Iranian oppression is no match for a VPN—especially when there’s money involved.
In Iran, anti-censorship is big money.
While the Iranian government spends millions of dollars to build and maintain one of the strictest censorship regimes on the planet, its citizens spend their own millions on anti-censorship software that allows them to see the Internet more freely.
Anti-censorship is so much money, in fact, that many of the same government authorities that do the censoring then turn around and allow the sale of censorship-beating software—in order to line their pockets, offer a false sense of security to Iranians, and even to make their surveillance jobs that much easier.
As anyone who has been to Iran will tell you, it’s really not very hard at all to beat the Iranian system, known by critics as the FilterNet.
On it, many of the Web’s biggest sites, including Facebook—which is used by nearly 20 million Iranians—and Twitter, are blocked. Pay a couple of bucks for a virtual private network (VPN), however, and you can access much of the Internet as the rest of the world sees it.
Anti-censorship technology is de jure illegal in Iran, but many VPNs are sold openly, allowing Iranians to bounce around censorship and seemingly render it ineffective. Nearly 7 in 10 young Iranians are using VPNs, according to the country’s government, and a Google search for “buy VPN” in Persian returns 2 million results.
Iran’s Cyber Police (FATA) have waged a high-volume open war against the VPNs, but it’s still very easy to find, buy, and use the software.
It’s so easy, in fact, that you can use Iran’s government-sanctioned payment gateways (Pardakht Net, Sharj Iran, Jahan Pay & Baz Pardakht) to buy the tools that’ll beat the censors.
To use these gateways, however, customers have to submit their Iranian bank account and identity, all but foregoing hopes of privacy or protection from authorities.
The obvious question arises: Why do government-sanctioned services offer tools to beat the law?
Independent Iranian media have reported that “elements within the government and the Revolutionary Guard provide support to a number of VPN sellers,” according to a 2014 report from Small Media. “Reports hypothesize that this is a mutually profitable arrangement; lining the pockets of officials at the same time as it allows VPN sellers to continue in their work without the threat of state interference.”
BBC Persian journalist Hadi Nili says that not only do Iranian authorities sell VPN accounts, the Iranian government even uses VPNs in order to protect their own connections.
Direct proof of government affiliation with the VPNs is hard to come by, Nili told the Daily Dot. But the very fact that the VPNs can be sold openly, and are still used “except in very special occasions, like the elections,” means that the most likely explanation is a government connection.
“The Iranian government owns more than 70 percent of VPNs inside Iran,” researcher and activist Nariman Gharib told the Daily Dot. He believes the VPN owners are almost certainly connected to the government and Iranian Revolutionary Guard Corps “because [otherwise] they should be in jail by now! Which [they are] not!”
In Nov. 2014, Gharib surveyed over 84,000 Iranian Internet users who beat the country’s censorship systems every day. The results of his report reveal the most popular circumvention tools in the country, exposing key detials about how beating censorship works (and how it doesn’t).
The most popular circumvention tool in Iran is Hotspot Shield, with 15.1 percent of users, followed by psiphon3 and F-Secure FreedomeVPN, three easy to use tools that provide VPNs advertising the ability to tunnel around the blocks.
Tor, likely the most famous and accomplished anti-censorship tool in the Western world, boasts adoption by about 7.5 percent of the Iranians surveyed.
From a technical standpoint, there’s little doubt that Tor is by far the most effective tool in the bunch at protecting privacy and beating censors.
So why don’t Iranians flock to the free, open source, and impressively powerful anonymity network ? Gharib, who now works in the United Kingdom, is not surprised that Tor doesn’t crack the top 3 in Iran.
When you’re dealing with increasingly sophisticated regimes, such as Iran, making Tor work correctly is significantly harder than running the competing VPN tools.
For the average Joe (or, in this case, the average Ali), it almost always comes down to ease of use.
“There is not enough knowledge to how they can work with Tor and bridges,” Gharib said in an email. “The size of Tor software is a bit big for Iranian Internet user inside Iran. And they don’t know how they can play videos on Tor browser. [That’s] seriously one of the biggest issue they have.”
Iranians complain that Tor is slow, while VPNs are “quick, easy to use, and have fewer errors.”
If, like many Internet users, you want to use a service like PayPal, Tor becomes incredibly onerous.
