
Show HN: Streisand – Silence censorship, automate the effect - jlund
https://github.com/jlund/streisand
======
ritchiea
Can you clarify what this does? Even after reading the readme it's not clear
to me what it does or what the use case is. And the phrase "silence
censorship, automate the effect" is confusing since censorship is an attempt
to silence others. I am familiar with the Streisand effect, where an attempt
to hide information serves to publicize it. Does this library propagate
secure, encrypted servers? So if you feel in danger of being censored you can
quickly spread your message to other servers? Something more than that?

~~~
jlund
It sets up a new server running L2TP/IPsec, OpenSSH, OpenVPN, Shadowsocks,
Stunnel, and a Tor bridge. It also generates custom configuration instructions
for all of these services. At the end of the run you are given an HTML file
with instructions that can be shared with friends, family members, or fellow
activists that will help them connect to the new server.

The use case is to make it easier for people to set up servers that allow
individuals who live in countries where the Internet is being blocked to
circumvent these restrictions.

"Silence censorship" is meant to be sort of funny, but the idea is that
censors have had it too easy for too long, and an automated and repeatable
method of setting up an anti-censorship server can help change that.

"Automate the effect" is meant to reflect the fact that you can start as many
of these servers as you want. If a country starts censoring the Internet, more
servers will spring up in response.

I hope these explanations make sense. I will try to figure out a way to make
the README more clear.

~~~
click170
When you say "If a country starts censoring the Internet, more servers will
spring up in response." can you confirm that you (or I, as the person running
the servers/service) would have to initiate the spin up?

I want to read "more servers spring up in response" to mean that the program
automatically detects censorship using proxies in each country (or some other
magic?) and creates new servers if it detects blockages, but I have a sense
that that would be too good to be true...

~~~
jlund
That would be extremely cool. Maybe someday!

I meant that people can easily start more servers when a censorship event
happens.

~~~
nnnnni
...but how would people know when it happens if the information is censored
before it can get out?!

------
serf
I like the concept, but I am troubled by the idea of people running cookie-
cutter scripts to set up systems which are then left in charge of real-world
anonymity.

Could the suite of things installed by this software package be used as a
profiling vector in the future? How could that be avoided if so? I know that
your userbase is slim now and mass profiling probably doesn't apply yet, but
it's something to consider.

Are the installed defaults known to be sane and secure? That's another huge
worry when the configuration is taken out of my hands initially.

Sorry for the worrisome comments. I like the idea,

~~~
jlund
No problem. I totally understand.

I intentionally made it really easy to override the default values that I
chose for port numbers. It wouldn't be difficult to mix those up in the
future, if necessary.

I did my very best to make sure that I was configuring things in a secure way.
My approach to installing OpenVPN involves several additional steps that
harden its security, like setting up an HMAC firewall and changing the default
cipher from Blowfish to AES, for example. I take this seriously and I want to
do it right. I'm looking forward to getting contributions from the community
too.

I think that automation has the potential to significantly _increase_ security
because painful tasks that might be tempting to skip when someone is setting
things up by hand can become painless. In an ideal world every task can be
performed correctly and repeatedly.

I also did my best to fully document every single action that is taken. You
can see what is happening at at all times throughout the process. Ansible's
syntax is also very readable, so you can examine the steps before you run
anything too. I am optimistic that things will only get better :)

------
patcon
Awesome! Thanks! Might be great to kick off the readme with some anticipated
use-cases, just so people can understand right away who the target audience is
without reading through all the features. I mean, if I'm from a place being
censored, all the bullet points will probably scream at me, but if I'm not, it
takes a bit to determine that this product isn't particularly meant for me :)

~~~
jlund
Thanks for the feedback! I'm excited to see how people use this and what new
features might be helpful for them. I will be sure to incorporate that
information into the README.

------
jlund
I am happy to answer questions about this, if anyone has any. Or if anyone
finds any bugs or has other feedback, that would also be great.

~~~
eof
I had to:

    
    
        sudo pip install markupsafe  
    

in a fresh ubuntu to get it going for DO

~~~
jlund
I will add this to the README. Thanks!

~~~
eof
am now getting this, still on DO:

    
    
        TASK: [genesis-digitalocean | Get the latest 'Debian 7.0 x64' image ID from the DigitalOcean API] *** 
        fatal: [127.0.0.1] => a duplicate parameter was found in the argument string ()
    
        FATAL: all hosts have already failed -- aborting
    
        PLAY RECAP ******************************************************************** 
               to retry, use: --limit @/root/digitalocean.retry
    
        127.0.0.1                  : ok=4    changed=3    unreachable=1    failed=0

~~~
jlund
I just pushed a fix for this. If you pull, you should be good to go. The bug
was introduced in the new version of Ansible that came out two days ago. I
didn't catch it because I hadn't updated quite yet. Sorry about that!

Edit: I'm still working through a few other Ansible 1.6.8 issues as well.

Edit 2: I _think_ that I got them all.

~~~
mpdehaan2
Ansible 1.6.9 should already handle any quote issues you may have (other than
duplicate arg detection, which is intentionally there). Parsers! How do they
work? :)

~~~
Terretta
Ha. And many thanks to Tim G who's had a hectic couple of support days.

------
thegeomaster
Just a thought: in order to make these servers more undercover, you can bundle
in a port-knocking daemon (knockd) and have all ports initially closed. This
setting should be easily changeable, but it will also tremendously help impair
a third party's possibilities of profiling and figuring out valuable info
about the server.

~~~
jlund
I haven't ever done anything with port knocking before, but it's a neat idea
that could also be entertaining.

It's worth pointing out that most of the services Streisand sets up have
already been configured with countermeasures against passive scans. For
example, Shadowsocks doesn't respond with any identifying information at all
unless you have the proper symmetric key, and OpenVPN will drop all traffic
immediately if the connecting client can't sign its requests properly for the
HMAC firewall.

