From Slaying Dragons To Dictators 233
tcd004 writes "In a weekend, programmer Austin Heap transformed from an apathetic MMO player to a world class regime-slayer. When word for Iran's rigged election broke over Twitter, Heap decided to dedicate himself to building a better proxy system for people behind Iran's firewall. Heap's creation, Haystack, conceals someone's real online destinations inside a stream of innocuous traffic. You may be browsing an opposition Web site, but to the censors it will appear you are visiting, say, weather.com. Heap tends to hide users in content that is popular in Tehran, sometimes the regime's own government mouthpieces."
For all that Iran is... (Score:5, Informative)
It is not a dictatorship.
Misguided, dangerous, theocratic, abusive, yes. But not a dictatorship.
Get a clue (Score:4, Informative)
Hey pal, I've got bad news for you but you are the one who doesn't know what the term means. You should be laughing at yourself for not understanding a term and then looking down upon others who do understand it. I hope you especially laugh at how incompetent Bruce Schneier is to use the term, because you are no doubt more competent than him (ROTFLMAO).
The term has never implied that you can know the keys and still not get in. It specifically refers to a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security [wikipedia.org] - [emphasis added]. In other words if you cannot publish the algorithm without rendering the system vulnerable, then that is security through obscurity.
Learn something, daily (Score:4, Informative)
Iranian law is pretty tough on smut
http://www.google.com/search?hl=en&safe=off&q=pornography+laws+in+iran&aq=f&aqi=&aql=&oq=&gs_rfai= [google.com]
Here's one snip from one result
"The AP reports that Iran's parliament on Wednesday voted in favor of a bill that could lead to death penalty for persons convicted of working in the production of pornographic movies. "
"Adnkrnonsinternational reports that under the new law, anyone distributing pornographic material can be sentenced to a fine of up to 16,000 euros while owners of a porn video or film risk up to 76 lashings. "
"Executing Iranians involved in the porn industry isn't a brand new story, unfortunately. "
Re:thinkofthechildren (Score:3, Informative)
Already happening. Just about anyone running a Tor Exit node is at risk for Kiddie porn charges. I had friends that set up Tor nodes during the Iran unrest. One of them decided to see if it was doing any good and was shocked that more than half the traffic was actually porn and a fair amount of it kiddie porn. As soon as he told the others, everyone stopped hosting the nodes and a couple even Dbaned their HDD's. No one wanted to risk being caught. None of them were rich enough to fight it.
Re:LOL! "Iran's rigged election broke over Twitter (Score:5, Informative)
A Retrospective on Iran (Score:5, Informative)
As this article in Foreign Policy explains, the Internet, especially Twitter, didn't contribute nearly as much to the protests in Iran as has been reported: Misreading Tehran: The Twitter Devolution [foreignpolicy.com]. "Word of mouth was by far the most influential medium used to shape the postelection opposition activity." Other major media included text messages and email, which this software wouldn't help much with.
Efforts to counter censorship and intrusive government monitoring should be applauded, but it's a bit premature to call this "world class regime-slaying."
Re:But how does it work? (Score:2, Informative)
How you can do it without a proxy. Open up one tab of your real destination. And 8 other innocuous tabs. Then generate a volume of traffic on those tabs, occasionally clicking on the first, real one.
You can't "hide" your destination in volume. People don't search that, computers do. If there is a DNS entry resolved, or a host IP used, it can be logged. You're not hiding anything, or even pissing anyone off. You can't even hide your destination in SSL. All they need is a databse of IPS taged with topics, and they can make plenty of guesses about you.
Oh, and I learned my first programming language at 5. :-p (which is impressive for 1981), (TI-99 4A)
Direct Link to Haystack (Score:3, Informative)
All I see is a bunch of "Donate Now!" buttons/links, no actual software. http://www.haystacknetwork.com/ [haystacknetwork.com]
Re:For all that Iran is... (Score:5, Informative)
That would be a theocracy. Not a dictatorship.
