Talk:Psiphon
From Wikipedia, the free encyclopedia
[edit] Current Status?
The software was scheduled to release to the public at the end of May, but obviously the devlopers still haven't delivered it yet. What is the plan?
Dakelv 05:37, 21 June 2006 (UTC)
- This article says 'Friday', but the article is dated Friday so I don't know if it's today or a week today. Anchoress 00:04, 2 December 2006 (UTC)
[edit] ability vs likelihood of restrictive governments to block https
"As https protocol is widely used for secure communication over the Internet..., no government can block the usage of https."
This ambiguity of this sentence seems to confuse a restrictive government's ability to block access with reasonable government policies on network traffic. Given that Psiphon is designed specifically to provide access to citizens dealing with known-unreasonable governments, the statement "no government can block https" is either incomplete; should continue to say, "without further restricting their citizens access".
Jm3 22:52, 1 December 2006 (UTC)
[edit] Tor similarities & differences
Can anyone with more in-depth knowledge of Psiphon flesh out this entry with how it differs from Tor and other anonymity networks? This would be useful as a growing number of people are familiar with Tor and it would serve as good point of reference to explain Psiphon.
- From the Tor article:
-
Like all current low-latency anonymity networks, Tor is vulnerable to correlation attacks from attackers who can watch both ends of a user's connection. In a number of countries, various government agencies have access to connection data of a large number of internet service providers. Because of this, Tor is not suitable for protection against observation by those government agencies.
-
- Does Psiphon get around this? Brentt 18:41, 1 December 2006 (UTC)
[edit] Use: Anonymity?
I disagree with this categorisation; it's not an anonymity system, it's an accessibility system. Anchoress 00:02, 2 December 2006 (UTC)
- Does anybody know what Anchoress meant when she said that psiphon is "not an anonymity system, it's an accessibility system" 141.149.48.247 22:35, 24 March 2007 (UTC)
[edit] Censorship by removing information?
There seem to be some recent attempts to censor this article by removing information about the risks involved in using Psiphon. If anybody disagrees with criticisms of Psiphon they should raise their issues on this page. Simply removing material is not the way to behave. Mrslippery 20:39, 13 February 2007 (UTC)
There is no attempt to censor, and you have done what you say is improper -- that is "simply removing material." The information you put in this entry was factually incorrect and based on a blog entry that, in turn, was based on a partial summary of a transcript of a question and answer period of a presention. Not all Psiphon servers ping back their IPs to a central server, there is an option for users not to do so. Those that do are not recorded. The code is open source, so anyone can see for themselves that this is the case. Please do not remove information that is accurate and factual, and includes criticism of psiphon, for example, that it does not provide anonymity.
"Not all Psiphon servers ping back their IPs to a central server" If that is the case add a note to the article explaining exactly what is being done. "The code is open source, so anyone can see for themselves that this is the case" Not everyone can read code, or should need to do so. I didn't remove material. I reinstated what you had removed. A Wikipedia article should give a balanced view. It seems that you are trying to remove anything that is critical, or warns of the dangers of using Psiphon. For example, you removed a link to a blog posting which warned of the dangers of using Psiphon in the EU because of its data retention legislation. Mrslippery 23:15, 19 February 2007 (UTC)
[edit] Security
"Psiphon also offers a substantial increase in security, and an improvement in detection avoidance, over open public proxies." Is this an opinion or a fact? If it is a fact then expand and substantiate the observation. If it is just an opinion it should be deleted. Can I also make the point that a Wikipedia article is not a product advertisement. An article should not be used to promote anything. An article should present balanced and objective information. I think that is particularly important with something like Psiphon. Mrslippery 22:53, 21 February 2007 (UTC)
I really do not think this fact needs any expansion or substantiation. It is obvious, by definition. An "OPEN PUBLIC" proxy is "open" meaning not secured or encrypted, easily eavesdropped and collected, and "public' meaning shareable to all who wish to see, use, and block it. Psiphon is closed Iencrypted) and intended to be used in a private (social networks of trust) model. What else needs to be said, than "Psiphon also offers a substantial increase in security, and an improvement in detection avoidance, over open public proxies."
"Psiphon also offers a substantial increase in security, and an improvement in detection avoidance, over open public proxies." Is this an opinion or a fact? It is an opinion until you can demonstrate it is a fact. Go ahead and demonstrate that it is a fact if you want that statement to be included in the article. Prove that in all its features, and in every possible circumstance, Psiphon is superior. If you cannot do that the the statement has no more value than a bit of advertising copy. BTW - sign your contributions. Mrslippery 17:50, 26 February 2007 (UTC)
[edit] clarification
I agree with Mr. Slippery that information that is critical should not be removed. At the same time, the way in which the entries proposed by Mr. Slippery are written make it sound nefarious and somewhat conspiratorial. (e.g., the article "reveals" "discloses" etc). In fact, the psiphon developers themselves were the ones to describe this function and the commercialization during the presentation described by the article. So it is not accurate to attribute to the World Changing article these details. Instead, they should be accurately described in the body of the article in full and in detail. As I have used psiphon and know the source code, I have made these changes.
I agree this is the right approach, and edited for grammar and accuracy.
Please sign your contributions. Mrslippery 17:50, 26 February 2007 (UTC)
[edit] Vandalism?
There is continued vandalism on the psiphon site by Mr. Slippery and one other (perhaps the same) user. I have removed the links that violate the neutrialty norm. A second post was removed because the "perceived problems" around psiphon are addressed in a more factual, objective manner, in the precediing paragraph based on references to the code base.Paineman 13:19, 22 March 2007 (UTC)
MrSlippery, insists on posting clearly biased links. I will continue to remove the offending link. please refer to the Neutral point of view article for more information: "Neutral point of view is a fundamental Wikipedia principle. According to Wikipedia co-founder Jimmy Wales, NPOV is "absolute and non-negotiable."[1]"one man salientOne man salient One man salient 16:11, 9 March 2007 (UTC)
The Psiphon article is being repeatedly vandalised by one man salient and 74.102.45.230. I assume they are the same person because the vandalism is the same in both cases and consists of deleting two external links. I have traced 74.102.45.230 to an ISP in Toronto. The creators of Psiphon are based at the University of Toronto's Citizen Lab. I have left a warning on vandalism on one man salient's user page. I wonder if I should also contact the University of Toronto and ask them to investigate if the vandalism is being performed by a member of their staff. Mrslippery 12:56, 5 March 2007 (UTC)
I removed the links because they were incorrectly indicated as News in the wikipedia page, when in fact they are opinion pieces on psiphon. It seems MrSlippery wants it both ways, (see security section below, in which he indicates that 'opinions' should not be placed on wikipedia pages, when in fact both of those links are links to opinion pieces on psiphon. I have reorganized the page accordingly, and will leave the article links. one man salient
If you thought that the links were under the wrong heading you should have moved them. Repeated deletion was not the correct choice. In fact, the two links were not to opinion pieces. One was to a conference report. The other was to a blog post which gives some information of Psiphon that is not in this article, and makes some critical comments on Psiphon's security. I agree that they should be under the 'External links' heading and had moved them there in my last edit. Mrslippery 12:56, 5 March 2007 (UTC)
I really think that you are being unnecessarily harsh in what you are saying here. I acctually deleted your blog post under the "News" section because I thought it was not "news" -- it is a blog posting from someone who was spreading inaccuracies. I am neither one man salient or the IP address to which you refer. I do happen to live in Toronto. You may be unaware of the fact that psiphon has received wide press coverage in Toronto, and the forum of the site (which perhaps you've never visited, I suggest you should to inform yourself better about how psiphon works and some of the real reactions of users themselves, as opposed to some blog entry out there) has thousands of registered users, many of them, like me from Toronto. I did not think a blog post full of inaccuracy should be included in "News". I could write a blog post right now that spreads all sorts of false information about psiphon. Should that then be cited and included? We need to have some disretion here. one man salient apparently agrees with me. you disagree, but that is not reason to call one man salient a "vandal."
You have removed information that is valuable to the content of psiphon for no apparent reason. In your history, for example, you removed an entire paragraph comparing psiphon to TOR, both in terms of strengths and weaknesses. It is now restored, but someone below had to admonish you about it. If you have some grievance against the tool, or are not properly informed about how it works, then you should not contribute the article.
Please also be careful in your choice of language. Your posts err on the side of "conspiracy" implying that the creators of psiphon are trying to hide something, when in fact it is clear from the very blog post you yourself had posted that the information came directly from the lead director of the project Ron Deibert. Be balanced and accurate please in what you write. 67.71.3.154 14:46, 4 March 2007 (UTC) schmautzie
67.71.3.154 Please place your posts under the correct heading and sign them if you have a user name. Some of your comments are factually incorrect but Wikipedia is not the place for personal disputes. I suggest we devote our energies to improving the article. Mrslippery 12:56, 5 March 2007 (UTC)
- According to the psiphon documentation 74.102.45.230 is the address for the "test server" for psiphon. It certainly looks like persons associated with psiphon have been editing this article. That would not tend to produce a neutral POV. http://psiphon.civisec.org/samples/psiphon_guide.pdf 141.149.56.155 02:15, 29 March 2007 (UTC)
[edit] External Link removal request
Mr. Slippery is repeatedly posting personal blog entries to the news section that are biased, repetitive, and not based on a credible source of information -- all contrary to Wikipedia posting norms. Please stop.142.150.218.150 15:44, 14 March 2007 (UTC)Jackson
Still no response from MrSlippery, and he keep posting clearly biased links. I will continue to remove the offending link. please refer to the Neutral point of view article for more information: "Neutral point of view is a fundamental Wikipedia principle. According to Wikipedia co-founder Jimmy Wales, NPOV is "absolute and non-negotiable."[1]"one man salientOne man salient One man salient 16:11, 9 March 2007 (UTC)
As there has been no response to my request for an external link removal, and the link referenced below clearly contravenes the Neutral point of view Wikipedia principle, I will remove the offending link.
please refer to the Neutral point of view article for more information: "Neutral point of view is a fundamental Wikipedia principle. According to Wikipedia co-founder Jimmy Wales, NPOV is "absolute and non-negotiable."[1]"one man salientOne man salient 15:09, 8 March 2007 (UTC)
There is an article that has a deragatory title on the external links section (psiphon - too dangerous to install). Claiming psiphon is dangerous is not a "neutral" statement, as mandated by wikipedia rules. All other links address psiphon in a neutral manner, so for that reason, I feel that this is an inappropriate link and that it should be removed. I would like MrSlippery to remove the link, as he is the one who insists on posting it. The premise that psiphon is dangerous is not true, especially when it is used within the intended model, one utilizing a social network of trust. That said, there are many popular software packages that are more invasive and potentially dangerous on a users system, and yet deragatory external links are not included. one man salient, 05 March 2007
[edit] Removal of Perceived Problems
I have removed the "perceived problems" sectcion to this site, as the entry is not based on fact, but is rather a personal rant. The issues concerning trust and security of pisphon nodes, in particular the "check in" feature, are clearly discussed in a previous section, only in a much more balanced and objective manner. Please do not deface the psiphon site with personal rants. An encyclopedia entry should strive for objectivity and neutrality. —The preceding unsigned comment was added by Paineman (talk • contribs) 13:09, 23 March 2007 (UTC).
