Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: The Internet situation inside Iran
1045 points by throwaway124592 on Sept 29, 2022 | hide | past | favorite | 183 comments
As you probably have heard, there have been widespread protests going on inside Iran for the past week or so following the death of Mahsa Amini at the hands of the morality police.

Following the protests, the government has cut off or severely limited residential and especially mobile broadband access to the internet and people can only access websites and services hosted inside Iran. This has made connecting to VPNs with servers outside Iran, and Tor close to impossible. That being said, the servers inside Iranian data centers still have access to the outside world.

The government has also blocked Instagram and WhatsApp (the main channels of communication used by people inside Iran), and alternatives such as Telegram, Signal, etc are also blocked, halting communications to a crawl. People have to either call each other via GSM or send SMSs (which by the way is being monitored and messages containing keywords related to the protests don't even get delivered). As you can imagine, it's preventing people from coordinating the protests and strikes, and with the sattelite TVs being also heavily jammed, the only source of information accessible to most people is the government-led local TV channels which are distributing regime propaganda 24/7 and trying to scare people into submission.

We (a group of tech people inside Iran) have started using the servers inside Iranian data centers gain access to the Internet, and are setting up VPN servers and Tor bridges and giving the information to people we know. It's not scalable, and it's risky for us (the servers inside Iran can be traced back to us), but that's the only way we could think of to help. The technical details are published here:

https://github.com/InternetForIran/InternetForIran

We need help on multiple fronts:

- Please review and contribute to our repository on GitHub linked above. We need to improve the security and make deployment easier.

- The methods for setting up Tor bridges described in the repository were working up until 2 days ago, but have mostly stopped working and we haven't figured out why yet, maybe you can help?

- We have reports that V2Ray VMess and ShadowSocks are working inside Iran even at times when most other tools and protocols don't. We haven't been able to reliably deploy and test this (there are many configuration options and it's not clear which methods are working). Please create an issue or send a PR if you know how it works and how to deploy it.

- If you are an Iranian expat: Get a server inside Iran and set this up for your family and friends and get them back online.

- If you are an entrepreneur or work at a tech startup inside Iran: Your company already has servers inside Iran. Talk with your team, set up VPN servers and Tor bridges and share them with other employees and ask them to help get their family and friends online.

Edit: Formatting.




the servers inside Iranian data centers still have access to the outside world.

Knowing that, the simplest and easiest solution that would avoid detection is to SSH tunnel into that datacenter and SSH-ProxyForward out of that datacenter into Amazon AWS via SSH and use that SSH proxy chain as a SOCKS proxy for browsers. Make sure the browser is using the SOCKS proxy (SSH) for its DNS. Many sites will make your friends solve captchas if they show up from Amazon so if you have a friend outside of Iran in the same AWS region that is willing to open SSH on their home router then one could add that private home router as their last hop in the SSH proxy forward. Do not go directly from the datacenter to the home. It is normal and expected for Datacenters to SSH to Amazon.

SSH Client -> Iranian Datacenter / Server -> AWS VM -> Home router in same region as AWS -> Internet.

If many people are using the same server and VM then make sure that MaxStartups and MaxSessions have been increased in sshd_config as well as any PAM limits on the servers for open files on every node in the path. Clients should enable ControlPath / ControlMaster in their ssh_config or ~/.ssh/config. To harden each hop configure PermitOpen to only allow the SSH hops and the final hop should also permit *:443

Examples of all these steps can be found on SuperUser / StackExchange / ServerFault and are all public knowledge. All above-board, no hacking involved.

[Edit] Removing the Squid MITM SSL-Bump proxy idea. That would make follow on questions harder to explain.

[Edit from Fatnino's input] If your Amazon VPC's are too outbound-restricted then pick another VPS provider that is commonly used for hosting 3rd party tools for datacenters, preferably one already used by that datacenter.

[Edit] In theory hypothetically speaking every hop possible could have misconfigured but realistic looking syslog so that SSH connections are not logged on the server and in theory a log-less silent rule in the edge firewall to not log SSH connections. Sometimes syslog disks also fill up by mistake. SSH can also be performed in ephemeral diskless containers such as Docker, Podman and LXC.


The first hop, "SSH Client -> Iranian Datacenter" seems extremely vulnerable to surveillance, and would create an incriminating list of people involved. With this discussion in the open, you can bet Iranian authorities are going to specifically look for anything discussed here, so the only viable solutions should have no measurable deviation from normal behavior that would allow them to detect which datacenter was doing this.

To make this happen, you should have a minimum number of connections from inside Iran into the datacenter.

For a small group of trusted people with always on connections, you could just create a linear chain of SSH forwards connecting everyone. For widespread connectivity, a TOR bridge through the path you describe would be workable.


Could individuals run a public internet gateway that doesn't keep logs with something similar to mosh but running the equivalent of an SSH tunnel? Think a SOCKS proxy on one end, but running as a public web application/forward proxy on the other end.

The ISP would still be able to see any traffic to the gateway, but if you had enough links outside of government monitored net infrastructure to the gateway (hard lines you take down or obfuscate when the patrol does their rounds, wireless point to point connections), the risk would be on the gateway operator.

(Please do not take my advice without evaluation. This is speculation from a SWE, not advice for life or death situations.)

Edit: I suppose if your ingress traffic is over links not monitored by government anyway, it doesn't matter if you use SSH or a web application forwarding traffic to a SOCKS proxy behind the scenes. Not sure if the idea presented above would be useful in other scenarios.

Edit2: I guess usability is a benefit, even without security benefits. "Plug in this cable and type this URL into your browser" is easier than "open a terminal and establish an SSH connection."


something similar to mosh

Something that looks similar to mosh being UDP and encrypted but that allows proxied traffic would be Tinc Open Source VPN [1] The nicest thing about Tinc is that it does user-space dynamic mesh routing without requiring packet forwarding being enabled. I would call it a middle ground to onion routing if set up right. It has configurable compression. The reason I did not suggest this is that it is not simple to set up and get OpSec right the first time out of the gate unless the people involved are already very experienced with it. That's why I suggested SSH. SSH is relatively simple, well known and will blend in with all the legit SSH traffic and more people have experience with SSH. SSH egress from a datacenter is normal, expected and likely already permitted to AWS without making logged firewall changes.

[1] - https://www.tinc-vpn.org/


Bookmarked. Thanks!

Agreed on the utility of SSH. I work on a product that offers SSH certificate authorities as a service, among other things, and have read some of the RFCs.

I mainly mentioned the web forward proxy as a response to the "SSH traffic to Iranian datacenters from residential connections is suspicious," comment, but SSH is a great basis to build on. I doubt the SSH egress from the datacenters would draw much attention, but again, I wouldn't use my advice in a life-threatening situation, especially as I have never seen these type of monitoring systems in action.


