Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

From Slaying Dragons To Dictators

CmdrTaco posted about 4 years ago | from the thats-a-lotta-xp dept.

Censorship 233

tcd004 writes "In a weekend, programmer Austin Heap transformed from an apathetic MMO player to a world class regime-slayer. When word for Iran's rigged election broke over Twitter, Heap decided to dedicate himself to building a better proxy system for people behind Iran's firewall. Heap's creation, Haystack, conceals someone's real online destinations inside a stream of innocuous traffic. You may be browsing an opposition Web site, but to the censors it will appear you are visiting, say, weather.com. Heap tends to hide users in content that is popular in Tehran, sometimes the regime's own government mouthpieces."

cancel ×

233 comments

Sorry! There are no comments related to the filter you selected.

So let's talk abou it. (1, Interesting)

Rod Beauvex (832040) | about 4 years ago | (#33281296)

Sometimes, good things should not be discussed.

Re:So let's talk abou it. (2, Insightful)

betterunixthanunix (980855) | about 4 years ago | (#33281336)

Security through obscurity is no security at all.

I strongly doubt that the existence of this system is a mystery to the government of Iran, at least not if it is beyond a certain level of popularity.

Re:So let's talk abou it. (0, Flamebait)

BitZtream (692029) | about 4 years ago | (#33281370)

So ... you know nothing about security at all I take it.

All computer security is through obscurity (passwords, encryption, both just security through obscurity). The lock on your homes door is security through obscurity (knowing the obscure key pattern).

I always love when someone talks about security through obscurity like they know what they are talking about.

The instant someone like yourself makes such a retarded comment you picked up from someone else or Wikipedia, those of us who DO know about it start chuckling inside.

Get a clue (4, Informative)

Zero__Kelvin (151819) | about 4 years ago | (#33281546)

"I always love when someone talks about security through obscurity like they know what they are talking about.

The instant someone like yourself makes such a retarded comment you picked up from someone else or Wikipedia, those of us who DO know about it start chuckling inside."

Hey pal, I've got bad news for you but you are the one who doesn't know what the term means. You should be laughing at yourself for not understanding a term and then looking down upon others who do understand it. I hope you especially laugh at how incompetent Bruce Schneier is to use the term, because you are no doubt more competent than him (ROTFLMAO).

The term has never implied that you can know the keys and still not get in. It specifically refers to a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security [wikipedia.org] - [emphasis added]. In other words if you cannot publish the algorithm without rendering the system vulnerable, then that is security through obscurity.

Re:Get a clue (2, Interesting)

Prune (557140) | about 4 years ago | (#33282034)

Of course, you're both playing semantics games. In a von Neumann machine, such as is every desktop computer, for example, the separation of data and program is superficial--it's just a psychologically-driven convention. It is also an extremely frequently violated convention (both by machine--Windows tends to rewrite memory-loaded images of binaries heavily--and by humans, in cases not just of the more rare virus-modifying code, but in every instance of scripting/interpreters/just-in-time compilation). Thus, obscuring the keys is not fundamentally different from obscuring the algorithms because there is no fundamental distinction between program and data. In practical terms it may be more convenient to have many keys per algorithm rather than the other way around, but this is merely adopted for trivial practical reasons. Again, there's nothing wrong with "through obscurity" by the usual definition as long as the level of obscurity applied to the algorithms corresponds to the level of obscurity applied to the keys in the more common approach.

Re:Get a clue (1)

Prune (557140) | about 4 years ago | (#33282040)

self-modifying **

Re:Get a clue (1)

Zero__Kelvin (151819) | about 4 years ago | (#33282238)

"Of course, you're both playing semantics games. In a von Neumann machine, such as is every desktop computer, for example, the separation of data and program is superficial--it's just a psychologically-driven convention."

The term "semantic games" doesn't mean what you appear to believe it does. It is absurd to state that there is no difference between algorithms [answers.com] and data [merriam-webster.com] . To make this perfectly clear, it makes perfect sense to talk about self modifying code, but to speak of self-modifying data would be absurd. So in other words, while I agree with you that the OP was indeed playing a semantic game (and he lost, miserably) I was certainly doing no such thing.

Re:Get a clue (4, Informative)

StikyPad (445176) | about 4 years ago | (#33282192)

From TFFaq:

8. In keeping the source code a secret, aren't you just relying on "security through obscurity"? Won't authorities eventually discover how your software works anyway?

This charge is difficult to rebut, because under normal conditions, "security through obscurity" is indeed false security. However, Haystack has several properties that make it a special case.

First of all, we do not rely on "obscurity" for protecting our users' privacy. Everything that one of ours users sends and receives is enciphered. It would take centuries for all the world's computers to decipher one of our users' browsing sessions even with full access to the Haystack source code.