[edit] Removal and Editing of Material Based on Consensus and Compromise to Acheive an Accurate and Balanced Result
Paineman- It seems we have come to somewhat of a compromise prior to the page being frozen the section being left in there with some of your changes and some of my changes intact. I changed the heading to "Theoretical Problems" to accomodate your sensibilities. There are some things I would like to see changed. Why don't we deal with each one at a time. For instance, first sentance "...so that each user upon signing on can choose to report to check their IP." should be changed to "...so that user's IP are automatically reported to a central psiphone computer, however users have the option of witholding their IP address as a program option." This would more accurately reflect what is actually happening with the IP information. As it stands I am not sure what "upon signing on [users] can choose to report to check their IP." represents. There would be no real "choice" upon sign in unless a pop up box appears upon sign in that allows the user to choose to send or withold IP info. Unless I am not mistaken that is not the case with actual use of the program which, as I understand it, is set up to automatically send IP info unless a user has the know how to fiddle with the program options. 141.149.48.60 22:56, 23 March 2007 (UTC)
- There is now a section entitled "theoretical problems" each of the problems mentioned are admited to be problems only if the social network of trust requirement is ignored. This section should be removed, as it points out nothing but how NOT to use psiphon. It is NOT the intention of wikipedia to publish information on how to incorrectly use a tool, of any kind One man salient 17:32, 23 March 2007 (UTC)
- Salient, psiphon is an information tool, wherebye a proxy of the internet is available to those in need of such a proxy. Full disclosure of the risks and benefits of any tool is critical to proper use of that tool. The theoretical problems section sets out those risks clearly, whereas in the balance of the article the risks are glossed over, as if the article is an advertisement of psiphon. Psiphon is not a tool that can be used without significant risk, in certain countries the risk is death and imprisonment. If anything this Wikipedia entry, which is an extremely important entry because it may be relied upon by those people in danger, should err on the side of caution. "only if the social network of trust requirement is ignored", only means if people lie and mislead each other. What in the world makes you think the Chinese Government doesn't lie and mislead people? And/or pay, promote and sponsor people to lie and mislead people? I believe they use torture to accomplish things. Do you really want some person from Iran or China to believe that there is some "network" out there protecting them. There is none, but one could well believe there is from the ad copy type wording in the balance of this article. It needs to be plainly stated if the person running the psiphone node gets caught or sells you out your goose is cooked, if the benign folks running the psiphon central server goof and release the IP addresses your goose is cooked. I have no idea why one would want to state anything else. The section needs to stay in from a purely moral point of view. Honestly, the section should be entitled "Dangers of Psiphon Use", but in the spirit of Wikipedia I was trying to compromise. 141.149.48.60
- The problem with the argument below is that it assumes that psiphon operational information is not readily avialable in the extensive documentation that is on the psiphon website. There is an FAQ, User Guide, and user forums area all of which describe psiphon completely (not to mention the open source code that is freely available). There are many inaccuracies in the statements in the Theoretical problems area, such as confusion as to whether IP addressess are logged. The psiphonode does not log IP addresses of psiphonites (users in censored countries), but you insist it does. If you take 5 minutes out of your day and install psiphon on a computer you will see this fact.
- The bottom line here is that wikipedia is not a place to post technical reviews, especially reviews from someone who clearly does not understand how psiphon works. Your theoretical problems are missinformed and inaccurate, as backed up by the open source code and extensive listed documentation.
- As well, when the psiphonode (optionally) connects to a citizen lab server (or 1 of 4 others, again optional), only the external IP address of the machine requesting information is returned.
- As you can see, your "theory" is based on half knowledge and undisciplined research, and that is why it should be removed. (please sign your discussion posts in the future) One man salient 21:31, 23 March 2007 (UTC)
- Well its obvious your life is entwined with this tool far too deeply for you to write objectively about it at all. So the psiphonode doesn't log IP addresses; it "just" keeps a log of where every person who uses the node has ever been on the internet. In other words each server keeps proof of where each psiphone node has been visiting on the internet. Sounds like a good evidence trail, ready for trial. And I notice that you are not saying that possession of a psiphon server wouldn't compromise each and every one of the clients. Don't tell me that I'm making a technical review, I'm not. Your source code is completely irrelevant, because the fundamental flaw is a human one, you think the magic words "social network of trust" somehow makes your IP logging and history keeping a safe practice. It simply is not and never will be if you want any level of protection for the people you claim to wish to help. Frankly if you wanted to help so much you would be more cautious about your rhetoric simply because you would care about the consequences of your marketing. However, this is an encylopedia, no place for you to make unsubstantiated claims about how protective this software is of personal freedom...if nobody lies, if nobody cheats, if nobody steals. You should stop the marketing talk and be honest about what this is and what it is not. It is a web proxy, that it is. There is a level of encryption involved, true. But to sell this as a way to surf in Iran and China, all the while keeping IP logs by default, and designing the software to track surfing habits from each server, whilst not admitting to these two issues as glaring flaws, is dangerous to the very population you say you care about. It should be disclosed in plain language as a known risk to use of your tool. 141.149.48.60 22:32, 23 March 2007 (UTC)
- Wikipedia entries are not places for personal rants or airing of personal biases. You need to strive to be objective, and frankly you are not. You claim that the psiphon project is somehow hiding or minimizing the fact that servers have log files of psiphonities' surfing. However, in every single piece of literature related to psiphon, including the psiphon wikipedia entry, this is made clear. It is made clear in the FAQ. Have you read that? It was designed *deliberately( into psiphon as a socail safety mechanism so that operators of psiphon nodes can check what sites the people who are, in effect, borrowing their computers visit. When the producers of the project themselves are the first to disclose it, how can you assert that there is some kind of attempt to hide things. It is just plain ignorance.
- Your entries are full of biased, personal opinions, and not neutral or based on objective fact. For example, you assertion: "And of course the "professional service" to "complement and help fund the free, open source version" is just not how normal privacy advocates go about things." Really? Who says? You? What about PGP? What about Anonymizer? You are asserting something based on your opinion, which is contrary to wikipedia norms.
- Here is another example: . "This program is not one to trust your personal safety and freedom upon." Who says? You? Does that make it true? It is your *opinion." Great, have an opinion all you want. Blog about it. Tell your friends about it, or whoever will liisten to you. But don't vandalize a wikipedia entry with it. You are violating the wikipedia norms. Keep your opinions out of it.
- Here is another example: ""Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access", this is not a feature but an extreme security risk because psiphone can and will be used as a "honeynet" to ensnare users". Apart from the fact that you don't even spell "psiphon" correctly, you are putting forth an opinion as fact. It is not a fact just because you say it. On the contrary, the psiphon user guide, the FAQ, the public material related to psiphon, the psiphon forum, all spell out clearly "Do not give out your connection information to someone you don't know and trust, and visa versa, do not connect to a psiphon node if you do not know and trust that person." Sure, some stupid people will not follow the instructions, but that is not a detriment of the technology -- it is a shortcoming of stupid people. Moreoever, the issue was addressed in the section comparing psiphon to "open public proxies" which by definition are open (iie not secure) and "public" meaning advertized. If anyone is going to set up a honeypot, it will be throug that method.
- You are being ignorant and malicious, that is clear for anyone to see. You should either inform youself, or stop posting your personal rants. Wikipedia is not the place to air them. Go write a blog entry.Paineman 23:26, 23 March 2007 (UTC)paineman
- You can flame all you want. The truth is that you are obfuscating the facts and the real world consequences of those facts. You do yourself a disservice if you bill your software as some sort of solution that it is not. And from the history of this Wiki you have violated all sorts of Wikipedia principles and rules. I'd be willing to freely remove "This program is not one to trust your personal safety and freedom upon" although I think that is an informed opinion. 141.149.48.60 00:10, 24 March 2007 (UTC)
- Ok, it appears that an anonymous poster is now making declarations about my life, accusing paineman of flaming, please wikipedia admin put a stop to all this. Clearly this anonymous person has some kind of personal issue that he/she is trying to vent.
- here are the facts, and the reason why the "theoretical problems" section should be removed.
- these theoretical problems are not based on objective facts about the software. Fact: all psiphon nodes do not "check in." Fact: of those that do, it is policy of the Citizen Lab not to store those IPs and thus impossible to "hack" or "disclose" or "accidentally reveal." Fact: psiphon "professional services" two track plans are actually quite prevalant among security and privacy software tools, like PGP, Anonymizer, YourFreedom, and others. Fact: Psiphon user guides explicitly inform people on how best to use psiphon nodes, to not connect to nodes of people that they do not personally know and trust. The wikipedia article for psiphon is no place for Mrslippery and the anonymous poster to vent their personal opinions and imply them as facts. One man salient 02:13, 24 March 2007 (UTC)
- "Informed opinions" have no place on Wikipedia. I have no interest in this software. I do have an interest in maintaining the integrity of wikipedia norms. If you can demonstrate that you opinions have a basis in fact, then you can write them into the entry, using impartial and objective (as opposed to inflammatory) language. The wikipedia entry is no place for you to rant about your pet peeves and personal opinions. Go set up a blog for yourself to do that. Every single one of your assertions has been demonstrated to be in ignorance of the software, unsubstantiated by fact, and based on your own personal opinions. The "theoretical problems" section should be removed.Paineman 00:23, 24 March 2007 (UTC)painement
- You sound kind of like the owners of the Titanic (prior to the iceburg) when you say this software is "impossible to "hack" or [and the data impossible to] "disclose" or "accidentally reveal". Actually, you have been making personal attacks on just about anyone who opposes your views since inception of this wiki. Its reasonable to conclude you have some kind of vested interest because of your manifest lack of objectivety. And a section should only be removed on its content, not on any other basis. I've offered you reasonable changes bases upon your sensibilities and all you have done is attack. On the other hand I think that this is a healthy dialogue that should have taken place a while back. 141.149.48.60 12:35, 24 March 2007 (UTC)
- Whatever inferences you make about "us" and "our interests" the bottomline is that you have not demonstrated any of your assertions are based on fact. I am asking you to avoid putting forth personal opinions and concentrate on facts. If you can show that any of your assertions are based on fact, not opinion, then we can keep them, toned down appropriately to avoid inflammatory language. Do you have any that meet these criteria? If not, let us move on and erase the "theoretical problems" section. Paineman 14:27, 24 March 2007 (UTC)paineman.
- Fact- there is no protection whatsoever that the users of psiphon have against purposefull misuse of the IP information by Citizen Lab, none whatsoever.
- Fact- there are viruses, trojans and backdoors, not to mention rootkits, there is no guaranty that Citizen Lab's security will not be breached. You say "they" don't "keep the logs", but the fact that IP information is ever collected is enough, even if the information is "thrown away". In that case all it takes to compile a list is to take control of the garbage, whether it be electronic or otherwise.
- Fact- if psiphon becomes a popular way of evading censorship in countries hostile to freedom of the press and speech the Citizen Lab server will be a desirable target to subvert, whether through software or through other means, exactly because IP logging of any kind exists. The folks attempting the subverting would be at the government level and thus have a very high level of sophistication and a truly large amount of money to spend. If I can think of it, they surely can. I wonder if Citizen Lab has considered what it is letting itself in for by doing this.
- Conclusion: Logging IP addresses, even if they aren't "kept" is a significant risk.
