This article doesn't go far enough. It's an optimistic take written by an academic with a background studying P2P and privacy-preserving communications. I respect Eckersley's view and the dues he's paid to have that view, but I strongly disagree.<p>The economics of circumvention tools do not work.<p>One of the smallest regimes online activists target (the Islamic Republic of Iran) spends many, many tens of millions of dollars a year to fund militant groups in other countries. A safe estimate of the amount of money they would be capable of spending "without blinking" to defeat a newly-popular circumvention tool is 7 figures.<p>To put that rough figure in perspective, 7 figures may be more than any company has spent to assess the security of any release of any piece of software or hardware ever. Those assessments <i>always</i> find terrible things. So you have to start one of these projects assuming the responsibility for withstanding a 7 figure analytical assault by your adversary.<p>I think --- but can't support the thought with evidence --- that many advocates of circumvention tools are laboring under the idea that their adversaries aren't savvy enough to defeat these tools. For instance, ask anti-censorship advocates about the "great firewalls" or DPI systems; or don't, because they're bound to snicker about them to you anyways. We're talking about people dumb enough to think they can censor the Internet! How smart can they be?<p>Unfortunately, a million dollars demonstrably buys a <i>lot</i> of smart. Look to any major credit card exfiltration ring or botnet operator or pay-per-install site for evidence that there are many hundreds of people who can find vulnerabilities in software and are willing to do so for the highest bidder.<p>Into this environment, inject the fact that a vulnerability in circumvention software "turns" the tool, allowing it to be used as a dragnet to conduct sweeping arrests (or simply to create files on people for later use). We're talking about regimes that hang people from construction cranes for writing blog posts.<p>This isn't a technology problem. If you don't speak Farsi, you probably shouldn't be thinking about what you can do from your office chair in North America to help overthrow goverments.