What Syria’s Unblocking of Facebook Was Really About

Back in February, I wrote that the Syrian government’s decision to free up access to Facebook and other sites was a risky move, potentially designed to entrap Syrians.

In the nearly three months since, it seems like I was right: First came the reports of activists and non-activists being detained, their Facebook and other passwords demanded by authorities for the purpose of monitoring accounts and spying on contacts; now, as the EFF (where I’m now based) discovered yesterday (with help from one very brave Syrian contact), the government appears to be handing Facebook users fake SSL certificates on the HTTPS version of the site in order to conduct a man-in-the-middle attack and get ahold of users’ personal information.

Additionally, as Jake Appelbaum has tweeted, Tor seems to be blocked on some Syrian ISPs (Syrians on other ISPs have reported more recently that it’s working fine).

Without HTTPs and Tor, Syrians are not safe using Facebook. And when using any other HTTPS version of a site, users should inspect the SSL certificate very carefully.

7 replies on “What Syria’s Unblocking of Facebook Was Really About”

I wish someone would come out with an article explaining how to avoid false SSL certificates. I’ve heard some governments can create their own, valid, SSL certificates. I guess the best advice is to avoid social networks all together. I dunno.

Syria are using same method of Iranian authorities! Iran at least two times used fake SSL certification during protests! Honestly, both of them are good partner :)

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.