Wednesday, June 17, 2009

AnonymousInIran Anonymous Twitter posting script updated #iranelection #iran #gr88

As the situation in Iran continues to unfold, it's imperative that the world, especially the tech world, respond with their full support for the Iranian protesters. A few days ago, I wrote the Anonymous Twitter Poster as a response to government filtering of the Iranian Internet.

As the situation evolves, the security an anonymity of the protesters becomes vitally important. As such, I'm continuing to refine the script to take into account new security challenges and make sure people are safe.

Yesterday, some people expressed concern that the script stores IP addresses. We do this, of course, to be able to deal with abuse and ban people who would use the anonymous proxy to spam Twitter or post misinformation. However, an alert Twitter user pointed out that we could deal with this in a more secure way: IP hashes.

Now, no IP addresses are actually stored in the database or anywhere else. We only store an SHA1 hash of the IP address so, even if the database were compromised, it would be virtually useless in tracking protesters.

I admit that this is still not a 100% secure solution. The *only* secure solution would be not to store IP addresses at all. But, for right now, we're going with an SHA1 hash. We're also working on a new way to make sure the IP's are totally secure which I'll be updating the script tonight to reflect.

Anyone using Anonymous Twitter Poster is strongly encouraged to upgrade their copy from the source on the server by clicking here. You can verify that the file has not been tampered with by validating its CRC which should be 34f1926d. If you need a tool to validate the file's CRC, get it here.


Tuesday said...

The source link doesn't seem to be working right now. Can you let me know when it'll be up again?