Eric S Johnson: > The vast majority of netizens in cybercensored countries who use a > VPN (or other form of proxy) are doing so in order to access > otherwise-blocked content, without any particular expectation of (or > need for) security. So, any VPN will do (and OkayFreedom’s as good as > any other). > >
Do you have a citation for your statement about the expectations of a majority of netizens? It is contrary to the experiences that I have with users in Syria, Iran, and the rest of the Middle East. For example - there is *explicitly* the concern that some VPN services are operated by governments to spy on people. Surely you don't mean to suggest that such concerns do not exist? > > Conceivably, a government which is trying to prevent access to > certain content might be upset at cybercircumventing netizens, in > which case issues of anonymity/privacy come into play. But I’ve never > heard of a case in which a user has been punished merely for > cybercircumventing. I’d love to hear of such a situation. (NB I’m not > talking about an AUP or TOS or contract, or a regulation or decree or > rule or law, or a declaration or assertion or speech, or … or … or > …) > > Conceivably? What. The. ...? I've heard first hand of of Iranian users having their email printed out and handed to them during interrogation. How do you suppose that happened? Or do you doubt that such thing happen as well? > > Conceivably, a cybercensoring government could come up with all sorts > of tricky ways to “poison” cybercircumventing citizens by, say, > seeding local VPN resellers with a VPN that delivers a “fake” site > loaded with malware. But again, that’s purely theoretical; I know of > no cases in which a government has deviously provided a > cybercircumvention service to its netizens in order to nefariously > identify or spy on them. I’d love to hear of such a situation. (I’m > not talking about merely setting up a mirror with slightly different > content, or DNS poisoning, or MITMing, or socially-engineered > malware-by-email, or targeted clickjacking, or … or … or …) > > Why do you doubt that people are not only being targeted for exploitation but also that they are under surveillance? You often make such statements and I'm sorry to be blunt but it is completely nonsensical. I don't mean to sound unfriendly but this kind of statement is *extremely* dangerous. That isn't theoretical - Syria and Iran have both been engaged in exactly these kinds of issues. Just as the US has been engaged in massive domestic surveillance. However your statement disqualified so many things, I'm not even sure what you are talking about - if targeted exploitation with the FinFisher toolkit, wiretapping, acquiring more equipment for massive data rentention, public statements by officials, backdooring (other people's) software that claims to help people and MITM don't count, what does? The New York Times, the EFF, CitizenLab, The Tor Project and even presstv.ir has been publishing, writing and discussing these issues from every angle. Surely you didn't miss these stories, the reverse engineering of malware, the exact methods the Iranian government says they can foil and so on, right? All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