- BTW- salient, I found this on the psiphon site http://psiphon.civisec.org/forum/viewtopic.php?t=904 does this mean that you are site admin for psiphon? 141.149.48.247 22:35, 24 March 2007 (UTC)
- In any case I am not going to agree that this section is to be erased. Would you care to discuss specific edits? 141.149.48.247 02:05, 25 March 2007 (UTC)
- Your "facts" are actually one "assertion" repeated over and over again. As to the validity of that one assertion, psiphon users presently have a choice whether or not to have their nodes "check in" with the Lab -- so your assertion only applies to those that do. Assuming that for those who do there is still a theoretical security vulnerability, the point was rasied and covered in the preceding section making reference to a theoretical "canonical list." So your one assertion is repetitive.
- On this basis, I propose rour "theoretical problems" section should be removed.Paineman 00:12, 26 March 2007 (UTC)Paineman
- No. 151.205.177.250 04:36, 26 March 2007 (UTC)
- Would you care to discuss specific edits? 68.161.21.37 16:42, 26 March 2007 (UTC)
- The Chinese have an Information Warefare program and are using both military and civilian population to participate in information warring, including the use of viruses and trojans. The danger to psiphon servers is far from theoretical. http://www.sans.org/reading_room/whitepapers/warfare/788.php?portal=9dec697c679eaf5650ac7009fe6042b7 and http://is.ci-ce-ct.com:85/article/showquestion.asp?faq=7&fldAuto=292 151.205.164.84 19:53, 27 March 2007 (UTC)
-
-
- Salient, would you please remove your call for all psiphonites to come to the rescue of the psiphon Wiki article http://psiphon.civisec.org/forum/viewtopic.php?t=904, it is distasteful and not very "welcoming". 141.149.56.155 21:35, 28 March 2007 (UTC)
-
-
-
- I just looked at the forum posting you mention. What is wrong with what salient posted? It simply tells psiphon users to take a hand in helping to maintain the entry so that it is accurate and based on the experiences of users themselves. And it asks to please help maintain the psiphon wikeipedia entry as an objective description of the strengths and weaknesses of the psiphon system. Something wrong with that?142.150.218.183 22:27, 28 March 2007 (UTC)
-
-
-
-
- States "The psiphon wikipedia entry is being repeatedly vandalized by a few
- individuals who are writing exaggerated and uninformed criticisms of the technology." It is a call to arms against "vandalizers", myself no doubt being included in that category, by a person who is the site administrator for psiphon, who claims his is an unbiased viewpoint. It is a call for help in "editing out" criticism. That's what is wrong about it. But I would not expect someone from an ip address that whois says originates from:
-
-
-
-
-
-
- OrgName: University of Toronto
-
-
-
-
-
-
-
- OrgID: UNIVER-36
-
-
-
-
-
-
-
- Address: Computing and Networking Services
-
-
-
-
-
-
-
- Address: 4 Bancroft Avenue, Room 121B
-
-
-
-
-
-
-
- City: Toronto
-
-
-
-
-
-
- to be trusted to be unbiased. [User:141.149.56.155|141.149.56.155]] 02:31, 29 March 2007 (UTC)
-
-
-
-
-
- It is unreasonable and unacceptable to say that anyone from the University of Toronto -- one of the world's most prestigious universities with tens of thousands of faculty and students -- is not permitted to edit the psiphon wikipedia entry. Nor is there is anything wrong with asking psiphon users themselves -- presumably hundreds of thousands of people worldwide -- to help eidt the entry outlining the "strengths and weaknesses" of the software in an "objective" manner. You are trying to prevent people from posting based on guilt by association, which is wrong. Just stick to editing the entry and please leave out the personal accusations.Paineman 12:49, 29 March 2007 (UTC)
-
-
-
-
- Actually, unlike yourself, I never thought to keep others from posting their thoughts. 141.149.54.228 01:07, 30 March 2007 (UTC)
- This is a talk page, everyone may be heard here. In fact this would be an appropriate place for the people involved in psiphon to become part of the editing process. However, not on the Wikipedia Psiphon entry itself, Salient as the site administrator for Psiphon should never have edited the psiphon article for "bias", nor written portions of the article. You assume I want to shut people up here because you tried to accomplish that with others http://en.wikipedia.org/wiki/Talk:Psiphon#Discussion__Practices_that_Violate_Wikipedia_Norms. However, that is not the case. I am pointing out that if Citizen Lab has its people in here, as it does seem to be, at least they should take a back seat in editing and discussion, rather than attempting to impose a "positive view" of psiphon, simply because they are by definition interested parties. I would point out to you that you are mistaken if you hold the belief that those editing in material critical to psiphon wish for it to fail, or are the enemies of freedom, or are somehow ignorant in some fundamental way simply because the material does not flatter. 151.204.158.134 13:42, 30 March 2007 (UTC)
-
[edit] History and Functionality
The Section on "History and Functionality" should really be modified:
"Psiphon requires no download on the client side, and thus offers
security andease-of-use for the end userin case of equipment seizure. But unlike Tor, psiphon is not an anonymizer, as the server logs all of the clients surfing history.At the same time, such a set-up limits abuse of psiphon servers, which are limited in principle to a social network where clients and servers know and trust each other."
"No client side software" will not offer security to anyone using psiphon if their equipment is seized. Yes there will be an absence of psiphon software on the seized computer, but an abscence does not make a security feature. If the psiphon server is seized, with its detailed log of surfing habits and log of IP addresses of the clients who have used the node, then there is no extra security offered the user, the user in such a case is simply "caught". Therefore the "set up" does not "limit abuse of psiphon servers". If somehow a server that logs surfing history is more secure and naturally limits abuse please support this assertion with a citation to a publication that is not your own, as this assertion would be contrary to common sense.
Also "In the main English wikipedia, there is still a need to avoid professional jargon and to keep language as simple and direct as the accurate treatment of subject matter permits." is quoted from the Wikipedia documentation. This means that all of the "social network" language should not only be eradicated from this section, but should come out of this article, especially because it is used here as psiphon specific jargon. For instance "such a set-up limits abuse of psiphon servers, which are limited in principle to a social network where clients and servers know and trust each other" could be put into plain English as "such a set-up limits abuse of psiphon servers, because the psiphon users know and trust their psiphon node administrator" Not that I agree that this particular statement should stay in (see the above proposed edit), but at least it states things in a simple way that avoids confusion. If there has been formal social network research that has been done in the area of data security and privacy that the psiphon software implicates please explain it and cite to the source. 151.205.177.250 12:15, 25 March 2007 (UTC)
- ""No client side software" will not offer security to anyone using psiphon if their equipment is seized." Though users would not have a copy of Psiphon on their computers I suppose their browser cache would still hold a record of all the pages they had viewed. The cache could be deleted, but it would still be possible for a forensic examiner to recover its contents from the users hard disk. To put the data beyond recovery the user would have to employ a specialised data erasure tool, and perform at least seven overwrites of their hard disk. Will users in countries like China be aware of, and have access to, such tools?
- My view on Psiphon is that any attempt to circumvent censorship is to be applauded, but Psiphon's capabilities must not be oversold. Potential users who consult Wikipedia need to be able to read a full and objective analysis of the software, warts and all. Attempts to delete critical comments must be resisted. Mrslippery 14:19, 25 March 2007 (UTC)
- Please note that the official psiphon user guide, found here: http://psiphon.civisec.org/samples/psiphon_guide.pdf makes explcit reference to using a cache deletion software after each use. I think the fact that the producers of the software, in their offiicial guide, make explicit reference to doing so should be taken into acccount. If we are going to assess something, I agree, let's not overstate it. But I have been struck by the extent to which a number of users are seemingly going out of there way to make ill-informed assertions about psiphon. Let us be fair, and at least take the time to look over the software, its code, its official user guide, and its FAQ before making these assertions.
- As to the "social network of trust" -- I do not believe this is jargon. It is the language used by the psiphon project itself, in all of its literature, and it's well explained in the FAQ, in the news articles referenced in this section. I believe in light of the extensive association, it should not be deleted but simply defined.Paineman 00:24, 26 March 2007 (UTC)paineman
- See for yourself http://en.wikipedia.org/wiki/Jargon Jargon is exactly what it is, and at its worst because it is insider speak for a simple concept which when expressed in normal English spells DANGER. But that's exactly what you seem to want, to talk about social network of trust to avoid spelling out that if you log onto a psiphon server that is compromised you are toast etc. Words like "explicit" in proximity to "social" and "network" and "trust" are used because it sounds important, scholarly and protective. But this is software that should have full disclosure in non-suger-coated language. And insistance that only idiots would and could get caught betrays disdain for the users of this software not to mention the semi-literate of this world. You see, not everbody has the opportunity to acquire an education, especially a high level education in the English language which is notoriously difficult to master. The assertions that the software is wonderful should be few, the clear, concise and conspicuous highlighting of the dangers of its use should be many and likewise clear and concise and above all understandable by those who are easily confused. One may think women who never had the opportunities had by the educated are stupid because they cannot read and understand the "high level concept" that the supposed social network of trust is and is not, but one has a moral responsibility to protect them although one may think they are lower on the social scale. And last, but not least, these information gathering servers with clients that report ip info to the central server are running on MS sofware, absolutely nuts. Yes, in the user materials it says "make sure your computer is virus free and you are fully patched" [not an exact quote]. Do you know what kind of ongoing herculean task it is to make that operating system fully patched??? And even in the fully patched versions known vulnerabilities abound. The "Social Network of Trust" language should be stricken everywhere it appears throughout the entire Wikipedia entry as it is both jargon, dangerously misleading and has no connection to any scholarship regarding social networks whatsoever. 151.205.177.250 05:16, 26 March 2007 (UTC)
- Do we have agreement or disagreement on the proposed edit:
"Psiphon requires no download on the client side, and thus offers
security andease-of-use for the end userin case of equipment seizure. But unlike Tor, psiphon is not an anonymizer, as the server logs all of the clients surfing history.At the same time, such a set-up limits abuse of psiphon servers, which are limited in principle to a social network where clients and servers know and trust each other."
- Lets get to the good faith editing :) 151.205.164.84 17:56, 26 March 2007 (UTC)
- I agree to the revised edit. However, I fundamentally disagree with striking "social network of trust" from the pisphon wikipedia article elsewhere where it is found. The term "social network of trust" is an explicit part of the psiphon software literature, its FAQ, its user guide, and in media and other articles based around it. It may be considered "jargon" (although I disagree that it is) by any one individual, but an encyclopedic article on psiphon has to include, and define it. Leaving it out because someone thinks it is "jargon" is like leaving out "psiphon" from the entry because you think it's a confusing spelling or not using the term "Tor" in a discussion of "the onion router" because the term "Tor" is jargon. You can define it, but you cannot erase it from the entry -- unless of course your intent is to completely abuse and undermine the entry.
- Proposal: Strike
At the same time, such a set-up limits abuse of psiphon servers, which are limited in principle to a social network where clients and servers know and trust each other. Psiphon also offers a substantial increase in security, and an improvement in detection avoidance, over open public proxies[opinion needs balancing]. Please see "Theoretical Problems" below for an alternative view on whether this software actually does offer a substantial increase in security, and an improvement in detection avoidance, over open public proxies.