You are not dealing with a state that will say "teehee, we have no proof of the data that's going through, oh well!". Anyone found operating one of these gateways will just end up being beaten with a wrench, and traffic logged further on. Considering this, it's overall safer to not go through a central gateway, and to have as many possible connections going through. Hell, even PCs stored in weird places, in government offices, just to make the signal to noise ratio even worse.

A gateway is a single, big ass signal that says "come murder me".


Good point. I wish I could delete or edit my comment but I can't. Thanks for the reply.


Moderators can probably help.

hn@ycombinator.com


I considered that, but the small group of trusted people is a bit of a double-edged sword. If one person is taken and they do not have good OpSec they could expose that entire group of trusted friends and that would be a more valuable target to authorities. So in that case I would stick with having an accidentally exposed SSH in that datacenter.


maybe lorawan can be used to launder the traffic? IoT traffic obfuscators running on battery power


You'll fill the airwaves very quickly with Lora devices. They're quite terrible at anything more than very simple text data. Time in air is high, bandwidth is very low, and signal clashes in crowded areas are a big issue.


Here's a project exploring large data transfer over LoRaWAN https://stuartsprojects.github.io/2021/02/26/Large-Data-Tran...


This is a good recommendation.

Using Tor sounds good in theory, but it's too far easy to identify all of the Tor connections and identify the residences connected to them.

I would suggest using SSH tunnels on whatever port a given server normally communicates on. If this is 443, connections should just look like normal web browsing on an ISP level. If the server is used to transmit other data over TLS using that port should be fine too.

All of that said, the challenging thing is not to secure the traffic, but to make it look normal. A persistent connection is not normal from a residential IP in most cases. This means you should take your session down once you've sent your messages for the day.


> If this is 443, connections should just look like normal web browsing on an ISP level

Except that it doesn't look like TLS - depending on what the traffic inspection capabilities look like I imagine someone speaking SSH on port 443 is pretty incriminating :/


ssh over 443 is likely to be rather common since most firewalls leave 443 alone


If the datacenter had been using SSH on port 22 to AWS in the past, I would just stick with that. The less changes the less obvious something is out of place. It sounds like they can still egress the datacenters for now.

The connection to the residence would be the last hop in the SSH proxy foward chain meaning that all Iran will see is Datacenter -> AWS. Then it is AWS -> residence. Iran would not have visibility into AWS egress traffic, rather Five-Eyes [1] would see everything in and out of AWS.

Datacenter -> Non-Iranian-AWS Region -> Non-Iranian Residence -> Internet.

The flow from the DC to AWS is all they would see.

[1] - https://en.wikipedia.org/wiki/Five_Eyes


Just a side note: I guess it still can be suspicious as AWS is banned for Iranian. Irainians usually use other VPS providers.


Ah I was unaware. In that case they should use whatever VPS they normally use that is outside of Iran. Hopefully some of them are outside of the country.


I worked at a place with very restrictive internet policies. My team had access to one aws instance that could get out to the open internet.

So my connections looked like this:my laptop at work in California, tunnel to aws in Virginia, tunnel back to a server at my house in California, connect to actual desired site likely hosted on aws in Virginia yet again.


[Edit] Too late for me to edit my original post. It was pointed out to me that Iranians are not permitted to use AWS. In that case, replace "AWS" with whatever VPS/Server providers that Iranians are permitted to use that is outside of the country.


Would traffic shaping still enable to guess this is a browser usage rather than a typical ssh?


I believe you are asking about theoretical machine learning used to identify encrypted traffic patterns.

SSH can be used for file transfers via sftp so it is not uncommon to have long transfers of data. In this edge case however one could set up a simple rate limited rsync over ssh and then rate limit ssh slightly higher so that the browsing shares the bandwidth creating a relatively smooth data stream. Data streams are not expected to be perfectly constant across the internet so a little fluctuation would be fine.

If Multiplexing is being used via ControlMaster ControlPath in the client then the people browsing will be riding the extra SSH channels without having to re-authenticate after their first authentication. The first SSH channel would be used for the SFTP transfer.

   rsync -aq --bwlimit=600 /some/dir/big-file ssh-first-hop:/dev/null
Then rate limit SSH just above 600KB/s using `tc`. On a modern kernel this is one line.

   tc qdisc add dev eth0 handle 101: root cake diffserv3 bandwidth 6mbit internet nat egress ack-filter triple-isolate ethernet  memlimit 32M
One could use HTB bucket rules with tc on older kernels.

All of this said, I do not believe this step is required unless a datacenter's SSH traffic patterns were already being traffic profiled and I would theorize that for this to be the case Iran's intelligence agency would have been watching them for other reasons.


Telegram have MTProxy that acts as a proxy and censor resistant.


I wish you the best of luck.

When similar events unfolded in Syria, people created redundant social networks of fake Facebook accounts. This seemed to work well. When captured and tortured, people would hand over credentials for one account. People would detect that network was "burned" and move to the next one.

This gave the officials very little information, since the accounts did not reference real names, and locations were obfuscated. High risk private messages were deleted, etc.

The key to this working was that Facebook was not sympathetic to or cooperating with the Syrian government, and accessing Facebook was a common (not worth prosecuting) infraction.

I'd be worried that they will fingerprint / honeypot tor infrastructure, then round people up. The existence of the tor client or connection logs basically proves guilt.

Friending facebook accounts with cutsey names is much less incriminating. Edit: Also, any honeypot proxy connection logs just show that you used https to access facebook.


According to my friend in Iran, Facebook has been banned for some time. Same with FB Messenger.

She has been successful using VPN and WhatsApp until today. I don't know if I'll ever hear from her again.


Just make sure to be reasonably active on those accounts.


Back in the 80's, I remember that people were protesting without internet and mobile phones, with very successful results. They bought down the iron curtain after all. The most sophisticated technology they used was the printing press, for printing and distributing fliers, newspapers and censored books. Underground groups were organized in cells too, without phones, email or apps.

Right now, it seems like those who use the internet and phones are at a disadvantage. Phones are always tracked, and the internet is a giant surveillance tool. If the government controls the network, then it is always at a great advantage, no matter if VPN or Tor is used.


> Back in the 80's, I remember that people were protesting without internet and mobile phones, with very successful results.

Back then, the governments didn't have that either. Pigs on the streets with barely working (or understandable) radios, outdated huge paper maps, and if they were lucky a barely working chopper for a bit of aerial surveillance. The only tools were water cannons, batons, tear gas that didn't work against drunk people, shields and live ammo.

