Monday, June 22, 2009

Tor or Squid for Iran proxies?

The short answer is do both.

Please note that the people (Austin Heap and Helpful American) who are working to safely pass on information from Iran the rest of the world via twitter are recommending that people set up HTTP proxies. So the people who are in contact with the Iranians who are working to pass messages on have their recommendations. Obviously they know better the needs of the people in Iran than I do. Nonetheless, I am going to recommend another approach that can be pursued along side the use of squid.

As I've mentioned earlier, Squid and other HTTP proxy servers were not designed for the purpose we are putting them to. Squid is a powerful tool which can be configured to do what is needed, but even properly configured it has some limitations. Also squid is very easy to configure for those who are familiar with Unix configuration files, but configuration may be daunting to others.

I am far from the first to recommend tor for this purpose, but I do wish to provide a description of why in the long run tor will be the safer and more effective approach to providing online anonymity and evading censorship. However, running a tor really does have one very substantial drawback which I will get to later.

Logging connections

Squid knows the source IP address of the machine that using it, and it knows what website people are connecting to. This information, in the hands of the bad guys, could be very dangerous to the people we are trying to help. We are therefore given instructions to turn of logging. Or at least to anonymize the information that is logged as I described in my previous post. But there are two problems with this,

  1. The people using your proxy can't know for certain that you have anonymized logging
  2. Even if you do disable or anonymize logging, your machine still receives this information; and so if your machine is compromised, that information can be captured

Tor provides a peer-to-peer anonymized network and so only when your machine is used as an entry point will it know the IP address of the source and only when it is used as an exit point will it know the destination information. For most transactions, your machine will have no information whatsoever about either source or destination, and for no transaction will it have information about both. Thus no one can steal information from you that you don't have. And end users can trust that you are neither accidently or deliberately collecting sensitive information.

Anonymizing and abuse

This true anonymizing that tor allows leads to its biggest drawback. You have no control whatsoever of who uses it. Because your system can't know what networks the originator is from you can't, say, allow Iran and block Russia. If you run a tor relay that allows exit you should inform the abuse desk of your ISP of your intentions. Note that you can run tor as a relay only, meaning that it only passes on connections to other tor peers, but what is most needed are people that are willing to run exits.

Protection from snooping

[This section is an update. I had forgotten to mention this very important point until someone reminded me in the comments.] HTTP traffic from a source in Iran to your HTTP proxy is unencrypted. This means that the operators of bits of the network (the government of Iran) will be able to eavesdrop on the communication. Secure web traffic, HTTPS, is already blocked from Iran, which strongly suggests that the government is listening in to HTTP traffic. With tor, on the other hand, the traffic from the source and throughout the network of tor relays is encrypted. It is only when the traffic exits the the tor network that HTTP traffic will be unencrypted. Furthermore, tor will allow people in Iran to evade the filters that block HTTPS, thus enabling them to have end to end encryption

No central administration

With the Squid proxies, someone has to pass on the IP addresses and port numbers to the good guys without them being seen by the bad guys. Once the bad guys know the address they can add that proxy to a list of addresses to block and the proxy thus becomes useless. I stupidly listed my proxy's IP address publicly and it became useless before it given got distributed to the right people.

Tor's peer-to-peer and automatic discovery processes makes this problem irrelevant. While it may be cool to think of your IP address being passed on clandestinely among protestors in Iran, it is hardly the most secure and effective way to do things. People in Iran will need to run a Tor client, but once they've set that up, they won't need to be fiddling with ever changing lists of IP addresses in browser proxy configurations.

Blocking proxies

The government of Iran is almost certainly blocking access to my proxy server. I have no way to test for certain without having access to a machine in Iran, but I have every reason to suspect that my HTTP proxy server is blocked and therefore useless. My tor relay can still provide help no matter what the authorities in Iran block.

Static server vs dynamic home machines

Squid was designed to run on a server (often one dedicated to running squid) on its own permanent IP address on a machine that never gets turned off. Although home machines with dynamic IP address can still be useful as HTTP proxies, it is not an ideal situation. Tor, however, was designed for the purpose. And while the more stable the machine is the better, with tor downtime or a change of IP address isn't a big problem.

In Sum

There is no reason not to run a squid proxy if you can. But running a tor relay will probably be of greater help in providing anonymous web browsing to those who need it. The only concern with running a typical tor relay is that people doing malicious things on the network may use your network connection to do that. However, most of that nasty stuff is done through various botnets, and chances are that if you inform your ISP that you are running a tor relay they will at least know what is going on if they see network abuse from your machine.

2 comments:

  1. I think there's another thing in favour of Tor.

    If Iranian government is spying on the internet communications (and according to WSJ http://bit.ly/4TdbJ they do), using a proxy won't make Iranians escape the spying.

    Using a proxy only gives access to a blocked site, until the proxy is also blocked. But spying on a connection makes the government still know who is writing what on which site.

    ReplyDelete
  2. Yannick, you are perfectly correct. I can't believe that I forgot to mention this point. With an HTTP proxy, the connection between the source and the proxy is completely unencrypted. The operators of those networks are perfectly free to capture and read that traffic.

    Communication among tor relays is encrypted, and it is only the traffic from the exit point which is unencrypted if one isn't using something like HTTPS.

    I've been told that HTTPS is blocked from Iran. This suggests that there is an interest in snooping on the traffic. But Tor will enable users to use HTTPS because it is tunneled through the tor network.

    ReplyDelete