Update on Internet censorship in Iran

Here's a quick update on what we're seeing from Tor clients in Iran. This is an update to https://blog.torproject.org/blog/new-blocking-activity-iran. It appears that one of the five Iranian ISPs is experimenting in blocking censorship circumvention tools; such as Tor, Freegate, Ultrasurf, and Hot Spot Shield. There have been reports that this update to censorship technologies was coming soon, https://www.azadcyber.info/articles/1560.

Previously, we had data suggesting that ssl-connections were being throttled or experiencing a forced reduced-throughput. It seems this is no longer the case. A simple IP address access list is used to stop access to the public Tor nodes, as well as many Tor bridges. An example of this blocklist on the Iranian Tor users:

and

We are seeing success in users choosing to configure their Tor clients to use a socks or https proxy and then connecting to the public Tor network. The trick here is that Iranian tor users now look to be coming from wherever the open proxy is located. A few volunteers in Europe and SE Asia have setup proxy servers restricted to Iranian IP space.

On a more technical level, here's what we were seeing last week for ssl manipulation, https://blog.torproject.org/files/https-traffic-flow.txt. What's interesting is the tor-server to client communication is with a TTL of 40. The TLSv1 Encrypted Alert is from the tor-server, except the TTL is 39. Unless the tor-server suddenly jumped one hop further from the client, something intercepted the connection and injected that packet on behalf of the tor-server.

This week we're seeing straight IP blocking after the ssl handshake starts, https://blog.torproject.org/files/ip-blocking.txt. In both cases, this is to the same tor bridge from the same tor client as before.

In a short few months, Iran has vastly improved the sophistication of their censorship technologies. Right now, the best option is to use tor through open socks/https proxies. A risk is the open proxies can see you are using tor, but cannot see the traffic passing through the open proxy, for everything is wrapped in layers of encryption by Tor. However, it appears the Iranian Potato Wall can detect Tor or not in any case by analyzing the traffic on the wire. We have reports this is true for other circumvention tools as well.

I thank the many people that have taken risks to share data with us.

Anonymous

January 21, 2011

Permalink

yeah that unfortunate is happening
I don't know why they try to do this stupid work instead of more useful works they can do
please email me any result
I'll be happy to know why tor doesn't work and what's the solution ! :(
lizadel.lucaus@gmail.com

Here is the solution for Iranian usres:

http://douran.wordpress.com/2011/01/24/aol9-6_and_tor/

(a Persian guide: How to access TOR from iran)

I tested and it worked like charm ;)

ایرانیان عزیز میتوانید از آدرس فوق، روشی جدید برای استفاده از فیلترشکن تور که در ایران مسدود شده را بیاموزید

Anonymous

January 21, 2011

Permalink

Hi Phobos, I'm trying to use Tor inside Iran, so this is very relevant and useful for me. Thanks for working on this. However, the Iranian authorities have blocked the list of proxy servers mentioned in your post (www.inet.no/dante/), and unfortunately I haven't been able to find an alternative list of proxy servers that works and isn't blocked. I'm getting a friend to email me the contents of the Norwegian website, but in future it might be really good if you could list the proxies in your blog.

Anonymous

January 21, 2011

Permalink

Any idea?
here in Iran we don't have more access...just ur httpS torproject.org is accessible!

Anonymous

January 21, 2011

Permalink

It seems that Tor has a serious flaw that makes it possible to deactivate it by "a simple IP address access list" that "is used to stop access to the public Tor nodes, as well as many Tor bridges." I should correct that by saying that none of the Tor bridges worked. In fact except for once, the request for Tor bridges from withing Gmail didn't work any more right about the same time as the new censorship.I wonder how they could stop tor from sending bridges by email.

One wonders why this could not be done by the Chinese before and they could never block Tor altogether as the Ira nians did. Nevertheless it has been done now and measures to overcome the flaw should be taken ASAP. Being very important by itself and without intending to downplay the Internet censorship in Ira n, this is a clear indication that an ingenious solution to this "ingenious" problem needs to be found otherwise tor will lose its viability in not so distant future.

Using tor from different pc's gave exactly the same line:
[Notice] No current certificate known for authority moria1; launching request.

Blocking the public list of relays is easy, we've always known this. Enumerating all of the bridges is difficult, we've always known this. It seems the Iranian government has decided to not play the game of whack-a-mole with IP addresses, but rather take the next step in the arms race: deep packet inspection and stateful inspection of traffic flows. This is more advanced than nearly any other country in the world to date, and more so than many corporate firewalls.

Further testing indicates they are not merely detecting "SSL or not" but rather able to detect "Tor's SSL or not" and "freegate's SSL or not" and "ultrasurf's SSL or not" and handle each individually. They are able to do this for their entirety of Internet traffic in real-time. This ability to snipe traffic is both impressive and depressing at once given the scale involved.

