[liberationtech] Tor: Increased Internet blocking in Iran

Cameran Ashraf chashraf at ucla.edu
Wed Jan 12 19:14:28 PST 2011 

Hi Hal,

I think you are correct with your intuition on the political side.   
I've provided some recent political context for Iran in my blog post  
at global voices advocacy:  http://j.mp/g1WiAO

Since student's day (Dec. 7) in Iran there has been a huge upswing in  
the number of arrests and increasingly heated political rhetoric which  
has been coupled with very public claims of email interception,  
"Virtual police", cyber war, etc.   In support of your intuition and  
without going into details, we've seen changes in Iran's filtering and  
other aspects of their "national cyberspace" almost always being  
political and coinciding with protest days, significant arrests,  
political statements from both the Greens and the government, or other  
political posturing by the government.  In fact, many activists  
anticipated changes in Iran's filtering mechanisms in advance of Dec.  
7 which we may now be seeing with Tor.

Cameran



Quoting Hal Roberts <hroberts at cyber.law.harvard.edu>:

> My working theory for this sort of thing, mostly from what we know  
> about how China makes its blocking decisions, is that these odd  
> decisions about what gets blocked and what doesn't are not driven by  
> the sort of reasonable / clever technical motivations you describe  
> below but instead by political direction of technical decisions.
>
> This is to say that there are probably no smart techies in Iran who  
> are empowered to make the decision of what to block when to fight  
> tor for control of the network.  Instead, the techies wait for micro  
> level directions from political folks, who make decisions sometimes  
> for obvious reasons (political crises etc) and sometimes for small  
> reasons inscrutable from the outside (local corruption issues etc).
>
> One smart Chinese scholar makes the point that in fact Chinese  
> government techies have incentive not to completely block  
> circumvention tools because doing so would put them out of their  
> jobs.  According to this theory, the techies block the minimum they  
> are told to block by the political bosses.
>
> I don't have the ground level of knowledge of this sort of thing in  
> Iran that I do in China, so your theory below may be a better  
> description. But my intuition is that political actors are driving  
> the micro-details of blocking decisions much more than techies.
>
> -hal
>
> On 1/12/11 3:49 PM, liberationtech at lewman.us wrote:
>> The Great Potato Wall appears to be trying new things.  Recent traces
>> do not show ssl throttling anymore.  There is possible ssl intercept
>> and manipulation occurring.  There is definitely IP address blocking.
>> Interestingly, https:// gmail and google search are working fine.
>>
>> Any idiot can block the public Tor Network, we've know this for ages.
>> In fact, we told the world how to do it years ago at various
>> conferences.  It took until late 2009 for China to lead the world in
>> taking this step.  It seems Iran may be learning how to do this too.
>>
>> What's interesting is that our bridges are more affected than the public
>> relay list [1].  Depending upon your level of paranoia, there could be
>> two things going on:
>>
>> 1) The potato wall admins are testing technology to block the bridge
>> relays, because they are not generally published the world over (like
>> the public tor network relays are by design).  The admins feel they can
>> block the public tor network easily, so test the difficult parts; or
>>
>> 2) The admins are purposely allowing the public tor network to be accessed
>> so they can record which IP addresses in country are connecting to public
>> tor relays.  One could then use this list of people in the future.
>>
>> In either case, Tor can use any HTTP, HTTPS, or SOCKS proxy as an access
>> layer to connect to the public tor network [2].  Users in China are fond
>> of using VPNs to get past the GFW and then use Tor so the VPN provider
>> can't see what they're doing on the Internet.
>>
>> We're also working on hiding in the crowd of allowed traffic [3].
>>
>> The end goal is to help people, so we've suggested that people use tools
>> that work right now to get access to the outside world.  Using tor over
>> these tools will protect their privacy as well, see [2] again.
>>
>> Research continues.
>>
>> [1]
>> https://metrics.torproject.org/users.html?graph=bridge-users&start=&end=&country=ir#bridge-users
>> versus
>> https://metrics.torproject.org/users.html?graph=direct-users&start=&end=&country=ir#direct-users
>>
>> [2] https://www.torproject.org/docs/proxychain
>>
>> [3]
>> https://gitweb.torproject.org/tor.git/blob/HEAD:/doc/spec/proposals/ideas/xxx-pluggable-transport.txt
>>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you  
> click above) next to "would you like to receive list mail batched in  
> a daily digest?"
>
> You will need the user name and password you receive from the list  
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>

More information about the liberationtech mailing list