<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@ea0f4c91a5b345c28a6d514d7979be58" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@723ffc1d403f4aabbf8e2e1ab3090e2b">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@723ffc1d403f4aabbf8e2e1ab3090e2b" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>Well done! You’ve passed Module 1, and should have a clearer idea on what circumvention tools do, and where to use them. <strong>Now it’s time to choose a tool</strong>.</p>
<p style="text-align: center;"><img src="/assets/courseware/v1/17e7f9b1e8f959d9a790af289d447099/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-what-to-consider.png" alt="/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-what-to-consider" type="saveimage" target="[object Object]" width="50%" /></p>
<p>This section will present some <strong>guidelines for comparing tools</strong>. At the end, you should be able to make an <strong>informed decision</strong> on which one is the right one for you.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@b7e746e4b45e40a49918d6e64a053794" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@6b12e694bbfc47cab1b155a6634bdd42">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@6b12e694bbfc47cab1b155a6634bdd42" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<h2>1. Where are the tool and its servers based?</h2>
<h2><img src="/assets/courseware/v1/c07e7d7c507e3b8ecb1ae4a24c79fc35/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-location.png" alt="CT-location" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" /></h2>
<p>Remember that when you use a circumvention tool, all your internet traffic goes through the servers of the provider company (i.e. the company that owns and runs the tool. Though your ISP might not be able to see where you're going or what data you're sending across the internet, the circumvention tool can see everything! And those servers, and the company or organisation that runs them, are <strong>governed by the laws of the country in which they are situated</strong>.</p>
<p>So it follows that if the server or the provider company is located inside Iran, then the authorities can force them to hand over your data (e.g. a list of all the websites you have visited).</p>
<h2>2. Do I trust the source I want to download the tool from?</h2>
<p><img src="/assets/courseware/v1/1200486cbb0cd87a33eb9f7ba9a031a4/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-trust-source.png" alt="CT-trust-source" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" /></p>
<p>You should always look for an app store that is located outside Iran, and that has its users’ security in mind.</p>
<p>Later in this course, alongside the tools’ own websites, we will mention 3 sources that have set up <strong>security measures to protect their users</strong> online.</p>
<h2>3. Could my payments be tracked?</h2>
<p><img src="/assets/courseware/v1/d0b84889d0b8cc44c35aefaf94ec029f/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-payment.png" alt="CT-payment" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" /></p>
<p>There is an added risk with circumvention tools that use Iranian banking payment systems. Take, for example, a company which is physically located in Iran and uses an Iranian banking system. There is an added risk for users who buy a VPN from this company, since the <strong>authorities have the ability to track the payment</strong> and find out where the payment went. The authorities can then find the physical location of the company and force them to hand over user data.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@8d1970513b6b44798865c12bc4ff662d" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@0a3e114cbf994d4c90881fecae787aae">
<div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-block-type="problem" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@0a3e114cbf994d4c90881fecae787aae" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Payment system is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@37dec282807f4da18651391e3b7832aa" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@f45af3440a7246268149f00a725701fc">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@f45af3440a7246268149f00a725701fc" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<h2>4. What is the provider’s privacy/data use policy?</h2>
<p><img src="/assets/courseware/v1/1d0fb015cd21751aab954ce047a4dee6/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-privacy.png" alt="CT-privacy" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" />A trusted circumvention tool should never violate your privacy. <br /><br />Before using a circumvention tool, <strong>read the privacy/data use policy</strong> and/or terms and conditions page on their website or within their app. (A good circumvention tool will always tell you <strong>how they are going to treat your data</strong> - you can usually find a link in the footer of the website). <br /><br />Check what kinds of data they collect, and how they use it, and check that they won't share your data with governments or with private companies. If you see a line like “Your Name and email address will be shared with or sold to third parties” this means that the company will probably share your information with other parties. Many privacy policies are, of course, quite long and complicated - if you don’t have time to scan the whole thing, try searching for key phrases like “shared”, “third parties”, etc.</p>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@405f1cf37b224751b4f202c069a30aa8">
<div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-block-type="problem" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@405f1cf37b224751b4f202c069a30aa8" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Totem Privacy policies is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@6b3de601add6404a91b77d7960f084b9" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@d9c9813f202a49a9a833fc579d8eca60">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@d9c9813f202a49a9a833fc579d8eca60" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<h2>5. Does the tool provide encryption?</h2>