These days, the abilities of governments in counter-protesting are absurd:

- each pig has not just a radio with high quality audio transmission, but also a digital data channel for streaming video and other intel in both directions

- tons of surveillance cameras with high definition imaging sensors

- cheap-ass drones

- there are multiple vendors offering "data fusion" for command centers. Think of platforms that fuse everything into one cohesive environment: a Google Maps map and satellite view, with individual position markers for each unit, live feeds from thousands of surveillance cameras, live feeds from officer body cameras, live feeds from drones and choppers, AI analyzing all of that to predict movements of the masses, incoming firehose feeds from Twitter and Facebook...

- highly effective tear gases, mobile walls on tanks to lock down streets [first photo of 1], tasers, rubber bullets, LRAD acoustic weapons and other non-deadly tools for crowd control

It's hard to mount successful protest against nations that have half the stuff I just described, and as HK shows all but impossible against a nation that does have this kind of abilities.

[1] https://www.hrw.org/news/2018/12/14/france-police-crowd-cont...


Yup, the other side of the coin is even darker. To add to the list - the recent trend to phase out cash in favor of electronic payments.

Protesters can just have their accounts frozen, and/or deposits confiscated, as we seen in recent examples.

(Those young kids who use their latest Apple watch to pay for coffee in the morning just because it's "convenient" really do not understand what they are sleepwalking into...)


Back in the 80s, the number of people who had been and were killed organizing this way had a lot of zeroes at the end of it. Don’t get me wrong, I’m all for a low tech approach to security where it makes sense, but it’s not a panacea. And it’s not like this evolving movement wasn’t organizing the same way at the same time, we’ve learned more from them than the inverse.


we’ve learned more from them than the inverse

Adding to this, their security forces learned a great deal as well. Here is a brief talk on this covering a little bit of the protest history and what is likely to occur. [1]

[1] - https://www.youtube.com/watch?v=ooROZDeds8o [video 4 mins]


People can protest without the Internet. However, they’re at a greater disadvantage than protesters in the 80s because the government does have the Internet.


80's, a world without cameras in each street.


Over at session we are getting a massive influx of users from Iran right now.

We have not been blocked yet, session is an e2ee decentralised messenger.

https://getsession.org/


Thank you for Session, i've been using it to reliably communicate with a friend in Iran


I have not heard of Session before now.

I don't want to seem insensitive to the Iran situation, but how does Session compare to other popular encrypted messaging services?


It is completely decentralized and works like Tor (Onion Routing) while others are centralized or federated.

It is based on the signal messenger, the apps look nearly identical.

And you don't have a phone number or an account login, you just have a long UID that you use like your phone number and a random recovery phrase. It is all about not sending much metadata about you, your phone, etc.


https://github.com/oxen-io

Seems to be a fork from Signal by oxenio. It's selling point seems to be the crypto currency relation?


More decentralized and censorship resistant than Signal, which that is sitting on Google's servers. Google has the ability to shut Signal down if they wanted to or if asked to by the authorities, since Signal is helping others evade sanctions illegally without a license.

Signal also has a private cryptocurrency attached to it, most definitely used by criminals, scammers and even pump and dumped by the founders which one of them are the founders of Signal. (Yes. Moxie is part of it.)


Yup, they are selling usernames for $


How does session compare to Briar + Orbot?

Did session and lokinet already have a code security audit or pentest?


I'm an Iranian living in the US and I have family in Iran. The internet is completely shut off for two weeks and international phone calling also doesn't work. All I can do is pray at this point.


Hoping for the best for you and your family. I am so sorry you all are going through this.


Briar works over Bluetooth, Wifi:

https://briarproject.org/how-it-works/

https://briarproject.org/download-briar/


Yes, it's such a shame people are spamming Signal proxies when Briar is the one most deserving of attention. Especially considering Briar works without internet and Iran has a history of shutting off the internet.


Briar is built for emergencies such as natural disasters. BTW, blocking comms (for any country) it's a disaster for the economy.


along the same line...

freemesh for wifi AP based mesh networks. not as convenient as briar, but considering the situation having multiple modes of communication seems like a good hedge.

  https://freemeshwireless.com/
also, if you can get a hold of lora wan based devices, e.g. esp32 w/ lorawan, you can set up a lorawan based mesh network with wifi entry points.

  https://meshtastic.org/


+1 if y'all can explain the UX of these apps to regular folks, it's much harder to censor individual Bluetooth connections run on mobile phones than a server in a data center. If y'all can risk sending mules to a gathering to run messages between folks, it'll keep you going even if the internet gets cut off from DCs.

Worst case a mule gets captured or turns to the government in which case those messages are lost. That's all.


There's https://berty.tech/ as well. Not sure if it's as mature yet though (https://berty.tech/blog/berty-not-war-ready/)


Yeah I think this is the way. Trying to setup VMs and proxies to get outside internet working is a lost cause IMHO. They need apps that work with a mesh networks and keep things local using wifi and bluetooth. This is the way.


Briar has been translated to Persian 100%. This is a good indicator that is must be in widespread use in Iran


Signal is setting up proxies so users in Iran using Signal could update their proxy settings in the app to bypass the block for that at least. Not sure to what extent things are being blocked, but if you can get connections to SOME outside services, this might help people to organize means of communication. The proxies are also setup by people outside of Iran and it doesn't really matter if someone in Iran leaks a proxy address, new ones can be setup in minutes. Look for the #IRanASignalProxy hashtag on twitter/other social media and ask people for the address. Signal also made a guide to help users set this up on Ios/Android - https://support.signal.org/hc/en-us/articles/360056052052-Pr...


I set up several proxies, and only sent their addresses per mail. A Problem is that we have no idea which contact is trustful and which not, so in the end our proxies were blocked after a really short amount of time. Does anyone has successfully deployed such a proxy and it has actually been used without being blocked? Is there any best practice / experience?

I am furthermore searching for a method to check whether it works from inside Iran or not. Was trying a VPN from Cyberghost, but with that it is possible to visit blocked sites, I did not previously know that data centers in Iran have unblocked access. With that I could check myself whether it works and could detect after which contact we were blocked.


I think this needs to be approached with a throwaway mentality. You setup a proxy, it gets blocked, you setup a new one. I do agree that we cannot know who is reporting them or who is leaking the proxy addresses and ideally it would be great if a few people from within Iran could coordinate these and hand them out to other trusted people and have those share them out to friends/family/etc.

However, I think we shouldn't forget that we have no real way of knowing if any of this works in all regions, what sort of access/blocks people there need to go through to connect to even basic services. So maybe instead of being worried ONLY about these issues (which are more in line with our skill set), we should try and pressure our own elected officials to take some measures, any measures to help people there.

You can setup an Ansible playbook and automate the whole deployment without any issues. Most VPSes cost a few cents a day to run and could serve a lot of people. The technology aspect on our end has never been the bottleneck or the problem, but rather how to disseminate these bits of information to those who need them the most and how to actually stop this from happening yearly/monthly across the world.

