Tor Tests Undetectably Encrypted Connections In Iran

← Back to Stories (view on slashdot.org)

Tor Tests Undetectably Encrypted Connections In Iran

Posted by timothy on Friday February 10, 2012 @06:56AM from the great-song-from-flock-of-seagulls dept.

Sparrowvsrevolution writes "Ahead of the anniversary of Iran's revolution, the country's government has locked down its already-censored Internet, blocking access to many services and in some cases cutting off all encrypted traffic on the Web of the kind used by secure email, social networking and banking sites. In response, the information-freedom-focused Tor Project is testing a new tool it's calling 'obfsproxy,' or obfuscated proxy, which aims to make SSL or TLS traffic appear to be unencrypted traffic like HTTP or instant messaging data. While the tool currently only disguises SSL as the SOCKS protocol, in future versions it will aim to disguise encrypted traffic as any protocol the user chooses. Tor executive director Andrew Lewman says the idea is to 'make your Ferrari look like a Toyota by putting an actual Toyota shell over the Ferrari.'" Reader bonch adds: "A thread on Hacker News provides first-hand accounts as well as workarounds."

157 comments

Min score:

Reason:

Sort:

Sounds like a tool for P I R A T E S !! by elrous0 · 2012-02-10 06:56 · Score: 5, Funny

The MPAA has already called in the FBI, CIA, NSA, and a cadre of hired Senators to put a stop to this illegal piracy-facilitating tool--which, if it's not stopped, will cost millions of American jobs and perhaps collapse the entire economy. Our children's futures are at stake here, people!!!

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:Sounds like a tool for P I R A T E S !! by rathaven · 2012-02-10 07:01 · Score: 5, Funny
  
  Not to mention their access to porn...
2. Re:Sounds like a tool for P I R A T E S !! by jcreus · 2012-02-10 07:03 · Score: 2
  
  Hmm. Let's take down computers, operating systems, browsers... They also use them!
3. Re:Sounds like a tool for P I R A T E S !! by timeOday · 2012-02-10 07:15 · Score: 1
  
  This must involve a huge blowup of the data. I can't imagine how large a movie would be encrypted to look like an innocuous chat session.
4. Re:Sounds like a tool for P I R A T E S !! by phrostie · 2012-02-10 07:22 · Score: 4, Insightful
  
  Wasn't it the Government that first created it?
  from their about page:
  "Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others. "
5. Re:Sounds like a tool for P I R A T E S !! by MightyYar · 2012-02-10 07:24 · Score: 5, Funny
  
  Hi there! 48
  All is well in the Islamic Republic! 65
  Our glorious leader has won another election! 6c
  Praise Allah! 70
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
6. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-10 07:25 · Score: 0
  
  How about sth like base64, but more human-like on top of everything?
7. Re:Sounds like a tool for P I R A T E S !! by SRM2 · 2012-02-10 07:26 · Score: 1
  
  The MPAA in in the business of going after Somalians now?
8. Re:Sounds like a tool for P I R A T E S !! by chichilalescu · 2012-02-10 07:27 · Score: 4, Insightful
  
  dear slashdot,
  can we please have a +1 "sad but true" option?
  
  --
  new sig
9. Re:Sounds like a tool for P I R A T E S !! by TubeSteak · 2012-02-10 07:33 · Score: 4, Interesting
  
  Don't forget that the US State Department is the de-facto sponsor of TOR.
  TOR gets most of its funding from groups that get most of their funding from the State Dept.
  
  --
  [Fuck Beta]
  o0t!
10. Re:Sounds like a tool for P I R A T E S !! by Merk42 · 2012-02-10 07:36 · Score: 1
  
  Don't forget "Stifle Innovation", the "think of the children" for technology.
11. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · 2012-02-10 07:38 · Score: 3, Insightful
  
  Wasn't it the Government that first created it?
  The US government also funded the Taliban (to fight the Russians) and the Israeli goverment funded Hamas (to fight the PLO).
  
  --
  When information is power, privacy is freedom.
12. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-10 07:52 · Score: 0
  
  The Government also created nukes, that does not mean they want someone but them using them.
13. Re:Sounds like a tool for P I R A T E S !! by Luckyo · 2012-02-10 08:00 · Score: 1
  
  Right hand, left hand...
  Be afraid of the brain (i.e. money that buys the machine controls) actually realizing what's going on.
14. Re:Sounds like a tool for P I R A T E S !! by willaien · 2012-02-10 08:17 · Score: 2
  
  You'll have to do with +1 insightful.
15. Re:Sounds like a tool for P I R A T E S !! by lexman098 · 2012-02-10 08:27 · Score: 0
  
  -1 overrated
16. Re:Sounds like a tool for P I R A T E S !! by Moryath · 2012-02-10 08:36 · Score: 1, Informative
  
  You've got your history partially wrong.
  The US government DID fund the Taliban (rather than see the USSR take over Afghanistan). However, the whole "Israel funded Hamas" bullshit is just that, bullshit. Hamas is an offshoot of the Muslim Brotherhood movement, which was Egypt-centered and got (still gets) most of its funding and material through Iranian connections (similar to other MB offshoots such as the Lebanese Hizb'Allah and the current Syrian government).
  The reason for this was that Iran has a tendency to fund Twelver Shi'a uprisings and groups in mostly-Sunni countries.
  Do a little research next time before parroting bullshit.
17. Re:Sounds like a tool for P I R A T E S !! by Anthony+Mouse · 2012-02-10 08:52 · Score: 1
  
  Be afraid of the brain (i.e. money that buys the machine controls) actually realizing what's going on.
  That might not be such a bad thing, actually. Think about whose interests the state department is supporting by producing these tools: The US military and defense contractors, the CIA and NSA, oil companies... Remember all that talk about how much bigger the tech industry is than the entertainment industry? Look at the size of the defense and intelligence industry sometime.
18. Re:Sounds like a tool for P I R A T E S !! by f3rret · 2012-02-10 08:57 · Score: 1
  
  Well to be fair Operation Cyclone did not specifically fund the Taliban, they sponsored many of the mujahadeen, including some who went off to become the anti-Taliban Northern Alliance.
  
  --
  Admit nothing. Deny Everything. Make Counter-accusations.
19. Re:Sounds like a tool for P I R A T E S !! by Luckyo · 2012-02-10 09:07 · Score: 3, Funny
  
  Then look at their imaginary size (our yearly piracy losses are bigger then world's GDP says report given to congress!), then look at modern economy being about imaginary values rather then real values (stock market, derivatives, futures...).
  Then get a big bottle of your favourite alcohol and drown the sorrow.
20. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-10 11:25 · Score: 0
  
  Hi there! 48
  Everything is great in the Islamic Republic! 65
  Let's celebrate our glorious leader's election victory! 6c
  Praise Allah! 70
  FTFY
21. Re:Sounds like a tool for P I R A T E S !! by Em+Adespoton · 2012-02-10 12:30 · Score: 1
  
  That would be a good match of resources.
  How long will it take the Somalis to discover that dealing in bootleg CDs is more profitable than attacking ships on the open sea? They can approach the ships and offer them cheap entertainment instead of risking their lives in the hopes that they capture someone wealthy....
22. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · 2012-02-10 12:53 · Score: 1
  
  Do a little research next time before parroting bullshit
  Sounds like you are emotionally invested in the topic.
  Note that I didn't say Israel was solely responsible, everything else you wrote is true but does not contradict what I said, no matter who vociferiously you expressed it.
  For anyone else reading along interrested in an actual citation, here'e one of many that acknowledges both Israel's and the Muslim Brotherhood's involvement in the beginnings of Hamas.
  
