Can An Israeli Tech Startup Outsmart Iran's Internet Censors?

Iran protests 2ReutersIranian students protesting the 2009 election.

Hola, a free application that aims to accellerate the Internet and allow Web surfers to view whatever websites they like, regardless of region, has been a hit with users in the U.S. and Europe, who are employing it to watch foreign programming (from “Doctor Who” to sports) that is otherwise off limits, and to vastly expand Netflix’s offerings by accessing the company’s foreign sites.

But the software could be an even more significant game-changer for Web surfers living under repressive regimes.

Governments in China, Iran, and Saudi Arabia, among others, block their citizens from accessing a range of popular sites — from social networks like Facebook and Twitter to news sources like The New York Times — that they have deemed subversive.

But Hola is slowly beginning to pick up users in these countries. CEO Ofer Vilenski says his team has more work to do to optimise the software for such use, but they’re rolling out updates “every day” and hope to soon provide a reliable route around the firewalls.

OferHolaHola CEO Ofer Vilenski

Hola, which was originally developed simply as a way to speed up the internet by caching encrypted packets of data on users’ spare storage space, is not the only VPN proxy on the market. But it is free and unusually simple to use.

In theory, it’s also more powerful, because unlike similar systems, it does not use dedicated servers (which can be detected and blocked by censors), but instead routes traffic through other Hola users’ devices.

It also allows “power users” to write and share simple scripts that reroute traffic through different countries, essentially crowd-sourcing new pathways around firewalls.

So far, the results are promising. Users in Tehran who tried Hola at Business Insider’s request were able to access Facebook and other sites. And in initial tests performed by a team in China working with venture capitalist and prominent anti-censorship activist Isaac Mao, the service allowed users to circumvent the Great Firewall.

Internet privacy advocates contacted by Business Insider — none of whom were able to perform an in-depth analysis of the Hola software — were generally impressed by the company’s approach, but urged caution about relying on the program for security.

“We’re right at the beginning of people trying to deploy scenarios like this, where you turn the user base into a set of proxies,” notes James Vasile, director of the Open Internet Tools Project. “First were the Tor folks, who installed a bunch of servers all over the world and allowed people to voluntarily allow their computers to be used. Anybody who needs really good security should probably be using Tor. But this could work, too.”

Jonathan Zittrain, a professor of law and computer science at Harvard, points out that “it’s very different, trying to watch the BBC iPlayer for the purposes of entertainment versus someone trying to get content which might be criminal for them to see in China or Saudi Arabia, so one has to be very careful about what kind of anonymity is being promised.”

“You’re talking about real peoples’ lives,” agrees Adam Fisk, who was the lead engineer on the file-sharing tool LimeWire and has developed a pair of VPN proxy networks for circumvention purposes: uProxy (now a Google project) and Lantern, which is funded by the U.S. State Department.

Fisk says there is a lot to admire about Hola’s execution. “It’s theoretically really cool,” he says. “They’ve done a great job of usability for sure, and their user numbers are great.”

He and other analysts were troubled, though, by the fact that Hola’s code is not public, making it more or less impossible for outside observers to evaluate its safety. “For the tech community at large, the gold standard is making the software open source,” Zittrain says.

Zilenski and his cofounder, CTO Derry Shribman, will consider the idea, though they worry that making the software public could render it more vulnerable. “I would make it open source if we determined it would make it a better product,” Zilenski says.

It’s important to note that while the Hola plug-in encrypts everything, its browser extension does not. The plan, Vilenski says, is to merge the two into a single, secure product.

Hola’s aim is to allow users to completely obscure their identities if they choose, but the same trade-off that bedevils Tor and other VPN proxy services applies: The stealthier you want to be, the slower your connection will become. Vilenski plans to introduce a “lever” users can play with, which will allow them to select their preference for security versus speed on the fly.

For now, though, he adds a note of caution: “If you are going to get executed because you said something to someone, I can’t guarantee your safety,” he says, “and I don’t think Tor can guarantee it either.”

According to Isaac Mao, Chinese Web users have been burned before by similar applications, and may therefore be slow to adopt a new circumvention tool. One possible obstacle: the involvement of billionaire Li Ka-Shing, Asia’s richest individual and a stakeholder in Hola through his investment firm Horizon Ventures, which may cause some users in China to doubt the app’s security.

A representative for Horizon declined to comment about Hola.

As for how Li, who is presumably eager to maintain a cordial relationship with the People’s Republic, feels about Hola’s potential for undermining the government’s censorship efforts, Vilenski tells Business Insider Horizon got involved early on, when Hola was intended merely as an elegant way to build a faster internet.

“Horizon invested in us about three months before this particular value proposition came up,” he says. “[Li] just liked the idea of making a better Internet. He didn’t think it would go in this direction, and neither did I.”

It’s worth noting that Horizon also holds investments in Facebook, Skype and Bitpay, a bitcoin payment service, among many other startups.

“They’re great investors,” Vilenski adds. “They know they cannot interfere — not that they’d want to. It’s never even been a question.”

Whether Hola will ultimately unshackle millions of web surfers in China, Iran and elsewhere from censorship remains to be seen. These governments have massive teams of engineers dedicated to thwarting such efforts, and so far they have been tremendously effective.

The case of Haystack is a case in point. In the summer of 2009, a 25-year-old programmer named Austin Heap watched riveted, along with the rest of the world, as protests began to convulse Iran in the wake of the nation’s contested presidential election. Troubled by the Iranian government’s practice of censoring the Internet, Heap resolved to fight back from his home in San Francisco, building a program called Haystack designed to allow users in Iran to anonymously circumvent the firewall.

A shaggy-haired American computer geek taking on the Islamic Republic was an irresistible story. Heap received glowing coverage everywhere from Newsweek to Fox News, and the Guardian named him “innovator of the year.” The U.S. government granted Haystack a special export licence that allowed it to be distributed in Iran, despite international sanctions.

Wyoming Shell House ChinaUSA/SHELL-COMPANIES REUTERS/Kelly CarrIn mid-January, much of China’s web traffic was inadvertently sent to a VPN proxy service based out of this Wyoming home, a glitch, experts believe, caused by the Great Firewall.

But somewhere along the way, the heartwarming nerd-power narrative turned into a cautionary tale: Security expert Jacob Applebaum (better known now as a sometime representative for WikiLeaks and a co-author of a major NSA scoop in Der Spiegel) uncovered flaws in the software that could have left users’ identities exposed. “Haystack is the worst piece of software I have ever had the displeasure of ripping apart,” he tweeted. Heap withdrew Haystack soon after and warned Iranians against using it. (He later cofounded an online sweepstakes platform called TinySpark.)

Hola may eventually succeed where Haystack failed, but Vilenski admits his team still has some work ahead of it before they make any extravagant promises about security.

“Haystack came out very explicitly saying that you have no risk and everything’s 110% encrypted,” he recalls. “We don’t say that. I hope we can get there, but it’s not true yet. But, if you’re using Hola today you are more secure and less trackable because your IP is changing.”

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.