"Obscurity," however, does make it much harder to find ways to block our software. Of course the authorities will pour resources into finding a way to do this, and they may temporarily succeed. In that event, we will refine our software and issue a new version that circumvents the restrictions. We will not, however, give the authorities any assistance in this process. By retarding their efforts, we ensure that the Haystack network operates more robustly for longer periods.

A Lock != Security through obscurity (1, Interesting)

Anonymous Coward | about 4 years ago | (#33281630)

That is baloney. Security through obscurity means that the entire system itself is obscured, as the only protection. Traditional (lock) security means that one (or more) aspect[s] of the system is/are protected by requiring significant effort to circumvent.

Security through obscurity is leaving your door unlocked, but living in a remote area.
Security without obscurity is locking your door, and living in the city.

In case 1, the barrier between criminals and your house is knowing that your house exists at that spot. In case 2, it is not only knowing the ridges on your key, but spending the effort of creating a key that matches that qualification*. There is effort involved in the second case. If, instead of simply living in a remote area, you lived on the top of a difficult cliff, you would have normal security as well.

*Also, there is effort involved in examining your lock to obtain those ridges, mugging you and stealing the key, etc.

Re:A Lock != Security through obscurity (2, Interesting)

blair1q (305137) | about 4 years ago | (#33282016)

Living in a remote area would be security. The remoteness is the barrier to entry.

Security through obscurity is more like leaving your door unlocked, but living in a building where all the other doors are locked. Or having a locked door but leaving the window unlocked and using the fire escape. Or leaving the key under the mat. It's not security, it just keeps people from believing they're looking at something unsecured.

And the reason it's a major fail is that it is defeated by random actions that are far simpler than the randomness needed to defeat the security you're not implementing. Kids trying every doorknob, for instance, or the guy who vacuums the hall knowing all of the doormats that have keys under them.

As for keys and obscurity; if you have 10,000 doors to lock, and use a key system that only allows for 1,000 keys, you're counting on obscurity to keep people from trying their keys in other locks. But if you use a system that allows for 1,000,000 keys, that's actual security. Because none of the locks has to take a key used in another, and someone making a random key will have to make at least a hundred to get even a 50-50 chance of findng one that unlocks just one of the 10,000 doors, and potentially he could make 990,000 and still not find one.

As for codes, any code that gets used for more than one message reduces the security of the code. So anything other than One-Time Pad is slightly relying on security through obscurity, but you're talking about having 2048-bit security instead of infinite-bit security and thinking that's insufficient? It's not really security through obscurity until you start using rot-13 instead, and hope nobody notices.

Re:So let's talk abou it. (1)

bigstrat2003 (1058574) | about 4 years ago | (#33281658)

Strong words coming from someone who doesn't understand that "security through obscurity" is being used in the proper context here.

Re:So let's talk abou it. (1)

TopherC (412335) | about 4 years ago | (#33281670)

I always thought the phrase "security through obscurity" means protection by a weak or unstudied algorithm that is ad-hoc and thought to be unknowable. Passwords usually involve strong but publicly-known hashing algorithms. Isn't it better to rely on strong encryption techniques than merely obscure ones?

Re:So let's talk abou it. (1)

_Sprocket_ (42527) | about 4 years ago | (#33281674)

All computer security is through obscurity (passwords, encryption, both just security through obscurity). The lock on your homes door is security through obscurity (knowing the obscure key pattern).

Except, that isn't obscurity - that's a secret. The difference is subtle. However, one way to look at the issue is whether observation of a system will uncover the secret needed to defeat the system. I can study a cryptographic system without knowing how to defeat a given cryptographic key (unless that system is flawed). Likewise, buying the same brand lock shouldn't allow me to duplicate your house key (although many cheap home lock systems are pretty trivial to defeat - so maybe "security though obscurity" really does apply). Compare a house key to a "shave-and-a-haircut" knock. I can observe you using a key to get past a door without providing me the details to do the same if I don't posses a copy of your key. However, if I observe you doing the "shave-and-a-haircut" knock, I can then duplicate the same procedure myself.

Re:So let's talk abou it. (0)

Anonymous Coward | about 4 years ago | (#33281868)

"I always love when someone talks about security through obscurity like they know what they are talking about."

Why, because they remind you so much of yourself? If you think a lock, a mechanical device is an example of "security through obscurity," you're either huffing glue or trolling. Judging by your post record I'd say it's both. I mean you're so utterly wrong that the fact that you try to build yourself up as if you're an expert is fucking laughable.

But hey, go ahead and "chuckle" now you laughing jackass, ignorance is bliss.

I'm guessing we're talking about this: (1)

blcss (886739) | about 4 years ago | (#33281818)

http://www.haystacknetwork.com/faq/ [haystacknetwork.com]

Sez it's got encryption too.