  --
  When information is power, privacy is freedom.
23. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-10 13:44 · Score: 0
  
  that would break the underlying encoded message, duh
24. Re:Sounds like a tool for P I R A T E S !! by Moryath · 2012-02-10 14:16 · Score: 0
  
  Did you actually read the article in question?
  Misleading headline aside, it details an Israeli decision not to interfere in internal Palestinian politics (gee, I wonder what would happen if the "evil joos" wandered in to break up the fighting?). It details times when Israel tried to find a partner for peace negotiations, only to find out that, whoops, Hamas had no intention of peace.
  Citations are worthless if they don't say what you claim they say.
25. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · 2012-02-10 15:24 · Score: 1
  
  Yes I read the entire thing before writing my response.
  Anyone without a hyper-emotional connection to the topic will notice the following points the article:
  "Israel's experience echoes that of the U.S., which, during the Cold War, looked to Islamists as a useful ally against communism. Anti-Soviet forces backed by America after Moscow's 1979 invasion of Afghanistan later mutated into al Qaeda." ...
  "The Israeli government officially recognized a precursor to Hamas called Mujama Al-Islamiya, registering the group as a charity. It allowed Mujama members to set up an Islamic university and build mosques, clubs and schools. Crucially, Israel often stood aside when the Islamists and their secular left-wing Palestinian rivals battled,
  Now I fully expect you to respond that such passages don't explicitly detail direct financial transfers, but the question is pretty simple - what is the point of a making them a charity if not to permit otherwise embargoed transfers of money to them? It isn't like the people of palestine were particularly concerned with charitable deductitons on their taxes.
  
  --
  When information is power, privacy is freedom.
26. Re:Sounds like a tool for P I R A T E S !! by jackbird · 2012-02-10 15:56 · Score: 1
  
  The PLO had a charity arm too - in the absence of a government able to provide basic services such as schools and hospitals (especially before the creation of the Palestinian Authority), charity organizations (funded not with Israeli money but foreign money funneled through foreign nationals) provide such things. In additon to directly benefitting the constituency, It's how hearts and minds are won with respect to this or that Palestinian organization among the people.
  Hamas rose to power because Arafat publicly backed Iraq's invasion of Kuwait, which pissed off the Saudis enough to cut the pursestrings of the PLO charities and start funding Hamas in earnest. Arafat joined the 1993 peace talks in large part because Fatah was rapidly weakening financially.
  So no, Israel did not allow Hamas to register as a charity in order to funnel Israeli money to the Muslim Brotherhood; they registered them as a charity in the hope of weakening support for Arafat among the Palestinians and shrinking the PLO's funding.
27. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-10 16:57 · Score: 0
  
  I don't know why JWR is pussyfooting around, here's explict quotes without the ambiguity of the WSJ article.
  
  Israel "aided Hamas directly -- the Israelis wanted to use it as a counterbalance to the PLO (Palestinian Liberation Organization)," said Tony Cordesman, Middle East analyst for the Center for Strategic Studies.
  
  According to U.S. administration officials, funds for the movement came from the oil-producing states and directly and indirectly from Israel.
  http://www.upi.com/Business_News/Security-Industry/2002/06/18/Analysis-Hamas-history-tied-to-Israel/UPI-82721024445587/
  
  But the Islamic Palestinian leaders viewed the relationship with Israel differently. They were eager to accept Israel's financial backing and an easing on their activities...
  http://www.counterpunch.org/2003/01/18/sharon-and-hamas/
  
  So there's plenty of evidence that the Israeli intelligence services, especially Shin Bet and the military occupation authorities, encouraged the growth of the Muslim Brotherhood and the founding of Hamas.
  
  http://www.democracynow.org/2006/1/26/how_israel_and_the_united_states
  
  Thanks to Israel's intelligence agency Mossad (Israel's Institute for Intelligence and Special Tasks), the Islamists were allowed to reinforce their presence in the occupied territories.
  http://www.wariscrime.com/2008/12/29/news/hamas-was-founded-by-mossad/
28. Re:Sounds like a tool for P I R A T E S !! by cavreader · 2012-02-10 19:10 · Score: 1
  
  The vast majority of the weapons and funds supplied to the Afghanistan for fighting the USSR was from Pakistan, Saudi Arabia, and England. The US did not create the Taliban. The Taliban and associated like minded groups are Pakistani creations.
29. Re:Sounds like a tool for P I R A T E S !! by guus_deleeuw · 2012-02-10 23:37 · Score: 1
  
  I'd rather like a +1 for freedom
30. Re:Sounds like a tool for P I R A T E S !! by Moryath · 2012-02-11 02:20 · Score: 0
  
  Israeli officials who served in Gaza disagree on how much their own actions may have contributed to the rise of Hamas. They blame the group's recent ascent on outsiders, primarily Iran. This view is shared by the Israeli government. "Hamas in Gaza was built by Iran as a foundation for power, and is backed through funding, through training and through the provision of advanced weapons," Mr. Olmert said last Saturday. Hamas has denied receiving military assistance from Iran.
  Arieh Spitzen, the former head of the Israeli military's Department of Palestinian Affairs, says that even if Israel had tried to stop the Islamists sooner, he doubts it could have done much to curb political Islam, a movement that was spreading across the Muslim world. He says attempts to stop it are akin to trying to change the internal rhythms of nature: "It is like saying: 'I will kill all the mosquitoes.' But then you get even worse insects that will kill you...You break the balance. You kill Hamas you might get al Qaeda."
  Single quotes taken out of context is all you have? That ALSO is from the article. Also, as mentioned by Jackbird, Israel recognizes a lot of charities. That doesn't mean they recognized, nor encouraged, Hamas.
31. Re:Sounds like a tool for P I R A T E S !! by Jah-Wren+Ryel · 2012-02-11 05:40 · Score: 1
  
  You are so clearly wrapped up in this that you can't even read what you cut-n-paste. None of what you quoted disputes my original point that Israel contributed - I never said they were solely responsible.
  First quote -- this article was written in 2009 so "recent ascent" doesn't apply to what happened 30 years ago but rather their recent dominance resulting in the election win. And the second quote is a tacit admission that they did support Hamas as it starts off with "even if israel had tried to stop the islamists" suggesting that they supported rather than opposed.
  I'm done. You can have the last word because I'm pretty sure that no mater what you write all it will do is demonstrate your personal lack of objectivity rather than an interest in uncovering the truth.
  
  --
  When information is power, privacy is freedom.
32. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-11 06:46 · Score: 0
  
  Sorry, the Taliban didn't exist during the Soviet occupation of Afghanistan. The Soviets left Afghanistan in 1989; the Taliban was founded in 1994. The US did back Jihadi fighters, but those were groups that the Taliban fought to overthrow after it was founded.
  The stuff about Israel creating Hamas is BS as well.
33. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-11 07:05 · Score: 0
  
