Back in February, I wrote that the Syrian government’s decision to free up access to Facebook and other sites was a risky move, potentially designed to entrap Syrians.
In the nearly three months since, it seems like I was right: First came the reports of activists and non-activists being detained, their Facebook and other passwords demanded by authorities for the purpose of monitoring accounts and spying on contacts; now, as the EFF (where I’m now based) discovered yesterday (with help from one very brave Syrian contact), the government appears to be handing Facebook users fake SSL certificates on the HTTPS version of the site in order to conduct a man-in-the-middle attack and get ahold of users’ personal information.
Additionally, as Jake Appelbaum has tweeted, Tor seems to be blocked on some Syrian ISPs (Syrians on other ISPs have reported more recently that it’s working fine).
Without HTTPs and Tor, Syrians are not safe using Facebook. And when using any other HTTPS version of a site, users should inspect the SSL certificate very carefully.
7 replies on “What Syria’s Unblocking of Facebook Was Really About”
This is outrageous. This murderous regime must not go unpunished.
I wish someone would come out with an article explaining how to avoid false SSL certificates. I’ve heard some governments can create their own, valid, SSL certificates. I guess the best advice is to avoid social networks all together. I dunno.
Perhaps some of the resources you’re looking for are here? https://www.eff.org/observatory
Let me know if there’s something we can do to explain the process better. As a “non-geek” myself, I know it can be confusing at times.
Syria are using same method of Iranian authorities! Iran at least two times used fake SSL certification during protests! Honestly, both of them are good partner :)
To keep safe you need something to encrypt your outgoing traffic, like http://www.highspeedvpn.com/ or other VPN servive.
A proxy will just route your traffic, leaving it unencrypted. What is Tor, is it a VPN or a proxy? Sounds familiar.
If this ever happened in China they would shut down the Internet completely – they wouldn’t care about the world wide outcry against it.