- Add:
- Psiphon differs from previous approaches in that the users themselves have access to server software which is easily installed on the Microsoft Windows platform. The ease which users themselves are able to set up their own servers should, given a certain level of use of the sofware, result in a greater number of servers being online. A great number of servers online would make the task of attacking the overall user base more difficult for those hostile to use of the psiphon proxy than attacking a few centralized servers, because each individual web proxy would have to be disabled one by one.
- 151.205.164.84 20:41, 26 March 2007 (UTC)
- Does anybody disagree with this edit? 141.149.56.155 13:24, 28 March 2007 (UTC)
- Well, I assume this means that this particular edit is acceptable to all. 141.149.54.228 01:12, 30 March 2007 (UTC)
- Does anybody disagree with this edit? 141.149.56.155 13:24, 28 March 2007 (UTC)
-
-
-
- Proposed change to the 5th paragraph: Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access,
and the above underscores the importance that a psiphonode administrator and psiphonite have a level of trust that each will act responsibly when using psiphon[opinion needs balancing]. Please see "Theoretical Problems" below for an alternative view on whether psiphonode administrator access to a log of sites is a security risk.which makes the psiphon user subject to the consequences of any lack of good security practices and/or ill will of the psiphonode administrator, this also makes the psiphon user subject to possible censorship by the psiphonenode administrator. The authors of psiphon stress that these issues are "trust" issues, with exception of poor security practices, and should not present a problem because of the positive social relationship(s) between psiphon user(s) and psiphonode administrator(s). The theory being that if there is a good enough relationship to establish a psiphon user to psiphonode adminstrator tie, issues such as psiphonode censorship and ill will are not likely to arise, hence the term "social networks of trust" used in psiphon literature http://psiphon.civisec.org/faq1.html. 141.149.54.228 01:37, 30 March 2007 (UTC)
- Proposed change to the 5th paragraph: Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access,
-
-
- {{editprotected}} There is no need to add multiple editprotected tags; just one is enough to put the page on the list. I don't think it's appropriate to make these edits myself. I am willing to unprotect the page, however, to see whether everyone can edit without edit warring. Please start with edits that have found consensus on the talk page, and attempt to discuss rather than reverting whenever possible. CMummert · talk 02:34, 31 March 2007 (UTC)
- Anybody object to the above? 151.205.114.26 03:50, 3 April 2007 (UTC)
Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access, and the above underscores the importance that a psiphonode administrator and psiphonite have a level of trust that each will act responsibly when using psiphon[opinion needs balancing]. Please see "Theoretical Problems" below for an alternative view on whether psiphonode administrator access to a log of sites is a security risk. which makes the psiphon user subject to the consequences of any lack of good security practices and/or ill will of the psiphonode administrator, this also makes the psiphon user subject to possible censorship by the psiphonenode administrator. The authors of psiphon stress that these issues are "trust" issues, with exception of poor security practices, and should not present a problem because of the positive social relationship(s) between psiphon user(s) and psiphonode administrator(s). The theory being that if there is a good enough relationship to establish a psiphon user to psiphonode adminstrator tie, issues such as psiphonode censorship and ill will are not likely to arise, hence the term "social networks of trust" used in psiphon literature For this reason, a psiphonite must trust the psiphonode provider. Please see The psiphon FAQ and the psiphon User Guide for more information on best practices for both psiphonode providers and psiphonite users. One man salient 15:48, 3 April 2007 (UTC)
-
- "For this reason, a psiphonite must trust the psiphone provider." Should not be put in, it is an affirmative statement which is ambigious as to intent. "must trust" implies that if you do trust then everything will be fine and that you "must" repose trust in order to be ok. The only one I trust like that is perhaps my Mom. This language is blantant psiphon ad-speak, as is the "best practices language" which implies that "best" will make everything ok and fine. Its objectively written as it stands and should not have the candy coating at the end at all. 151.205.182.152 01:12, 9 April 2007 (UTC)
- Does anyone else have comment, if not I will insert the original change proposed above. 151.205.106.34 00:52, 12 April 2007 (UTC)
- "For this reason, a psiphonite must trust the psiphone provider." Should not be put in, it is an affirmative statement which is ambigious as to intent. "must trust" implies that if you do trust then everything will be fine and that you "must" repose trust in order to be ok. The only one I trust like that is perhaps my Mom. This language is blantant psiphon ad-speak, as is the "best practices language" which implies that "best" will make everything ok and fine. Its objectively written as it stands and should not have the candy coating at the end at all. 151.205.182.152 01:12, 9 April 2007 (UTC)
[edit] Quotation without citation should be removed
The quotation "According to Nart Villeneuve, Director of Technical Research from the Citizen Lab, "The idea is to get them to install this on their computer, and then deliver the location of that circumventor, to people in filtered countries by the means they know to be the most secure. What we're trying to build is a network of trust among people who know each other, rather than a large tech network that people can just tap into." should be removed as there is not citation to a publication wherein the quotation was gleaned. 68.161.21.37 16:48, 26 March 2007 (UTC)
- Does anybody have a citation for this quote? 151.205.164.84 14:26, 27 March 2007 (UTC)
- The source was in the external links section until an editor moved it to "News". See: Boyd, Clark. (March 10, 2004). Bypassing China's net firewall. BBC News. —Viriditas | Talk 14:45, 27 March 2007 (UTC)
- Then of course that source should be cited in the body and it should stay. 151.205.164.84 15:01, 27 March 2007 (UTC)
- The source was in the external links section until an editor moved it to "News". See: Boyd, Clark. (March 10, 2004). Bypassing China's net firewall. BBC News. —Viriditas | Talk 14:45, 27 March 2007 (UTC)
[edit] All mention of Wikipedia as a Service Should be Removed
The quotation "We're aiming at giving people access to sites like Wikipedia," and following sentance "a free, user-maintained online encyclopedia" should be removed as it is unseemly to have any Wikipedia bolstering material in the article. 68.161.21.37 17:12, 26 March 2007 (UTC)
-
- Paineman, would you please stop top posting, the new topic belongs underneath the older topics. It took Anchoress quite a bit of time to clean up the page, please don't mess it up again. Once you put it there I will respond. Let me get this straight though, you want me banned from this talk page? For requesting that we discuss specific edits? And for attempting to format the page properly? Calling for me to be banned is not exactly "welcoming". 68.161.21.37 17:15, 26 March 2007 (UTC)
- Also, I think the mentioning of Wikipedia gives the appearance of some psiphon/Wikipedia link being fostered, of which there is (to my knowledge) none. 151.205.164.84 18:18, 26 March 2007 (UTC)
- Does anybody know whether there exists policy regarding Wikipedia mentions in Wikipedia articles? 151.205.164.84 15:11, 27 March 2007 (UTC)
- Also, I think the mentioning of Wikipedia gives the appearance of some psiphon/Wikipedia link being fostered, of which there is (to my knowledge) none. 151.205.164.84 18:18, 26 March 2007 (UTC)
- Paineman, would you please stop top posting, the new topic belongs underneath the older topics. It took Anchoress quite a bit of time to clean up the page, please don't mess it up again. Once you put it there I will respond. Let me get this straight though, you want me banned from this talk page? For requesting that we discuss specific edits? And for attempting to format the page properly? Calling for me to be banned is not exactly "welcoming". 68.161.21.37 17:15, 26 March 2007 (UTC)
-
-
-
-
-
- Well you have a good point, as Wikipedia could be an internet destination that might be blocked by censors. But if you look at the psiphon literature they push Wikipedia, their demonstration on youtube I believe was Wikipedia. And if you look at the way in which the quote is put into the article it is not in the body, but highlighted almost as an advertisement up front. Google could have been mentioned, but was not, yahoo could have been mentioned but was not. It would make sense to me to have a rule that Wikipedia itself should not be mentioned in the articles because of the bias Wikipedia naturally has towards itself, unconscious or consious it is there just as surely as the bias a person would have towards him or herself. But if there is no such rule there is no such rule.... 151.205.164.84 02:00, 28 March 2007 (UTC)
- And, you have a good point about the quote in the lead. It could be easily moved into another section. —Viriditas | Talk 07:24, 28 March 2007 (UTC)
- But, when one considers where to move the quote it becomes apparent that it has no descriptive or informative function regarding psiphon. That Wikipedia is a free, user maintained encyclopdia does not describe psiphon, and for the balance of the quote the article itself already states that psiphon is a web censorship circumvention tool. This is why I thought that it was unseemly, it seems to have no function other than to try and infer Wikipedia's imprimatur. 141.149.56.155 13:20, 28 March 2007 (UTC)
- I also notice that the psiphon graphic entitled "how psiphon works" on the page has the Wikipedia "globe" and one other Wikipedia mark alongside two psiphon marks. 141.149.56.155 13:41, 28 March 2007 (UTC)
- The official, reliably sourced quote in the lead describes the application, and the official graphic illustrates a network view. The placement of the quote and graphic should correspond with WP policies and guidelines. I don't see a conflict of interest. WP has been (and probably continues to be) the subject of government censorship, and this has been widely covered in the media, so the issue has currency. That Psiphon chose to use WP as an example has no bearing on the accuracy of the article or the use of reliably sourced criticism. Keep in mind, WP is not the subject, but is only used as an example of how the software is used. If this still bothers you, take your concerns to User talk:Jimbo Wales. —Viriditas | Talk 20:56, 28 March 2007 (UTC)
- Let it stay then. 141.149.56.155 21:41, 28 March 2007 (UTC)
- I also notice that the psiphon graphic entitled "how psiphon works" on the page has the Wikipedia "globe" and one other Wikipedia mark alongside two psiphon marks. 141.149.56.155 13:41, 28 March 2007 (UTC)
- But, when one considers where to move the quote it becomes apparent that it has no descriptive or informative function regarding psiphon. That Wikipedia is a free, user maintained encyclopdia does not describe psiphon, and for the balance of the quote the article itself already states that psiphon is a web censorship circumvention tool. This is why I thought that it was unseemly, it seems to have no function other than to try and infer Wikipedia's imprimatur. 141.149.56.155 13:20, 28 March 2007 (UTC)
- And, you have a good point about the quote in the lead. It could be easily moved into another section. —Viriditas | Talk 07:24, 28 March 2007 (UTC)
- Well you have a good point, as Wikipedia could be an internet destination that might be blocked by censors. But if you look at the psiphon literature they push Wikipedia, their demonstration on youtube I believe was Wikipedia. And if you look at the way in which the quote is put into the article it is not in the body, but highlighted almost as an advertisement up front. Google could have been mentioned, but was not, yahoo could have been mentioned but was not. It would make sense to me to have a rule that Wikipedia itself should not be mentioned in the articles because of the bias Wikipedia naturally has towards itself, unconscious or consious it is there just as surely as the bias a person would have towards him or herself. But if there is no such rule there is no such rule.... 151.205.164.84 02:00, 28 March 2007 (UTC)
-
-
-
-
[edit] Discussion Practices that Violate Wikipedia Norms
People are posting to this discussion page contrary to wikipedia rules. They are posting without signing and making personal insults. They are re-editing their own comments, again contrary to wikipedia discussion norms. It is virtually impossible to track who is saying what, based on constant changes of IP addresses. I agree that the article should be improved by good faith, but I will not stand by while a Wikipedia article is abused with ill-informed personal rants. If a person whose post is shown to be not based on facts and is clearly writing negative, unobjective half-truths, responds with nothing but "no" they should not be allowed to participate in the discussion. "No" is not good faith nor productive dialogue. Everyone who wants to engage in dialogue in good faith should sign in.Paineman 20:28, 26 March 2007 (UTC)
- If by sign in you mean get a user name rather than edit and discuss anonymously although with IP address showing, that is missing the mark by a quite a bit. Good faith is simply the willingness to put aside ones own anger and bias and to act towards others with fair intentions. All of which I am presently doing. It has absolutely nothing to do with the decision to edit via a "sign in" name. 151.205.164.84 01:49, 27 March 2007 (UTC)
- By showing that you have animus towards anyone involved in the edit process you are extending the period of time the page is protected against edits. I suggest that we put together a body of agreed edits, act like people who are reasonable, and stop trying to get others in "trouble". The alternative is this article being protected for an extended period of time and absolutely for sure not being designated as a "good article". 151.205.164.84 17:07, 27 March 2007 (UTC)
- The Wikipedia article on Windows XP http://en.wikipedia.org/wiki/Windows_XP seems to have both the good and the bad of the software discussed in an intelligent fashion. It is a Wikipedia "Featured Article" and I suggest we consider using it as a model. For instance see the Section entitled "Common Criticisms" http://en.wikipedia.org/wiki/Windows_XP#Common_criticisms as an example of a section balancing the positive material with negative information. 151.205.164.84 18:53, 27 March 2007 (UTC)
- By showing that you have animus towards anyone involved in the edit process you are extending the period of time the page is protected against edits. I suggest that we put together a body of agreed edits, act like people who are reasonable, and stop trying to get others in "trouble". The alternative is this article being protected for an extended period of time and absolutely for sure not being designated as a "good article". 151.205.164.84 17:07, 27 March 2007 (UTC)
[edit] History and Functionality
The way this subject starts "Psiphon was originally implemented in Python..." sounds like the middle of a thought rather than the start of a section. I propose the following (with quotes taken from the psiphon site) at the beginning.
