Disposable VPN: Tor Gateways With EC2 Free Tiers

The established regime in Turkey (not to mention many other countries: take your pick) may not like any-to-many communications, but luckily established regimes don't always get the final word. An anonymous reader writes "Lahana is my little side project to help people access the Internet and Tor via Amazon EC2 free tier-based VPNs. It's a couple of scripts that set up a new VPN in a couple of minutes that automatically tunnels everything through Tor. It's easy to share credentials with groups of people and for most people is free to set up and use. I built it with Turkey in mind, but it no doubt has other uses."

Wouldn't it be more "accessible"

[eksith]

If there was more of ad-hoc mesh of peers connecting Jordan to neighbors? The "Internet" may be blocked, but that's still within. An "extranet" may be harder to block/filter etc... This still has to go through Jordan's tubes, which they, or any other country really, can cut at any point as well.

Re:

[eksith]

Ah, for anyone thinking I've lost my marbles talking about Jordan: Well, I briefly did, but found them again! I'm thinking more in the lines of this story [7iber.com], which is still applicable. I guess my brain decided to merge the two.

Attention - Young Turks

[Anonymous Coward]

Turks - don't let your movement fizzle and be subject to intimidation and co-opting by lunatic fringes. That is where America's occupy movement failed. Do not stop until the establishment makes concessions for you and fears you. There is a lot at stake here, if you lose, you will be reduced to a state not unlike that of Saudi Arabia.
 
  -- Ethanol-fueled

Re:

[game kid]

At the very least, Erdogan's Pave-A-Park Plan is incredibly tacky. It demonstrates everything wrong with an oblivious and uncompassionate government, in orange-juice-concentrate form. I mean, replace a nice park [wikipedia.org] with a historical symbol of war [wikipedia.org] (as if we should remind ourselves to be perpetually on such footing)...and then put a...shopping mall...inside...?

wat.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[stenvar]

Democracy can't function without a consumption-based culture!

Yes. Democracy can't function without individual liberty. If you give people individual liberty, many of them will choose to consume and many others will choose to market and sell to them. Furthermore, the economy will be doing well enough to support and enable such behaviors. So, yes, democracy and consumerism are inextricably linked. You can't have democracy and liberty without lots of people making stupid choices, including (over-)consumption.

Re:

[cheater512]

If you've never been to Istanbul, damn it needs every park it can get.
Not terribly 'green'. I could just be spoilt by Australia however.

Re:Attention - Young Turks

[Archon-X]

I flew 3,500km this weekend to support the Turks w/ their cause. It's absolutely not just 'Young Turks' - it's young, old, male, female, working class, middle class, upper class - aethiest, christian, islam - all in it together.

The US-based occupy movements were formed on arguably shaky foundations. This isn't - the park was simply a trigger point for what has been a 10 year gradual decay of rights, liberties and privledges.

It's certainly far from Attaturk's legacy.

Re:

[TubeSteak]

Don't expect much comprehension from Americans.
Turkey is an American ally, so American media is doing what it can to ignore the uprising.

Turkey probably wishes their protests were getting as much coverage as
Jordan, Kuwait, Saudi Arabia, Yemen, and Bahrain (is that all of 'em?) did.

In case anyone is wondering why the Turkish military hasn't removed the Prime Minister already [economist.com]

Re:

[tibman]

They are an ally? I remember them denying fly-over permission for the Iraq Invasion.

Those are the best allies

[jotaeleemeese]

The ones that tell you when you are wrong and don't partake in your idiocies.

Re:

[Decker-Mage]

Thank ye for that pointer. Far more revealing were the comments to the article.

Re:Attention - Young Turks

[DNS-and-BIND]

Occupy Wall Street was the voice of the 99% rising up against the 1%. The elite used police thugs to bring an end to the uppity commoners. It's sad you've fallen for the false narrative provided by Fox News.

Re:

[Pubstar]

Yes and no. While I do know that they were fighting for what they believe in, the lack of a central figure leading the movement and lack of a cohesive set of goals, it came off the wrong way. It was a bunch of people yelling their own grievances, and they were just drowning each other out. But, as they said, they didn't want a central figure, because it was about all of them being equal... or something like that.

Re:

[Anonymous Coward]

OWS did two things: It helped Corrections Corporation of America fill the beds with felonies handed out like candy and it gave local PDs the excuse to do some riot practice on citizens.

