Evgeny Morozov doesn’t think much of Austin Heap, and points to this Newsweek article which describes how he got started with his anti- net censorship project:
But then he had a stroke of luck. Someone with the online handle Quotemstr asked Heap to join a specific chatroom. Quotemstr wasn’t interested in making idle conversation. He was a disaffected Iranian official with information to share. He provided Heap with a copy of the internal operating procedures for Iran’s filtering software. The 96-page document was in Farsi, but the diagrams told Heap what he needed to know.
If that’s an accurate description of the genesis of his software, I wouldn’t touch it with the proverbial bargepole. The US government is apparently more keen, but they’re not the people who have to consider whether their freedom might be compromised by an idealist who may have been spoofed by the Revolutionary Guards. Young Mr Heap concludes:
“We will systematically take on each repressive country that censors its people. We have a list. Don’t piss off hackers who will have their way with you. A mischievous kid will show you how the Internet works.”
Lordy. It’s The Quiet American for the digital age.
Judge Fang will go Confucius on his ass.
Posted by: Fellow Traveller | September 09, 2010 at 02:46 PM
Actually even without that I'd be very wary of it. There don't seem to be any serious security guys involved.
My guess is that its secret as there are some servers it relies upon that they're trying to keep obscure (so that it doesn't get blocked).
Posted by: Cian | September 09, 2010 at 08:54 PM
This just looks like a disaster waiting to happen. One of the really bad signs is that there isn't even any hint as to what general approach is used, let alone published code.
Also, what's the point? There are good open source solutions for a lot of this stuff - TOR, Hamachi (even if the squatting in the 1/8 netblock is lame), OpenVPN, even just SSH. Perhaps the point is to package the software and some hints about which peers outside Iran to use in an easy wrapper. In which case, why not say so?
Further, this whole secret distribution thing sounds really daft. The whole point of most modern crypto technology is that you can post up the code everywhere and stick your public key on the walls and it works. This avoids having to to do anything obviously weird and suspicious.
And, of course, it shouldn't be dependent on how this particular surveillance box supposedly works. It's like Chuckleheads Do GCHQ.
Posted by: Alex | September 10, 2010 at 12:16 AM
Update from Morozov:
http://neteffect.foreignpolicy.com/posts/2010/09/09/one_week_inside_the_haystack
Heap's response to the original article is sort of worth reading, if only to underline their amateurishness.
Posted by: Cian | September 11, 2010 at 01:27 PM