Psiphon is an internet proxy, described as "... a censorship circumvention solution that allows users to access blocked sites in countries where the Internet is censored." The psiphon sofware "...turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere." http://psiphon.civisec.org/faq1.html
141.149.56.155 00:36, 29 March 2007 (UTC)
The title History and Functionality justify the mention of python as the first programming language of use. psiphon is not quite an internet proxy, as it has a parser and HTML rewriter, which is quite different than the proxy approach. One man salient 02:27, 1 April 2007 (UTC)
[edit] Introduction
I think there is far too much of a "marketing" feel to the introduction, with too much personalization around the developers. I suggest the first two paragraphs be altered as follows.
Psiphon is a circumvention technology that works through social networks of trust and is designed to help Internet users bypass content-filtering systems setup by governments, such as China, North Korea, Iran, Myanmar, Saudi Arabia, United Arab Emirates, United States, Vietnam, Pakistan and others. It builds upon previous concepts and functions of proxy-based circumvention systems to get around content filtering. Psiphon was developed by the Citizen Lab at the University of Toronto.
Any objections?
-
- Thank you for your contribution to this talk page. I agree with you that there is a "marketing" feel to the introduction, but...the psiphon folks are in here, attempting to edit the entry, and opposing anything that is in their view "anti-psiphon". Your paragraph is fine, except for the "social networks of trust" as that in itself is part of the psiphon marketing; its function is to imply that there is a "network of trust" out there to help out, to protect, to make the internet a safe place... However, from a technical point of view psiphon really doesn't build upon other concepts, it is identical to them, "safeweb" etc. The only unique aspect of this software, perhaps, is that the user of medium sophistication is able to install the proxy server, with a desired end being that many proxies be established, in a decentralized fashion, therebye making censorship, and punishment of the end user, more difficult. The only time the "social network of trust" should be mentioned should be once in the article and only to acknowledge that its a term psiphon coined for choosing people you personally trust to run the psiphon node you connect to from the censored country. Also you need to sign your entry by adding 4 tilds (~)at the end, it will expand to your ip address or your Wikipedia user name plus the date and time. 151.205.166.59 17:47, 10 April 2007 (UTC)
- Rather than the above, I propose the following:
- Psiphon is a web proxy designed to help Internet users bypass content-filtering systems setup by governments, such as China, North Korea, Iran, Myanmar, Saudi Arabia, United Arab Emirates, United States, Vietnam, Pakistan and others. Psiphon was developed by the Citizen Lab at the University of Toronto. The makers of Psiphon claim that a recommended method of use by small groups of "trusted" associates differentiates Psiphon from regular proxy software.141.149.53.88 13:34, 16 April 2007 (UTC)
- Thank you for your contribution to this talk page. I agree with you that there is a "marketing" feel to the introduction, but...the psiphon folks are in here, attempting to edit the entry, and opposing anything that is in their view "anti-psiphon". Your paragraph is fine, except for the "social networks of trust" as that in itself is part of the psiphon marketing; its function is to imply that there is a "network of trust" out there to help out, to protect, to make the internet a safe place... However, from a technical point of view psiphon really doesn't build upon other concepts, it is identical to them, "safeweb" etc. The only unique aspect of this software, perhaps, is that the user of medium sophistication is able to install the proxy server, with a desired end being that many proxies be established, in a decentralized fashion, therebye making censorship, and punishment of the end user, more difficult. The only time the "social network of trust" should be mentioned should be once in the article and only to acknowledge that its a term psiphon coined for choosing people you personally trust to run the psiphon node you connect to from the censored country. Also you need to sign your entry by adding 4 tilds (~)at the end, it will expand to your ip address or your Wikipedia user name plus the date and time. 151.205.166.59 17:47, 10 April 2007 (UTC)
-
-
- Actually, the makers of psiphon claim it is differentiated from regular proxy software on a number of different levels, including ease of use (one download and install) and security (https) -- at least judging by the psiphon FAQ. So I'm not sure that saying the trusted part is the only thing that differenitates psiphon from regular proxy software is correct. I woudl alter what you say as follows:
-
-
-
-
-
-
- Psiphon is a web proxy designed to help Internet users securely bypass content-filtering systems setup by governments, such as China, North Korea, Iran, Myanmar, Saudi Arabia, United Arab Emirates, United States, Vietnam, Pakistan and others. Psiphon was developed by the Citizen Lab at the University of Toronto, building upon previous generations of web proxy software systems. Psiphon's recommended use is among private, trusted relationships that span censored and uncensored lcations (such as those that exist among friends and family members, for example) rather than as an open public proxy. Traffic between clients and servers in the Psiphon system is encrypted using the https protocol.Paineman 20:10, 16 April 2007 (UTC)
- I guess the "Safeweb" service was the most closely related to Psiphon, "triangle boy" etc. I propose the following:
- Psiphon is a web proxy designed to help Internet users securely bypass content-filtering systems setup by governments, such as China, North Korea, Iran, Myanmar, Saudi Arabia, United Arab Emirates, United States, Vietnam, Pakistan and others. Psiphon was developed by the Citizen Lab at the University of Toronto, building upon previous generations of web proxy software systems, such as the "Safeweb" and "Anonymizer" systems http://www.wired.com/politics/law/news/2002/02/50371, http://www.anonymizer.com/. Psiphon's recommended use is among private, trusted relationships that span censored and uncensored lcations (such as those that exist among friends and family members, for example) rather than as an open public proxy. Traffic between clients and servers in the Psiphon system is encrypted using the https protocol.151.205.165.95 13:48, 17 April 2007 (UTC)
- I guess the "Safeweb" service was the most closely related to Psiphon, "triangle boy" etc. I propose the following:
- Psiphon is a web proxy designed to help Internet users securely bypass content-filtering systems setup by governments, such as China, North Korea, Iran, Myanmar, Saudi Arabia, United Arab Emirates, United States, Vietnam, Pakistan and others. Psiphon was developed by the Citizen Lab at the University of Toronto, building upon previous generations of web proxy software systems. Psiphon's recommended use is among private, trusted relationships that span censored and uncensored lcations (such as those that exist among friends and family members, for example) rather than as an open public proxy. Traffic between clients and servers in the Psiphon system is encrypted using the https protocol.Paineman 20:10, 16 April 2007 (UTC)
-
-
-
-
-
-
-
-
-
-
-
- Do we have to put the URLs in the body? Why don't we simply link to the respective wikipedia entries of those systems? It looks cleaner. I also think we should mention Peacefire and CGI Proxy. I would propose a list that goes in alphabetical order, such as "Anonymizer, CGI Proxy, Peacefire, Safeweb, and others" with each of those linked to their respective wikipedia entries.Paineman 14:48, 17 April 2007 (UTC)
- Yes it should be cited in the body, actually I was thinking about taking out "China, North Korea, Iran, Myanmar, Saudi Arabia, United Arab Emirates, United States, Vietnam, Pakistan and others" and citing to a list there. The articles cited were chosen to be cited in the body because Safeweb is an example of a now defunct web proxy whose history, esp "triangle boy" is very relevent to Psiphon, as set out in the article, Anonymizer because it is an example of present art that Psiphon is presumably building on. The Wikipedia articles for Safeweb and Triangle Boy are both stubs with almost no information. But your alpha list of Wikipedia references would be good as an addition. Go ahead and make it a third link. BTW- why is the USA part of the filtered list? 151.205.165.95 15:15, 17 April 2007 (UTC)
- Do we have to put the URLs in the body? Why don't we simply link to the respective wikipedia entries of those systems? It looks cleaner. I also think we should mention Peacefire and CGI Proxy. I would propose a list that goes in alphabetical order, such as "Anonymizer, CGI Proxy, Peacefire, Safeweb, and others" with each of those linked to their respective wikipedia entries.Paineman 14:48, 17 April 2007 (UTC)
-
-
-
-
-
-
- What I will do is put the intro in with the Anonymizer & Safeweb refs, I'll cut the "countries list" down to China and Iran, and then if anybody deems it necessary they can add reference to additional countries and other web proxies. Any objections to that? 141.149.51.98 15:40, 18 April 2007 (UTC)
-
- Remove anonymizer & safeweb, psiphon was inspired by a lot of other project most notably peacefire's circumventor (http://www.peacefire.org/circumventor/simple-circumventor-instructions.html) and CGIProxy (http://www.jmarshall.com/tools/cgiproxy/).Nartv 16:04, 8 May 2007 (UTC)
-
-
- No, don't remove anonymizer & safeweb. Add a circumvetor cite because then it is complete, you have well known and widely adopted very early art -safeweb, present and very widely adopted art- anonymizer, and the very little known progenitor of Psiphon, peacefire's circumventor. I guess this means that we have to take out the stuff about Psiphon being unique in having a "no download" client? CGIProxy was not exactly ever in widespread general use, and not exactly unique. I'm sorry to say this but I doubt your motives are pure. I get the feeling you might prefer to eliminate the safeweb cite because the history of safeweb, set out in the cite, is a cautionary tale for web proxies in general (SafeWeb was CIA funded and claimed the CIA had examined their software and that it was secure...guess what, it wasn't), and the anonymizer cite because it currently competes with Psiphon.151.205.160.5 15:44, 10 May 2007 (UTC)
-
-
-
-
- Well as it currently stands it suggests that psiphon was "build[t] upon previous generations of web proxy software systems" which is true but the article currently suggests Anonymizer and SafeWeb as examples of what psiphon was built on. psiphon is an open source, private, web-based proxy that was inspired by Peacefire/CGIProxy, while unlike psiphon, Anonymizer and Safeweb are not open source, not private but public, ANONYMOUS surfing technologies. Read the article linked, Safeweb is "anonymous-surfing technology" that claimed "complete privacy" while Anonymizer is an "Internet privacy company". Peacefire & CGIProxy are open source and were created to bypass censorship (also the goal of psiphon), not for privacy or anonymity such as SafeWeb & Anonymizer. More than anything else those two influenced me the most. One of the major points about psiphon is that it is NOT an anonymity system and it is a private censorship circumvention system so lumping it with proprietary code designed for anonymity for public distribution is inaccurate, regardless of whatever you think my motivations are. (Tangent: psiphon's "no client download" does differ from others and the word "unique" is not currently in the current article (nor should it be).)Nartv 20:35, 10 May 2007 (UTC)
-
-
-
-
-
-
- You are not correct. Safeweb had the concept of individuals running their own proxies to circumvent censorship years before anyone. "Triangle Boy" they called it, and their graphic looks exactly like the one displayed on this page. The license is incidental, anonymity is incidental, Safeweb is the earliest generally used progenitor of Psiphon and should be listed as an early work upon which Psiphon is based. That you might not want to acknowledge a connection does not make the connection less real. Peacefire/CGI Proxy may be what you want to list, but it came way after Safeweb. I can understand your desire to whitewash the article as much as possible but I don't think it is appropriate. As I said before, go ahead and add the cite to Peacefire/CGI Proxy, but don't revert my edit. 151.205.106.27 03:01, 11 May 2007 (UTC)
-
-
-
-
-
-
-
-
- I am correct. I dont edit the article because I designed and helped develop the first versions of psiphon, I'll leave that to others to decide. I am simply pointing out what I feel are inaccuracies. I think it is funny that you are telling me what I did or did not do. The availability of the code is relevant because of the phrase "building upon" which suggests that psiphon built upon the code used in other projects since I had access to the cgiproxy/peacefire code I think "building upon" most accurately refers to those projects -- those are the ones that directly influenced me. Of course I am familiar to varying degress with many products used for censorship circumvention including Anonymizer, Safeweb (I never did use triangle boy, I belive it was p2p and not web-based anyway), tor, sixfour, peekabooty, freenet (not exactly a circumvention tool), gpass, phproxy (there are several php web-based proxies), freegate and others I don't currently recall. (the precursor to CGIProxy dates back to 1996 which I believe pre-dates SafeWeb but that is incidental). For Anonymizer and Safeweb (other than a proxy with a web-interface) my goal was to not build upon them. I did not want to make something that was for privacy/anonymity nor did I want to make something that was based on the sending out of ips/urls to the public nor was the code to be proprietary. Other than the fact that these two were used for censorship circumvention and were web=based proxies the rest was built in contrast to them. (tangent: the security vulns you keep implying I want to hide from are mostly based on SafeWeb's privacy/anonymity features, something that was never in the psiphon design). —The preceding unsigned comment was added by 65.95.116.69 (talk) 12:25, 11 May 2007 (UTC).