Maybe if OWS did what Beck's Restoring Honor rallies did -- get a permit, lodge a protest dressed in decent clothes and presentable facial hair (the scraggly beards with the last 2-3 meals encrusted in it doesn't help matters), and when done with the march, LEAVE. Beck got two million people into and out of DC, zero arrests

Re:

[poetmatt]

"get a permit, lodge a protest dressed in decent clothes and presentable facial hair (the scraggly beards with the last 2-3 meals encrusted in it doesn't help matters), and when done with the march, LEAVE."

Uh, have you ever heard of civil disobedience? this statement I quoted from above is the exact opposite of what a protest is for. Meanwhile, Teabaggers have funding from incredibly wealthy vested interests so they had tons more publicity. OWS coverage was minimized due to the same people's interests.

lesso

Re:

[poetmatt]

uh, what?

people are always pitted against eachother. Even in a vested interests situation.

+1 for craziest strawman I've ever read.

Re:

[tnk1]

The whole, "get a haircut and dress well", may be overdoing it. However, the point was valid. OWS looked like it was a bunch of people who were squatting in a park with only vaguely defined goals and who purported to represent "everyone else".

I think half of the issue with this is that when you represent the 99%, you might want to come across as more than a bunch of incompetent extremists. Most of the "99%" has a job and had better things to do with their time than sit around without a goal. People are

Re:

[Em Adespoton]

While shouting is not going to get a protest message across, you can't expect everyone to magically dress like a lawyer when they protest.

Actually, that'd be an EXCELLENT flashmob protest: get everyone to dress like a trial lawyer (complete with briefcase.... I bet the media would LOVE it, and the police would think twice before treating them like riot fodder.

Civil disobedience should have purpose

[jotaeleemeese]

Otherwise is not effective, it becomes just er, disobedience.

Here in London the people that occupied a space in front of St Pauls Cathedral and later on in Finsbury Park (both at the heart of the financial heart of London) were demonized, but in all honesty their nonsensical antics, purposeless rantings on national TV and lack of clear political aims and grievances made it a piece of cake to portrait them like a bunch of nutcases.

You may say whatever you want about the Tea Parters, but you can't say the mo

Re:

[Archon-X]

I',m not trying to enter into a pissing contest - all I am attemtping to illustrate is the incfedible support for this movement - it is most definitely larger, and much more intense than occupy ever was.

You can see this in even one clip i shot from last night: https://www.youtube.com/watch?v=9ZBsdYCOLuY [youtube.com]

Re:

[gl4ss]

occupy movement was way under 1%... not that much about the 99%. and no goal. for fucks sake they didn't even ask anyone to resign.

Re:

[AHuxley]

Do you really think the people who did Balyoz, Ergenekon, the Susurluk scandal, the derin devlet will just sit back?
You will all be labeled like the "Mountain Turks" where and get to enjoy the wonderful new EU ready prison system.
Gone are the huge dormitories, hello solitary confinement.
You will be worked on like the US-based occupy movements where - everyone will be catalogued, leaders found, turned or misdirected, the movement stopped.
Tor will not save you from any state friendly with the NSA (the USA

And utter lack of any goal, laziness

[raymorris]

"That is where America's occupy movement failed."

That, and the fact that they had no goal, nothing specific they were trying to accomplish other than to complain that some people (ie college grads) earn more than others (mostly dropouts and liberal arts majors). Also, their complete laziness - refusal to DO anything other than sit in a park smoking weed.

So yeah, Turks, don't fall into those two traps. Find an actual solution to advocate for, then do something about it. It seems that getting high and whining doesn't improve your life effectively.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[toxickitty]

And hear I always though it was savage beatings by police.

Re:

[wytcld]

Most people in America now have an opinion on the topic of "The 1% vs. the 99%." This was not the case before Occupy. Making it part of the political conversation was the chief goal of the Occupy events. They succeeded. And at very small cost compared, for example, to the massive subsidies given to Tea Party groups and right-wing think tanks by the Koch brothers in support of injection of their own memes into the national conversation.

So a few thousand people, in a few months of their time, accomplished wor

Re:

[Builder]

What, like in Egypt ?

still need a credit card to use free tier

[Anonymous Coward]

or at least that's what aws website says

Re:still need a credit card to use free tier

[Giant Electronic Bra]

They want a phone number to verify against now. You can use a prepaid card AFAIK still, but that won't help you stay anonymous...

