Canadian Technology Helps Iranians Bypass Censorship / Jeff Wigle
29-Jun-2009 (2 comments)

A flood of uncensored news and information is being made available to the people of Iran thanks to Canadian technology, and the authorities in Tehran are furious about it.

recommended by alexarjomand



Terms of Service and Privacy policy

by Rafal Rohozinski (not verified) on

The Boing Boing article is out of date. Please take a look at the psiphon website and you will see a full disclosure of our privacy policy, terms of service, known vulnerabilities and suggested use cases. This material is also available in Farsi when you use one of our "right2know" nodes.

We adhere to the highest levels of privacy protection which under Canadian law are higher than those offered in the US..

One one point let me be unambiguously clear --we will not re-sell user data -- ever!, and what little data we do collect is only that necessary to fine tune the delivery of our system and services

Rafal Rohozinski
CEO, Psiphon inc


Buyer beware...

by Ostaad on

"Some 18,000 Iranians have used the service, [Rohozinski] said." That's 18000 Iranians whose Internet communications are redirected to Rohozinski's servers and routers. One crucial fact the author of this article has not disclosed is Psiphone, Inc. is a private company and it can sell all the data it collects on those 18000 Iranian users to any government that pays for it - as a private company there are no guarantees that they may sell the data to the Iranian government too for the right price.

In short, there's no complete anonymity on the Internet. Another danger those Iranians who download these kind of so-called "human rights software" should be aware of are downloading Trojan Horses, or Back Door malicous code, which allow remote control of their computers by strangers.

Here's the critique posted by a smart user about Psiphone:

"I see that Boing Boing is discussing Psiphon. This greatly concerns me
because of their lack of transparency and accountability. Psiphon imply
(but refuse to state explicitly) that they are in the anonymity
business, yet they do not even have a publicly stated privacy policy.
They are vague about their security claims and, even assuming good
faith, have not disclosed any useful information on their security model
and implementation.

Aside from the fact that they are, as a for-profit company handling
personal information, required under Canadian law to disclose their
privacy policy, this lack of transparency leaves me with serious
concerns about their motivations and competence. This is especially
troubling when one considers that their entire product is essentially a
centrally administered proxy run with software unknown to the users.
What do they store? What do they claim? How can we verify? Nothing?
Something? Everything?
[My emphasis]

To sign up for their service, one either has to know Psiphon or know
someone who uses Psiphon; this necessarily requires a knowledge of
relationships on their part.
For many users, I suspect this is a minor
risk that seems remote until one again considers that this is a
for-profit company. Do they promise to do anything with any of this
data? Do they plan to store it forever? Do they promise to destroy it if
they're ever offered money for their company? What happens if they are
simply offered money for the data? Wouldn't it be better to avoid that
temptation entirely by not requiring or keeping any of that data?"


As your mom said to you when you were a child, don't take candy from strangers.