Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Lazyweb: turn the new version of Opera into an unstoppable grid of proxies for Iranians

Cory Doctorow at 7:42 am Tue, Jun 16, 2009

— FEATURED —

Science

Last chance to enter the Armchair Taxonomist challenge!

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

Book Review

We Can Fix it! - a graphic novel time travel memoir

Science

The technology that links taxonomy and Star Trek

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Danny O'Brien's got a doozy of a lazyweb idea: "Here's a way to mash-up two of the most talked-about Internet issues today. Opera launched their web-server-in-a-browser, Opera Unite, today. Iranian protestors are looking for proxies to get around Iran's blocking. So why not write a Opera Unite service that acts as a simple, quick-and-dirty proxy for Iranians? Danny O'Brien lays down the challenge."
Instead of a real http proxy (like Psiphon), the best implementation would simply let you append a URL to your Unite URL and get a website back, like "http://foo.bar.operaunite.com/www.cnn.com/". That would get rid of handing over your cookies to an unknown third-party; it'd probably also discourage people using the service for private communications (no https, in Unite -- it'd be great if Opera fixed that!).

Maybe I'd also stick in a geoip check to make sure the incoming requests are coming from a known Iranian IP block, just so users could feel worthy that they're just catering to Iranians (you could pull them out of this free geolocation database). That way we wouldn't be creating a permanent global clunky, insecure proxy network -- or at least not until Iran recovers and starts its own phishing services.

I know I'm not a good enough JS programmer to pull this off, but the Unite JavaScript API certainly appears to permit cross-domain XMLHttp calls, and you can catch generic HTTP requests using opera.io.webserver.addEventListener('_request',somehandler,false);, so it is theoretically possible (and here I hand wave to the implementation Gods).

wanted: spartacus, an opera unite web proxy for iran (Thanks, Danny!)
Previously:
  • Iran SMS networks "mysteriously" fail right before elections ...
  • Cyberwar guide for Iran elections - Boing Boing
  • Iran: Activists Launch Hack Attacks on Tehran Regime - Boing Boing
  • Iranian election uprising: Twitter tracks it real-time, Iranian ...

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE:  Civlib • International • Make a Difference • maker • politics

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

  • Anonymous

    Check out this option provided by Eric S. Raymond:

    “NedaNet, a network of hackers formed to support the democratic revolution in Iran. Our mission is to help the Iranian people by setting up networks of proxy severs, anonymizers, and any other appropriate technologies that can enable them to communicate and organize — a network beyond the censorship or control of the Iranian regime.”

    http://www.catb.org/esr/nedanet/

  • Anonymous

    The problem is that Opera Unite doesn’t solve an existing problem: http://www.browserinsider.com/1/opera-unviels-unite

  • desiredusername

    The Iranians activists also have to deal with staying organized amidst frequent cell phone outages.

    Can a persons set up a P2P SMS network with programmable phones?

  • benwerd

    The suggested idea wouldn’t technically work; you probably couldn’t create a useful proxy server with Javascript alone.

    Tor, on the other hand, is a great idea. It needs a little UX polish, but if we can get enough people to establish Tor nodes we could probably really help people in Iran and elsewhere.

  • Danny O’Brien

    #1, #2, #3: I mention Tor as the far better solution in the article. Here’s the paragraph:

    A better solution, I know, is to get copies of Tor to those in Iran. But I think that much of what we’re seeing right now is less about perfect solutions, and more about loud, temporary solutions that might help, will do minimal harm, and as a side-effect further publicize the cause of Iranian protesters.

    But right now, Iranians are asking for proxies.

    #4 — the difference is between a complete http proxy, in which your traffic is passively relayed by your browser through the proxy, including Amazon cookies, say, if you visit Amazon.com. If it’s a URL-driven mirror site, then your browser won’t send domain-defined cookies.

    (The other reason I suggested this was because building out a complete compliant http proxy is *hard*, and I just saw this as a hack to be used during the high news cycle of Opera Unite.)

  • drew3ooo

    Regarding #13 posted by mattofdoom,

    hey man, I do, and I know a number of farsi speaking people here in London who do have access to those in Iran taking part in demonstratons or at least supporting them. Proxies are a keen idea and they don’t involve downloading anything I’m a fan of Tor, but you still have to load sometihng on your computer to use it, I think.

    People involved in political action in Iran can potentially face computer confiscation, during which they will be checked for signs of activity.

    Using a proxy could do well to leave less of a trace.

  • commentmoderationsux

    #13, send proxy info in a direct message to https://twitter.com/persiankiwi.

    Do not post the proxy info publicly or give it to unverified sources. The Iranian government has started scouring and intercepting proxy information so they can block them. You can read persiankiwi’s twitter and google the name to check her authenticity. https://twitter.com/Iran_ALLDAY is another twitter account that is legitimate which you can direct message the info to. Use “Direct Message” only.

  • manicbassman

    isn’t Opera’s new feature controlled by a central server which the Iranian authorities can simply block?

