Update on Internet censorship in Iran
Here's a quick update on what we're seeing from Tor clients in Iran. This is an update to https://blog.torproject.org/blog/new-blocking-activity-iran. It appears that one of the five Iranian ISPs is experimenting in blocking censorship circumvention tools; such as Tor, Freegate, Ultrasurf, and Hot Spot Shield. There have been reports that this update to censorship technologies was coming soon, https://www.azadcyber.info/articles/1560.
Previously, we had data suggesting that ssl-connections were being throttled or experiencing a forced reduced-throughput. It seems this is no longer the case. A simple IP address access list is used to stop access to the public Tor nodes, as well as many Tor bridges. An example of this blocklist on the Iranian Tor users:
We are seeing success in users choosing to configure their Tor clients to use a socks or https proxy and then connecting to the public Tor network. The trick here is that Iranian tor users now look to be coming from wherever the open proxy is located. A few volunteers in Europe and SE Asia have setup proxy servers restricted to Iranian IP space.
On a more technical level, here's what we were seeing last week for ssl manipulation, https://blog.torproject.org/files/https-traffic-flow.txt. What's interesting is the tor-server to client communication is with a TTL of 40. The TLSv1 Encrypted Alert is from the tor-server, except the TTL is 39. Unless the tor-server suddenly jumped one hop further from the client, something intercepted the connection and injected that packet on behalf of the tor-server.
This week we're seeing straight IP blocking after the ssl handshake starts, https://blog.torproject.org/files/ip-blocking.txt. In both cases, this is to the same tor bridge from the same tor client as before.
In a short few months, Iran has vastly improved the sophistication of their censorship technologies. Right now, the best option is to use tor through open socks/https proxies. A risk is the open proxies can see you are using tor, but cannot see the traffic passing through the open proxy, for everything is wrapped in layers of encryption by Tor. However, it appears the Iranian Potato Wall can detect Tor or not in any case by analyzing the traffic on the wire. We have reports this is true for other circumvention tools as well.
I thank the many people that have taken risks to share data with us.
Here is the solution for Iranian usres:
(a Persian guide: How to access TOR from iran)
I tested and it worked like charm ;)
ایرانیان عزیز میتوانید از آدرس فوق، روشی جدید برای استفاده از فیلترشکن تور که در ایران مسدود شده را بیاموزید
Hi Phobos, I'm trying to use Tor inside Iran, so this is very relevant and useful for me. Thanks for working on this. However, the Iranian authorities have blocked the list of proxy servers mentioned in your post (www.inet.no/dante/), and unfortunately I haven't been able to find an alternative list of proxy servers that works and isn't blocked. I'm getting a friend to email me the contents of the Norwegian website, but in future it might be really good if you could list the proxies in your blog.