Re:So let's talk abou it. (1)

LinusMartensson (1235170) | about 4 years ago | (#33281850)

judging from the article, what he does isn't necessarily hiding data within other content. More likely he's written an encryption where the encrypted content conveniently resembles data that the government of Iran finds undesirable to ban, such as legitimate requests to government websites. Of course, if you're talking about the invite-only principle, I can only assume that it will help spread the software in a wider area whilst initially making it hard for the government to access and reverse-engineer the software. Every day helps, I guess.

Grep (1)

vivin (671928) | about 4 years ago | (#33281986)

grep needle haystack

Where "needle" is a dissident site and "haystack" is a log file.

Couldn't the Iranian censors do something to that effect? Or am I just being naive?

Re:So let's talk abou it. (1)

DaMattster (977781) | about 4 years ago | (#33282178)

Security through obscurity is no security at all. I strongly doubt that the existence of this system is a mystery to the government of Iran, at least not if it is beyond a certain level of popularity.

Uh, I don't really think this is obscurity. A more appropriate term would be obfuscation for this is exactly what Austin Heap's innovation is doing. This is a rather clever and ingenious way of getting around censorship. I also would not overestimate the Iranian government. If a URL can successfully be obfuscated, it would be difficult for censorship to uncover this.

Re:So let's talk abou it. (1)

L4t3r4lu5 (1216702) | about 4 years ago | (#33282254)

What's a real mystery to me is why there's a picture of Garry McKinnon half way down the page.

Is he even involved?

Re:So let's talk abou it. (1)

Haffner (1349071) | about 4 years ago | (#33281412)

Any piece of security software that can be unraveled by discussing it is not a solution. The article mentions that the developer is already trying to prepare counter-countermeasures, so hopefully this one has some extended relevance.

Re:So let's talk abou it. (0)

Anonymous Coward | about 4 years ago | (#33281450)

Hostile governments are so unsophisticated that Slashdot babble can give them an advantage?

Re:So let's talk abou it. (1)

u17 (1730558) | about 4 years ago | (#33282136)

I have a countermeasure that renders this proxy useless. Will sell it to any interested government for a bargain price of $1M.


(actually it's grep, but don't tell anyone!)

So let me get this straight (3, Insightful)

rshxd (1875730) | about 4 years ago | (#33281314)

Why is this article being put out now? The Iranian elections were awhile ago

Re:So let me get this straight (2, Funny)

_Sprocket_ (42527) | about 4 years ago | (#33281690)

Do you perhaps have some conspiracy theory prepared to answer your own question?

Re:So let me get this straight (1, Interesting)

Anonymous Coward | about 4 years ago | (#33282096)

Because it takes a while to duplicate the functionality of Tor.

They could have only gotten this out right away if they had used Tor instead of re-inventing the wheel.

Sheesh...

I'm just guessing here... (3, Insightful)

$RANDOMLUSER (804576) | about 4 years ago | (#33281330)

But "looking at porn" wasn't one of the viable alternatives?

Learn something, daily (3, Informative)

way2trivial (601132) | about 4 years ago | (#33281572)

Iranian law is pretty tough on smut
http://www.google.com/search?hl=en&safe=off&q=pornography+laws+in+iran&aq=f&aqi=&aql=&oq=&gs_rfai= [google.com]

Here's one snip from one result
"The AP reports that Iran's parliament on Wednesday voted in favor of a bill that could lead to death penalty for persons convicted of working in the production of pornographic movies. "

"Adnkrnonsinternational reports that under the new law, anyone distributing pornographic material can be sentenced to a fine of up to 16,000 euros while owners of a porn video or film risk up to 76 lashings. "

"Executing Iranians involved in the porn industry isn't a brand new story, unfortunately. "

Re:Learn something, daily (4, Interesting)

commodore64_love (1445365) | about 4 years ago | (#33281870)

I hate moral dictatorship. It doesn't matter if it's coming from a Muslim government, the Church of Rome, or politicians. Ya know... it's my life. If I want to be an asshole that looks at porn, doesn't go to church, and keeps to himself, I have that right. Stop trying to force me to adopt your moral beliefs.

So this HAYSTACK program. Would it work in the US and EU? It appears the answer is "no" since it was specifically designed for Iraq.

Re:Learn something, daily (4, Funny)

Farmer Tim (530755) | about 4 years ago | (#33281994)

...owners of a porn video or film risk up to 76 lashings.

In some circles that's considered a bonus feature.

So let's NOT !! (0)

Anonymous Coward | about 4 years ago | (#33281338)

Jury !!

Little different (4, Funny)

Monkeedude1212 (1560403) | about 4 years ago | (#33281346)

I don't know if I'd consider setting up a good Proxy server as "Slaying a Dictator".

I think that's actually part of a big chain quest so that you can get keyed along with a large group of people to then slay the dictator.