So I guess what I'm trying to say is thank you for your efforts, keep it up and if you know people there who can spread information about these solutions, even better! We don't know for sure the restrictions we need to fight through, so it would be great to know more about that... And in the meantime, drop an email if nothing else, to your local representatives/elected officials and ask them to do something, anything at this point, to support people exercising their right to protest. Because it's quickly becoming an optional extra even in the West.


this is the same problem that folks at TOR encountered in some countries, Iran included

https://youtu.be/ZB8ODpw_om8


> we have no idea which contact is trustful and which not

Is this a concern? The Signal Proxy is designed so that the person running it cannot see any content. I guess the concern is them seeing your IP, and a VPN is not usable?


They mean that if the proxy is sent to a non-trustful contact, it will quickly get reported and blocked.


Everyone should install the snowflake extension as this allows you to create a bridge in to Tor with just a browser extension. An easy way to add to the Tor bridge IP pool without having to spin up a VPS.

An easy way to help someone in a censored country to access Tor.

https://snowflake.torproject.org/


I see a lot of people suggesting services, wanting to be helpful here, when they asked for people to respond on GitHub.

If you have an idea based on your own knowledge of what they asked for,I'd put it there, that will keep them from duplicating effort.


Just curious, is there some sort of special license or permission required to get access to computing resources like these in Iran, like there is with the Chinese website license number thing?

I have thought about trying to run a VPN server on my EC2 web server for my friends in Iran but not sure if regular VPN protocols are even allowed through. I don't think they know what Tor is much less how to set it up with a custom bridge. They seem to be using some kind of proxy/bridge for Telegram, but didn't know the technical English vocab to tell me exactly what it was.

Ironically, I once talked to someone very pro-regime on HelloTalk and asked them why they were using Telegram if it was blocked/illegal there, since they would defend the regime on anything else you asked them about. They claimed to believe that it was blocked because of US sanctions and denied that the government blocked any websites. Is this a narrative they are pushing on state media there?


I moved out of Iran about 10 years ago, but when I was there you couldn't purchase internet plans faster than 128kbps unless you had a legitimate reason such as being a reporter, business, etc. There was, however, no special license needed for any computing equipment. I purchased very cheap VPS and other resources without even having to submit any personal info.

Nowadays, the limit is gone and there is faster internet access but the issue of filtering still exists. When a service doesn't work in Iran it's either due to sanctions, the government blocking access to some domain/ip, or a combination of both. The user is left wondering which one it is and how they can get around it


> is there some sort of special license or permission required to get access to computing resources

Mostly not. Censorship works by elimination, not by requiring initial permission. The main exception is internet access to blocked services. Government supporters get access to services that are otherwise blocked to the public.

> They claimed to believe that it was blocked because of US sanctions and denied that the government blocked any websites

The government and their supporters are bad liers. By bad, I mean they don't even try to make it convincing. The president told a foreign journalist that covering is optional in Iran. That is while their "morality police" has killed a woman and the whole country is burning in riots. This is while that same journalist is wearing scarf to be allowed to talk to the president, in US!


> They claimed to believe that it was blocked because of US sanctions and denied that the government blocked any websites.

This narrative is probably helped by the fact that half the internet is being blocked on the US side because of sanctions - i.e. the entirety of Google Cloud.


> Is this a narrative they are pushing on state media there?

I don't believe so. In general, assholes who get their money from the government, create their own fake news which is even faker than what is published in the state media. Which makes sense, as the state media optimizes for everyone watching it, not just the bootlickers.

> regular VPN protocols

Naive, Hysteria, Trojan, VLESS, etc. seem to work. Of course, foreign servers are, at times like this, only accessible in datacenters, which means the protocol would be irrelevant.


Using Tor Browser should be very simple, if they know how to operate a web browser they should be able to use Tor Browser. They literally start the program, there is a window that asks if they want to use a direct connection or bridge. They click bridge, enter a bridge and are connected like a normal browser.


You don't actually need the license for computing resources in China, it's "only" necessary when you're hosting public-facing web pages specifically


Can people use a steganography app to communicate via innocuous images?

1. Take a picture.

2. Use app to insert message into picture, encrypt with passphrase.

3. SMS picture to friend or upload to Iranian equivalent of imgur (if any is up).

4. Friend loads picture into app and types passphrase to get message.

I'm not sure what a good choice of app would be, but something good must exist?


The point is that phone service and access to the outside internet is blocked. You can't get images out any more than you can get text out, so putting text in images does not help.


If data centers can make outside connections then steganography and internal (to Iran) routing can help get messages from protests to someone that can pass those through datacenter Internet links.

Just being able to organize internally is super useful. The protestors don't need to use Facebook to organize effectively.


I thought the main goal was to help Iranians communicate with each other.


Is there any good open source or publicly usable steganography software with reasonable UX? Page 1 of Google shows this thing called OpenStego. I've heard of steganography but have no idea what tools are reputable in this space.


Does steganography break when Social media sites reprocess images? I.e. do you need to access the underlying raw bytes?


Great point, probably most approaches break if the site is doing that.


PixelKnot for Android, developed by Guardian Project: https://www.f-droid.org/en/packages/info.guardianproject.pix...


I find MMS heavily compresses images to an absolutely unusable extent.


I would recommend trying to set up tailscale[0] in the servers instead of a VPN, its similar to the reply about SSH ProxyForwarding but it has a lot more tricks under the hood. Of course you need somewhere (aka an AWS server in eg. europe) to connect to.

Also have a look at their blog post about NAT traversal for some potential inspiration: https://tailscale.com/blog/how-nat-traversal-works/

Good luck out there! I'll have a look at your github repo now.

[0]: https://tailscale.com/


Tailscale is a VPN...

And it requires a control server with auth. Simply cutting off access to the control server would disable clients from connecting.

While there is headscale, configuring the tailscale clients is tricky and would not scale to hundreds or thousands of non technical people.

/!/ Also tailscale is a mesh network. It would only take one rouge client to revel all other clients. This is very very dangerous given the use case.


It seems risky to set this up on something you own when facing the adversary you face. Use good OPSEC. Don't do this on something than can be tied to you. Not on your servers, not from your workstations, not from your house, not from your workplace. That's 101 level operational security. It'd just take one user to be discovered using the VPN, followed by forensics and interrogation to unmask whoever sets this up. Then what happens?


The idea is plausible deniability, used PCs that could be plausible hacked. Bonuspoints when they are part of the regimes machinery.

Tornode running on a censors machine is ideal.


I would say, it depends.

When you focus on setting up servers, you can argue it is mainly about communication.

They cannot go after anyone who wants to be online again - but of course they will go after anyone, who set up infrastructure especially for activists.

I would frame it internally strictly as "going online".