Part of Tor’s secret sauce is that no website ever knows your real location and it even appears that your location is changing regularly around the world. For financial websites like PayPal that closely monitor where there customers are connecting from in order to prevent fraud, Tor blocks up the whole machine.
“Most of those VPNs are allowed to operate but just Tor and F-secure FreedomeVPN in my opinion are protecting users’s privacy,” Gharib said.
This isn’t exactly a secret in Iran but the truth is that most people just don’t care.
“That’s what they care about most: finding a way around the curtains to find the content they want,” Nili told the Daily Dot in an email. “They want to listen to music, watch videos, download both, and update their Android or Apple devices, check Facebook for cute kitty videos, checking news websites like BBC Persian, scrolling down their Facebook timeline, and maybe pushing the like button or leaving some sarcastic comments sometime and in the most active way, re share some posts. So even if they need a better security, they might opt to compromise their privacy for the price and ease of use.”
For most Iranians, like many people around the world, if they can log into Facebook then what more can they ask of the Internet?
Tor’s fight with Iran escalated rapidly in 2011.
After the heavily-contested 2009 elections saw activists use social media to organize and gain worldwide attention, the government woke up to the fact that the Internet was a force to be reckoned with. They transformed their very basic Web censorship and surveillance systems into an entirely new beast.
“In 2011, Iran deployed super sophisticated deep packet inspection at scale,” Tor executive director Andrew Lewman told the Daily Dot. Every piece of data was suddenly being watched by authorities.
“Iran had 18 million concurrent people online at all times. From a sheer engineering perspective that’s really impressive,” Lewman said. “There were all sorts of rumors about who helped them. It’s the equivalent of going from a cart and buggy to a jet in the span of a year.”
The majority of the action happened even faster. In Jan. 2011, Lewman wrote that over the course of 48 hours the Great Persian Firewall updated and began blocking Tor and other anti-censorship tools more effectively than had ever been seen in the country before.
By the end of the month, almost no one in Iran was able to use Tor.
One of the most impressive features of Iran’s new Internet was that it could detect Tor on the wire.
However, the developers at Tor had already been preparing for just such an occasion. They were eight months into the development of “pluggable transports,” tools that disguise Tor use as something more benign such as Skype or searching Google.
“This is the perfect test case,” Lewman said. “We told users it was test software. We said ‘Are you willing to go to jail for this?’ and they said ‘Yes, I’m willing to go to jail already for so many things, just give me the software.’ They tested our code live and it worked.”
Since then, the Iranian government has regularly attacked the anonymity software, testing for weaknesses and pushing it offline in the country whenever possible. Last year, they were briefly able to knock 75 percent of Iranian Tor users off the network.
The Tor Project developers fought back once again. Within weeks, more Iranians than ever were using Tor as the software was updated and beating the censors.
Today, the number of Iranians on Tor is steadily dropping one more time with the numbers hovering around 20,000 at any given moment, a marked fall from the high of over 50,000 concurrent users in Sept. 2014. As always, Tor is being updated and upgraded to meet the new threat.
“We try to have arms races as slow as possible,” Lewman explained. “For every action we take, there’s going to be a counter-action. We cannot rush into an arms race, that’s not good for the users. The average user can’t keep up with daily releases of anything, even monthly releases seem to be too much.”
That’s doubly true for Iranian users who already find Tor too tough and bandwidth intensive to use.
The current situation leaves many Iranians not only vulnerable but even with a false sense of security, which can be the most dangerous ignorance of all.
The future of the Internet in Iran is murky but uninspiring. While the President of Iran speaks out against Internet filters, the Ayatollah—who is the man truly in charge—calls high speed Internet “un-Islamic.”
But even with the right VPN or using Tor, cybersecurity for the average Iranian is a dream. Cracked versions of Windows and anti-virus tools are legion in order to avoid the steep costs that can come with both, leaving users open to malicious attacks from many angles. Free and secure software like Linux are rare in Iran despite the obvious niche it could fill.
“In Iran, there is no ‘full protection,'” Gharib warned. “So activists in Iran don’t give a damn about foreign agencies [like the NSA]. They’re much more worried about their own government.”
Image via Arria Belli/Flickr (CC BY SA 2.0) | Remix by Jason Reed