Re:Little different (2, Insightful)

SomeJoel (1061138) | about 4 years ago | (#33281846)

I don't know if I'd consider setting up a good Proxy server as "Slaying a Dictator".

I think that's actually part of a big chain quest so that you can get keyed along with a large group of people to then slay the dictator.

You must first reach exalted with several factions, including "UN" and at least a few of the "U.S. Military" subfactions. Otherwise you can't even zone in.

Re:Little different (1)

stuckinphp (1598797) | about 4 years ago | (#33281908)

Austin Heap transformed from an apathetic MMO player, to a world class regime-slayer

I don't see where it says he's a dictator slayer.

LOL! "Iran's rigged election broke over Twitter" (0, Troll)

Anonymous Coward | about 4 years ago | (#33281410)

You mean that laughably juvenile attempt by US intelligence agencies to pretend to be Iranian citizens by setting up fake Twitter and other social media accounts?

Regime change isn't very effective when you have the Keystone Kops trying to carry it out for you.

US Supported Terrorist Attacks Inside Iran (0, Troll)

Anonymous Coward | about 4 years ago | (#33281506)

The US was stupid to think trying to fabricate faux outrage on social media sites was ever going to accomplish anything. You do get the usual fools who karma whore inane posts 'standing up for democracy'. But those same karma whores have moved on to the next funny Cat video story five minutes later.

The rest of the world sees the massive US military forces completely surrounding Iran.

The rest of the world sees the US supporting and funding terrorist groups killing people inside of Iran.

The rest of the world sees the US supporting Israeli state terror.

Re:LOL! "Iran's rigged election broke over Twitter (4, Interesting)

Fnkmaster (89084) | about 4 years ago | (#33281538)

As opposed to the laughably juvenile attempts by Iranian intelligence agencies [twitspam.org] to spam twitter with pro-Iranian-government messages?

Also, please include citations when you make accusations like that. I pulled up a bunch of articles on the Iranian twitspam with no problem but found it harder to dig up reports of US Agencies doing the same (though I wouldn't be shocked if they had, this seems to go both ways).

Golly! Maybe Because They Said So Themselves? (-1, Troll)

Anonymous Coward | about 4 years ago | (#33281902)

Are you that fucking stupid?

Go away dumbfuck.

Re:LOL! "Iran's rigged election broke over Twitter (2, Insightful)

jandrese (485) | about 4 years ago | (#33281560)

Iran's government sure loves blaming the US doesn't it.

Re:LOL! "Iran's rigged election broke over Twitter (0)

Anonymous Coward | about 4 years ago | (#33281654)

There's no fooling you Einstein!

OMG!!! 'teh Iranian Guberment' has infiltrate Slashdot!

Fucking retard.

Re:LOL! "Iran's rigged election broke over Twitter (2, Funny)

jandrese (485) | about 4 years ago | (#33281746)

Astroturfing on the internet? Well I never!

Re:LOL! "Iran's rigged election broke over Twitter (1)

Duradin (1261418) | about 4 years ago | (#33281696)

Who doesn't?

Re:LOL! "Iran's rigged election broke over Twitter (4, Informative)

alvinrod (889928) | about 4 years ago | (#33281748)

Well, we do have an extensive [wikipedia.org] history [wikipedia.org] of meddling. [wikipedia.org] Okay, it's actually freaking huge. [wikipedia.org] Whether or not we actually did anything or not, I wouldn't blame Iran for believing that the US played some role in the recent turmoil.

Re:LOL! "Iran's rigged election broke over Twitter (0)

Anonymous Coward | about 4 years ago | (#33282106)

I get it. Instead of any actual evidence or credible testimony implicating the USA in this instance, just use the past history (as if the US were unique to meddling) to indict and use as the only basis for pointing fingers.

I hope you aren't in any position of authority, because people who use this line of reasoning would be laughed out for being so unbelievably stupid.

Awww..Poor Liddle jandrese Got Owned (0)

Anonymous Coward | about 4 years ago | (#33282204)

And now is crying in an AC post. Don't fret jandrese, I won't tell anyone it's really you...

Re:LOL! "Iran's rigged election broke over Twitter (0)

countertrolling (1585477) | about 4 years ago | (#33281774)

Set your wayback machine to 1953, Sherman...

Re:LOL! "Iran's rigged election broke over Twitter (3, Insightful)

copponex (13876) | about 4 years ago | (#33281614)

Iran has elections, but doesn't pick the right person, so it's a dictatorship. Same is true for Venezuela and Gaza, and any country over the past sixty years that made the mistake of voting for left-leaning leaders in the Western Hemisphere.

And what about China, Saudi Arabia, Egypt, etc? Well, they make us a shitload of money, or they at least follow our orders, so, you know. It's different.

Re:LOL! "Iran's rigged election broke over Twitter (1)

kyz (225372) | about 4 years ago | (#33282154)

Iran has elections, but they matter not a jot as the public don't get to elect the Revolutionary Guard, the only ones with real power.