~~~
kolev
Maybe you should look into the more secure fwknop as an option instead of
knockd.

------
iuguy
This is similar to a project I worked on a while ago, Lahana[1] but on
steroids.

I like the approach, although it requires a little more knowhow to set up.
What would be really cool (if not already in) would be to ask the user which
services they want to run on setup. Not everyone will want/need to run all the
services, running extra services may make it easier to compromise an instance.

Jlund - if you feel like it, take a look at the lahana code[2] and if you feel
like implementing a VPN-Tor routing bridge feel free to use what you like.
Drop me a message if you get stuck. I don't have a lot of free time but will
help where I can.

[1] - [http://lahana.dreamcats.org/](http://lahana.dreamcats.org/)

[2] -
[https://github.com/stevelord/lahana](https://github.com/stevelord/lahana)

------
eof
Dockerized "pre-reqs" for streisand:[https://github.com/gdoteof/docker-
streisand](https://github.com/gdoteof/docker-streisand)

so you can just do

    
    
        docker run -i -t streisand

~~~
jlund
Very cool! I'll try to find some time to test the other providers, and
assuming everything looks good then I can add a link to this in the README.

------
chatmasta
Awesome. I'm actually building a company right now around an almost
_identical_ product. We aren't open sourcing it yet but we will eventually.
Would love to talk about this with you (email in profile).

Any plans to integrate AAA with radius or similar? Any plans for squidproxy?

Also, I'm planning on working on a tool to easily deploy Tor hidden services
as soon as I get some time. I think there's value in that aspect of your
project alone -- maybe consider breaking it off on its own.

~~~
jlund
I honestly hadn't even heard of AAA in the context of RADIUS before reading
about it on Wikipedia just now. I only tangentially know about RADIUS from
seeing it in various WiFi control panels over the years.

I considered using Squid somewhere in Streisand, thinking that it might be a
nice feature for mobile users in particular. However, one of my main goals
with this project was to set up servers that didn't log any information under
any circumstances about the sites that clients were visiting or their IP
addresses. A caching proxy by definition is going to have to store some of the
assets that users are requesting, so I abandoned the idea. Perhaps you are
using it differently though?

I appreciate the feedback! By the way, your email does not appear to be in
your profile.

~~~
chatmasta
Whoops -- it's there now.

------
eof
(currently live) instruction example:
[http://jsbin.com/wutonaka/1/](http://jsbin.com/wutonaka/1/)

------
paulannesley
Probably worth pointing out that this wont anonymize your traffic — instead of
coming from your home IP address, it will come from the IP address of a server
registered against your name and payment details.

That's not to detract from the functionality it does offer; just making sure
people don't get the wrong idea.

~~~
drdaeman
So, one has to just find a host that would respect their privacy and serve
their country with a big warm fuck-you response when asked about owner details
without a proper warrant, or - even better - that would only cooperate with
local law enforcement and won't give a damn about other jurisdiction demands.

Or get a host with some form of anonymous payment, like Bitcoin.

------
dmourati
Nice work. Love that streisand leverages ansible.

One thought, you ask for AWS credentials. Mine are already stored in
~/.aws/config for use in the official aws cli which I think I recall wraps
boto. It would be nice if the streisand setup could figure that out for me.

~~~
jlund
Thank you. I'm using Ansible's vars_prompt functionality to ask for these
values. I'm not sure if there is a way to skip a prompt if the information is
already available. I don't think there is right now, but Ansible is adding new
features fast and I will keep this in mind.

------
organman91
I hope that, besides Starcadian, you also listened to this:
[https://www.youtube.com/watch?v=9VQdVA2hjsA](https://www.youtube.com/watch?v=9VQdVA2hjsA)

~~~
jlund
Ha! This is going to be stuck in my head all day now.

------
heyalexej
I just walked through the live demo eof provided (thanks). It looks very
promising and well thought out. How many users could the smallest Amazon box
handle in a real world scenario?

~~~
jlund
Thanks! Bandwidth usage would probably become a limiting factor before CPU. It
also depends on which mix of services was being used. The services are all
lightweight enough that I don't think you'd have any issue with lots and lots
of concurrent users, even on a Micro.

------
arj
Has anyone run this on an amazon micro instance? I'm wondering how much is
needed for this to run, I'm guessing not much, hence the question :)

~~~
jlund
It works great on micro instances. That's actually the default option for new
EC2 instances that it creates.

~~~
arj
Sweet thanks, great project!

------
rbliss
Reference:
[http://en.wikipedia.org/wiki/Streisand_effect](http://en.wikipedia.org/wiki/Streisand_effect)

------
mixologic
I'm kinda concerned that if I star this project I'll get flagged in some NSA
database.

~~~
smsm42
Don't worry, you probably already are, as "person that worries too much about
his privacy, most probably has something to hide" ;)

------
aridiculous
This kind of work is so important to offset the threat of complete top-down
control. Thank you!

------
cpa
I made a long comment on the history of the right to be forgotten on another
thread that just fell off the frontpage. Definitely relevant to this thread
too!
[https://news.ycombinator.com/item?id=8083211](https://news.ycombinator.com/item?id=8083211)

------
nomnombunty
Question is will this circumvent the great firewall of China

~~~
jlund
Yes. OpenVPN (wrapped in stunnel), OpenSSH, Shadowsocks, and Tor (with the
obfs3 and ScrambleSuit pluggable transports) are all effective against the
Great Firewall. Streisand sets up and configures all of them.