  You've got your history partially wrong.
  The US government DID fund the Taliban (rather than see the USSR take over Afghanistan). However, the whole "Israel funded Hamas" bullshit is just that, bullshit. Hamas is an offshoot of the Muslim Brotherhood movement, which was Egypt-centered and got (still gets) most of its funding and material through Iranian connections (similar to other MB offshoots such as the Lebanese Hizb'Allah and the current Syrian government).
  The reason for this was that Iran has a tendency to fund Twelver Shi'a uprisings and groups in mostly-Sunni countries.
  Do a little research next time before parroting bullshit.
  I mentioned the GP's mistake about Afghanistan in my above post.
  While Iran does support Hamas, it certainly does not support the Muslim Brotherhood - at least not in Syria. And Hizbullah is not an Ikhwan derivative - it was created by the Iranians themselves. Hizbullah is Shia, while the Muslim Brotherhood is Sunni, and even Hamas, despite its Iran links, persecutes Sunnis in Gaza. In Syria, Hizbullah is the main force backing the Assad regime, while the Muslim Brotherhood is at the head of the opposition to Assad, just like it was to Mubarak in Egypt. And while Iran was fine with Mubarak being ousted, the opposite is true when it comes to Assad. After all, thanks to the 'liberation of Iraq', the Iranians now have a Shia crescent, going from Teheran, Baghdad, Damascus and Beirut.
  On the Sunni end, Saudi Arabia, Turkey and Qatar has been supporting the Muslim Brotherhood, in the hopes of disrupting this Shia crescent, isolating Hizbullah and destroying Iran's influence in the Arab empire. It's been only to easy to do this under the guise of supporting democracy, which in Muslim countries implies Islamic theocracies, like they're trying to bring to Egypt, Libya and Tunisia.
  Hizbullah and Iran are both heavily dependent on each other - Iran for militias, and Hizbullah for cash. And Syria, since the 80s, has been the regime that enables a smooth liason between these 2. Which is why the civil war in Syria is - on the Shia end - Hizbullah's desperate struggle for survival: if the Assad regime collapses, an Ikhwan regime will replace it in Syria, just like it has in Egypt, and once Syria becomes a Sunni country, it'll ensure that Lebanon will become one as well, destroying Hizbullah in the process, not so much out of fanaticism, which will be there, but also out of vengence.
  Another point worth noting is that Hamas and Fatah have been having unity talks, which would debunk the GP's observations. Hamas has also been having unity talks with Islamic Jihad, which is based in Damascus. In short, all the Pali parties are Judeophobic, including the Islamo-Christian led PFLP, also based in Damascus.
34. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-11 07:11 · Score: 0
  
  I meant to say - Hamas, despite its Iran links, persecutes Shia in Gaza.
35. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-11 09:04 · Score: 0
  
  It's "tor" dipshit, not TOR. It's not an acronym...
36. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-11 19:22 · Score: 0
  
  TOR = The Onion Router.
37. Re:Sounds like a tool for P I R A T E S !! by Moryath · 2012-02-12 05:34 · Score: 1
  
  as it starts off with "even if israel had tried to stop the islamists" suggesting that they supported rather than opposed.
  And I pointed out to you, Israel was basically being NEUTRAL towards internal Palestinian politics.
  The fact that Israel didn't rain down bombs on the heads of each and every islamist group that may or may not be called a "predecessor to Hamas" does not show they were "supporting" them. There are a lot of different "charity groups" involved in the Palestinian society, including - as someone else pointed out - the charity wing of Fatah, too. And Israel recognizes most of them as charitable groups.
  I'm done. You can have the last word because I'm pretty sure that no mater what you write all it will do is demonstrate your personal lack of objectivity rather than an interest in uncovering the truth.
  Yawn. And I've seen so far that YOU have a startling personal lack of objectivity.
38. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-12 10:31 · Score: 0
  
  I wonder what would happen if the "evil joos" wandered in to break up the fighting
  Did you just try to troll the guy who has a pro-jewish quote in his sig with a passive-aggressive accusation of being an anti-semite? Shame on you.
39. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-12 13:18 · Score: 0
  
  The MPAA has already called in the FBI, CIA, NSA, and a cadre of hired Senators to put a stop to this illegal piracy-facilitating tool--which, if it's not stopped, will cost millions of American jobs and perhaps collapse the entire economy. Our children's futures are at stake here, people!!!
  Not trying to sound like I'm insulting you or anything... but that conclusion is retarded. TOR DOESN'T support torrents, and even if it did, the slow download speeds would make it the most inefficient form of piracy short of renting movies and copying everything yourself.
  TOR IS designed on the other hand to provide anonymous browsing capabilities for people who wish to maintain their privacy - or circumvent government imposed censorship.
  If you want to talk about our and our children's freedom being at stake, try looking into the ever shrinking privacy (much less rights) that we have as citizens. Anyone else here see a problem with "pirates" being sentenced to more prison time than murderers? Seems like our system is just a tad bit biased, and way too many people buy into the propaganda.
40. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-13 08:25 · Score: 0
  
  Yawn. And I've seen so far that YOU have a startling personal lack of objectivity.
  Unfortunately for you, you lost this particular pissing contest. The other guy beat you. You being a sore loser doesn't help you much, either. Sorry.
41. Re:Sounds like a tool for P I R A T E S !! by Anonymous Coward · 2012-02-13 17:07 · Score: 0
  
  Collapse the entire economy ?????
  Get real ! Obama and Congress (Pelosi, Reid, Fienstien, and others) are doing that all by themselves......destroying the USA with debt and their nonsense, so claiming someone downloading music is going to bring down the economy or ((((collapse)))) it entirely is absurd.
  The USA does not run ALONE on music, duh!
  Since I do not down load music from the net anyway, and do not like the current stuff out there for the most part; you can't say much about me on that.......
The root of the problem by hobarrera · 2012-02-10 06:59 · Score: 3, Insightful

While this is a great effort, and I really congratulate the Tor proyect for all that they've done and continue to do, this still is nowhere close to the solution on the real issue here: governments that over and over again limit people's freedom of speech and privacy.
1. Re:The root of the problem by Anonymous Coward · 2012-02-10 07:02 · Score: 2, Interesting
  
  What do you propose we Western geeks do about the government of Iran?
2. Re:The root of the problem by capnchicken · 2012-02-10 07:09 · Score: 4, Insightful
  
  Unfortunately you always have to build things in spite of people, and can never count on altruism because there will always be bad actors, and those bad actors always have the chance of gaining power. It's the human condition, the only thing you can do is route around it. I agree we should address it from many fronts, but technological circumvention, while maybe only alleviating symptoms, seems to be very effective.
  
  --
  A libertarian shat on my carpet once. Claimed the free market would sort it out. -Ford Prefect(8777)
3. Re:The root of the problem by Anonymous Coward · 2012-02-10 07:11 · Score: 1
  
  Do not worry people. Is impossible to stop antiencription.
  just imagine the following idea.
  You write a tottaly understable text with some easy code. For example. The first letter of each word are a phrase.
  Well. you can create extensive false documents (there where papers accepted by academics written by computers, so is not entirely impossible) with this kind of coding (There are a lot of more complex algorithms involving taken only the letters from a formula, etc).
  If only some people has the code to break it. Only those people can break it.
  there are some examples of encrited books that not even today could be descifred. So... imagination will win the battle here.
4. Re:The root of the problem by John3 · 2012-02-10 07:15 · Score: 4, Funny
  
  Write code that messes with their technology, perhaps something that might wreak havoc on centrifuges or other industrial machinery?
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
5. Re:The root of the problem by Culture20 · 2012-02-10 08:13 · Score: 2
  
  Tor proyect
  That sounds like commie talk, comrade.
6. Re:The root of the problem by Anthony+Mouse · 2012-02-10 08:58 · Score: 2
  
  While this is a great effort, and I really congratulate the Tor proyect for all that they've done and continue to do, this still is nowhere close to the solution on the real issue here: governments that over and over again limit people's freedom of speech and privacy.
  That is sort of missing the big picture. Yes, you have to fight governments that oppress and censor... but this is one of the ways you do it. It's a lot easier to convince someone that censorship is wrong if it is, in any event, totally ineffective -- because you take away any possible upside. It no longer becomes a weighing of the benefits of censorship against its costs, because the benefits are destroyed by developing this type of technology. Censorship becomes something that has only costs, and there ceases to be any incentive for a self-interested government to impose it.
7. Re:The root of the problem by KhabaLox · 2012-02-10 09:03 · Score: 1
  
  Rip down their posters.
  