<p><img src="/assets/courseware/v1/93fcf8a73cf5af7afdb75d77b775f167/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-encrypted.png" alt="CT-encrypted" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" />As mentioned earlier in the course, a good circumvention tool will encrypt your connection so that third parties can't monitor your data as it travels along the infrastructure. Later in this course, you'll find some recommendations for secure circumvention tools that use encryption.</p>
<h2>6. Is the tool Open Source?</h2>
<p><img src="/assets/courseware/v1/9c5468e9c8373c99f29d81f9dd353ca1/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-open-source.png" alt="CT-open-source" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" />Some circumvention tools are also Open Source. This means that the tool's code is available for independent security researchers to audit - in other words, to check that the tool does what it claims to do, to check that strong encryption has been implemented (properly), and so on.<br />(Learn more about Open Source technology in Totem's <a href="https://learn.totem-project.org/courses/course-v1:Totem+TP_SM_001+course/about" target="_blank">Secure Messaging Apps</a> course.)</p>
<h2>7. Has the tool been security audited?</h2>
<p><img src="/assets/courseware/v1/72c31bf26d807e270bea73e02ee34f95/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-security-audit.png" alt="CT-security-audit" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" />If a circumvention tool has passed an independent security audit, this means it has been checked by trusted, independent security analysts. In this case we can be sure (or as sure as possible) that it is secure, and safe to use. The tool provider will most probably mention that on their website, their blog or their privacy policy page.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@22d823fbe790421a827d333b75e3473e" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@511bbe3bfb814079a025c8c791de3061">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@511bbe3bfb814079a025c8c791de3061" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>Once you have chosen the best, most secure circumvention tool for your needs, there are a few key things to keep in mind.</p>
<h2>8. What permissions does the tool ask for?</h2>
<p><img src="/assets/courseware/v1/b2518dcb4834e06deda8331129f8e585/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-check-perimission.png" alt="CT-check-perimission" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" /></p>
<p>When you install an app on your smartphone or tablet, make sure that you always check which permissions you are granting the app. No circumvention tool needs to have access to your contact list, photo gallery or text messages for the tool to function. <strong>Never</strong> grant these kinds of permissions.</p>
<blockquote>
<blockquote>
<ul>
<li>Read more about Android Permissions (in <a href="https://support.google.com/googleplay/answer/6270602?hl=fa" target="_blank">Persian</a> and <a href="https://support.google.com/googleplay/answer/6270602?hl=en-GB" target="_blank">English</a>)</li>
<li><a href="https://www.howtogeek.com/211623/how-to-manage-app-permissions-on-your-iphone-or-ipad/" target="_blank">Read more on how to manage permissions on iOS (iPhone, iPad)</a> (available only in English, not in Persian)</li>
</ul>
</blockquote>
</blockquote>
<h2>9. Is my account password secure?</h2>
<p><img src="/assets/courseware/v1/86f39ed9a4f9ba611b87a87042aadc6d/asset-v1:Totem+TP_CT_EN+001+type@asset+block/CT-secure-password.png" alt="CT-secure-password" type="saveimage" target="[object Object]" width="10%" hspace="20" align="right" />Many circumvention tools require a registration process, which means you need to register and login with a username and password in order to use it. If this is the case, make sure to use a password that’s secure.</p>
<p>For more information on how to create and store secure passwords, follow Totem's course on <a href="https://learn.totem-project.org/courses/course-v1:Totem+TP_SP_001+course/about" target="_blank">Secure Passwords</a>.</p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@061c239f673842478a7d1a5ff743b651" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@html+block@20cb8ee7be5540518cee34da4a943f11">
<div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@html+block@20cb8ee7be5540518cee34da4a943f11" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "HTMLModule"}
</script>
<p>When choosing and using a circumvention tool, ask:</p>
<blockquote>
<ul>
<li>Where are the tool and its servers based?</li>
<li>Could my payments be tracked?</li>
<li>Do I trust the source I want to download the tool from?</li>
<li>What will the tool provider do with my information?</li>
<li>Does the tool provide encryption?</li>
<li>Is the tool Open Source?</li>
<li>Has the tool been security audited?</li>
<li>What permissions does the tool ask for?</li>
<li>Is my account password secure?</li>
</ul>
</blockquote>
<p></p>
<p style="text-align: center;"><img src="/assets/courseware/v1/b06126464df7e41fc5aece52ae499479/asset-v1:Totem+TP_CT_EN+001+type@asset+block/totem-ct-criteria.gif" alt="totem-ct-criteria" type="saveimage" target="[object Object]" width="50%" /></p>
<p style="text-align: center;"><em>Credit: Translated from What is a Safe VPN </em><br /><em>made by the <a href="https://iranhumanrights.org/" target="_blank">Center for Human Rights in Iran</a></em></p>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>
<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:Totem+TP_CT_EN+001" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@vertical+block@1d7cf69701914ef1ba61508f81e84175" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@9cb20f5b4ad441b986a90c80b9925b60">
<div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:Totem+TP_CT_EN+001" data-block-type="problem" data-usage-id="block-v1:Totem+TP_CT_EN+001+type@problem+block@9cb20f5b4ad441b986a90c80b9925b60" data-request-token="9878af14a04d11ebb5bc0242ac120009" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Exercise: VPN Permissions is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>