I dislike the US's hypocrisy, and their meddling in world affairs, but you have to admit that the people in charge of Iran are scumbags. Not scumbags that give the US the moral authority to invade the country and steal the oil, but scumbags nonetheless.

Re:LOL! "Iran's rigged election broke over Twitter (2, Insightful)

Eunuchswear (210685) | about 4 years ago | (#33282262)

Iran has elections, but they matter not a jot as the public don't get to elect the Revolutionary Guard, the only ones with real power.

Correct in principle, if not in detail (It's the supreme leader, not the guardians of the revolution, who has the power.)

So why does the US get all twisted about what the "president", Ahmadinejad, who has no control over foreign policy says and does?

Re:LOL! "Iran's rigged election broke over Twitter (2, Interesting)

couchslug (175151) | about 4 years ago | (#33282004)

"Regime change isn't very effective when you have the Keystone Kops trying to carry it out for you."

Regime change isn't going to happen due to a few protesting students, and the mullocracy can choose to kill them off if they threaten Islamic control of government.

The people who want to change Iran will have to display a greater will to power than the Islamocracy. That's a very tough act to follow. It would require a Maoist level of ruthlessness, not the trifling discontent of a few young people.

Re:LOL! "Iran's rigged election broke over Twitter (0, Flamebait)

Anonymous Coward | about 4 years ago | (#33282128)

Boggle. You're like a flashback to that kid in Junior High who thought he was badass political and foreign relations expert.

Here's a clue dumbfuck. The Iranian people don't want their 'regime changed'.

They do want to be safe from US and Israeli terror.

Proxy Ban? (2, Insightful)

Soporific (595477) | about 4 years ago | (#33281414)

Wouldn't they just ban anyone connecting to known proxies or any proxy in general that wasn't set up by the authorities?

~S

Re:Proxy Ban? (1)

Monkeedude1212 (1560403) | about 4 years ago | (#33281582)

This isn't like Counterstrike where you can just straight up ban someone by IP for doing something you don't like - not only can the authorities not watch everything but also the internet itself is so complex that's hard to determine what's happening precisely.

Is there any way for you to tell right now if I'm using a proxy or not?

Re:Proxy Ban? (1)

Soporific (595477) | about 4 years ago | (#33281822)

No, but I'd think that in an extremely censored nation they might only allow citizens to connect through specified egress points or exchanges which could be monitored. I guess the point of the software is to mast that activity, but is it really a stretch to see a government hell bent on controlling its citizens start using a white list?

~S

Re:Proxy Ban? (0)

Anonymous Coward | about 4 years ago | (#33282224)

Slashdot could. Check your ip then check if that ip is a proxy.

If I had control over your nation's internet infrastructure it could be automated for every user in your country

For all that Iran is... (5, Informative)

Wyatt Earp (1029) | about 4 years ago | (#33281426)

It is not a dictatorship.

Misguided, dangerous, theocratic, abusive, yes. But not a dictatorship.

Re:For all that Iran is... (1)

wideBlueSkies (618979) | about 4 years ago | (#33281480)

Which country are you writing about specifically?

Re:For all that Iran is... (0)

Anonymous Coward | about 4 years ago | (#33281542)

Sounds like the USA

Re:For all that Iran is... (2, Interesting)

Wyatt Earp (1029) | about 4 years ago | (#33281660)

How is the US a theocracy?

Re:For all that Iran is... (-1, Troll)

Anonymous Coward | about 4 years ago | (#33281816)

Atheists and other idiots like to claim the US is a theocracy, because their parents totally make them go to church each sunday, when all they want to do is stay in their basements and masturbate to Richard Dawkins.

Re:For all that Iran is... (1, Insightful)

Anonymous Coward | about 4 years ago | (#33281504)

Well, if the elections are rigged, it's hardly democracy now isn't it....

Re:For all that Iran is... (1)

Wyatt Earp (1029) | about 4 years ago | (#33281652)

It is a theocracy and democracy at the same time, but not a dictatorship.

Re:For all that Iran is... (2, Insightful)

commodore64_love (1445365) | about 4 years ago | (#33281958)

The word you are looking for is oligarchy - unelected men that sit on the top and make the rules.

Kinda like our unelected Supreme Court Oligarchs. (I'm still trying to find the part of the US Constitution that the Court claims allows them to ban obscene material. I swear it's not there, even though they claim it is. Hmmm.)

Re:For all that Iran is... (1)

Wyatt Earp (1029) | about 4 years ago | (#33282066)

Its the crusty old men are grumpy clause.

Actually, Article I, Section 8 “To regulate Commerce with foreign Nations, and among the several States,”

Re:For all that Iran is... (2, Insightful)

CRCulver (715279) | about 4 years ago | (#33281796)

The mullahs are the highest authority in the country, and they are not answerable to elections. They also have their own private army which is not responsible to the voice of the people even in the most abstracted fashion. Hard to claim that's not a dictatorship.