Does Matrix.org still work inside Iran?

Since its a decentralized protocol, not one single domain like signal and WhatsApp, it should just still work.

It can be installed on an iranian server and then federate with all other world wide servers.


Yes, V2Ray VMess and ShadowSocks are the most reliable tools. They were fully tried and tested in China, where has a similiar issue.

Deploy a proxy server is the first step. Take the experiences from China:

1. Always try to pretend to be a normal traffic. Your ISP, DC, all the entities alongside your network, they will all try to detect you and ban/jail you. In China, they detect the symbol of unnormal traffic, record everyone using the default proxy port, training ML model to find proxy users. If your gov does not have the tech, I believe China Gov will surely exports them.

2. Always beaware about the help. Gov may publish some honeypot VPN to monitor the opponent. The public server or deployment script may have backdoor or virus.

That's a war never end.


Although almost every developers in China grasp the skill, every year thousands of people detented or jailed for providing the service or crossing the Great Fire Wall in China. Wish you good luck Iranian bro.


Please if you're having trouble setting up Shadowsocks consider using Outline (getoutline.org) asl19.org and their Telegram bot for generating Outline access keys. This team has put in years of effort to make Shadowsocks usable by regular people


The Learn More button in the cookie banner goes straight to Google's site.

Also, the copyright notice at the bottom of their help center is Google: https://support.getoutline.org/s/article/Data-collection?lan...

A tiny bit more digging and it is actually Google in sheep's clothing: https://jigsaw.google.com/

That's gonna be a no for me, dawg.


Jigsaw is run by Google but if you look at outlines GitHub you'll notice that it's completely independent of anything Google.


Not good enough.


Please look at using domain fronted pluggable transport meek:

https://github.com/arlolra/meek

https://bridges.torproject.org/bridges?transport=meek

https://support.torproject.org/glossary/meek/


https://getoutline.org/ is based on shadowsocks I think, and comes in an easy to deploy package.


It is indeed Shadowsocks (I used to be affiliated with that team)


Here's how to create a Signal proxy https://www.youtube.com/watch?v=Tf-mtjEF4t0


For those who just want the instructions in plain text: https://signal.org/blog/run-a-proxy/


Hi, I'm in Sweden and currently I've setup a OpenVPN Server in a VPS with Finland location. sometimes it works inside Iran. by the way I'm ready for any help


you might want to consider scuttlebutt[1]. It's a truly decentralized social network. You can set up your own in-country servers to spread information between clients fairly easily and it doesn't matter if they take them down because it's decentralized any any other server can replace it. Set up a few and then if they take one down the others can spread the word about where to find its replacement.

[1]: https://scuttlebutt.nz/

[edit] checked back in on it since i hadn't used it for a bit. Looks like the clients probably still work but the development seems to have been abandoned for a couple years now. So sad. It had an amazing community. Maybe still does...


Wouldn't p2p applications be problematic because they reveal the IPs of several people who are connected?


This is slightly off topic, but beyond the protests, there may be other reasons the powers-that-be are trying to control the information space. Khamenei may be dead or dying. Changes of leader in these sort of regimes are always a fraught time at best.

https://www.understandingwar.org/backgrounder/iran-crisis-up...

https://www.understandingwar.org/backgrounder/iran-crisis-up...


This is why I invested many years and $1M of our profits into building Qbix Platform

https://github.com/Qbix

The why in video form: https://www.youtube.com/watch?v=pZ1O_gmPneI

The why in blog form: https://qbix.com/blog/2019/03/08/how-qbix-platform-can-chang...


Make a separate Show HN post for it. Otherwise I am afraid this will get lost in shadows of the main discussion.


I spun a c3.large for the cause and email the person.

any gotchas I should worry about? (the aws calculator gives me 76.65$ USD / month)

I want to help but I am by no mean rich... don't want a crazy AWS bill...


I’m by no means an expert, but one thing I would keep an eye on is the egress data metric, because Amazon charges for that. If there’s a lot of traffic you might be billed more.


thanks... I revised the simulator, and indeed, I could have racked a serious bill 1-4k


Wouldn't something like DigitalOcean or Linode help? They are far more cheaper and you don't get weird random invoices from them.


just spun 2 cx21 servers with hetzner (20TB bandwidth + 1€ per extra TB)

thanks!


yes, I will change provider... paying for egress data on something that is meant for outbound connections is a bad idea...


My comment will certainly be dead, but I'll try replying anyway.

> the government has cut off or severely limited residential and especially mobile broadband access to the internet

How limited is the Internet access? As long as the network didn't go straight to "whitelist" mode, there may be ways to gain access to the blocked sites. Since you mentioned machines in data centers can still access the outside world, I guess it's still working in "blacklist" mode - only the sites they blocked are inaccessible.

As the rumor goes, Iran imported the censoring tech and equipment from PRC, so anything that works in China will most probably work in Iran.

V2ray and Vmess work in China because they disguise their protocols AND servers as normal web stuff. I wouldn't recommend Shadowsocks because the Chinese Great Firewall can now partially recognize it. If all things failed, HTTP proxies over TLS with legit Let's Encrypt certificates and client certificate authentication may be much more viable.

The Chinese guys also have tons of free proxies & VPN providers that are updated regularly stockpiled on GitHub, but most are documented in ambiguous language, such as these (I have no affiliation with any of them):

https://github.com/bannedbook/fanqiang https://github.com/Alvin9999/new-pac https://github.com/freefq/free https://github.com/anaer/Sub

My suggestion would be,

1. Search for such repositories on GitHub. The keyword you want to use is "翻墙", or go straight to the links listed above. You'll need to research their documents, or

2. Create an Issue stating your situation and that you need help.

I believe the owners of those repos may have the ability AND willingness to help you out.

And the communication part.... I used Matrix in China with the server placed abroad, and it worked very well, because it's working on top of HTTPS. Again, anything that seems normal web stuff have a higher chance of getting pass the censorship.

Be safe out there.


> I used Matrix in China with the server placed abroad, and it worked very well, because it's working on top of HTTPS.

Are the popular Matrix homeservers banned?


I hope that the protesting works and that it achieves freedom for Iranian women, Iranian LGBT and Iranians in general.

It seems not much has been said about the gay men regularly executed in Iran, by government or vigilante/honour killings. I'm just hoping the protests achieve something and that the protestors, after fighting for women's rights there, don't go on to continue executing gay people after all is said & done.


There's also DNS tunneling (dnstt) which is slow but probably harder to block


Posting here to add a mention of Signal-TLS-Proxy:

  https://signal.org/blog/run-a-proxy/
  https://github.com/signalapp/Signal-TLS-Proxy


Another thing i haven't seen mentioned yet here is ping/icmp tunnels. I have not played with them myself and don't claim any insight to its suitability in and of itself here. Just throwing another hopefully sticky idea at the wall. Maybe, it can be useful deployed in tandem with something else.