  --
  Ceci n'est pas un sig.
8. Re:The root of the problem by Anonymous Coward · 2012-02-10 09:40 · Score: 0
  
  I dare you to make less sense.
9. Re:The root of the problem by Anonymous Coward · 2012-02-10 09:47 · Score: 0
  
  Unless you're proposing something that's totally creepy and controlling on a global scale (eg: create something that makes people physiologically unable to do "immoral" things) I don't think there's much we can do.
  And one man's free speech is another man's violation of privacy.
10. Re:The root of the problem by liamevo · 2012-02-10 10:43 · Score: 1
  
  Nice xkcd reference.
11. Re:The root of the problem by Anonymous Coward · 2012-02-10 13:44 · Score: 0
  
  Tor over slashdot post. Performance about the same though.
12. Re:The root of the problem by SuricouRaven · 2012-02-11 00:57 · Score: 1
  
  One mans free speech can also be another's copyright infringement, incitement to racial hatred, obscenity, heresy, threat to national unity or intolerably blasphemy. There are very few people who support completly unconditional free speech - people just differ in how much they value free speech in relation to other, contradictory ideals.
13. Re:The root of the problem by wormout · 2012-02-12 12:06 · Score: 1
  
  As opposed to the governments who, in this age, don't at least aspire to do exactly that? This test of new technology isn't just relevant to Iran, you know. Even if you think you live in a relatively free 'western' country, future developments in these kinds of tools are a damn sight more important to you than you appear to realise.
Disguise encrypted as unencrypted? by Arancaytar · 2012-02-10 06:59 · Score: 4, Funny

How do you hide something unreadable within something readable? ... damn, you're going to make me RTFA, aren't you? :P
1. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 07:06 · Score: 0
  
  maybe too simple too be true but you could send an encrypted blob B inside a readable html page maybe ?
  have the img="lovely_pic.jpg" contain a lovely pic with inside it the blob B. As long as you could send a
  binary file throughout the protocol, it can contain bytes that are encrypted.
2. Re:Disguise encrypted as unencrypted? by Pseudonym+Authority · 2012-02-10 07:09 · Score: 2
  
  You mean something like steganography?
3. Re:Disguise encrypted as unencrypted? by pushing-robot · 2012-02-10 07:11 · Score: 5, Insightful
  
  It's steganography. They've created a strong AI capable of passing as human and conversing intelligently with other copies of itself. Each AI instance develops relationships with others, sharing email and IMs about its loves and hates, passions and dreams, even photos of virtual family and pets. All of which can contain a hidden payload of your private data.
  But enough technical mumbo-jumbo. What matters is you'll now be able to surf porn sites without anyone knowing.
  
  --
  How can I believe you when you tell me what I don't want to hear?
4. Re:Disguise encrypted as unencrypted? by Hatta · 2012-02-10 07:12 · Score: 0
  
  Easy. Send a payload that has some randomness to it. For example, a JPEG will have mostly random least significant bits. So now you take your encrypted data, which looks like random data, and replace the random LSBs in the JPG with your encrypted data. This is still vulnerable to statistical analysis, because little in nature is truly as random as random data is. But it raises the bar.
  
  --
  Give me Classic Slashdot or give me death!
5. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 07:15 · Score: 1
  
  It's actually pretty easy. I bet you couldn't hIwD5E4YmYgu7EABA/4zkMc2B2jVFcLC2s8SbV4MWdJCb0buQe0eEJX9XuMgNEbG even tell this was a ryyIKnRf2Zg8TvdClV20DsClRXR9GICX2pdhEFWqSJDQuLQX2sC7fVPshoOYkutV secretly encrypted KFyslVdYKQlLq4cwOHCTbIDLPdTFFpSuhIOvgk8yhcQTo2M7VY6xmaNLtYm0/9JE message, hiding in plain AS2LW55DgwHs6waLou78owXYW7vQBkhQLky69gV4htAhwIEqkdzS5w3iE36a9eyZI sight on plain old HTTP in /63GXN745FjoP8hwSZCfffhY0L8= ordinary HTTP traffic with no SSL/TLS at all. =DKJ0 It looks just like normal traffic, doesn't it?
6. Re:Disguise encrypted as unencrypted? by X0563511 · 2012-02-10 07:21 · Score: 2
  
  encapsulation.
  Here's one way to do it:
  Send the SSL data in a standard HTTP stream. Even better, base64 encode the data, so it looks like actual text.
  To block this means either blocking HTTP as a whole, or building/buying some expensive stuff that can understand HTTP and do some kind of content analysis on it.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
7. Re:Disguise encrypted as unencrypted? by CanHasDIY · 2012-02-10 07:23 · Score: 1
  
  This is still vulnerable to statistical analysis, because little in nature is truly as random as random data is.
  Uh, I thought it was the other way around, as the "randomness" of the data is determined by the use of non-random algorithms, whereas nature is not dependent on such defined programming.
  
  As an example, compare Rhapsody's "shuffle" setting that only repeats 20 songs from a 500 song playlist over and over, as opposed to closing your eyes and chucking darts at the same list.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
8. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 07:32 · Score: 0
  
  its easier than you think.
  just assign every symbol a chain of characters. After that use some algorithm to add those characters into a text
  Example @ = imcs (then writte a phrase where the third letter of the word is the relevant)
  This is a simple encrited test.
  Do the same with the other simbols, and you can write almost everything.
  Hope not to end in jail just for teaching easy encription on the web.
9. Re:Disguise encrypted as unencrypted? by Hatta · 2012-02-10 07:41 · Score: 0
  
  "shuffle" is not a cryptographically secure algorithm. If your encryption is seeded with sufficiently random data, then the encrypted data will be indistinguishable from random.
  Nature is truly random, but there are different types and degrees of randomness. If the noise in the LSB tends to be Brownian and you replace it with white noise, that's going to be detectable.
  
  --
  Give me Classic Slashdot or give me death!
10. Re:Disguise encrypted as unencrypted? by betterunixthanunix · 2012-02-10 07:42 · Score: 2
  
  Think of it in terms of error correcting codes. You and I agree on a secret linear code, and we then add our codewords to a noisy channel (at the lowest power possible to allow decoding to occur). If the noise power is high enough, then our codewords should be undetectable in the channel; but we can still recover the codewords because we know what error correcting code is being used (it is widely believed that detecting the codewords without knowledge of the code is hard; this is just a restatement of the Learning With Errors problem). Our secret key is a description of the code (which is just a matrix) and we can even turn this into a public key system.
  
  Now, the trick is to determine if the system is still secure when the noise is sampled in some specific way that we cannot control. Is the background noise in a voice chat suitable? What about packet delays (which might be manipulated by your ISP to break the system)? The method described above works fine as a cryptosystem, but there is more work to be done if you want a stegosystem.
  