We are working on solutions to this exact problem. Rather than play a shell game with the censors as to which technique we're going to use, we will implement platform enhancements to thoroughly camouflage Tor's traffic on the wire. Any other technique we choose is going to accelerate a tangential arms race. Millions of bridges and relays, changing Tor's SSL utilization, and other shell games simply arbitrage the speed with which Iran can deploy counter-efforts.

An ultimate end to the arms race is to make a country choose to either disconnect or not. Iran has not shown a willingness to disconnect, for it may harm their economy and anger a vastly larger portion of their citizens. Therefore, we take advantage of their need to be on the Internet and camouflage Tor accordingly.

The Iranian government has, in less than a year and starting from scratch, caught up and now surpassed the Tor project in technical ability. Tor will now start down the cat and mouse road, which means it has already lost.

This SSL fingerprinting in fact just the beginning. Tor traffic sticks out like a sore thumb on the wire in many different ways. You've known this for years, unfortunately your progress in the matter has been hijacked by academics who care more about publishing (results which vastly underestimate the accuracy and efficiency of these attacks because of their incorrect math) and their salaries than they do the Tor users.

Tor is a ghost of what it could have been. All that's left is a source of income for paper pushers and code monkeys who cannot innovate and actively work against those who do.

Good luck to some poor Iranian kids who will go for something like Haystack instead and end up in Evin...

الإيرانيون المساعدة من الروس. وقد الروس مساعدة الايرانيين خوض حروب الأفيون ، في حين أخذ تلك الأدوية لإعادة البيع للأميركيين.

حجة الخاص بك هو ان الحكومة الايرانية قد تجاوز القدرة التقنية للتور. وأعتقد أن هذا غير صحيح. وقد أظهرت تور مرارا على مدى السنوات قدرة ذكية جدا للتغلب على مثل القط والفأر والالعاب الانفجار تماما العدو للخروج من الطريق لسنوات.

حقيقة أن مجموعة من الايرانيين غبي مع مساعدة من الروس يمكن أن تفعل ما ينبغي أن جميع هذه الشركات الأميركية والأوروبية لا يستطيع قول الكثير عن عجزها الصارخ للغرب. اخترع العرب الرياضيات الحديثة ، وحساب التفاضل والتكامل ، واستمرت إلى مهندس الأشياء الرائعة في حين أن العالم الغربي كان مشغولا جدا الماعز sexing في العصور المظلمة.

والمشكلة هي مؤقتة. سوف تور التغلب بمساعدة من العديد من العرب مساعدة لها في الوقت الراهن. العالم الغربي حمقى ولن تجد حلا.

That's hilarious. In which countries is torproject.org blocked? The ones whose people are too busy sexing goats, I guess...

Well, well, well. Look at the cats fight now. Rather than offering help to keep the citizens of Iran from being oppressed, let's all feed on a temporarily weakened tor. Idiots and inbreds the lot of you. This is how dictators maintain power as you people fight over the scraps of a dying American Empire.

Wake up. Tunisia made progress. Iran is slipping behind. Time for another failed CIA plot to kill a leader and put another dictator in power.

You can all fight amongst yourselves or join together and defeat Iran forever. History shows you'll choose to fight amongst yourselves rather than mature and cooperate for the greater good.

Offering to "help"? As in, also receiving a salary from the US State Department? Sure, where do I send a CV? :) You speak as if Tor is an open, collaborative project. It's not, Tor is made up of *employees* who work for money, not passion. Otherwise they'd be volunteers, not professional students demanding donation money.

Tunisia made progress? Give me a break, torproject.org is currently blocked there, classified as pornography.

Good luck with that "greater good" stuff.

You seem to have a healthy self-defeating world view going there. I'm curious about all of the fully-unpaid "passion-only" software you run on your computer?

You seem to be saying all hope in the world is lost, because the best shot we had in terms of an open source option for censorship resistance happens to be the recipient of some government grants designed to enhance the public good (for once)?

AFAIK, no one ever sent a CV in to TOR to work there. All the names I recognize on https://www.torproject.org/about/corepeople.html.en were volunteers for years. At least half of them still are.

So, because of some gov't grants, people who volunteered for years were able to quit their day jobs (probably taking a 30%+ pay cut: http://www.nten.org/blog/2008/04/09/are-you-paid-what-youre-worth-nonpr…) just to put a few more than 24 hours per day into something they love.

And it's blocked now, so just give up? Just laugh at them and go back to staring at the wall? I guess you're right. Sure would like a shot or two of whatever you're drinking to pass the time though.