Re:

[AHuxley]

Re but that won't help you stay anonymous
All the electronic chatter is a gift for the clandestine services - they get the message (both ends), the time, location, computer ports, OS used - later a voice print, CCTV for facial recognition, some unique hardware ID or helpful software tag/meta if the user is sloppy.

Re:

[Pubstar]

Well here I can get gift cards without I'd if I pay cash, and places like RadioShack have cameras, but they are never recording. Use a voice modulator and a live boot Linux CD, spoof your hardware IDs, and you're set.
Note: I worked at 3 different RadioShacks, and the video was on playback in the office, but it was never recording.

Re:

[Giant Electronic Bra]

No, they CALL the number and verify your information. That means, unless you've figured out a way to get anonymous 'burner' phone in the US that actually works, you'll be associated with the AWS account. Obviously if you're REALLY determined it IS possible to get active phones that aren't linked to you, but it isn't exactly easy and can raise the suspicion of law enforcement itself.

Of course if your goal is to provide proxy/tor services for people overseas none of this matters anyway.

Re:

[clonehappy]

No, they CALL the number and verify your information. That means, unless you've figured out a way to get anonymous 'burner' phone in the US that actually works, you'll be associated with the AWS account. Obviously if you're REALLY determined it IS possible to get active phones that aren't linked to you, but it isn't exactly easy and can raise the suspicion of law enforcement itself.

Right, in this case I doubt it would matter. However, obtaining an anonymous "burner" is honestly no harder than walking into a gas station or convenience store that you've never been in before and buying a prepaid with cash.

Re:

[Giant Electronic Bra]

Well, I can't speak for other areas of the US or other countries, but in Vermont you MUST present ID to buy a pre-paid. Dunno if that's a legal requirement or what, but its universal, they record your ID before they will activate the phone. I don't doubt that if you slipped a convenience store clerk a few bills they'd scare you up a phone that wasn't linked to you, and there are plenty of homeless people wandering around with phones, etc you can probably acquire with minimal effort if you REALLY want to. It

Re:

[clonehappy]

Interesting, I didn't know that. I knew certain countries overseas had similar requirements, but I didn't know any US states were so restrictive.

I'm a cell phone geek (or junkie if you ask my friends), and I've purchased countless cheap Androids and such just to toy around with at Wal-Mart and other big-box retailers here in the midwest and have never once had to produce ID. Then you can just phone up customer service, which is a free call on the new phone, and activate it before you leave the parking lot

Re:

[Giant Electronic Bra]

Yeah, I'm far behind in general phone-fu, there may well be fairly simple ways to accomplish that here, it just seems like the convenience store route is not so easy. As I say, I'm far from sure it is legally mandated, VT usually has pretty lax regulations on stuff like that (no gun laws at all basically beyond "don't shoot in the direction of houses or in town!", etc). I guess you could certainly buy a phone at various box stores without a plan, they're happy to take your money. Verizon I KNOW will not act

Re:

[Pubstar]

California has no such requirement. They do need to take your name and address, but RadioShack doesn't mind taking down John Doe 1234 Main St

Re:

[Giant Electronic Bra]

Yeah, VT is weird. For instance you can STILL get a driver's license here that is nothing but a flimsy plastic card with no picture and the info printed on it with no lamination. You can alter it with a pencil. OTOH some depts have bizarre and complicated paperwork requirements that defy all common sense. You also cannot buy those prepaid cash cards in VT, although if you buy a 'Greendot' card or something out of state it WILL work, you just can't add money to them...

Re:

[Pubstar]

Speaking of those, we had some guy buy $2000 in greendot cards every week. He also bought a ton of other stuff in the store, so management told me not to ask any questions about him.

Re:

[Giant Electronic Bra]

Nice!

Amazon EC 2 IP reputation gets even worse

[lordsilence]

It's a good idea, but it'll also creates a hassle with spammers, bots, scrapers and other malicious users that will use Amazon EC2 to do bad stuff.
The IP reputation of Amazon EC2 was already bad (with many services blocking EC2 pre-emptively) now it's going to get even worse.
 
In the past malicious amazon ec2 users would at least have to put some effort into learning EC2. Now they can just use the TOR layer instead to use amazon IPs.

Re:Amazon EC 2 IP reputation gets even worse

[Jah-Wren Ryel]

The IP reputation of Amazon EC2 was already bad (with many services blocking EC2 pre-emptively) now it's going to get even worse.