  --
  Palm trees and 8
11. Re:Disguise encrypted as unencrypted? by trum4n · 2012-02-10 07:43 · Score: 2
  
  ...as opposed to closing your eyes and chucking darts at the same list.
  However, it does extend the operating life of your LCD.
12. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 07:46 · Score: 0
  
  I really don't get the car analogy.
  I mean, if you put both cars through a grinder (encryption) or press (archiving), won't that make the toyota and ferrari the same?
13. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 08:35 · Score: 0
  
  The exact opposite of Perl coding.
14. Re:Disguise encrypted as unencrypted? by lgw · 2012-02-10 08:42 · Score: 1
  
  Well, perhaps the Iranian government can't just buy that sort of deep packet analysis tool off the shelf, but most people can. Detecting steganography is very easy once you know the algorithm used. If they just crammed base64 text into text streams, most ISPs could already flag that, using equipment already in place, with a few minutes work on the regex.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
15. Re:Disguise encrypted as unencrypted? by Culture20 · 2012-02-10 08:44 · Score: 1
  
  Chucking darts at a wall is incredibly non-random. It's good for a one-time toss, but repeated uses will cluster badly.
16. Re:Disguise encrypted as unencrypted? by swb · 2012-02-10 08:56 · Score: 1
  
  Has anyone done this?
  It'd sure be nice to have some kind of an implementation of it built into OpenSSH and a client like Putty, and robust enough to work through a firewall proxy.
  I'm sure it belongs as some standalone proxy, but having it integrated would make it easier and less painful to use from a client perspective, although I would imagine it would have to be a pretty simplistic implementation (wrap SSL in HTTP, base64 encoded only) and not delve to far into actual steganography.
  In other words, useful for evading very aggressive firewalling and HTTP proxying.
  Wouldn't content analysis just be a case of monitoring a stream and looking for the presence of English or local language text over a period of time? Of course, I'm probably grossly overestimating the number of HTTP streams that are used for binary data for applications and never include the kind of human/machine readable English or local language text.
  Or doing a file(1) type analysis of the decoded content to see if it matched?
  You could probably use a couple of heuristics in combination and then use some kind of "probability" value to tune whether or not you thought it was fishy.
17. Re:Disguise encrypted as unencrypted? by CanHasDIY · 2012-02-10 09:00 · Score: 1
  
  closing your eyes and chucking darts at the same list.
  
  Chucking darts at a wall is incredibly non-random. It's good for a one-time toss, but repeated uses will cluster badly.
  Looks like you might benefit from this.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
18. Re:Disguise encrypted as unencrypted? by KhabaLox · 2012-02-10 09:07 · Score: 2
  
  If the noise in the LSB tends to be Brownian and you replace it with white noise, that's going to be detectable
  Replacing brown noise with white noise? Sounds pretty racist to me.
  
  --
  Ceci n'est pas un sig.
19. Re:Disguise encrypted as unencrypted? by Culture20 · 2012-02-10 09:11 · Score: 1
  
  I'm sorry, but even with eyes closed, you'll tend to throw the same way every time (unless you purposefully throw differently with each toss, then it's still non-random, but psychology has to be taken into account).
20. Re:Disguise encrypted as unencrypted? by X0563511 · 2012-02-10 09:15 · Score: 1
  
  As far as the file style analysis - this wouldn't be possible except at the very beginning of the connection, as the data in the middle looks like garbage.
  The beginning though - where certificates are exchanged and handshakes made - this could be picked up on, and if the connection was squashed at this point, it wouldn't be possible to continue.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
21. Re:Disguise encrypted as unencrypted? by Thud457 · 2012-02-10 10:03 · Score: 1
  
  Pink Noise a transvestite band.
  
  --
  the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
22. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 11:34 · Score: 0
  
  ...and in doing so, you'll be distributing private data for aliens in a higher universe.
23. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 11:48 · Score: 0
  
  http://www.uspto.gov/web/patents/patog/week44/OG/html/1372-1/US08050404-20111101.html
  Done as a response to certain carriers using FIPS-140 randomness tests to look for encrypted flows.
24. Re:Disguise encrypted as unencrypted? by dgatwood · 2012-02-10 11:50 · Score: 1
  
  This is why you spin around repeatedly first.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
25. Re:Disguise encrypted as unencrypted? by Em+Adespoton · 2012-02-10 12:32 · Score: 1
  
  ...until your AI accidentally says something it shouldn't.
26. Re:Disguise encrypted as unencrypted? by Sulphur · 2012-02-10 12:47 · Score: 1
  
  I really don't get the car analogy.
  I mean, if you put both cars through a grinder (encryption) or press (archiving), won't that make the toyota and ferrari the same?
  No, one is a Tor-ota.
27. Re:Disguise encrypted as unencrypted? by anubi · 2012-02-10 16:02 · Score: 2
  
  The first thing I thought while I was loading this topic was steganography. So I asked my browser to find this word and discovered you beat me to it.
  
  A really good question now is how do you allow any internet traffic at all? Nearly anything can be encoded with steganographic information.
  
  There was one guy on the net a few years ago named "Fravia" that went on in detail how to make steganographic communications programs on the fly. Wonderful work.
  
  After reading his essays, which he so graciously shared with the world, I knew every hardcore computer oriented freedom fighter would archive his works. This technology would assure that as long as there was communication at all, no repressive regime would be able to censor it, or even know what was going on right under their nose.
  
  --
  "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
28. Re:Disguise encrypted as unencrypted? by Anonymous Coward · 2012-02-10 16:47 · Score: 0
  
  That's +Fravia to you! (RIP)
29. Re:Disguise encrypted as unencrypted? by anubi · 2012-02-10 16:48 · Score: 1
  
  Detecting steganography is very easy once you know the algorithm used.
  So, coin your own algorithm.
  
  Aren't guessing games fun? There's millions of ways to do this... Guess which one I am using!
  
  --
  "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
30. Re:Disguise encrypted as unencrypted? by MichaelSmith · 2012-02-11 00:04 · Score: 1
  
  But its use would be so rare in Iran that the police could just arrest and execute anybody in posession of tools which could be used for steganography.
  
  --
  http://michaelsmith.id.au
31. Re:Disguise encrypted as unencrypted? by SuricouRaven · 2012-02-11 00:59 · Score: 1
  
  The purpose of internet censorship isn't to make it impossible to gain access to prohibited information - that would be impossible. The purpose is to make that information so much trouble to get to that only a negligable number of people will be so determined.
32. Re:Disguise encrypted as unencrypted? by anubi · 2012-02-11 15:30 · Score: 1
  
  < embarrassed > I stand corrected. And greets to +ORC
  
  --
  "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
33. Re:Disguise encrypted as unencrypted? by lgw · 2012-02-13 06:58 · Score: 1
  
  It's fundamental to encryption to assume your atttacker knows your algorithm - keys can be managed, but the algorith is out there, and anyone smart enough will figure it out.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
Seems about right by bigredradio · 2012-02-10 07:03 · Score: 4, Insightful

The more you tighten your grip, $dictator, the more $locations will slip through your fingers. - $rebel_princess.

--
Flexible bare-metal recovery for Linux/UNIX
1. Re:Seems about right by cold+fjord · 2012-02-10 17:46 · Score: 1
  
  The more you tighten your grip, $dictator, the more $locations will slip through your fingers. - $rebel_princess.
  It just might take 50, 100, or 400 years. The German Reich - 12 years. Fascist Italy - 21 years. USSR - 74 years. North Korea - 60 years and counting.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
2. Re:Seems about right by Anonymous Coward · 2012-02-10 19:49 · Score: 0
  
  Long live arbitrary selections of events to support your theories...
  The British Empire -- 500 years.
3. Re:Seems about right by Anonymous Coward · 2012-02-10 21:10 · Score: 0
  
  *North Korea - 60 years and counting.*
  the recipe is that you arrange yourself to be under a trade embargo, after that everyone else has to be check on your borders and they can't trade magazines or info over even..
If they're undetectable... by eternaldoctorwho · 2012-02-10 07:03 · Score: 2

...then how do they get tested deterministically? They MUST be undetectable, because the summary headlines are never ever wrong, nor do they exaggerate.
1. Re:If they're undetectable... by Anonymous Coward · 2012-02-10 07:26 · Score: 0
  
  It's testing *Undetectably*, not it being undetectable. There is a difference where the former is how hard it is to detect while the latter is absolute.
  Iraq = blocks most traffic including encrypted. Tor = encrypted so if traffic goes through, it's not detected. Sounds like a good trial test to me. Hardly absolute but definitely real world. The key thing is how long they can stay this way vs iraq figuring ways to detect and block tor.
Automated steganography by niteq · 2012-02-10 07:18 · Score: 2

It'd be slow, for sure, but encapsulating messages inside of images using steganography libraries should be very feasible as a means of tunneling.

