skip to main bit
a man slumped on his desk, from 'The Sleep of Reason Produces
      Monsters'

Oblomovka

Currently:

wanted: spartacus, an opera unite web proxy for iran

[ Updated:. The time for this has passed; if you want to do something, install a Tor Bridge. ]

A lot of people have asked me about Opera Unite, because of my frequent hectoring about the importance of protecting and running services on the edge of the Network. In brief: how can I not love its manifesto:

Our computers are only dumb terminals connected to other computers (meaning servers) owned by other people — such as large corporations — who we depend upon to host our words, thoughts, and images. We depend on them to do it well and with our best interests at heart. We place our trust in these third parties, and we hope for the best, but as long as our own computers are not first class citizens on the Web, we are merely tenants, and hosting companies are the landlords of the Internet.

I do worry, though, about launching an experiment like this without a complete and compelling demonstration of its potential, though. The demo services that Opera offers are great, but they really are just demonstrations. It’s generating a lot of excitement and “wuh?” in equal measure on the discussions I’ve seen, which is something I recognise from my attempts to proselytize the edge to those already excited by the cloud.

It occurred to me (encouraged by Stef) that a great and timely Opera Unite application, just for the next few days, would be a web proxy  for Iranians. Run it on your Opera service, post your machine’s Unite URL onto twitter with a tag #spartacus, and Iran would be drowning in potential proxies to use.

Instead of a real http proxy (like Psiphon), the best implementation would simply let you append a URL to your Unite URL and get a website back, like “http://foo.bar.operaunite.com/www.cnn.com/”. That would get rid of handing over your cookies to an unknown third-party; it’d probably also discourage people using the service for private communications (no https, in Unite — it’d be great if Opera fixed that!).

Maybe I’d also stick in a geoip check to make sure the incoming requests are coming from a known Iranian IP block, just so users could feel worthy that they’re just catering to Iranians (you could pull them out of this free geolocation database). That way we wouldn’t be creating a permanent global clunky, insecure proxy network — or at least not until Iran recovers and starts its own phishing services.

I know I’m not a good enough JS programmer to pull this off, but the Unite JavaScript API certainly appears to permit cross-domain XMLHttp calls, and you can catch generic HTTP requests using opera.io.webserver.addEventListener(‘_request’,somehandler,false);, so it is theoretically possible (and here I hand wave to the implementation Gods).

A better solution, I know, is to get copies of Tor to those in Iran. But I think that much of what we’re seeing right now is less about perfect solutions, and more about loud, temporary solutions that might help, will do minimal harm, and as a side-effect further publicize the cause of Iranian protesters.

14 Responses to “wanted: spartacus, an opera unite web proxy for iran”

  1. Craig Hughes Says:

    Any website which requires the use of cookies for eg session management will break if you change the domain part of its URL.

  2. Danny O'Brien Says:

    Right, but you don’t want to be taking cookies anyway, because you’ll be passing them through an unknown third party. You *could* write a complete http proxy, which was my original thought, but that’s letting the perfect be the enemy of the good.

  3. Paul chambers Says:

    Wouldnt Iran just block the set of reverse proxies that opera run? I dont think you access the inbrowser server directly.

    Going from the diagram here http://dev.opera.com/articles/view/opera-unite-developer-primer/operauni.jpg

  4. Danny O'Brien Says:

    Nah, the proxies aren’t always necessary. The Unite system can also punch holes through UPnP firewalls.

  5. Fred Blasdel Says:

    There’s no good way for Opera to support https, not with Mozilla’s asshole policy towards alt-signed certificates.

  6. James Says:

    Yeah, it’s a pity Mozilla can’t move beyond the ’90s in PKIX. Maybe Opera could implement RFC 5054, SRP-TLS.

  7. joe bloe Says:

    Good idea – set up a website & twitter account, etc to disseminate info once you are going.

    reckon you will need helpers to give out ips etc on email/twitter – maybe 4 emails ie DOB 01 – 03 xxx DOB 03 -06 yyyy etc

    austinheap has done amazing work, dont know how you would get in touch with him….. post how to on titter

  8. Carles Mateu Says:

    The best solution, IMHO, is still setting up as much TOR+privoxy nodes outside Iran (and, if possible inside Iran) as we can. Using privoxy as http proxy is portable across all browsers (including mobile ones), and after privoxy, TOR should take care of disseminating and hiding information towards the destination.

    In fact, TOR is not even necessary in all cases. We are not trying to hide iranian bloggers to their destination hosts (blogger.com, wordpress.com, etc.), but to their origin ISPs, with proxies outside iran that’s enough (TOR also hides originating IP to destination HOST, not necessary as of now if proxies are outside iran).

    Inside Iran situation is different, here we must protect also originating IP address, TOR can take care of that, setting as much TOR nodes as possible inside Iran can create a network enough complex to give time to Iranian bloggers to be relatively safe.

  9. SomeGuy Says:

    most retarded idea ever…there are thousands of proxies for iranians

    stop with this crap, you didnt setup a proxy for gazans

    stop being lemmings following the herd trying to subvert iran’s electoral process with a bunch of cia agents on twitter saying lies

  10. Danny O'Brien Says:

    You know that the Gazans can use those same proxies if they want to get past the Hamas filters, right?

  11. James Heaver Says:

    Isn’t one of the big problems that the Iranians can’t tell a legit proxy from a honeypot?

    Surely a system like this would just put them in more danger?

  12. comcomist Says:

    “….but as long as our own computers are not first class citizens on the Web, we are merely tenants, and hosting companies are the landlords of the Internet.” <– this is what we can solve, if we attract 5500 comcomist to the ComComizing project. please have time to read the arguments, thanks .

  13. Web Hosting Says:

    So anyone recommend this?

  14. bob spence Says:

    Check out this option provided by Eric S. Raymond:

    “NedaNet, a network of hackers formed to support the democratic revolution in Iran. Our mission is to help the Iranian people by setting up networks of proxy severs, anonymizers, and any other appropriate technologies that can enable them to communicate and organize — a network beyond the censorship or control of the Iranian regime.”

    http://www.catb.org/esr/nedanet/

                                                                                                                                                                                                                                                                                                           

petit disclaimer:
My employer has enough opinions of its own, without having to have mine too.