This VM is a VPN link from one or more users to a TOR bridge. Where the packets hit the un-encrypted internet has nothing to do with where the VM is hosted, it will only be TOR exit nodes. This VM will have minimal impact on the "reputation" of EC2 because TOR's entire purpose is to hide the origin.

Re:

[Arancaytar]

That's completely impossible unless the bridge were also configured as an exit node. Since the whole point of the exercise is to get INTO the Tor network in a way that cannot be easily blocked, that'd be a stupid setup.

Re:Amazon EC 2 IP reputation gets even worse

[bloodhawk]

It's a good idea, but it'll also creates a hassle with spammers, bots, scrapers and other malicious users that will use Amazon EC2 to do bad stuff. The IP reputation of Amazon EC2 was already bad (with many services blocking EC2 pre-emptively) now it's going to get even worse. In the past malicious amazon ec2 users would at least have to put some effort into learning EC2. Now they can just use the TOR layer instead to use amazon IPs.

We have already blocked EC2 addresses from accessing any of public sites where I work due to the sheer volume of bots and site scrapers coming from there. I would not be surprised if many other places around the world are actively doing the same.

RE: Connectivity

[Archon-X]

Actually, connectivity here is pretty damned great. The movement is a lot, lot bigger than the US-Occupy efforts - and is supported by many companies and businesses.

Yesterday for the rallies / riots, TurkCell had installed several mobile cell-repeaters. Even during the most intense of confrontations with the cops, I had perfect cell, data and voice reception.

Re:

[Weezul]

Worse, this sounds *far* less secure than using Tor's official bridge system, which does exactly the same thing.

Amazon might not share your data with Turkey directly. If however Turkey asks the CIA, etc., the CIA, etc. might very well take your data form Amazon using an NSL and send it to Turkey.

If you want a fast insecure VPN that's good enough for most things, then simply VPN through Amazon's EC2 or whatever.

If you want a more secure but slower VPN, then simply use Tor directly. If Tor seems blocked, fol

Next move: block EC2 IP ranges?

[manu0601]

What prevents Turk government to block EC2 IP ranges?

Re:

[Anonymous Coward]

The fact that telecoms there are against government.

I suppose (being a smartass here)

[Anonymous Coward]

That Western-American-Christian freedom is still better Eastern-Old World (Persian-Arabic)-Muslim freedom.

Don't do anything on those Amazon VPNs that will get you noticed in America like downloading Disney flicks from the 1940's my Turkish brothers. Otherwise feel free to use it to rebel against your own societies serving the ends of our Overlords just the same. (Sarcasm)

Cloud.TorProject anyone?

[fuzzel]

Strange, this "article" does not even mention the official Tor Project Cloud effort: https://cloud.torproject.org/ [torproject.org]

Block the whole range

[Giant Electronic Bra]

How long would it be before all of AWS was just blocked at the national firewall level? Its not like these regimes give a crud what else they accidentally block. Most of them would as soon just block the whole thing if they could...

High % of Amazon nodes == security weakness?

[divec]

The essence of Tor is that your message passes through multiple nodes (say 3), none of which knows your message's origin and destination (and indeed content). But this breaks down if all the nodes are controlled by the same sysadmin.

Surely if we end up with a high proportion of nodes on Amazon, then some communications will be routed entirely between Amazon nodes. Then this breaks the anonymity model, allowing the secret policeman to log (or subpoena) the user's traffic.

If you really need a VPN and know why you do

[symbolset]

Then using somebody else's ain't gonna work.

Re:

[Anonymous Coward]

Wait, running a server on amazon's virtual server cloud violates the virtual server TOS? who'da thunk!

VPN Tor

[Anonymous Coward]

What has always bothered me was how does one know if the VPN or Tor gateway is in the hands of freedom lovers or snoopers?
Only if one sets up a gateway themselves can one know for sure, but that pointing a neon sign to oneself saying "Here's another freedom lover!"
So we need some way of checking on the veracity of a VPN or Tor to ensure that it is not some compromised agent who will snoop and report!
Where do we get REAL freedom?

Censorship vs. Internet: Internet wins every time

[Smerta]

Anyone remember this quote?

"The Net interprets censorship as damage and routes around it."

Awesome.

my work for the junkies against crime means i need

[Wilfred Satan]

I need one of these so bad ,to stop the filthy police force interfering in my freedom of electronic speech.