You mentioned because WhatsApp and related messaging services are blocked GSM and SMS has to be used to even speak to people within the country. Is there any Iranian specific messaging services to use as an alternative? Could self deploying something for friends and family be a good solution?


regarding V2Ray VMess and ShadowSocks, I believe you could directly create issues or contact their maintainers for help, they are willing to help since we have been fighting against THE FIREWALL for many years, there are lots of active communities.


yes, v2ray VMess shadowsocks is the best protocal in the world.


Attempting to share with a friend, this is amazing work.

Those in Brazil or other unstable countries should use this as a model and have something prepared before the worst happens.


What happened to starlink?


Terminals have to get in-country and there needs to be usable ground stations in the same cell as the terminal. Good luck getting a terminal to Tehran where the police are apparently gleefully destroying satellite dishes. Even if you got an intact terminal there's no ground station nearby.

StarLink has been given special dispensation to operate in Iran. This is not the same as air dropping a warehouse worth of terminals and setting up usable ground stations.


I believe there is no gateway (ground station) problem. It only needs to be in view of the satellite, not in the same cell, and even if there is no gateway in sight, laser backhaul is now operational (see starlink providing service in Antarctica now, https://techcrunch.com/2022/09/14/spacex-satellite-internet-...)

You do need to get the user terminals into the country, though. But once you do, they're easier to hide than a geostationary satellite dish.


A Starlink dish isn't much easier to hide than a Ka-band dish. It would be much easier to set up if taken down though since it's a phased array rather than parabolic. You're right that laser backhaul solves the ground station problem, so long as the track covering Iran has laser backhaul capability.


Too early for this but obviously Starlink's recently announced plans to start offering connectivity to phones in very remote areas would also work wonders for people in countries like Iran. The scale would be an issue obviously. But maybe combined with e.g. mesh networking, it would enable people to bypass government controls.

IMHO, this is the biggest threat to police states like Iran, North Korea, etc. in years. They are very dependent on controlling access to information and breaking through that threatens their power and they have treated the internet as an existential threat by raising firewalls and imposing very strict controls and limitations. However, phones are a weakness. At least so far.

Information is basically a weapon that can be used to influence large amounts of people. The Russians just used propaganda to sell their own population on a war that they wanted to start. That didn't just happen overnight; the propaganda started years ago. That would have been impossible without strict controls on media and freedom of press. Iran, Russia, North Korea, China, and a few other countries are at this point very dependent on controlling access to information. It's a strategic weakness that is exploitable. Break through the information blocks and things start changing.


Besides, installing a Starlink dish is rather visible from the outside and from aerial survey, besides radio-scanning (that most probably isn't happening):

https://www.businessinsider.com/spacex-starlink-internet-ukr...


The ground stations absolutely don’t need to be in the same cell. Have you seen the cells? They’re about 50km hexagons. There are 4 ground stations in australia


I wonder how internet quality scales of antenna size. Would a covert antenna with a quarter of the area of a regular antenna give you somewhat usable internet?


It would be possible for Starlink to make more covert antennas. The smaller antennas would just make for a higher noise floor which would lead to more dropped packets. Such an antenna would be usable just lower throughput than the normal antenna.


https://inckredible.com/offline-messaging-apps/

No internet required.


I have an idea, however I am inexperienced in networking or Opsec.

Would it be possible to setup a VPN inside Iran and for me to connect to this VPN, using my connection as a gateway?


Outline (getoitline.org) is this in reverse: you set up a Shadowsocks proxy outside Iran and distribute access to it inside Iran


[deleted]


If you are an American, it [edit] may be a crime to do so. Be careful.


https://www.ditto.live/


It seems that IP over avian carriers is trendy again.


[flagged]


Anything posted without explanation can be downvoted without explanation.


Would you care to develop on that? (either the reasons or why you don't agree with them)


Iranians are protesting and chanting "women, life, freedom". So are you saying that you're against those moral ideals?


woman is not a moral


Why are we downvoting someone's opinion? At least leave a rebuttal.


Because an opinion by itself doesn't add much to the discussion, if we don't know why that opinion is held.

As far as I understand it and as stated the post text up top, the protesters are protesting because a woman died in the custody of the Iranian morality police. That seems like a pretty good reason to protest. If there's more to the story and the protests are actually about something different, then it would be interesting to know what it is. As it is, the comment comes across as "I don't think the death of that woman is worth protesting about" which isn't a sentiment that I think is likely to get much sympathy here.


>Because an opinion by itself doesn't add much to the discussion

This is a misunderstanding in how downvotes work here.


We don't talk about down votes on hn "because it is boring" to dang. And because there is an incentive to downvote something which is downvoted. Lighter color indicates downvoted content. It shows reputation. As reputation precedes, people will downvote lighter colored text until someone asks why below it. In which case they will reconsider.


There are also a lot of HNers (myself included) who will upvote any comments they see that they think are unfairly downvoted, whether they agree or disagree with the comment. It creates a pretty good balancing effect. The end result is that comments that stay downvoted after having a decent number of eyeballs on them seem to usually deserve it.

A possible exception are hyper-contentious issues (Israel/Palestine for example), where the upvote/downvote count is just a reflection of which tribe has greater numbers on HN.


Funny how the women's rights situation in Iran became bad enough to prompt large scale protests within two weeks of Iran joining SCO. Not two months earlier. Not two months later. Just within weeks.


Yeah, murdering a woman for not wearing her hijab properly is just a western plot. Iranians can't possibly have any agency. Is that what you're saying?


People were being murdered for not wearing their hijab last year. The year before. The year before that. Why didn't large scale 'spontaneous' protests erupt at any point in that time period but instead happened right within 2 weeks of SCO membership...

> Iranians can't possibly have any agency. Is that what you're saying?

As someone who grew up in a country that had experienced FOUR US backed coups, multiple 'spontaneous people's movements' of the same nature, yes. That's precisely what Im saying.

The agency that the locals have in such situations is co-opted and subverted by the source that organizes the protests, leaving only a husk of their original intention represented by various symbolism and paraphernalia. The resulting government NEVER does anything in line with the original protests. The policies are always privatizing the nation's resources, setting up US bases, borrowing more from US-controlled financial institutions, reduction of labor protections, deregulation. The same ills that plague the US.

Even if one is not a student of geopolitics or has no knowledge of recent political history, he or she can easily tell who backed such a regime change operation by the resulting policies.


Surely it's not the first or the last time that this has happened or will happen again. I can smell the glowies from a thousand miles away.


You're just smelling what you want to smell.


This is the sixth occurrence of major protests in Iran in in five years.


How many of them were such large scale 'spontaneous' protests that were televised this much like this one...