-
-
-
-
-
-
-
-
-
-
- http://reason.com/news/show/28329.html for triangle boy information. I understand that you as a developer don't personally think that you "built" upon safeweb. That does not really matter. Safeweb was a most pervasive anti-censorship tool, was widely used as an anti-censorship tool, existed for years, made a similar splash in the media as Psiphon when it was released, had triangle boy which allowed individual users to set up private "servers". Regardless of whether you personally took inspiration from it or not your work builds upon many of the concepts it pioneered. The fact that Psiphon doesn't protect anonymity is a flaw. The lack of a security measure does not represent a "feature" upon which to build or to get inspiration from. I also fail to see your point, you actually didn't want to make something for "privacy/anonymity", really?? How about from privacy and anonymity from the censors?151.205.161.121 13:27, 11 May 2007 (UTC)
-
-
-
-
-
-
-
-
-
-
-
-
- Believe me or not, I'm telling you about my actual experience and decisions, you are inserting your opinion of what I did and asserting it as fact. If you include those links then I suggest you change the "building upon" to at least "inspired by" or "similar too" and the state the ways in which they are different. And you should then append CGIProxy/Circumventor leaving them out, I feel, strips them of the proper attribution they deserve for inspiring me to work on psiphon in the first place. Regarding anonymity -- the term is often used incorrectly i.e. "anonymous proxies" and so on. True anonymity systems shield your identity from not only the resource you retrieve through it but also from the system itself (e.g. tor). psiphon (and other proxies) are one-hop proxies, you are not anonymous from the owner. People often claim that when using a proxy you are anonymous because the requested resource sees the IP of the proxy, but that is not true anonymity. The SSL connection between the user and the proxy protects that traffic from a snooping isp/govt (although a user must still be aware of the mitm attack). The goal of censorship circumvention software is primarily allow users to circumvent censorship (with the inherent risks of doing so) as securely as possible (in terms of their own govt being able to snoop their traffic) and to make the location of the proxy more difficult for the attacker to find and block. (Read "Choosing Circumvention" http://ice.citizenlab.org/mirror/choosing_circ-1.htm and http://ice.citizenlab.org/mirror/choosing_circ-2.htm for more information.) When I want to use an anonymity system I use tor, but there are reasons why I may choose not to depending on my specific situation in a censored country. Also, in many cases anonymity is not the users primary concern, see the pkblogs.com (seems like they are no longer active, but they had a great run) project for example since the "penalty risk" was low many users would rather use a fast, plaintext, one hop. There are a variety of tools in the anti-censorship tool box that meet different types of users needs. There was a need for a one-hop, easy to install, private web-based proxy so, based on my experience with setting up circumvention for people, I decided to make one.Nartv 15:12, 11 May 2007 (UTC)
- "...building upon previous generations of web proxy software systems..." Please note the word "generations", please notice the words "web proxy software systems". This is a general statement that is true. After that generally true statement I give two examples of web proxy software systems. The examples are of two significant web proxy software systems with significant history. The wording is not meant to delve into the specific code you drew your inspiration from. That information could be put into the article, but its place would be where the part about python comes into play, not the intro. Including CGIProxy/Circumventor in the intro would be ok, but not really necessary. If it makes you happy I would be glad to do so. 141.149.40.249 00:01, 12 May 2007 (UTC)
- Believe me or not, I'm telling you about my actual experience and decisions, you are inserting your opinion of what I did and asserting it as fact. If you include those links then I suggest you change the "building upon" to at least "inspired by" or "similar too" and the state the ways in which they are different. And you should then append CGIProxy/Circumventor leaving them out, I feel, strips them of the proper attribution they deserve for inspiring me to work on psiphon in the first place. Regarding anonymity -- the term is often used incorrectly i.e. "anonymous proxies" and so on. True anonymity systems shield your identity from not only the resource you retrieve through it but also from the system itself (e.g. tor). psiphon (and other proxies) are one-hop proxies, you are not anonymous from the owner. People often claim that when using a proxy you are anonymous because the requested resource sees the IP of the proxy, but that is not true anonymity. The SSL connection between the user and the proxy protects that traffic from a snooping isp/govt (although a user must still be aware of the mitm attack). The goal of censorship circumvention software is primarily allow users to circumvent censorship (with the inherent risks of doing so) as securely as possible (in terms of their own govt being able to snoop their traffic) and to make the location of the proxy more difficult for the attacker to find and block. (Read "Choosing Circumvention" http://ice.citizenlab.org/mirror/choosing_circ-1.htm and http://ice.citizenlab.org/mirror/choosing_circ-2.htm for more information.) When I want to use an anonymity system I use tor, but there are reasons why I may choose not to depending on my specific situation in a censored country. Also, in many cases anonymity is not the users primary concern, see the pkblogs.com (seems like they are no longer active, but they had a great run) project for example since the "penalty risk" was low many users would rather use a fast, plaintext, one hop. There are a variety of tools in the anti-censorship tool box that meet different types of users needs. There was a need for a one-hop, easy to install, private web-based proxy so, based on my experience with setting up circumvention for people, I decided to make one.Nartv 15:12, 11 May 2007 (UTC)
-
-
-
-
-
-
[edit] Theoretical Problems
Proposed replacement for the 1st paragraph of this section:
In order to increase the ease which a psiphon server can be implemented, the latest version of psiphon has an IP address ping back service, with each new server pinging the Citizen Lab server in Toronto Canada, which then responds by transmitting the numerical IP address of the new psiphon server back in plain text, directly to the new psiphon server. This provides easy reference for the novice psiphone server administrator, who then distributes the IP address to those who need to use psiphon. The "ping back" behavior is presently a default, but need not be chosen, the option to not ping is present in the psiphon server software http://psiphon.civisec.org/samples/psiphon_guide.pdf. The leader of the psiphon project, Ronald J. Deibert, in response to the question "What if someone hacks into Psiphon’s computers?" has reportedly stated that logs are taken off the Citizen Lab server regularly and that there is no reason anybody would want to hack into the Citizen Lab server http://www.worldchanging.com/archives/005963.html. This has raised the concern that the IP addresses and psiphon software download logs could fall into the wrong hands because of the perception that Professor Deibert may have a laissez-faire attitude about security, and because there is no guarantee that policy will not change http://addiator.blogspot.com/2007/01/psiphon-too-dangerous-to-install.html. The real world risks of log keeping was illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Zhi was subsequently arrested, convicted and sent to jail for 8 years. http://www.infoworld.com/article/06/02/09/75208_HNyahoohelpedjail_1.html Also see IEEE Internet Computing, Jan/Feb 2002 starting at page 40, by Ian Clarke, Scott G. Miller, Theodore W. Hong, Oskar Sandberg and Brandon Wiley, http://freenetproject.org/papers/freenet-ieee.pdf discussing in part the security risks inherent in approaches such as psiphon, with specific mention of the danger presented by logging by the services themselves, at pages 42-43. 141.149.54.228 03:55, 30 March 2007 (UTC)
- If there are no objections to this paragraph and the preceding proposed edits, http://en.wikipedia.org/wiki/Talk:Psiphon#History_and_Functionality, http://en.wikipedia.org/wiki/Talk:Psiphon#Quotation_without_citation_should_be_removed, http://en.wikipedia.org/wiki/Talk:Psiphon#History_and_Functionality_2, then I propose that the second paragraph of the "Theoretical Problems" page be stricken and that the page should be thereafter unprotected. 151.204.158.134 14:27, 30 March 2007 (UTC)
- I would think that this would also take this article out of the "Articles with minor POV problems" category. 151.204.158.134 14:34, 30 March 2007 (UTC)
The notion that the IP checking would expose psiphonodes does not take into account that the same IP address has had millions of hits and hundreds of thousands of visitors, making the signal to noise of actual psiphonodes asking for its external IP so low as to make the 'canonical list' absolutely useless, as 99% of the addresses hitting that IP are casual web browsers, not psiphonodes. So no, the above paragraph should not stand. As well, any website hosting censored content has this same problem. please, lets do more than just site articles when making a point.One man salient 14:01, 31 March 2007 (UTC)
- Only the site admin for the Citizen Lab would be privy to that kind of information, "signal to noise" etc. and I have no idea whether the log of the IP request has a tag that would differntiate it from other IP's, and I make no judgment as to what information is on the Citizen Lab server. The paragraph cites legitimate concerns which may never come to fruition, one certainly hopes the Citizen Lab server is never attacked, never compromised. However, I am an old enough dog to know that those who say "never" to security concerns are most often overly optimistic. But please, lets take this specifically rather than generally. Do you object to the following?:
Note: you don't have to be a site admin to resolve an IP address to a URL and then look at the IP address that psiphon connects in order to get the external IP address of a machine. Please keep these discussions on topic and do NOT jump to conclusions. One man salient 02:34, 1 April 2007 (UTC) In order to increase the ease which a psiphon server can be implemented, the latest version of psiphon has an IP address ping back service, with each new server pinging the Citizen Lab server in Toronto Canada, which then responds by transmitting the numerical IP address of the new psiphon server back in plain text, directly to the new psiphon server. This provides easy reference for the novice psiphone server administrator, who then distributes the IP address to those who need to use psiphon. The "ping back" behavior is presently a default, but need not be chosen, the option to not ping is present in the psiphon server software http://psiphon.civisec.org/samples/psiphon_guide.pdf.