--
-niteq
1. Re:Automated steganography by X0563511 · 2012-02-10 07:22 · Score: 1
  
  I can see it now.
  Analyst A: Wow, this cat photo has gotten VERY popular.
  Analyst B: Hey... why do these otherwise identical photos have different checksums?
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
2. Re:Automated steganography by Anonymous Coward · 2012-02-10 07:30 · Score: 0
  
  Rather than images, why not use videos?
  I have no idea where they will get a ready supply of random useless videos that nobody watches to use as one time pads for stenography.
3. Re:Automated steganography by gorzek · 2012-02-10 08:44 · Score: 1
  
  I assume you were referring to YouTube. The problem with YouTube is that any video you upload is going to be transcoded for their storage, so anything you've hidden in the bits of the video is going to be lost or at least seriously corrupted.
  
  --
  Check out my world simulator thingy.
4. Re:Automated steganography by healyp · 2012-02-10 12:07 · Score: 1
  
  This is true of AIM buddy icons as well. Back in the day I tried my damnedest to insert secret messages into my buddy icon but it kept getting reprocessed every time.
5. Re:Automated steganography by MichaelSmith · 2012-02-11 00:10 · Score: 1
  
  tunneling.
  Doesn't help you if you just want to access your bank account or email. A tunnel implies somebody ready to operate the other end. If that person existed outside Iran, the Iranian government would quickly block access to them.
  
  --
  http://michaelsmith.id.au
not the smartest headline by v1 · 2012-02-10 07:19 · Score: 2, Informative

Tor Tests Undetectably Encrypted Connections In Iran
"Undetectably encrypted". No. There really is no such thing. "Obfuscated", "disguised", ok I'll take those, but not "undetectably". Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.
I'm sure cisco and motorola etc will send their people over there this weekend to make upgrades to the censorware they sold them last year. They provide such good customer service to our adversaries when there's a buck to be made. (isn't there a law against this? they push so hard politically in one direction all the while the american businesses drive a dagger in the back of their goals)

--
I work for the Department of Redundancy Department.
1. Re:not the smartest headline by X0563511 · 2012-02-10 07:26 · Score: 2
  
  A proper encryption without a header of some kind, and without the key, looks like random noise. You can suspect it's encrypted, but you cannot know for certain (ignoring context. even then, the context only suggests, not proves)
  So, pedantically, I suppose it IS possible. But not over in practical land.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
2. Re:not the smartest headline by pinfall · 2012-02-10 07:28 · Score: 1
  
  At this point we're all fucked anyway. Government's greatest desire is to have keyloggers built into every bios so encryption is made obsolete.
3. Re:not the smartest headline by betterunixthanunix · 2012-02-10 07:29 · Score: 2
  
  Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.
  Well, in terms of steganography, we can speak of "strong" or "provably secure" steganography which can guarantee that no process can decide if a hidden message exists in the cover traffic with non-negligible advantage. If you have a low enough SNR, detecting the existence of the signal at all become impossible; the only trick is to ensure that someone with the secret key can still extract that signal.
  
  --
  Palm trees and 8
4. Re:not the smartest headline by MightyYar · 2012-02-10 07:34 · Score: 1
  
  Don't be so hasty... Spammers can get past spam filters even when they are tuned to look for every variation of the word P3N1S. :)
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
5. Re:not the smartest headline by betterunixthanunix · 2012-02-10 07:36 · Score: 4, Informative
  
  Over in practical land, you need a noisy channel where the amount of noise is high enough to overpower efforts to detect your hidden signal, but where someone with special knowledge (knowledge of the secret key) can perform run an error correcting code to recover the hidden signal. This is not at all implausible; we already know how to make cryptosystems based on random linear codes; the real work would be ensuring that security is maintained even when you use the channel's naturally occurring noise to hide the signal (which may not be guaranteed).
  
  --
  Palm trees and 8
6. Re:not the smartest headline by oGMo · 2012-02-10 07:37 · Score: 1
  
  "Undetectably encrypted". No. There really is no such thing. "Obfuscated", "disguised", ok I'll take those, but not "undetectably". Makes it sound like it's flat out impossible to figure out the traffic contains encrypted data.
  
  Trivially, if you have a regular message that's filled with noise, it's easy to filter. Less trivially, if you have a message that encodes encrypted messages as normal-looking sentences, you might be able to filter it, though the generation of such could get pretty sophisticated. Far less trivially, you could spread the encoded encryption across multiple channels (a few bits in an email, a few bits in an IM, a few bits in an HTTP request). The better the encryption, the less distinguishable from purely random data it is. Then you have to detect close-to-random data encoded randomly across streams of other-random-data.
  It may be doable, but it's an arms race. The steganographers just have to change their schemes every now and then, which doesn't take much. The people doing the detection are eventually going to have to spend all resources on doing so. Who's to tell the few bits of the digital photo someone took combined with a few words in an IM and a URL someone visited resulted in passing a message or receiving one?
  Of course, once you have the opposition doing nothing but trying to find hidden messages in every bit of information around them, you've won.
  
  --
  Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
7. Re:not the smartest headline by v1 · 2012-02-10 07:42 · Score: 1
  
  If you have a low enough SNR, detecting the existence of the signal at all become impossible
  This usually requires the percentage of secret data to be very small compared to the amount of "plausibly harmless" data it's steno'd into.
  So whether or not that is usable depends on the amount of data you want to hide, and what you intend to hide it in. If you want to send a paragraph of text you can probably squeeze that nicely into a tiff from your camera with minimal risk. But if you want to send someone a DVD length video, you'll have a hard time finding an elephant to hide that in.
  In theory you're right, but practical application can be a problem.
  And even in the above paragraph in a tiff example, if someone is LOOKING for data to be hidden in the image, it vastly improves their odds of finding it. Most stenography is traditionally very hard to recognize but fairly easy to forcefully extract. Once someone knows there's a high probability of data in that tiff, they will just whip out an entropy checker like the article we saw here recently for detecting photoshopping, and that is highly likely to confirm stenography is at work. And with most of these countries, they don't need to read what you put in the tiff, simply getting caught trying to hide something will get you locked up. (and $5 wrenched if they can't get the data out themselves)
  
  --
  I work for the Department of Redundancy Department.
8. Re:not the smartest headline by betterunixthanunix · 2012-02-10 07:49 · Score: 1
  
  if someone is LOOKING for data to be hidden in the image
  There are ways to defend against this; I would start by looking at the Learning With Errors problem, which I suspect could be used for strong steganography systems (it is already being used for cutting edge cryptography).
  
  In theory you're right, but practical application can be a problem.
  That is the pattern with the Tor project. In the 90s, a lot of work went into anonymity systems that were resilient to concerted efforts to defeat the anonymity guarantees (mixmaster). Tor took some of these ideas, but had to sacrifice the strong security guarantees to ensure practicality, since high latency is not going to be acceptable for most applications. Strong steganography will probably not be practical, but some ideas from stego theory will wind up being used by Tor.
  