Re:For all that Iran is... (5, Informative)

Wyatt Earp (1029) | about 4 years ago | (#33281934)

That would be a theocracy. Not a dictatorship.

"Theocracy is a form of government in which a god or deity is recognized as the state's supreme civil ruler, or in a higher sense, a form of government in which a state is governed by immediate divine guidance or by officials who are regarded as divinely guided."

"Iran's government is described as a "theocratic republic".Iran's head of state, or Supreme Leader, is an Islamic cleric appointed for life by an elected body called Assembly of Experts. The Council of Guardians, considered part of the executive branch of government, is responsible for determining if legislation is in line with Islamic law and customs (the Sharia), and can bar candidates from elections, and greenlight or ban investigations into the election process."

A dictatorship is ruled by an individual. So like Iraq before Operation Iraqi Freedom kicked him out of power.

Re:For all that Iran is... (2, Informative)

CRCulver (715279) | about 4 years ago | (#33282026)

A dictatorship is ruled by an individual.

Not necessarily. Ever hear the phrase "dictatorship of the proletariat" within Marxist-Leninist thought? There the dictatorship would be ruled by the working class as a whole.

If you bothered looking up "theocracy" in the dictionary, then you should have looked up "dictatorship" too. Merriam-Webster give as their third definition: "3 a : a form of government in which absolute power is concentrated in a dictator or a small clique b : a government organization or group in which absolute power is so concentrated c : a despotic state". A military junta, or in this case a group of religious leaders who wield absolute power, unaccountable to the people (and who can override democratically elected legislators) can fairly be called a dictatorship.

Re:For all that Iran is... (0)

Anonymous Coward | about 4 years ago | (#33282168)

Dumb guy gets show to be...well..dumb.

Instead of cutting his losses and moving, he makes himself look even dumber and butthurt. Go back to World of Warcraft or jerking off.

mod 0p (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#33281456)

save Linux from a Comp8ehensive benefits of being

Uh oh... (0)

Anonymous Coward | about 4 years ago | (#33281478)

If Iran finds out, he's going to be in a Heap of trouble! ...sorry, I'll see myself out....

thinkofthechildren (2, Insightful)

esocid (946821) | about 4 years ago | (#33281502)

I look forward to a 'thinkofthechildren' argument from some congressman in the future about why it should be illegal here.

Re:thinkofthechildren (2, Informative)

ducomputergeek (595742) | about 4 years ago | (#33281622)

Already happening. Just about anyone running a Tor Exit node is at risk for Kiddie porn charges. I had friends that set up Tor nodes during the Iran unrest. One of them decided to see if it was doing any good and was shocked that more than half the traffic was actually porn and a fair amount of it kiddie porn. As soon as he told the others, everyone stopped hosting the nodes and a couple even Dbaned their HDD's. No one wanted to risk being caught. None of them were rich enough to fight it.

Re:thinkofthechildren (1, Insightful)

Anonymous Coward | about 4 years ago | (#33281894)

Well, you have just convinced me to A) never host a TOR node and B) never use a TOR node.

Re:thinkofthechildren (1)

commodore64_love (1445365) | about 4 years ago | (#33282072)

Possession of photos of a rape victim should not be a crime, just the same as possession of photos of murder victims is not a crime. Some people get off on the latter, but that doesn't mean we should outlaw it.

And nudity? It is never illegal regardless of age (as ruled by the Supreme Court). That's why nudist websites are allowed to exist.

Misleading... (2, Funny)

Zantac69 (1331461) | about 4 years ago | (#33281556)

I thought this was a new game coming out where you did both: Grand Theft Horse 2 - The Dark Ages.

They assume regime's government mouthpieces... (0)

Anonymous Coward | about 4 years ago | (#33281584)

Nobody actually reads the official versions. The regime automatically assumes any supposed traffic to official sites is an attempt at obfuscation and puts their magnifying glass on those packets.

But how does it work? (5, Funny)

by (1706743) (1706744) | about 4 years ago | (#33281598)

It must be tricky to hide sensitive data in innocuous data streams. Of course, I'm sure it's possible...

Re:But how does it work? (4, Funny)

Eternauta3k (680157) | about 4 years ago | (#33281788)

You forgot to bold the space. Like this.

Re:But how does it work? (1, Informative)

scorp1us (235526) | about 4 years ago | (#33281800)

How you can do it without a proxy. Open up one tab of your real destination. And 8 other innocuous tabs. Then generate a volume of traffic on those tabs, occasionally clicking on the first, real one.