- If not please indicate so or state a specific objection. Do you object to the following?:
The leader of the psiphon project, Ronald J. Deibert, in response to the question "What if someone hacks into Psiphon’s computers?" has reportedly stated that logs are taken off the Citizen Lab server regularly and that there is no reason anybody would want to hack into the Citizen Lab server http:/www.worldchanging.com/archives/005963.html.
http://blogs.law.harvard.edu/mediaberkman/tag/ron-deibert/ The question and answer period, near the end, is where the discussion about hacking into the servers takes place. Deibert seems to misunderstand the question at first, but a wide discussion takes place at which it is revealed that IPs are not regularly stored on Citizen Lab computers by somebody in the audience, presumably someone working on psiphon? There is no actual quotation by him saying "there is no reason anybody would want to hack into the Citizen Lab server" in reference to the IP vulnerability issue. Given this, I think we should remove the reference to the World Changing article, replacing it with the link to the archived talk, which is a primary source. In light of this, I also think it is probably unfair to personalize it around Deibert. I'm particularly concerned about the "laissez faire" suggestion below. The talk itself is entirely about Interent security, so I am not sure it is accurate to describe him as having such a view towards security. Instead I suggest we alter the one paragraph above and those below, and replace it with the following paragraph (Apologies for my edit format, I'm relatively new at this):
- Hi There. I actuallly did some research and found the actual audio and video recording of his talk, here:
Some have raised concerns that the IP addresses and the psiphon software download logs could fall into the wrong hands if the Citizen Lab computers were hacked or otherwise compromised. The real world risks of log keeping was illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Zhi was subsequently arrested, convicted and sent to jail for 8 years. http://www.infoworld.com/article/06/02/09/75208_HNyahoohelpedjail_1.html Also see IEEE Internet Computing, Jan/Feb 2002 starting at page 40, by Ian Clarke, Scott G. Miller, Theodore W. Hong, Oskar Sandberg and Brandon Wiley, http://freenetproject.org/papers/freenet-ieee.pdf discussing in part the security risks inherent in approaches such as psiphon, with specific mention of the danger presented by logging by the services themselves, at pages 42-43.
206.219.197.100 00:39, 1 April 2007 (UTC)
- If not please indicate so or state a specific objection. Do you object to the following?:
This has raised the concern that the IP addresses and psiphon software download logs could fall into the wrong hands because of the perception that Professor Deibert may have a laissez-faire attitude about security, and because there is no guarantee that policy will not change http://addiator.blogspot.com/2007/01/psiphon-too-dangerous-to-install.html.
- If not please indicate so or state a specific objection. Do you object to the following?:
The real world risks of log keeping was illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Zhi was subsequently arrested, convicted and sent to jail for 8 years. http://www.infoworld.com/article/06/02/09/75208_HNyahoohelpedjail_1.html. Also see IEEE Internet Computing, Jan/Feb 2002 starting at page 40, by Ian Clarke, Scott G. Miller, Theodore W. Hong, Oskar Sandberg and Brandon Wiley, http://freenetproject.org/papers/freenet-ieee.pdf discussing in part the security risks inherent in approaches such as psiphon, with specific mention of the danger presented by logging by the services themselves, at pages 42-43.
I object to any inference towards Deibert's attitude towards security. There is no proof of this, and as mentioned above, the blog entries that mention this take his comments out of context. One man salient 02:31, 1 April 2007 (UTC)
- If not please indicate so or state a specific objection. Do you object to the following?:
Also see IEEE Internet Computing, Jan/Feb 2002 starting at page 40, by Ian Clarke, Scott G. Miller, Theodore W. Hong, Oskar Sandberg and Brandon Wiley, http://freenetproject.org/papers/freenet-ieee.pdf discussing in part the security risks inherent in approaches such as psiphon, with specific mention of the danger presented by logging by the services themselves, at pages 42-43. 141.149.54.228 03:55, 30 March 2007 (UTC)
- If not please indicate so or state a specific objection. 141.149.36.230 22:49, 31 March 2007 (UTC)
freenet article listed above appears to be a dead link. Given that the article in question is not available, and there is no acutual lik to the article listed in IEEE Internet Computing, the above section should be removed from the article. Unreferenced items should not appear in wikipedia articles. The entire Theoretical problems section is filled with a list of issues that affect every single website that is hosted on the Internet, and should be removed for that reason, as every article on wikipedia, including wikipedia its self should list these theoretical problems if it is posted on the psiphon article. One man salient 14:13, 1 April 2007 (UTC)
-
- I just checked the link, it downloads a pdf. Is it claimed that the quotes attributed to Deibert http://addiator.blogspot.com/2007/01/psiphon-too-dangerous-to-install.html were misquoted? 141.149.34.39 16:39, 1 April 2007 (UTC)
please note from a comment above:
I copy from above in this discussion:
Hi There. I actuallly did some research and found the actual audio and video recording of his talk, here:
http://blogs.law.harvard.edu/mediaberkman/tag/ron-deibert/ The question and answer period, near the end, is where the discussion about hacking into the servers takes place. Deibert seems to misunderstand the question at first, but a wide discussion takes place at which it is revealed that IPs are not regularly stored on Citizen Lab computers by somebody in the audience, presumably someone working on psiphon? There is no actual quotation by him saying "there is no reason anybody would want to hack into the Citizen Lab server" in reference to the IP vulnerability issue. Given this, I think we should remove the reference to the World Changing article, replacing it with the link to the archived talk, which is a primary source. In light of this, I also think it is probably unfair to personalize it around Deibert. I'm particularly concerned about the "laissez faire" suggestion below. The talk itself is entirely about Interent security, so I am not sure it is accurate to describe him as having such a view towards security.
There is no operating server at http://www.freenetproject.org/ domain, so I don't know how you are downloading the .pdf. One man salient 20:14, 1 April 2007 (UTC)
- "Hi There. I actually did some research..." can speak for him or herself. And either one is accusing the author of the article I cited as misquoting or one is not. Which is it?? It simply cannot be both. If you accuse him of misquoting I am going to e-mail him straight away and we will see. And Salient the freenet project has been operating constantly, out of that very domain, for years. Is your internet censored? Actually I stumbled upon this myself, and that's exactly what Deibert said in the interview in response to a question that was essentially "what would someone find on psiphon's servers if they were compromised?" He quite clearly ducked the question by stating that there was no reason why one would want to break into the server and that there was good security. I'm looking for the video of the interview so I can cite it, but I did personally watch it myself and that's what happened. No wide ranging discussion etc., it was in a media interview that this happened not in a think tank type question/answer session. Also the freenet people would be pretty upset to know that they don't exist... The inability to reach the www.freentproject.org domain worries me, especially because I believe Salient is from psiphon. Salient is your internet access somehow compromised????151.205.114.26 03:43, 3 April 2007 (UTC)
The freenet article was not avaialable when i checked it, however it is now working. The article is 10 pages long, so the reference to pages 42-43 in the article is erroneous. I attempted to access the article from a home computer so please stop with this obsession you have with who I am. This makes me quiet uncomfortable, as privacy and a certain degree of annonymity is fundamental to the use of wikipedia. I am posting in the discussion thread, as requested by the Wikipedia Admins, and I am trying my best to explain any objections I have to a given edit request, and the discussions should address the article specifically. Unless 'who is one_man_salient' is going into the article, please refrain from discussions along these lines.
And in the spirit of this discussion topic: I recommend that the actual talk with Prof Deibert be posted as the link, as that is the source. That way people can make their own judgement. This was brought up by another user, which is why I referenced their words. You accuse Dr. Deibert of ducking a question which shows a real lack of respect, and completely violates wikipedia NPOV, as it is just your opinion. so stop with your opinions, please as I find them counter productive and quite annoying.One man salient 13:33, 3 April 2007 (UTC)
-
- Salient, according to Wikipedia guidelines those who have any personal interest in the subject matter are not permitted to edit. I asked quite in the open whether you are the same "salient" who is the administrator for the psiphon site, and all that I've got is silence on that matter from you. I assume you are the site administrator because of your very noticable silence. Plus, you did not deny that you posted the "call to arms" to all psiphonites to come to the "rescue" of psiphon in Wikipedia, also reasonable to conclude you are an interested party. You have been attacking everyone and anything that puts psiphon in less than favorable light, so your behavior is consistant with someone with a heavy self interest. Stop editing the article, you have no place here as you are incapable of having any objectivety because of your very real ties to the software. 151.205.181.15 16:12, 6 April 2007 (UTC)
- Also, that someone from the "test server" for psiphon has been editing is an outrage. Psiphon is attempting to censor criticism out of this wiki, and I will not permit it. 151.205.181.15 16:12, 6 April 2007 (UTC)
- I just cleaned up some references before noticing this discussion - don't think it should have any effect, except I changed the link for the IEEE article to an abstract. --Padraic 16:20, 7 April 2007 (UTC)
- Thank you for cleaning up the references, much appreciated. Regarding Prof Deibert, "This has raised the concern..." is nuetral POV language, it does not accuse Prof Deibert, simply informs there have been "some" that have this concern. The blog entry referenced, which is a significant one, does judge, and is quite unflattering in that judgment, way past the rather gentle language I used. However, the real source of concern is the text of Prof Deibert's quote as set out in the World Changing article. If the author of that article has misquoted Prof Deibert, lets say this out loud, then I will personally contact the individual that penned the article and figure it out. Otherwise lets not cite to a lecture that will require the reader to sit in his or her chair for a half an hour or so in order to absorb the relevent text. Reading, for most, is simply faster. Since the quoted material does not appear in the lecture it is also very apparent that the lecture is not the primary source in any case, or perhaps has been edited for easier listening. 151.205.106.34 14:40, 12 April 2007 (UTC)
- I just cleaned up some references before noticing this discussion - don't think it should have any effect, except I changed the link for the IEEE article to an abstract. --Padraic 16:20, 7 April 2007 (UTC)
- Also, that someone from the "test server" for psiphon has been editing is an outrage. Psiphon is attempting to censor criticism out of this wiki, and I will not permit it. 151.205.181.15 16:12, 6 April 2007 (UTC)
- Salient, according to Wikipedia guidelines those who have any personal interest in the subject matter are not permitted to edit. I asked quite in the open whether you are the same "salient" who is the administrator for the psiphon site, and all that I've got is silence on that matter from you. I assume you are the site administrator because of your very noticable silence. Plus, you did not deny that you posted the "call to arms" to all psiphonites to come to the "rescue" of psiphon in Wikipedia, also reasonable to conclude you are an interested party. You have been attacking everyone and anything that puts psiphon in less than favorable light, so your behavior is consistant with someone with a heavy self interest. Stop editing the article, you have no place here as you are incapable of having any objectivety because of your very real ties to the software. 151.205.181.15 16:12, 6 April 2007 (UTC)
So let's get this straight. A video record taped and recorded from the beginning of a lecture through to the end and including every second of the entire question and answer period -- including the question and answer referred to in a *BLOG* entry -- is somehow less satisfactory evidence than the blog that makes a reference to it? I am sorry, but you need to re-think what you are saying here. Your disputed blog reference has been superceded by primary evidence to which it refers. I believe the most appropriate suggestion was made much earlier, and I'll repost it here.