This one is still on the small side, actually.


SCO? The country code for Scotland? The Santa Cruz Operation? What's SCO in this context? My (30 seconds of) searching turned up nothing plausible.


https://en.wikipedia.org/wiki/Shanghai_Cooperation_Organisat...

(Though I'm fairly sure the protests are unrelated)


I was thinking in South Colorado. Is a common problem with specialists using acronyms in a conversation for a wider audience.


try to search "iran join sco"


We all sympathize with the death of Mahsa Amini. However, don't be a fool and destabilize and destroy your own country at the hands of foreigners.

What do you intend to achieve with the chaos? Syria? Iraq? Afghanistan? Division of Iran into ethnic and religious enclaves? Because that is what the CIA/NSA/Mossad is working for.

I'm all for protests by and for Iranians but this is no longer something related to Iran.

And, you my dear sir, are of course a person working for foreign interests trying to get input from all of the tech people here who think they are doing good. You are not.

This is an attempt at a color revolution!


> This is an attempt at a color revolution!

Both parts benefit. Educating people how to avoid the government in a open and public forum has the collateral of educating the Iranian government (the only part holding real, unlimited access outside the country) into where to look for and what signals to catch. They will learn the tricks fast, so is unclear if this will be good or bad for the Iranian people in the end.

I wonder, just wondering... if hair is forbidden and so disturbing for the male in that country, women with a full shaved head could just appear in public in mass without neither hiding their head, nor breaking the law, and [in theory] avoiding the entire legal trap without frontally opposing the power. Right?.

"You don't stand women hair, is dirty and lascivious for you?, okay, hair is gone, will not hidden anymore the purple spots in my head where you hit me. Are you happy now, manchild?"

I know that things are not so simple, but... oblique seems the way to go.


I am unsure... looking at pictures of iran in 1970 and they look quite happy being progressive back then. I could easily believe that people want to get back to to a similar lifestyle.

also see the movies : "my teheran for sale" and "Persepolis"

as much as I hate USA foreign policy, it is also possible that Iranians want peace and freedom outside of foreign interests.

not everything is black and white.


You can sit there and intellectualise from the safety of your democracy, but until you've had your country ripped away from you, you have no idea what you're talking about.

It gets me so angry when people criticise the very freedom that allows them to do that criticising. It's like tautological self-harm.


Just my opinion but I think that non-interventionism should be promoted here. Especially when it comes to political situations like this. It’s a dangerous game.


I think non-interventionism is a good choice for governments that are addicted to foreign adventurism.

I think non-interventionism is a bad choice for individuals with the power to help people under repressive regimes communicate with the outside world.


"Of course, you know of the Prime Directive, which tells us that we have no right to interfere with the natural evolution of alien worlds. Now I have sworn to uphold it, but nevertheless I have disregarded that directive on more than one occasion because I thought it was the right thing to do. Now, if you are holding on to some temporal equivalent of that directive, then isn't it possible that you have an occasion here to make an exception, to help me to choose, because it's the right thing to do?"

Jean-Luc Picard


The prime directive is not for peer civilization. Iran is not on a stone age (yet).


Allow me to introduce you to:

https://en.m.wikipedia.org/wiki/Metaphor


The objection was to your metaphor.


A metaphor is never going to cleanly map from one situation across to another. If it did, we would have no need for the metaphor as we would just have two identical scenarios. The metaphor’s purpose is to elucidate insight in one matter by presenting another with some similarities.

If you’re going to object to a metaphor, I think you should do it on the grounds that it offers little to no insight into the situation. In my opinion, if you’re going to object to the above quote based on the fact that Iran is, in terms of infrastructure if not politically, well developed then you may as well also disregard it because Iranians are not an alien species and software developers are not captains of space ships.

To use another metaphor: you’re losing the forest for the trees. Please don’t object to this on the grounds that there is no foliage on the bridge of the USS Enterprise.


Your metaphor would work if we discussed whether or not to contact some isolated tribe in Amazon.

Then we could have discussed pro/cons of destroying someone way of life by introducing our civilization vs. turning a blind eye to the poor (by our standards) living conditions of the tribe.

Iran (even if you don't like its political system) is not it.


The metaphor obviously doesn’t resonate with you. It does resonate for myself and for 13 other people. I wish you well and hope you find something more to your liking.


It is very sad that facts do not matter just populism


No, it is sad that you cannot accept that people respond differently to different things. That two different viewpoints can exist and both be wrong and both be correct to varying degrees simultaneously. That one man's trash is another man's treasure. There is no "fact" in metaphor and story, only interpretation. It is not objective science. Rather ironically given the thread, you're acting as if you're the ayatollah of metaphor and that we should all just get in line and bow to your viewpoint.

What (I presume) you see in the quote:

- We have a rule not to interfere in *primitive* cultures.

- It is sometimes acceptable to break this rule when I feel it is morally right to do so.

When you read the quote, your emphasis is on the primitive. To you, the prime directive as a metaphor can only stretch to cover that. However, other people can take this advice and apply it in a more abstract way to many different areas of life. For example:

- We have a rule not to interfere in other cultures.

- We have rule not to interfere in other parts of the business.

- I have a rule not to interfere in other people’s affairs.

For example, the latter could form part of Kant’s Axe Murderer dilemma. You may think it is unacceptable to lie, but when faced with an axe murderer at the door looking for someone they intend to murder, you may choose to lie to save the intended victim. You may or may not class this as interference. You may go further and ring the police at which point I think you are interfering by most people's definition. Even though we are now talking about axe murderers and are very far away from primitive alien cultures, there is still a link between the two scenarios regarding rules around interference and when it is morally right to do so.

You could almost see this as a percentage scale, where 100% would be if a future space ship captain was debating whether to interfere in a primitive culture and 0% being do I want to get a bacon roll for breakfast tomorrow (e.g zero relevance). In this case, yes, your point about the amazonian tribe IS more relevant as it ticks more similarity boxes. Maybe it would score something like a 90% on the similarity scale. However, “we have a rule not to interfere in other cultures” is, in my mind, not too many percentage points off, maybe say 85%. To you it may be much less, say 30%. That’s fine, we are allowed to have different viewpoints.

The one thing I would say is that I personally feel that if you take a restrictive view of stories (which is what I would consider only allowing yourself to consider the prime directive relevant to primitive cultures) you are cutting off a lot of the richness of story telling. Writers want us to take their stories, be they set in the past, present and future, and relate it to our lives and current events. If you don’t do that, then what even is the point in taking the time to read them? Do you even feel a connection to the story? Do you feel it has enriched your life in any way? Are you really watching Star Trek in case you one day have to make an ethical decision on whether to interfere with an Amazonian tribe or do you feel that there are lessons within it that can be applied to more mundane and ordinary existences?