Sure seems to help you accomplish a lot.

I much rather my taxes spent on Tor than on warmongering control freaks. Funding Tor is the best thing the State Dept has done in the past 50 years. BILLIONS are sent to shady contractors selling snakeoil getting soldiers killed globally. Tor gets a measly $500k from the State Dept and everyone bitches at them. I want Tor to get the millions spent on this stupid trusted identity crap rather than the other way around.

Anonymity sets you free. Identity is used to control you. Until you live under a dictator, you will not understand.

Anonymous

January 22, 2011

Permalink

PLEASE HELP US IN IRAN TO SOLVE THIS PROBLEM BY UPDATING THE TOR PROGRAM FOR SAFE INTERNET USING.

خواهر کسده روزی که ایران آزاد بشه تو رو مثل موش کثیف از ایران میندازیم توی فاضلاب کره شمالی

Anonymous

January 22, 2011

Permalink

the only working program now is Ultrasurf and it doesn't work properly.
please help in any way you know!
thank you for your time

Anonymous

January 23, 2011

Permalink

I've tested the tor program in computer that was ipm (Theoretical Physics and Mathematics) client network.

Although the IPM does not apply filtering in iran, tor Can not connect to server.

Anonymous

January 23, 2011

Permalink

Hi,

what are the names of the four iran isp's and which isp is experimenting with new blocking technics?

thanks in advance

Anonymous

January 23, 2011

Permalink

Hi
I'm from Iran & I have serious problem to work on the net without Tor!!!
Please Help all of us in Iran
Thanks

Anonymous

January 23, 2011

Permalink

hey,
is there's a way to spread non-published TOR BRIDGES to help these people ?

We have been using human social networks to spread non-published bridges. The risk is the age-old problem of an adversary discovering everyone in the network by identifying a few.

If Tor use is able to be identified by traffic shaping hardware, then why would it be difficult to identify unpublished Tor (bridge) nodes? I suspect the only reason this may not presently occur is that they have not found it particularly necessary to do so. If Tor communications can be identified, then it should prove irrelvant whether a bridge connection is ever published or not.

If you're unable to run through the middlemen unseen, then you have a big problem with regards the viability of the Tor system.

I've had an unpublished Tor bridge node running for a good while now and would love to be able to advertise it to those needing it, but how? I need an ability to be able to pass my details on to only a very few people. I've grown tired with trying to reestablish working bridges these days as they're always blocked so very quickly as soon as I publish to the Tor network (specifically with regards China).

I sincerely appreciate the Tor effort, but I feel the people behind it really should start to entertain more radical changes in how the network operates if they truly do wish to create what they say they do. As it stands now, Tor as a network exists only at the behest of controlling governments, a comical position considering its stated goal.

It may not work for everybody. That doesn't mean it fails to work for others. And thus Tor is a successful project. Ideally things will get better for those it doesn't currently work for or has stopped working for. Tor has many users and not all countries which have inhibited the free flow of communications has blocked it. Many countries have laws ensuring the free flow of information and then block certain communications. What that usually means is that they can't block anti-censorship projects like Tor even though they have a mandate to censor some things. In effect users are able to by-bass the censorship if they use Tor (which as I said can't be blocked being a general anti-censorship tool). Until the world which claims to be free decided anti-censorship tools are illegal and can be blocked the censorship they do have can be bypassed.

Anonymous

January 23, 2011

Permalink

from data captures made from zombies, all isps are doing this today. only botnets work now.

--russian blackhat

Anonymous

January 24, 2011

Permalink

ارتش سایبری ایران شکوهمند شما ساعتهای نزدیک. آیا نمی شود فریب داده ای. ما پیروز خواهیم شد. شما از دست بدهند.

Google Translate: "Your glorious army of cyber watches closely. A Do not be fooled. We will win. You lose."

What a great society now, that threatens its people.
Workers of the world unite: Those who betrayed the revolution shall burn in hell!

Anonymous

January 24, 2011

Permalink

تور در ایران تهران از کار افتاده است

Anonymous

January 24, 2011

Permalink

Dear employees of the Tor Project,

I fear for your future. There are adversaries and friends for which you have never even believed to exist. These exist in such an alternate world one cannot fathom the depth, money, and power they wield. Should the US Department of Defense truly wish to tackle Iran in a cyberwar, protecting assets such as yourself should be priority one. Cyberteams of the US military should be giving you money to bolster and improve your software and designs. Billions of dollars are being thrown around for technologies that are ineffective and dangerous in the hands of the untrained soldiers now wielding these cyberweapons.

Now is the time to strike. Either use these fancy tools or destroy them all. For an unrealized cyberwar fantasy is the dream of a teenaged bed-wetter.