"Theocracy is a form of government in which a god or deity is recognized as the state's supreme civil ruler, or in a higher sense, a form of government in which a state is governed by immediate divine guidance or by officials who are regarded as divinely guided."
"Iran's government is described as a "theocratic republic".Iran's head of state, or Supreme Leader, is an Islamic cleric appointed for life by an elected body called Assembly of Experts. The Council of Guardians, considered part of the executive branch of government, is responsible for determining if legislation is in line with Islamic law and customs (the Sharia), and can bar candidates from elections, and greenlight or ban investigations into the election process."
A dictatorship is ruled by an individual. So like Iraq before Operation Iraqi Freedom kicked him out of power.
Comment removed (Score:3, Informative)
Re:I guess I'll come out and say it... (Score:3, Informative)
The article may be the nonsensical writings of an unsavvy reporter, but the project itself seems real enough.
http://www.censorshipresearch.org/projects/introduction/ [censorshipresearch.org]
http://www.censorshipresearch.org/about/ [censorshipresearch.org]
http://www.haystacknetwork.com/ [haystacknetwork.com]
Re:Get a clue (Score:5, Informative)
From TFFaq:
8. In keeping the source code a secret, aren't you just relying on "security through obscurity"? Won't authorities eventually discover how your software works anyway?
This charge is difficult to rebut, because under normal conditions, "security through obscurity" is indeed false security. However, Haystack has several properties that make it a special case.
First of all, we do not rely on "obscurity" for protecting our users' privacy. Everything that one of ours users sends and receives is enciphered. It would take centuries for all the world's computers to decipher one of our users' browsing sessions even with full access to the Haystack source code.
"Obscurity," however, does make it much harder to find ways to block our software. Of course the authorities will pour resources into finding a way to do this, and they may temporarily succeed. In that event, we will refine our software and issue a new version that circumvents the restrictions. We will not, however, give the authorities any assistance in this process. By retarding their efforts, we ensure that the Haystack network operates more robustly for longer periods.
Re:So let's talk abou it. (Score:3, Informative)
There's nothing obscure about how a lock works. I think you misunderstand what the word 'obscure' means.
Re:thinkofthechildren (Score:1, Informative)
Already happening. Just about anyone running a Tor Exit node is at risk for Kiddie porn charges.
That's simply not true...
It can be said that anyone who browses the internet and uses a computer is at risk. Please point me to any instances of a tor node operator being indicted for the data routed through his machine. It hasn't happened, it doesn't happen, and under current law, it won't happen.
Re:LOL! "Iran's rigged election broke over Twitter (Score:3, Informative)
Neither is Iran, they are no more religious then the Filipino government (except they are the "right" religion for you) but the Filipino's did it, twice. Yes the PNP (Philipino National Police) will lock you up if you upset the religious leaders, having been there, you dont state you're anti-Christian as almost every native Filipino is very devout, especially the ones in power. It's the only time in my life I've ever said, God is Great (note, the Filipino's are great people, just avoid the topic of religion).
I never said that you were inciting, I said you were retarded for thinking that violent revolution was the best way to get rid of a theocracy, let alone the only way.
Comfortable lives often lead to greater revolutions when freedoms are being visibly curtailed. The American Colonies did this (things weren't that bad under the King, you just wanted more freedom), same with India and lets not get started on Ireland, using your logic The Troubles should never have happened. I'll remind my Irish friend (who grew up in Belfast during the 70's and 80's) of that next time the subject comes up.
Here's where you show your true face in this argument. You dont give two hoots about the Iranian people, you just want to slag off Islam. Well I live near the two largest Islamic democracies, Malaysia and Indonesia and we aren't threatened at all. I can go to Kuala Lumpur, drink a beer, have extra-marital relations with a woman (who doesn't wear a hijab). Hell, Surabaya in Indonesia is a sex tourism destination. Sounds like Islamic democracies are nothing but badness.
Or you're full of shit.