Thank you for your thoughtful answer. It is more than my comment deserves. I agree with most you said. I had to look up what is "Kant’s Axe Murderer dilemma".

I feel the same way that the best sci-fi is about us/our lives. Though disagree with conclusions --reasonable people can disagree-- if we would remove the god-like difference in power between groups then there were not the prime directive in the first place.

In practical terms, I don't expect any debate/morale dilemmas when we encounter isolated tribes -- they are likely to be exterminated for profit one way or another. The prevailing logic in practice: the might is right. Then the story can be spinned in whatever way to make it digestible by the public if necessary.


Don’t worry about it, it was my own fault for being a sarcastic bastard with

“Allow me to introduce you to:

https://en.m.wikipedia.org/wiki/Metaphor”

that set the wrong tone for this entire comment thread to begin with.

I agree that the Prime Directive of Star Trek is dependent on primitive species. I think that the Prime Directive of Life is to not interfere in other people’s business without good reason. In the case of Iran right now, if I had the skills (which I don’t) I’d be tempted to break the Prime Directive of Life because I think there are people there being killed and tortured for no reason other than it aids the men in power maintain their status and that doesn’t sit right with me. Obviously if you kill one monster you can’t be sure an even worse one won’t take its place but for me, I’d rather take my chances. I’ve got to have hope in humanity, that we can come together, that we can banish evil when we see it even if it takes us many attempts and that we can build better things in its place. I believe people should be free to live their lives however they wish so long as they are not hurting others.

Sadly, I feel you may be right on the “might is right” thing. In my opinion, Star Trek only works as a series due to the “universal replicator”. As a device, it allows for the creation of anything, thus there is no scarcity of resources and the entire planet is free to adopt an “abundancy mindset” rather than a “scarcity mindset”. With people no longer worried about survival or material possessions, people are free to pursue their passions and curiosities and focus on bettering themselves rather than competing to survive.

The Star Trek universe also only works because the federation have more technologically advanced weaponry than their ideological adversaries allowing them security and peace of mind. Of course, it is possible to achieve an abundance mindset without any replicator as many happy people alive today will demonstrate. But in what is an increasingly materialistic world, it may be the quickest way to achieve it globally. I don’t think this is going to look like a box that just makes things as in Star Trek. Instead it will be AI controlling many different machines and abundant renewable energy to power them. Maybe it will all go wrong with the singularity. Who knows!

Sadly, we know through the ancients that the “gods are eternal” so it is likely that, if we were able to create a similar utopia to that of Star Trek, we will still produce damaged people who seek war, power over others etc just as the advanced worlds of Star Trek have their own villainous characters. We would thus need to also have other systems well developed simultaneously, good health care systems, good education systems, good political systems etc. Maybe then we will have ascended to a place where we deal with our inner world in a manner that is non destructive to our external world and will be able to go to space as explorers rather than conquerors. If we go to space before this self mastery is achieved then it will be likely be the same old tragic self interested story.


It’s a dangerous game.

That it is. When their society has reached a tipping point where women are burning their hijabs in the street in front of massive groups and cameras I think they have decided to not hide in the shadows and are willing to sacrifice themselves for what they believe in. Many of them are likely to have unspeakable things done to them. I suspect they know the sacrifices they are making and willing to take risks. Godspeed to them.


How insane is it that women are risking death by burning a hijab, and as you say 'willing to sacrifice themselves for what they believe in'.

LISTER: Do you mean they had a war over whether the doughnut diner hats were red or blue?

HOLLY: Yeah. Most of them were killed fighting about that. It's daft really, innit?

LISTER: You're not kidding. They were supposed to be green.


They are risking death for not challenging the status quo.


I support non-interventionism as a default mode for public policy.

I also support the rights of private citizens living in a free society to act on their own behalf, however they see fit.

That's not a dangerous game, that's an excercise of the rights protected by the society they are part of.


It is not a game. Governments around the world, big and small have been seen turning internet off at the first sign of trouble. It only makes sense that we provide a way for the population to circumvent those efforts. As flawed as internet is, I still think it is worth defending and protecting from government overreach.

I will say even more. Other governments are watching and likely debating what could be used on their respective turfs. Something to think about.


Star-link + widespread mesh network nodes? Although, what about jammers?


I agree, but if you're never going to step foot in Iran and have no contacts there then I don't see why not.


Actually that’s a selfish way to look at it. You’re putting other peoples lives at risk inside the country. Anyone could easily decide to contribute compromised and malware infected VPN or TOR servers that will in actuality log traffic.


They are literally asking for help.


Unless you have a personal political opinion about it. I personally support Iran, I support the Iranian government (as an existing middle eastern democracy), and I support the Iranian people. I am against oppressive theocracies, and I support Iranian citizens doing what is necessary to loosen or free themselves from the hold of how they express their faith being dictated from above.

In my opinion, any methods to help Iranian people to help them shake this control that aren't covert Western attacks on Iran or Islam are a good thing. Helping the protestors to communicate with each other is one of the most neutral, anodyne things you can do. For me, legitimate government is created through discussions, plans, and agreements among the governed. Any disruption of that is despotism. Maybe, one day, Iranians will be helping us protest.


I don't see how providing internet connections to people in Iran constitutes intervention. What they do with those connections is up to them.


For what was supposed to be a spontaneous protest, this all seems incredibly well-coordinated. Certainly wouldn’t be the first time a foreign government used riots to influence government policy. Even further, Khamenei may not last the year and such riots could heavily influence the selection of his successor, offering a strong motive to any country looking to engage in such espionage.


So glad we can both appreciate how well organised mass protests can be when everyone works together.

If you're going to insinuate something else, I'd suggest you get some actual evidence first. Just saying "colour revolution" or whatever is intellectually lazy, as well as being dishonest and dismissive about people who are risking their lives and liberty.


It's also lazy because every spy agency is drawn to unrest in a rival country like a moth to a flame. Regardless of how pure a movement is, it will quickly attract foreign interest and influence as it grows. So this is ultimately just an easy way to dismiss any challenge to the status quo.


I can’t name a single insurrection in the past 300 years that didn’t have significant foreign financing and support from the beginning. America’s 1776 insurrection was heavily financed by the French. The 1918 Russian Revolution could not have been won without help from the Germans. Castro wasn’t going anywhere without Russian support. The Hong Kong protests were backed by the US. Israel destroyed Middle Eastern stability with the Arab Spring.

I just don’t know why this childlike notion that well-coordinated protests are organic persists. It may have been true in medieval times but not today. I can draw you a clear pattern of foreign interference in similar protests with hundreds of data points. Even if this one was completely organic, it would be a staggeringly outlying data point.


Your understanding of how the world works is simplistic and wrong. Happy for you and your datapoints, no need for the drawing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: