3 years.
the torir dl+sig does indeed verifiy to Andrew Lewman of TorProject.org
but it's not the same distro. 1.2.2 versus 1.2.4.
who knows what holes were patched since then?
The TorProject page has changelogs for tor releases,
no idea how this maps to the browser bundle versions.
but for an example of severity, this is the latest changelog:
Changes in version 0.2.2.1-alpha - 2009-??-??
o Security fixes:
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
no any cracks(((
Think, XRumer 5.0 Palladium is really BEST software for promo and for SEO!
Unless they can state why using a message board spammer proggie increases anonymity while using Tor to surf anonymously .... I'd say this post (and the one above by them) is advertising spam.
I could see a use a few forums down maybe ...
Private proxy for my friends in Iran
First, I want to thank everyone who has put time and effort to help the green movement in Iran.
I have an extra computer and I'd like to create a private proxy for my family and friends living in Iran. I want them to be able to securely route all their traffic through my computer here (encrypted). I live outside Iran. It seems to me that setting up TOR is too much for this purpose as I can be the exit point (one hop is enough here). Any simple software for this?
There is a package, but ...
Squid, available for a variety of platforms. You'd want to configure it to only trust their IPs.
Iran seems to have robust keyword-searching deep packet scanning on most internet traffic now. NedaNet Resource Page is no longer recommending squid for this reason, if you send anything out with a potentially inflammatory word on the list they may be noticed. If they are tech savvy and can set up their own encryption (like SSH tunneling) to use through your proxy then fine, or if they are already used to being monitored and have set up encryption for most of what they use anyway.
If they aren't tech savvy, Tor may be easier for them to set up correctly on their end. Squid through you will give them a fast connection out (which Tor won't) but then they have to be very careful not to trigger keywords for the packet scanners. I can't tell what the level of risk vs. use vs. level of tech savvy on their end is ... so I'm giving fairly broad advice.
You could use zebedee, a simper ssh,
but I really reccomend TOR.
If your family uses your tunnel to access
sites under surveillance, traffic analysis
will eventually pinpoint their location.
This is precisely the ideal case to run a Tor
node, in fact as an exit node, because you
have a relationship of trust pre established.
IMHO running ssh is probably going to be
more difficult for a layman than Tor.
Understanding keys, firewalls, NATing
and tunnelling takes some time.
You should run TOR, and either publish
your bridge to them, or even better have
them explicitly use you as their exit node.
Thanks for your replies.
I am now more convinced the TOR might be the way to go. I have some concerns though and I appreciate your views on these.
I thought I should setup my computer as bridge (entry point) but you suggest I should set it up as an exit node. Can they directly connect to an exit node or they need a different entry point?
This brings me to my next question which is are there unblocked TOR entry points available to people in Iran? If yes, how can my friend access them (list of IPs,...)?
My last concern is that it seems TOR does not encrypt all the outgoing packets and it depends on the application. Isn't this a treat?
Thanks again guys,
well, if they always connect to you as a bridge,
first of all it makes for easier location spotting
on their end because they are always hitting the
same node. secondly, TOR is terrible for latency,
because of the multiple hops and encapsulated
encryption in between, so you being remotely
located makes it that much more, read in multiples,
what they should do is get 3 random bridges from
the TOR site, and switch them every so often.
note that the entry node doesn't get to know the
precise destination or data, to it it's just encrypted
stream bytes through SSL, with some routing info
thrown in to help steer to the right place.
it's at the exit node that all the data gets decoded,
and that is where the vulnerability lies. a Swedish
hacker managed to spoof exit nodes a few years ago,
and since then basically all the intelligence communities
run their own rogue nodes, fishing for data. To wit,
it's actually high yield, because the people who tend
to use TOR use it for a reason: embassies, whistle
blowers, reporters in censored environment.
note that this is in fact of the TOR threat model.
it's a tradeoff between a system where you have
to trust a central authority to have clean servers,
like say HayStack or ZeroKnowledge's Freedom.NET
was back in the day, or a decentralized peer-to-peer
network like TOR or FreeNet.
so IMHO, if you already have a relationship of trust,
I suggest being an exit node for them. If not bridge
is also good.
about using a bridge as an exit node:
the point of TOR (The Onion Router), is that
you force the connection to bounce around
a few proxies, thereby dissociating the origin
from the destination.
so you connect through tehran, bounce through
amsterdam, then to paris and then finally to
the desired website say in amercia.
between each hop, the payload is encrypted using
a new key, so even if you manage to peel the first
layer from the 3rd hop, there are still two layers to
decrypt and break.
this is known as encapsulated encrypted.
so running a node as both entry and exit removes
that advantage. in that case it basically becomes
just another proxy tunnel, and TOR is slow for that.
the disadvantage with this is that it's open to traffic
analysis if the bad guys can sniff both ends. then they
can see that whenever a connection from your proxy
hits a banned website, yoru relatives happen to be
hitting your proxy. not to hard to figure out what's
going on then.
to counter traffic analysis, TOR has a few other tricks
up its sleeves asides from multiple hops; for example it
plays with timing and resizing, to make traffic seem
regular (traffic shaping) so you can't correlate directly
by gauging size and frequency of traffic, and since a
lot of people are using a node for a varietry of reasons,
you can consider it to be traffic padding, since a lot of
the messages hitting your nodes won't be yours.
all this at a huge cost to speed, of course.
If you think a one-hop tunnel is sufficient for your needs,
you can run an ssh proxy, a squid ssl proxy, or a JAP
java proxy to do this job just as well.
Thanks for your clear answers. I could understand it even though I am no tech savvy. I have managed to came up with new questions though.
You mentioned that using a simple proxy has the disadvantage of being susceptible to traffic sniffing (both ends). Since, I am outside Iran, can they sniff my traffic going through my ISP? (I understand your answer points to the general problem with this method. I am wondering if this problem could also exist in my specific case where the bad guy is Iran gov. and I am leaving outside Iran.)
If I understood you correctly, the main problem with proxy is that it is easily detectable when all the traffic of one node goes to a single IP. So, I am wondering if the following solutions can address this problem:
1. In Iran most people have dial-up connection. It is also possible to buy few hours connection cards from different ISPs (e.g. if you have DSL but looking for alternative). So, what if one disconnect and connect to different ISPs every 5 min or so? This should give it a new IP and essentially new identity.
2. What if the user connect to internet without proxy and only when he/she intends to browse banned websites or sending sensitive information, uses the secure proxy connection. That is his/her connection will be contain both encrypted (to my IP) and normal packets. Would this complicate the detection?
My other question is about possible consequences. Lets say they detect such a secure connection. Is it easy to decrypt lots of packets? I mean let say the encryption is broken once. Does this mean that it is broken for all the packets in that connection? Is it also broken for all the other future connections? Is it possible to detect that someone has infiltrated the secure connection?
Is there any point in using ISP's outside of Iran on dialup?
Security depends on your threat model,
ie it depends on your level of paranoia.
a new IP is not a new identity. in fact
a new IP from the same computer will still
have the same MAC address, for example.
and that's still at a high OSI network level.
changing IP from a VPN provider is probably
not all that useful, since most ISPs aren't free
you need to authentify anyway, and caller-id
will reveal you at a lower telecomm equipment
If your ISP is in Iran, regardless of it
being a dial-up, you can assume you
they could always call you directly by modem,
like we did back in the BBS days, but please
note that on a telecomm level, dial-up callers
on a modem from home may also be exposed
since analog phone now runs pretty much on
digital trunks anyway, so I'm not sure that's really
beneficial, not to mention it would be costly
and would sort of stand out.
outside of Iran, ISPs can be petitioned
by law-enforcement to divulge info and
most ISPs are logging anyway due to
state intercept laws and sigint tech like
I guess the answer depends on whether
you think the ISP lies in friendly territory,
etc. I would instantly mistrust anything
from a hard fundamentalist or totalitarian
state, say Emirates, Singapore, etc.
The best is to just assume the ISPs are
compromised, but ask whether the barrier
both technical and legal is worth their
that means setting up brand new gmail
accounts under new callsigns, always
using the callsigns, never revealing any
sensitive personal info, and using https
and SSL/TLS whenever you can.
the duration of the encryption depends
on the type of connection (protocol) and
the application used. although keys are
asymetric PKI (public/private key pair)
initally, generally for speed a symmetric
key pair (shared secret) will be negotiated
between 2 nodes for the duration of a
session. I have no idea how long a session
lasts in TOR, but I'm assuming it's pretty
hard to crack because it is an EFF project.
the guys behind it are amongst the top
experts in the field, and it's designed for
robustness to things like replay attacks
and man in the middle attacks, etc.
I can only tell you that in an earlier and similar
project, we used a triple layered military crypto
and didn't think that even the NSA could crack it.
this seemed to be corroborated by the fact that
they asked to visit one day. then again, would
they tell us if they had?
so I wouldn't worry about crypto. usually the
vulnerabilities lie when you try to use it, at
the interface between it and the world;
things like IDs and personal information, etc.
all the crypto in the world won't save you if always
use the same username and then tag a friend's
photo on facebook.
so, in short, I like the dial-up cards, but don't rely
on it alone, using the cards with a SSL proxy is better,
or even better with TOR.
To Ray: I meant ISPs in Iran. There are different ISPs and it is possible to buy 5hrs, 10hrs, 1week,...connection cards. These cards usually anonymous and they have a code that you scratch to see it which is needed when you log in. Thus, the identity of the buyer is not known. However, as it said by my Unregistered friend, they can track u using your phone number.
To my Unregistered friend: I live in one of EU countries and I am as sure as it can get that Iran gov can not legally tap to my information. Thus, I think that I can safely be an exit. So, the main problem is if my friends get detected when they are connected to my proxy server. I fully agree with you that if they get detected, it is easy for them to track them using the information they have at ISP (minimum is the phone number).
The main question for me is how to maintain this connection while not being detected by deep packet inspection. The point u said was when all the traffic is routed to the same IP, it is fishy and it can be detected. They should have a detection mechanisem that maybe (and now I am speculating) tell them if this connection is donig something fishy and needed to be monitored by an operator. How they detect the fishy behavior? More than N packet in a row to the same destination? More than t min connected to the same destination? Encrypted contents? Other methods?
If they using the first two methods, then it might be possible to fool it by visiting some allowed websites without the proxy while sending the sensitive data through the proxy (to create various destinations). Or by disconnecting and dialing up again to same or new ISP.
Can they simply block all the connections with encrypted contents?
Man, it must be frustrating to keep getting long replies to your post with endless questions. But please bare with me.
For the odd occasion when extremely sensitive information needs to be transmitted a stolen mobile would suffice - especially 'stolen' mobiles that are reported as having been stolen (in the right place(s) by squeaky clean Iranians before transmission begins.
Good point. I will spread this idea.
Encrypting your whole packet stream is the way to do that. SSH would be the first level (simply encrypted). TOR encrypts as well as tries to not have packets easily identified as what they are by their "shape".
So think of packets as boxes going out of Iran. Encryption puts a wrapper on the box, they can't see in it anymore. But, if the box still looks like a "Youtube upload"-shaped box, they might still flag that packet.
Usually this is done automatically by parameters, then flagged IP streams sent to a human to start checking. But, without being in their system, we can't know the exact parameters they check for "box-shapes".
We are sure they look in unwrapped boxes (unencrypted text) for certain keywords.
No one knows what the auto-detect and route to human parameters are. (If someone is reading this that wants to tell me, gmail at this handle will work just fine!) But, I doubt that will happen, so it really comes down to how careful your relatives want to be.
Various destinations is not bad. All the encrypted packets only to one IP could still stand out though. Disconnecting and reconnecting only to make just encrypted means the non-sensitive things are not likely to be flagged, but the new connection, if all encrypted to a consistent IP can still be spotted.
If they do spot the encrypted and want to monitor them, then they have access to all personal identifying info in the non-encrypted parts. That would be worrisome if they want to be very secure.
Yes. But that would make a lot of businesses, diplomats and others very unhappy. There have been sporadic reports that that has been done to some of the smaller ISPs there already.
You asked lots of good questions while I was sleeping, and unregistered was perhaps better qualified than me to answer then anyway.
And I know I posted it below (in the general area of this section) but without comment on what it was ...
Surveillance Self-Defense International | Electronic Frontier Foundation
That info just put out by the EFF could be helpful. Like unregistered said, they are well-regarded. Some of your questions are getting into general security while under surveillance, and they cover that as well as connections, Tor, SSH, etc.
Thanks Hechicera. Great reply. I am out of question at least for now.
I am just wondering if it is possible to put pressure on Nokia-Simense (who sold the surveillance system in a first place) to release more info about the details of their system. If you can think of some important questions, I can try to spread the word and get some people putting pressure on them.
yes. a really paranoid entity could just assume everyone using
crypto is a subsersive, in much the same way than anyone on
the street wearing a balaclava is a bank robber.
however, it is a bit more fuzzy than that on the internet, as
there are legitimate reasons for using crypto on the web,
https SSL/TLS has been around for a while and are used by
gmail, yahoo, amazon, paypal, ebay, and just about every bank
and utility company that allows you to make online payments,
including iranian telecom, banks, electricity.
so to do so they would have to shut down a significant portion
of the economy.
it it ever comes to that, where the sheer use of crypto, ie
a balacalva is deemed incriminating, you're going to have to
switch to stealth measures like steganography.
this has been mentionned elsewhere on the board.