  • mattofdoom

    Thanks, #17, CMsux.

  • Anonymous

    Help bring down the Iran Curtain!
    http://iansbrain.com/2009/06/15/tor-and-the-iranian-election/

  • Anonymous

    Since all Opera Unite traffic has to go through Opera’s servers (to get around NAT), I doubt they will agree to host a proxy service. Not to mention it wouldn’t make sense in the context of Unite… Opera is already acting as a proxy go-between for Unite servers and clients. With Unite + a proxy service you have two layers of proxies… that’s unnecessarily complex. It would be far better to make a dedicated service for this type of proxy (and there already are plenty, CGIProxy is a good one).

  • Anonymous

    #8: Yeah it is, I just realized they could just block opera.com and kill it completely. Or be nice and just block operaunite.com to kill client functionality of Opera Unite.

  • Anonymous

    Mesh networking of mobile telephones would have a lot of advantages, and not just during times of political strife. Just think of what happens during natural disasters, even the mobile network goes down because the calls are routed to the nearest cell tower and then through the ordinary telephone network. If the lines are down or fibres broken (storms, earthquakes) the mobiles can’t get through even though there might be an unbroken chain of mobiles from the disaster area to an unaffected area. Peer to peer self organizing networks using the radios already built into the mobiles (GSM, CDMA, WiFi, Bluetooth) would at least allow a low data rate text messaging service to run. If it is built as a store and forward system there doesn’t even need to be a live connection from one end of the network to the other, message can be held and retransmitted when a connection is re-established. There are several academic papers and Ph.D theses on this and related subjects but no implementations as far as I know.

    See:
    http://www.cs.ucla.edu/~pinecho/publication/TR070013BluetoothMeasurement.pdf

    http://nms.lcs.mit.edu/papers/kchen-cafnet-thesis.pdf

    http://www.crysys.hit.bme.hu/publications/files/ButtyanDFV07aoc.pdf

    http://www.haggleproject.org/images/b/b3/Haggle_D6.1.pdf

    http://research.microsoft.com/en-us/um/people/jws/pubfiles/wons2006-haggle.pdf

    http://www.netlab.hut.fi/chants-2007/papers/4-2.pdf

    http://www.cs.umanitoba.ca/~vmisic/pubs/tr0304.pdf

    http://www.cs.bilkent.edu.tr/~korpe/lab/medhoc.doc.pdf

  • zikzak

    https is only useful if you can trust that the cert of the machine you’re connecting to is really theirs, so implementing it in a pseudo-p2p server like Unite would be pretty pointless, since by definition you’re connecting to random strangers.

    …unless you want to get the Unite users to either register expensive SSL certs or participate in a free network like cacert.org. That’s not a bad idea, but it makes things a lot more complicated to get going, to the point that it’d really probably be easier to just use tor.

  • Anonymous

    What is the free geolocation db mentioned??

  • mattofdoom

    I don’t know about you guys, but I see a different problem here.

    I don’t actually know any irate Iranians with whom to selectively share the IP for my proxy or tor node or whatever.

    So, whilst I have spare server cpu cycles I’d happily turn over to this cause, I don’t know who to turn them over too.

  • Danny O’Brien

    #8, #9 — No, you only go through Opera servers if Unite can’t punch through your NAT. It’s a direct connection otherwise.

  • t3knomanser

    Tor is similarly quick and easy to setup, and can handle encryption and is a heck of a lot more secure.

    If people outside Iran were to establish Tor bridges and share the IP/token with select sources in Iran, as well as mirroring the Tor install files on their own servers, we could get a nice robust network of Tor nodes going.

    After work, I’ll try and write up a tutorial on it- but it’s funny, at work, they don’t like you researching proxies.

  • Alexandre Van de Sande

    Iran can shut down it´s telecomunications and no javascript library will help that.

    We need cellphones with mesh networking. Sort like a XO Laptop, but pocket size, with a camera and webbrowsing. A hundred thousand of those deployed in iranian border, and another batch parachuted in north korean country side.

    Now it seems clear that twitter can spread democracy better than a hundred bombs over iran ever could

  • Anonymous

    The wiki page has lots of info about Tor:
    http://en.wikipedia.org/wiki/Tor_(anonymity_network)

    As does the Tor wiki:
    https://wiki.torproject.org/noreply/TheOnionRouter

    Including Win32 setup:
    https://wiki.torproject.org/noreply/TheOnionRouter/Tor4Windows

  • failix

    @ #1, Yup, I don’t understand why not simply use tor?

  • Orky

    Instead of a real http proxy (like Psiphon), the best implementation would simply let you append a URL to your Unite URL and get a website back, like “http://foo.bar.operaunite.com/www.cnn.com/“. That would get rid of handing over your cookies to an unknown third-party;

    How would a URL like that “get rid of handing over your cookies to an unknown third-party” ?

  • Anonymous

    If I may, on behave of all Iranian I would like to thank you all for working on this urgent matter. It feels good to see that we are not alone in the world.

    Cheers, P