  --
  Palm trees and 8
9. Re:not the smartest headline by lgw · 2012-02-10 08:51 · Score: 1
  
  Encryped data will never have the same "profile" as true randomness. Once the attacker knows the algorithm being used, nothing today will stop him from detecting that data is present. But that's not what the TOR team is after - they're trying to make it impractically expensive to perform this sort of detection on all internet traffic with the hardware the attacker already has. That's a much more practical objective. They aren't trying to hide the fact that there's an encrypted payload, they're just removing easy ways to distinguish traccif that might have the payload from normal traffic - such as simply blocking a port, or a protocol.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
10. Re:not the smartest headline by betterunixthanunix · 2012-02-10 09:02 · Score: 1
  
  Once the attacker knows the algorithm being used, nothing today will stop him from detecting that data is present
  Except for time, since we generally want ciphers whose ciphertext is computationally indistinguishable from a uniform random sequence i.e. where no efficient algorithm can distinguish between ciphertext and randomly sampled strings with non-negligible probability, even when the algorithm is publicly known (as long as the secret key is not publicly known). Whether such a thing is actually possible is still an open question, but there are good reasons to think that it is possible.
  
  --
  Palm trees and 8
11. Re:not the smartest headline by X0563511 · 2012-02-10 09:08 · Score: 1
  
  Using a one-time-pad type of stream cipher would work, so long as you made sure to send the next pad before you ran out on the existing one. The danger of that though, is if they can grab a pad, they could theoretically decrypt any subsequent data (so long as they didn't "miss" recording the part with the next pad).
  Provided the pads are generated in an actually random or near-random manner, then the ciphertext would be indistinguishable from said random/near-random data.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
12. Re:not the smartest headline by betterunixthanunix · 2012-02-10 09:16 · Score: 1
  
  Why even bring up one time pads? A stream cipher or various stream-cipher-like modes of block ciphers would be sufficient in practice, and in theory we can show that (under certain widely accepted hardness assumptions) you can make a stream cipher with many-message security against computationally bounded adversaries. There is a well-known construction of a secure stream cipher from a one-way function and a hardcore predicate for that function.
  
  --
  Palm trees and 8
13. Re:not the smartest headline by X0563511 · 2012-02-10 09:56 · Score: 1
  
  ... because people reading this thread may not be subject matter experts, and know all of that?
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
14. Re:not the smartest headline by Anonymous Coward · 2012-02-10 11:28 · Score: 0
  
  Over in practical land, you need a noisy channel where the amount of noise is high enough to overpower efforts to detect your hidden signal,
  So if I'm following you here, you're saying that Tor's stenography is making their encrypted payloads look like slashdot posts.
15. Re:not the smartest headline by lgw · 2012-02-13 07:05 · Score: 1
  
  Oh, I agree about the ideal, but we don't have anything like that today. Just like you can make a cipher unbreakable if you can compress the plaintext down to where there's no redundancy, but good luck designing a languange where all sequences are not only well formed, but meaningful.
  Cryptography is in a good place right now, where no one really attacks the math - the algorithm is the strongest part. The math for hashes is weaker, but we seem to get a few useful years out of each one. The math for steganography just isn't there yet (which is why neither the TOR team nor the Freenet guys are trying to disguise the encrypted payload, just make it harder to detect their traffic through traffic analysis alone).
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
hah! by Sebastopol · 2012-02-10 07:24 · Score: 1

in the technological arms race, this is pretty damn cool idea.
/munches popcorn and waits to see countermeasures/

--
https://www.accountkiller.com/removal-requested
The Purloined Packet by CanHasDIY · 2012-02-10 07:26 · Score: 1

Edgar Allen would be so proud.

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Lousy OPSEC by ve3oat · 2012-02-10 07:26 · Score: 1

Wow! Why are they even talking about this?? Do they want the enemy to discover their method before this new weapon has even been fired in anger? Folks at Tor need to take and pass the OPSEC 100 course again.
1. Re:Lousy OPSEC by softwareGuy1024 · 2012-02-10 07:35 · Score: 1
  
  Secrecy and open source don't mix. Also, RTFA, they are looking for people to host the proxy servers.
2. Re:Lousy OPSEC by Anonymous Coward · 2012-02-10 08:50 · Score: 0
  
  But couldn't the folks at Tor have asked more discreetly for hosters of the proxy servers?
  I doubt the Iranian government had thought to look for such an obfuscation but after all of this publicity at least they know where they have to start, even if it takes them some while to develop the necessary detection techniques. Whatever you might think of the Iranian gov't, they aren't exactly stupid.
Obfsproxy? Really? by owenferguson · 2012-02-10 07:31 · Score: 0

No need to make the name of the protocol itself an obfuscation. How the hell am I supposed to pronounce the consonant group "bfspr"?
1. Re:Obfsproxy? Really? by Anonymous Coward · 2012-02-10 09:30 · Score: 0
  
  Biff-Spur
Iran's government is afraid, and thereby stupid by cryfreedomlove · 2012-02-10 07:32 · Score: 4, Interesting

This arms race of censorship and counter measures will have one definitive outcome: the best and the brightest of Iranian youth will find a way to emigrate because they don't want to live in an isolated theocracy. The resulting brain drain will set them back a century. This is what happens to governments driven by fear. Those in power in Iran fear their own people the most.
1. Re:Iran's government is afraid, and thereby stupid by Animats · 2012-02-10 07:35 · Score: 3, Informative
  
  the best and the brightest of Iranian youth will find a way to emigrate because they don't want to live in an isolated theocracy.
  They already did, decades ago. When the US-supported Shah of Iran was overthrown, many Iranians came to the US.
2. Re:Iran's government is afraid, and thereby stupid by glop · 2012-02-10 07:56 · Score: 3, Informative
  
  Actually when the Shah was overthrown, most of the brightest people in Iran celebrated. That's because he was a really bad dictator and the only reason most people in the West are not aware of it is because he was very pro-American and very friendly with most western countries.
  The problem with revolutions is that it's hard to stabilize things afterwards. And there is no guarantee that the nice and respectful people will take over to draft a Constitution that grants freedom for the people. That's when many of the brightest in Iran got really disappointed and the religious extremists took the power.
  You can read the account of one of those brightest people who left Iran years later: http://en.wikipedia.org/wiki/Marjane_Satrapi
  Marjane's account seemed pretty fair and balanced to me (based on the differences with the cliches I had heard, what I know about the publishers, the variety of the anecdotes and their "true to life" aspect).
3. Re:Iran's government is afraid, and thereby stupid by sohmc · 2012-02-10 08:06 · Score: 1
  
  Isn't this a good thing though? "The People should not fear its government. The government to should fear its the People."
  I guess the only thing missing is the revolution to actually throw the government out of the country.
  
  --
  We don't live in Shouldland.
4. Re:Iran's government is afraid, and thereby stupid by AbRASiON · 2012-02-11 10:10 · Score: 1
  
  Look at Iran now, what religion do they follow?
  The place is already set back a century.
Apt quotation by SteveFoerster · 2012-02-10 07:32 · Score: 1

"If they can get you asking the wrong questions, they don't have to worry about the answers." -- Thomas Pynchon

--
Space game using normal deck of cards: http://BattleCards.org
As I read the blurb ... by Ungrounded+Lightning · 2012-02-10 07:40 · Score: 4, Informative

How do you hide something unreadable within something readable? ... damn, you're going to make me RTFA, aren't you? :P
As I read the blurb (I have no inside knowledge) they're not making the PAYLOAD look unencrypted. They're circumventing the type-of-flow identification mechanisms built into router filtering by encapsulating the encrypted data within an outer layer (and addressed to the port of) another protocol. (They may even have put a layer on top of the existing service so that, unless it identifies the flow as an encapsulated TOR flow, it actually PERFORMS the service.)
The result would be that, if they intercept the flow and try to parse it as what it purports to be, it may not make sense. But if their router look at the parts of the packets that are characteristic of what the flow purports to be, it will identify it as normal traffic and let it through. And if the router tries doing something like a keyword search through the bodies of the packets it won't get hits because the bodies are encrypted.
You can use this approach with any protocol that can handle the traffic patters of a TOR connection (possibly with added padding packets to make the characteristics look more like the purported flow).
Downsides might be:
1) If you do a masked TOR only server on the port they might try to connect to the purported flow and detect that this server is not what it seems.
2) If you do a diverting pancake you need a way to flag for the pancake that this is the masked TOR flow. If that's well known they might write a filter for it. (Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman have developed a steganographic method for applying such a tag. It is embedded in their own "TELEX" network-based firewall bypasser but might be adapted to this purpose. paper a href="https://telex.cc/"code")