In such a case I would use GnuPG, FireGPG, and FireSteg,
embedding public/private cypher text inside innocent images.
So called deep packet inspection merely causes confusion, may give you the wrong assumptions.
There is a whole world of difference between voice (data, SMS) traffic over telephone and cell phone networks, and data over "computer network" via ISP. "Encryption" in phone network isn't encryption because by law every govt can listen to it. They can do decryption, voice recognition, and then keyword detection, and then log and store suspicious calls, or route to human agent. Same goes for text messages/SMS. You can use your own "uncrackable" encryption over it by special phones, or by software if you have a smart enough phone. But rarely anybody does it. If you do it your packet stream will stand out from the crowd.
Encryption over "computer" network, be it over cable, dial-up phone network, or satellite, are regarded as uncrackable, approved for use on govt top secrets (but there are always dumb applications). If you browse directly any website with unencrypted content, keyword detection is trivial compared to voice network.
With encryption, it's only safe that they know what protocol you are using, i.e., TOR, ultrasurf, freegate, SSL for email, banking and shopping, skype, etc. They don't really know everything, but that doesn't really matter. All they need to do is to detect random data with unknown protocol, and log the source and destination IPs.
In Proxy4Iran case, if your friends can use TOR, you don't really help much by being whatever node, unless TOR itself is blocked by the IR ISP. You offers some safety at the entry point, but it takes all 3 nodes in TOR to be controlled by IR to know who you are and what websites you are visiting. In that case, you may (depending on protocol) be identified and it's trivial (or not?) to identify your friends and family. As mentioned above, using a fixed bridge has it's disadvantages.
It's not safe to think in terms of obscurity. Any communication can be thought of as phone calls, with two phone numbers logged on your phone bill. The contents may be safe, but hey can look up the callers later.
For friends that trust each other, I would simply use a encrypted proxy like:
Psi-OPS: Psiphon Open Source | Psiphon
It's easy to install, get through firewalls, and allows usernames and passwords so you know who use it exactly.
There's no getting around that, if your friend's ISP really want to know, they will notice something encrypted connected to your IP from time to time. I can't tell you how suspicious it is. But plenty of people do something like this to bypass their company or school network to watch youtube etc. I can't tell you how difficult it is, but ISP's detect protocols all the time, like Bittorrent, to slow it down or kill it.
Your IP in EU is not completely safe. If someone want your ID bad enough, they can put up a reward for say 10,000 euro, and hope someone will steal it for them.
echo, thanks for your info specially on the deep packet inspection. I am going to give Psi-OPS a shot.
Echo, the Psiphon looks good. But It has two problems.
The download page is down.
There is no documentation for Linux! Only for windows.
If you know people who are working there, please remind them to look at these problems.
I have no relation with the Psiphon people. I always install something like this at home as a proxy, so at work nobody knows what I do on the internet. I recommended it because it's easy to install and use, and it's specifically designed to bypass censorship.
You have to find something else for Linux. How about openVPN? There must be a lot of help out there.
It is possible to run some Windows program on Linux. One is via Wine, WineHQ - Run Windows applications on Linux, BSD, Solaris and Mac OS X, suppose to be simpler, that I never tried. The other is via a virtual machine. I recommend free VirtualBox, and install in it a copy of Windows XP that someone thrown away. I ran vpn clients, freegate and ultrasurf, that sort of windows programs on it.
I contacted them on twitter and they answered very quickly. I will try to make this work. If I failed, I will try other options you suggested.
And yea I do agree some of these are hilarious... Maybe start your own thread and post them all there?
Using Tor in Order to Surf Anonymously...
..that's a very good idea, dude........!
immobilier de France - Credit immobilier de
France, simulation credit immobilier. Résultat mitigé pour le crédit
immobilier de France.
how can you watch video through tor?
This forum is very interesting. I like it
lazer before and after | free tattoo removal cream prices A tattoo removal cream is needed that would successfully get rid of your tattoos for you without costing you a lot lazer before and after | free tattoo removal cream prices
Choose a color via Color picker or click the predefined style names!