You can't "hide" your destination in volume. People don't search that, computers do. If there is a DNS entry resolved, or a host IP used, it can be logged. You're not hiding anything, or even pissing anyone off. You can't even hide your destination in SSL. All they need is a databse of IPS taged with topics, and they can make plenty of guesses about you.

Oh, and I learned my first programming language at 5. :-p (which is impressive for 1981), (TI-99 4A)

Re:But how does it work? (0)

Anonymous Coward | about 4 years ago | (#33282172)

Logo was a great language back in the day for getting a child used to the concept of OO. My dad gave me his TI-99 4A a few years later than you, but we must be about the same age. I laugh when someone says their computer is too slow now when I think about what things were like back then, saving programs to cassette tape and trying to reload them the next day.

Re:But how does it work? (1)

scorp1us (235526) | about 4 years ago | (#33281810)

And someone mod him up.

What if someone use this in US (0)

Anonymous Coward | about 4 years ago | (#33281602)

This seems to be a espionage program.
The funny thing is that this level of anarchism is only suggested for Iran! What if you wants to use it in US? Not so complicated: You'll end up in prison!

Might need that in the US as well (0)

Anonymous Coward | about 4 years ago | (#33281662)

Except that 'hate speech' is objectively bad and therefore people deserve to have it blocked either by their service providers or easily accessible private hosting services, whilst criticism of the president of Iran is objectively good and therefore we need a way to secure access and accessible hosting for the citizens of Iran.

Bleh! (0)

Anonymous Coward | about 4 years ago | (#33281664)

Yeah, that dude is a world class regime slayer, and I'm the batman.

Does the name Salman Rushdie ring any bells? (1)

HBI (604924) | about 4 years ago | (#33281692)

This guy should not be sitting for laudatory news coverage. These are the same people that brought you death sentence fatwas in absentia, and the religious nutjobs to carry them out.

I guess I'll come out and say it... (5, Insightful)

scribblej (195445) | about 4 years ago | (#33281716)

Bullshit.

Less than a month and many all-nighters later, Heap and a friend had created Haystack. The anti-censorship software is built on a sophisticated mathematical formula that conceals someone's real online destinations inside a stream of innocuous traffic. You may be browsing an opposition Web site, but to the censors it will appear you are visiting, say, weather.com.

This doesn't make sense. It still has to connect to and load the BAD website, too...

Other anti-censorship programs--such as Tor, Psiphon, or Freegate--can successfully hide someone's identity, but censors are able to detect that these programs are being run and then work to disable the communication. With Haystack, the censors aren't even aware the software is in use. "Haystack captures all outgoing connections, encrypts them, and then masquerades the data as something else," explains Heap. "If you want to block Haystack, you are gonna block yourself."

OK, this makes so little sense I can't even figure out how to respond to it.

Heap intends to gradually develop Haystack's presence in the country. He has started to share it with select activists and trusted individuals on an invitation-only basis. They will then be asked to share it with their friends. It is the same model that was originally followed by Google's Gmail. The targeted approach is smarter from a security standpoint. Also, he doesn't want the software to collapse from low-value demand.

SAY WHAT?

Yeah, there's one word for this whole article. BULLSHIT. It stinks.

Hello, let me introduce you to 'the internets' (0)

Anonymous Coward | about 4 years ago | (#33281988)

There are obviously two ways for the "bad guys" on the internet to detect you, they must see what is inside your 'stream', or they must trace your stream to you.

But can't you simply encrypt your data and make it impossible for them to see inside your stream, you say? Good trick, but they can see where the stream comes from and guess what is inside.

So instead you mix up your stream with all the other streams so that there is a bit of your stream everywhere. This causes their minds to be boggled and you win.

Any questions?

captcha: pedagogy

Re:Hello, let me introduce you to 'the internets' (1)

Culture20 (968837) | about 4 years ago | (#33282288)

So instead you mix up your stream with all the other streams so that there is a bit of your stream everywhere. This causes their minds to be boggled and you win.

If one bit of your stream comes from the BAD website, they take you out to a soccer stadium and shoot you. Their minds might be boggled, but you still lose.

Re:I guess I'll come out and say it... (1)

sstamps (39313) | about 4 years ago | (#33282000)

Yeah, I think there is a bit of hype involved. It sounds basically like an obfuscating proxy server. Requests and data are encrypted and obfuscated in normal requests to innocuous websites like weather.com.

The thing is that it still will require use of a proxy server, and it most certainly can be EASILY detected with a number of methods, ranging from diff-ing to statistical analysis of data being transferred. I have no doubts that the Iranian government has the ability to get a copy of the software and determining what proxy servers it connects to, then blocking them. It then goes back to the same level of effort as with current proxies like Tor -- a game of Whack-A-Mole.