Some have raised concerns that the IP addresses and the psiphon software download logs could fall into the wrong hands if the Citizen Lab computers were hacked or otherwise compromised. The real world risks of log keeping was illustrated by the turn over of the e-mails of Li Zhi to the Chinese Government by Yahoo. Zhi was subsequently arrested, convicted and sent to jail for 8 years. http://www.infoworld.com/article/06/02/09/75208_HNyahoohelpedjail_1.html Also see IEEE Internet Computing, Jan/Feb 2002 starting at page 40, by Ian Clarke, Scott G. Miller, Theodore W. Hong, Oskar Sandberg and Brandon Wiley, http://freenetproject.org/papers/freenet-ieee.pdf discussing in part the security risks inherent in approaches such as psiphon, with specific mention of the danger presented by logging by the services themselves, at pages 42-43.
206.219.197.100 00:39, 1 April 2007 (UTC) .....with the caveat that appropriate referencing of this IEEE article must be done and verified. It sounds like there is some confusion as to whether it even exists or not, at least in terms of the page references. Does anyone have any objections?67.71.0.212 18:18, 12 April 2007 (UTC)
[edit] Logs
Also of concern is the feature "Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access", this is not a feature but an extreme security risk because psiphone can be used as a "honeynet" to ensnare users.
This should be heavily revised.
All traffic that passes through a proxy server can be observed and stored by the owner of the proxy. This affects all proxy systems, not just psiphon (only anonymity systems anonymize the user's traffic from the system itself).
If an attacker were to set up a a psiphon as a "honey pot" (it wouldn't be a "honey net") and try to convince people to use it -- despite the explicit instructions for users to only use the psiphons of people they know and trust -- the fact that psiphon keeps logs is, in this scenario, irrelevant as an attacker could easily capture all their own traffic anyway. The fact that logs are kept (the admin can turn off logging) is not, in this scenario, an "extreme risk" as the risk is in using the psiphon of someone you do not know or trust not the logs since the attacker can capture all their own traffic anyway.
What this passage should reflect is that if you violate the software's explicit directions and browse through the psiphon of someone you do not know or trust it can be risky as the owner of the psiphon (which could be a repressive government in a "honey pot" scenario) can see everything you do through it.
64.229.171.83 01:59, 13 April 2007 (UTC) Nart Villeneuve
-
- Welcome to the discussion. There is a difference in those things which one does not have to set up, default logging for instance, and those things that take effort to develop, for instance a capture of traffic. This is true for repressive governments as well as those in their employ. Once a record has been made, by default, one cannot "put the jinn back in the bottle", all that is then needed is to "harvest" the "ripe" records and prosecute your offenders. If psiphon keeps no records by default, even better to not have the capability to keep those records,( I don't program- but I bet a proxy does not necessarily have to keep records in order to work) then the bad folk would have to develop their own evidence rather than collect that which the software has conveniently made. 151.205.106.34 03:50, 13 April 2007 (UTC)-
-
-
-
- 1. The "honey pot" attack rests upon the ability to convince a user to the attackers node. That is the attack, agreed?.
-
-
-
-
-
- 2. It is trivial for an attacker to capture their computer's own traffic, agreed?
-
-
-
-
-
- 3. Thus "logs" are not the "extreme security risk" being tricked into using the "honey pot" is, agreed?
-
-
-
-
-
- Nartv 15:31, 13 April 2007 (UTC)
-
-
-
-
-
-
- Took the "extreme security risk" language out. My personal view does not belong in the entry. 68.161.22.24 17:02, 13 April 2007 (UTC)
-
-
-
[edit] Citation needed to back up "ease of installation" claims
There is the claim that Psiphon is "easy to install" (at least in Windows). Does anybody have a citation to back this up? 141.149.40.239 14:11, 26 April 2007 (UTC)
- If I don't hear anything on this issue I will take out the "easy to install" claims. 151.205.105.75 23:15, 27 April 2007 (UTC)
- I found this citation based on a review of Psiphon http://afs.eecs.harvard.edu/~goodell/blossom/bib/cache/psiphon.html
John is a 67 year old man, his knowledge of the Internet does not go beyond the ability to check his email. He is not very comfortable with new technology, and typically pays stores to install purchased software for him. John not only cannot install a web server, but does not know what a web server is. However, he has a family friend in Iran who wants to view web pages on human and women's rights, but they are block by the Iranian government. John wants to help his friend but is unsure how. He discovers Psiphon, which promises to be easy to install and use. Despite only installing a small fraction of the software on his computer, John decides to give Psiphon a try. He downloads the executable from the Psiphon website, and double-clicks it. Immediately a window opens on his machine which has a very clear and simple layout. John is not concerned with creating specific user accounts for his friend because the idea of trying to do such things confuses him. He only wants a simple bit of information he can send to his friend that will allow them to access the sites they want.
--Tomhannen 08:00, 28 April 2007 (UTC)
-
-
- This seems to be a link to an early developer, in python, description of what the developers hope pspiphon/python would do, therefore not adequate as a supporting citation for an "ease of use claim". I don't mind having it stated that there is some ease of use, and the only thing that makes it "hard" would be the requirement that you port-forward/open a port etc, but as we all know well my opinion does not matter and neither does the opinion of the psiphon developers. It has to be said/reviewed/tested by somebody else than the developers of psiphon, and not versions that do not presently exist, in order for it to be supported as a statement. Does anyone have a single review or article where the author of the article goes through the install process and remarks how easy it was?141.149.54.214 04:59, 29 April 2007 (UTC)
- Anybody else want to comment?151.205.184.22 02:49, 1 May 2007 (UTC)
- The language is presently this: "Psiphon differs from previous approaches in that the users themselves have access to server software which is easily installed on the Microsoft Windows platform. The ease which users themselves are able to set up their own servers...". I propose instead this: "The developers of Psiphon have tried to make setting up a server as easy as possible, and provide the user with a Microsoft Windows platform executable. If the servers are easy to set up then, given a certain level of use..." This is assuming that we can at least find some support for the Psiphon developers trying to make the present version easy to set up on Windoz. Any objections? 151.205.184.22 12:36, 1 May 2007 (UTC)
- Well, I've looked all over and cannot find even one place where the developers of psiphon claim it is easy to set up a server, so I can't even say they claim "ease of use". Therefore, "The developers of Psiphon have provided the user with a Microsoft Windows platform executable for the Psiphon server. If the server software attains a high level of use..." If I don't hear otherwise today I will make the substitution. 141.149.55.180 12:32, 2 May 2007 (UTC)
- The language is presently this: "Psiphon differs from previous approaches in that the users themselves have access to server software which is easily installed on the Microsoft Windows platform. The ease which users themselves are able to set up their own servers...". I propose instead this: "The developers of Psiphon have tried to make setting up a server as easy as possible, and provide the user with a Microsoft Windows platform executable. If the servers are easy to set up then, given a certain level of use..." This is assuming that we can at least find some support for the Psiphon developers trying to make the present version easy to set up on Windoz. Any objections? 151.205.184.22 12:36, 1 May 2007 (UTC)
- Anybody else want to comment?151.205.184.22 02:49, 1 May 2007 (UTC)
- This seems to be a link to an early developer, in python, description of what the developers hope pspiphon/python would do, therefore not adequate as a supporting citation for an "ease of use claim". I don't mind having it stated that there is some ease of use, and the only thing that makes it "hard" would be the requirement that you port-forward/open a port etc, but as we all know well my opinion does not matter and neither does the opinion of the psiphon developers. It has to be said/reviewed/tested by somebody else than the developers of psiphon, and not versions that do not presently exist, in order for it to be supported as a statement. Does anyone have a single review or article where the author of the article goes through the install process and remarks how easy it was?141.149.54.214 04:59, 29 April 2007 (UTC)
-
[edit] Advertisement
I didn't throw the "ad" script onto the page. But I'd be willing to make the article less "ad-like". This would involve removing ad-like stuff like: "We're aiming at giving people access to sites like Wikipedia," a free, user-maintained online encyclopedia, and other information and news sources, Michael Hull, psiphon's lead engineer, told CBC News Online.[1] and also stuff like: " The psiphon sofware "...turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere."[2] Both which are blatently boosterish. Anybody other than the Psiphon folks have any objection to me doing so?151.205.160.5 15:40, 10 May 2007 (UTC)
- As long as it is accurate :) Nartv 20:39, 10 May 2007 (UTC)
- This is going to involve a lot of "slicing and dicing". Is everyone comfortable with me holding the knife?? I certainly don't mind if the person who put up the ad script would step forward. Otherwise, going, going gone...151.205.108.126 20:13, 20 May 2007 (UTC)
-
-
- The ad script should go. The page has been modified repeatedly by people not connected to psiphon, and includes theoretical problems and criticisms. It is inaccurate and akin to vandalism.Paineman 15:27, 22 May 2007 (UTC)
-
-
-
-
- Uh, well, uh, maybe paineman there is some truth in that there are some ad-like qualities to the prose? I'm glad you stepped forward though. What would you do to make the intro in particular less an ad for Psiphon and more like an article written with a balanced POV? 151.205.167.142 21:27, 22 May 2007 (UTC)
-
-
-
-
-
-
- I think that the introduction is perfectly fine, except for the quotation, which was recommended to be removed but has not yet. I think it should go. I honestly do not see any "ad like" quality to it at all apart from that. By the way, can you refrain from sarcasm, like "Um, well, uh" -- it is really pointless.69.158.142.47 16:27, 24 May 2007 (UTC)
-
-
-
-
-
-
-
- agreed here on all scores.Paineman 17:29, 24 May 2007 (UTC)
- So if there are no objections, I'll remove the quotation. 151.205.177.93 19:53, 27 May 2007 (UTC)
- agreed here on all scores.Paineman 17:29, 24 May 2007 (UTC)
-
-
-
[edit] Portal:Free software selected article: Psiphon
Just to let you know. The purpose of selecting an article is both to point readers to the article and to highlight it to potential contributors. It will remain on the portal for a week or so. The previous selected article was gNewSense - a GNU/Linux distribution which specialises in removing all non-free software, including binary blob drivers.
For other interesting free software articles, you can take a look at the archive of PF's selectees. --Gronky (talk) 01:15, 20 May 2008 (UTC)