Posit I, that your lives are in danger, both from your own government's ineptness with computers and the passion of the Iranian's. Arm yourself now, for judgment day will come upon you all too soon at the hands of those you fear the least.

Aren't you the poet. "Employees," "money," "billions"... pretty much sums up the Tor project. You hit the nail on the head: "passion" is why Iran has now defeated Tor. Their people don't dream of money (or traveling around the world courtesy US State Department to present some variation of the same old, ugly slides). They do it for personal reasons, whatever they may be. Tor lost the second the US Navy open sourced it.

Billions.....ha. As for passion, every tor employee was a volunteer first. However, it must be the millions in salary each person makes, the beach-front properties in exotic locales, and massive hush money we all get that keep us looking like "40 and out" corporate drones who don't care. I mean, Mike Perry slipped up and exposed the vast conspiracy, so it must be true, http://archives.seul.org/or/talk/Aug-2010/msg00090.html

Hi phobos!!!!!!!!!!!!

I understand the message!!!!! There is something of very true in what the Anonymous said!!!!!!!!!!!!!!!! For example my BEEFREE addon for firefox or AdBlock Plus (Wladimir's addon, i didn't made it!!!) are free for real!!!!!!! Both are made to fight against multinational companies and to improve people's privacy!!!! There is a lot of free software, free for real!!!!!!!
Writing software or more generally doing things, with LOVE is the most important thing!!!!!!!!!!!!!!!!!!!!!!!! This is what, i think, the Anonymous wanted to say you, using the word "passion"!!!!!!!
When money are involved, people turn biased and their work becomes based on the money they can obtain from it!!!!!!!!! Capitalism is evil!!!!!!!! And, many developers don't want to lose the money once they had the opportunity to get them!!! So, they are no more independent!!!!!
They'll do what they're told and paid for, rather than what is useful for real!!!!!!!!!
People driven by the money and no more by the love in what they're doing!!!!!!!!!!!!!
I think that, when you like what you're doing, you should do it with love!!!!!!!! YEAH!!!!!!!!!! And discarding the money!!!!!!! This is what makes you being pure!!!!!!!!!! It's very important!!!!!!!!
I think that if all donations, or at least big donations (i call them "bribes"!!!) from non-real-persons and companies, were refused the TORPROJECT would benefit!!!!!! You've the example of Firefox itself, a free and open source software, corrupted by Google!!!! Where the default web search engine set in the Browser, is the one from the worst and most anti-privacy company ever!!!!!!!!!!!!!!!
https://adblockplus.org/en/ has no "DONATE" button!!!!!!! Wladimir is super very good!!! he has a website with millions of hits (people downloading the subscription lists!!!) and he never said anything about money or bills to pay, nor expensive servers!!!!!!!!! So, it's possible to being pure if you only want it for real!!!!!!!!!!
For example, you know that i very dislike the fact that even TOR is together with Google for the "summer of code projects"!!!!!! Where Tor, another open source (and also pro-privacy and anonymization) software is together with the most anti-privacy multinational company ever!!!!!!!!!!!!!!!!!! Misconception?!! Why is the "summer of code projects" important?!!!!! FOR THE MONEY!!!!!!!!!!!!!!!!!!! this is the answer!!!!!!!!!! for the corruption!!!!!!!!!!!!!!!!!!! money are the lack of passion and the lack of real love!!!!!!!! and this sounds a bit like prostitution!!!! lololol!!!!!!!!!
I also lost a bit of interest in TOR after having had so many of my super very good suggestions rejected because of somebody else jealousy!!!!!!!! and after having read so much in the blog comments here and elsewhere about TOR!!!! i think it's a open source yet a too closed project!!!!!! A group very similar to a clique at times!!!!!!!! I don't know why you and Erinn don't do anything about this!!!!!!!!!!!!!!!! i'm sure you also noticed what i'm saying!!!!!!!
The TORPROJECT should't work after what donators want!!! but after users' suggestions and what users want!!!!!!!!!!!! (YEAH!!!!!!!! if the purpose of the TOR-Project is to make a software for the users!!!!!!! isn't it?!!!!!!!!)

bye!!!!!!!!!!!!!!!!!
~bee!!!!!!!!!

Anonymous

January 24, 2011

Permalink

hi please run my tor again we help you from iran
با سلام از زحمات ومهارت فوق العاده شما در ایجاد این شبکه اکنون که مسئله امنییت در ایران به حالت فوقالعاده
بحرانی رسیده و هر 8 ساعت یک نفر را بدون حق دفاع کردن اعدام میکنند حداقال بما بگوئید چگونه میتوانیم دسترسی مجدد به شبکه شما را عملی کنیم با تشکر مجدد از زحمات شما