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
This must be useful in China. by Anonymous Coward · 2012-02-10 07:56 · Score: 0

(Look at the previous news on Slashdot about Tor and China.)
Learn from others by feddas · 2012-02-10 07:59 · Score: 1

So Iran is moving towards a DarkNet called Tor. I wonder if ACTA, SOPA, or PIPA would cause a similar reaction in the countries they're enforced upon.
A real test by Anonymous Coward · 2012-02-10 08:20 · Score: 0

Use it to leak secrets embarassing to US politicians.
If the censor can't see it, it will get blocked. by davidwr · 2012-02-10 08:27 · Score: 3, Interesting

"If we can't parse it, it gets blocked."
In the old days, Cuban international phone calls were monitored. At least one person started talking a language other than English or Spanish and the operator broke in and told them to speak English or Spanish or get cut off.
Source: Something I read in a reputable newspaper or magazine back in the 1970s or 1980s.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Re:ferrari as toyota by couchslug · 2012-02-10 08:38 · Score: 1

"I've often wondered why nobody ever nicks the body and VIN of an economy car to reduce theft risk and insurance costs of a sports car"
Because they hot rod the economy car to get a sufficiently similar performance result.
That's been done for almost one hundred years, and "Gow jobs" (for example) were being built before (possibly all) Slashdot posters were born.

--
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Of course by Coppit · 2012-02-10 09:05 · Score: 1

Because Tor wasn't slow enough already...
Cool sounds like IP steganography by hesaigo999ca · 2012-02-10 09:11 · Score: 1

IP steganography makes it all the cooler, while still keeping a sort of logic about it that is very high level.
I hope you all understand this will change things forever...
Who cares? by Anonymous Coward · 2012-02-10 09:31 · Score: 0

We're waiting for the day Iran drops a nuke on Israel, so the world will be a safer place.
1. Re:Who cares? by SuricouRaven · 2012-02-11 00:53 · Score: 1
  
  It'd take more than one nuke to destroy Israel, and they have nukes of their own. Whoever attacked Israel with nukes would receive far more than they sent. The current government of Iran isn't that stupid - but maybe a future one will be. Or they just might be sensible enough to do so covertly: Send the nuke in a shipping container, no way to tell exactly who did it.
Re:Improvement... by Anonymous Coward · 2012-02-10 09:31 · Score: 0

-1? Because of a joke? Or is the joke not funny at all?
Point-to-point and ad-hoc mesh networks by Phoenix666 · 2012-02-10 10:08 · Score: 1

This topic is important to more than just Iranians. The events of the Arab Spring and developments across Europe, Asia, and America indicate we average folks are going to need a truly free means of communicating soon if not now. It has to be impossible for governments or corporations to blackout communications anywhere, so that their misdeeds cannot go unwitnessed.
I know that separate projects exist to tackle this problem in different ways. B.A.T.M.A.N.'s ad hoc network protocol is one. Point-to-point information transfer via laser is another. Balloon-born "satellites" is another. I also read recently that the Zetas gang in Mexico had built their own separate cellular network.
How can we hoi poloi implement these redundant networks at low- to no-cost, with maximum ease of use so that censorship will become impossible?

--
Do what you can, with what you have, where you are.
Re:If the censor can't see it, it will get blocked by Anonymous Coward · 2012-02-10 11:08 · Score: 0

easy enough to get around that.
Take a particular legitimate activity, like say, reading the Koran (Qu'ran?) online, in .jpg form.
Now steganographically obfuscate all your pr0n inside the jpg's you're viewing. Images of the Koran could have ANYTHING steganographically obfuscated inside of them. Embed an entire proxy GET inside the image and send it to a "proxy" server which strips off all the cruft makes the get request, and sends it all back in the next page of the next chapter & verse.
In fact, any image, anywhere, on any web page, including "advertisements" could be modified in this way. In fact, the only thing you need to implement such a system is a transport mechanism larger than the message.
Suddenly, everyone is doing the right thing.
Or, put another way, everyone is using a potentially right thing to do a wrong thing while appearing to do a right thing.
In other words, this race is lost. This horse is out of the barn, across the field, down the road, and in another county. The methods available CANNOT be blocked by any human operated or automated means. It's done. The government of Iran simply doesn't know it yet.
Translation of parent's ascii codes by Anonymous Coward · 2012-02-10 14:32 · Score: 2, Informative

$ perl -e 'print "\x48\x65\x6c\x70\n"'
Help
$
1. Re:Translation of parent's ascii codes by Anonymous Coward · 2012-02-10 22:32 · Score: 0
  
  Why bother with perl, when the shell can do it too?
  $ printf "\x48\x65\x6c\x70\n"
2. Re:Translation of parent's ascii codes by guus_deleeuw · 2012-02-10 23:34 · Score: 1
  
  What are you guys doing on this site? If you need a tool to read that your not a nerd.
3. Re:Translation of parent's ascii codes by mikael · 2012-02-10 23:54 · Score: 1
  
  Or you could just look at the first letter of each line. Or every tenth letter, or every N'th letter after a space. Or the last letter of each line.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
4. Re:Translation of parent's ascii codes by Anonymous Coward · 2012-02-11 01:43 · Score: 0
  
  "you're"! Ye gods!
TOR ... Ferrari ?? by Anonymous Coward · 2012-02-10 17:11 · Score: 0

"make your Ferrari look like a Toyota by putting an actual Toyota shell over the Ferrari"
Ya, and it'll perform like a yugo.
No matter the speed of my connection, TOR is always slow.
Thumbs up on the tech, just comparing TOR to Ferrari is a bit of a stretch.
why are they terrorizing us? by Anonymous Coward · 2012-02-10 21:11 · Score: 0

i'm not interested in politics but i hate the already situation in iran. apart from the inflation and the difficulties we are undergoing at the moment, which i don't know how much longer it's gonna last, i've been having trouble reading my email since the 12th of Bahman and it's been a few days which i haven't been able to check my email at all. the question is this, if the government is righteous why are they terrorizing us? why are they so afraid of getting iranians to know more about the global issues. why are they hacking us, controlling us, murdering us, sabotaging us?
Steganography! by Anonymous Coward · 2012-02-10 22:07 · Score: 0

Love it.
http://bayimg.com/naMNpAaDI
Unwanted communication CAN be blocked by davidwr · 2012-02-13 04:11 · Score: 1

The methods available CANNOT be blocked by any human operated or automated means.
Sure they can. North Korea does a pretty good job of it.
You just have to block ALL cross-border communications except by a very few trusted, authorized individuals. You still have the weak point of one of those individuals deliberately or accidentally leaking unwanted information, but in practical terms, you CAN keep unwanted information from reaching your citizens.
The price you pay - one that North Korea is very willing to pay - is that practically ALL outside information is kept from crossing the border, even a lot of information that would benefit you, the government, if it did cross.
This technique works on a local level as well:
Cults isolate their non-elite members. Domestic abusers isolate their victims.
This "information control" technique is even used in a healthy way:
Families isolate children from information the kids are not mentally prepared to handle and/or funnel the information through parents and other trusted entities.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.