Wednesday, June 17, 2009

Iranian Protesters and Supporters: Be careful of proxies! #iranelection #iran #iran09 #gr88

As most of you who read this blog already know, the Anonymous Twitter Proxy (ATP) hosted on my website has been turned off as of 5:00pm ET today. While some have speculated that this was due to pressure from users suspecting that it might have been a trap laid by the Iranian government trying to ensnare citizens who are circumventing their filters, the real reason was much more simple: it served its purpose and was no longer useful after being blocked from access in Iran. The entire purpose of the software was to provide Iranian based users with access to Twitter; since it couldn't do that anymore, I took it down. I'm leaving the source code up though for anyone who wants to download it and run their own ATP to help Iranians keep in contact with Twitter. It's free, open source, and very easy to setup and use.

Over the last few hours though, I've been thinking a lot about safety. Not my own, but rather those of our brothers and sisters in Iran. To a large degree, they are operating technologically blind. They often don't have access to reliable Internet sources and information flowing in and out of the country can do so at a snails pace. This, of course, gives the Iranian government a temporary advantage over the protesters.

It occured to me earlier today that software like mine (and any other proxy servers, for that matter) could be easily used by the Iranian government to trap protesters. How easy would it be for the government to setup a web or ATP proxy and masquerade as a legitimate service while secretly monitoring, tracking, and arresting users of that proxy? Very easy, and that worries me.

So far, I've not seen any signs that the Iranian government has downloaded my ATP. I've been closely watching downloads and tracing IP's religiously. While I have had several government access of the site, none of them have downloaded the file. I'm actively blocking these IP addresses as they become known and protesters using the original ATP at are still safe.

But my point to the entire Internet community involved in this protest: BE CAREFUL. Be very wary of passing on new proxy information into Iran until you've verified and re verified who owns them and where they're located. That means more than an email from someone, that means a phone call, IP traces, etc. Do your due diligence to protect the protesters on the ground in Iran because this really is a life and death situation for them.

For my part, I'm strongly considering pulling the source from the web. While I know this is VERY simple software that anyone could write, the fact remains that while it's out there openly, it saves the government the trouble. What I'm probably going to do is insist that anyone wanting the source code both email me AND call me to verify their identity. While this might seem excessively paranoid, I think now is the time, of all others, to be paranoid. I'll make my decision on that tonight and announce it tomorrow morning on this blog.

In the meantime, I want to reiterate to everyone out there: BE CAREFUL. Be suspect of ALL information until it's verified. We cannot afford to be wrong in this instance.

Not even once.