Re:I guess I'll come out and say it... (2, Informative)

StikyPad (445176) | about 4 years ago | (#33282042)

The article may be the nonsensical writings of an unsavvy reporter, but the project itself seems real enough.

http://www.censorshipresearch.org/projects/introduction/ [censorshipresearch.org]
http://www.censorshipresearch.org/about/ [censorshipresearch.org]
http://www.haystacknetwork.com/ [haystacknetwork.com]

Re:I guess I'll come out and say it... (1)

scribblej (195445) | about 4 years ago | (#33282208)

Thank you for those links. After reading in more detail, I think I'm kind of sticking with my claim of bullshit. Of course I wouldn't put it so strongly now but I still don't see how he can do what he is claiming and make it difficult (or as he claims, IMPOSSIBLE) to block.

Regime slayer is ultra offensive (2, Insightful)

SuperKendall (25149) | about 4 years ago | (#33281726)

Given that the regime in question is still very much in control, and that the only slaying that was done was by the regime, I find the term "regime slayer" to be laughable at best and really offensive at worst for those that hoped for better for the Iranian people.

That was an extreme case showing that sometimes, mere communication is not enough to evoke change.

You Fucking Garbage (-1, Flamebait)

Anonymous Coward | about 4 years ago | (#33281840)

You miserable piece of shit.

What a sickening and disgusting example of just how fucking stupid the average idiot like SuperKendall is. Some fucking piece of garbage Slashdot poster sitting at home in his mom's basement running his fucking mouth off about 'teh Iranian people' while:

* US is actively funding and assisting terrorist groups inside of Iran to carry out attacks and murder people

* Israel is supporting their own terrorist groups inside of Iran to carry out attacks and murder people

* The US has the most massive military force in the world effectively encircled around the Iranian people

* The US and Israel are openly talking about carrying out terrorist attacks against the Iranian people's civilian power system

You fucking scumbag. You need to be dragged by the fucking hair to the site of the latest US supported/funded terrorist attack against the Iranian people.

Die you fucking worthless piece of shit.

A Retrospective on Iran (4, Informative)

Grond (15515) | about 4 years ago | (#33281768)

As this article in Foreign Policy explains, the Internet, especially Twitter, didn't contribute nearly as much to the protests in Iran as has been reported: Misreading Tehran: The Twitter Devolution [foreignpolicy.com] . "Word of mouth was by far the most influential medium used to shape the postelection opposition activity." Other major media included text messages and email, which this software wouldn't help much with.

Efforts to counter censorship and intrusive government monitoring should be applauded, but it's a bit premature to call this "world class regime-slaying."

US Funding And Interference (1, Insightful)

Anonymous Coward | about 4 years ago | (#33282094)

"Word of mouth was by far the most influential medium used to shape the postelection opposition activity."

Hilarious! Yep, it was 'word of mouth' and not US funding and agents working inside of Iran.

God bless 'teh Iranian People'! We're gonna bring them Wallmart and Baby Jesus!

Go away Grond, your stupid isn't funny or extreme. You're just an unremarkable dumb guy.

Direct Link to Haystack (2, Informative)

phantomcircuit (938963) | about 4 years ago | (#33281838)

All I see is a bunch of "Donate Now!" buttons/links, no actual software. http://www.haystacknetwork.com/ [haystacknetwork.com]

Re:Direct Link to Haystack (1)

DeadPixels (1391907) | about 4 years ago | (#33281906)

Haystack is currently available to a select number of users in Iran in our beta phase and is being prepared for a final release. We plan to start our official release of haystack as soon as we obtain the necessary funds to expand our network capacity to support a sufficiently large number of users.

I would like to learn more about how this actually works, though...I'm kind of disappointed that TFA was more of an informational piece about the developer than about the tech itself, though I guess I should have expected as much from the headline.

Re:Direct Link to Haystack (1)

moxley (895517) | about 4 years ago | (#33282266)

0. When will Haystack be ready?

        Haystack is currently in the beta testing stage, and we are in the process of working out the last kinks in the system. We are also in the process of taking care of a number of procedural hurdles that must be settled before the program is operational. We are aiming for a full release sometime this winter.

So Is Slashdot Now A Proxy For Bolton (0)

Anonymous Coward | about 4 years ago | (#33281932)

in its support for the illegal overthrow of dictators?

The story title is very subversive.

Yours In Moscow,
Kilgore Trout

Regime slayer? (1)

Eunuchswear (210685) | about 4 years ago | (#33282206)

Sounds good.

How many regimes has he slayed, exactly?

be careful... (0)

Anonymous Coward | about 4 years ago | (#33282230)

I'd take a bit of caution if I were him. Going around saying "I'll develop something that will allow you to bypass Iran's censorship" is one thing. Doing it, and letting the world know you are is quite another. I'd try to tread a bit more anon. If this becomes huge, he could become a target. I completely agree with bypassing this type of security as freedom of speech should be a universal right, not just an american one, but I'd be hesitant to throw it in the face of a country with terrorist ties.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>