Forgot your password?
typodupeerror
Censorship Facebook Google Social Networks The Internet Twitter Yahoo! Your Rights Online

Iran Blocks 'Illegal' VPNs, Google, and Yahoo 176

Posted by timothy
from the governments-of-the-world-unite dept.
First time accepted submitter voul writes "Iran is at it again. Taking a page from China's playbook, Iran has moved to cut off illegal VPNs. 'Quite aware of the censorship they face, many Iranians use proxy servers over virtual private networks to circumvent government restrictions and mask their activities,' CNET reports. 'However, officials now say they have blocked use of the "illegal" tool.' Slashgear reports that users are 'unable to access social networks like Facebook and Twitter, or use services like Skype to make phone calls. Along with the blocking of the VPNs, the Iranian government have also blocked access to Google and Yahoo.'"
This discussion has been archived. No new comments can be posted.

Iran Blocks 'Illegal' VPNs, Google, and Yahoo

Comments Filter:
  • by Jah-Wren Ryel (80510) on Sunday March 10, 2013 @07:52PM (#43134059)

    So, we are going to handle the physical sanctions and the Iranian government is going to handle the internet sanctions. Sounds like a great plan!

  • ...and nothing of value was lost. (Unless you happen to live there, that is.)
    • Yeah if you lived in the Internet, how would you get back to Iran for food?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      ...and nothing of value was lost. (Unless you happen to live there, that is.)

      What was lost was a nation of people that could contribute their creativity to the rest of the internet. We have lost quite a lot.

  • by Anonymous Coward on Sunday March 10, 2013 @07:56PM (#43134079)

    Soon as MPAA realizes everyone went VPN to escape six strikes, they'll want a similar law here in the US

    Of course all corporate VPNs will be exempt as long as they're willing to report any "suspicious" activity

    • by Anonymous Coward

      Dang, how do I add to the score for this post. It's exactly what will befall the internet in all countries for various reasons. And, if you try to create your own mesh to escape the filters and controls you'll be shut down like a pirate radio station.

      • by julian67 (1022593)

        If you wish to boost the credibility of the post by expressing your support then it helps to begin your eulogy with a word other than "Dang".

    • They don't need to: these days, relatively few VPNs around the world can be trusted [torrentfreak.com] to not throw users under the bus at the first hint of trouble from the **AA or US government, and there's no way to really know whether the 'trustworthy' VPNs were being totally honest. Outlawing VPNs would drive the users to companies or resources that are less **AA/government-friendly; if they're smart about it, they'll mimic lobbyists by giving nice large gifts to helpful VPNs as tokens of their gratitude.

  • Heh. (Score:5, Interesting)

    by detritus. (46421) on Sunday March 10, 2013 @08:20PM (#43134165)

    Let's see them try to block SSH and have a functioning internet.

    • You can use SSH to create a SOCKS Application Proxy or a VPN. If you create a full VPN with SSH it is a bit slow because it uses TCP but is otherwise effective. It uses OpenSSH and the TUN driver. Plus, you might be able to set the SSH port to some more obscure, less used protocol.
      • Re:Heh. (Score:4, Interesting)

        by Skapare (16644) on Sunday March 10, 2013 @10:21PM (#43134799) Homepage

        And don't miss the opportunity to sockify a whole tunnel of TCP connections, instead of socksifying programs, to use with your ssh -D connection. The tun2socks program does this, and can do UDP with a remote side helper program.

        They will have to shut off ssh to block it. They might, but that ends up breaking a lot more stuff and getting more of their population angry at the government.

    • Well, they don't care whether it functions or not.
    • by ikaruga (2725453)
      I hardly consider an already heavily censored internet "functional". Still better than NK's, though.
  • by RussR42 (779993) on Sunday March 10, 2013 @08:26PM (#43134201)
    The Tehran Chronicle [tehranchronicle.com] article about this mentions recent bans on Facebook and Twitter, then has links to them both after the article...
  • If I did not know better I am not sure its really a bad thing

    • From what I've heard, as a VOIP service that's well-known & easy among non-techies, Skype is too useful for lower-income people that want/need to have long voice calls with people that live in a country that it costs a hefty amount to call. If worthwhile encryption is an option with it, then it could be particularly useful for finding out what's going on in reality (as opposed to government claims) from a trusted source without getting caught going onto "illegal" websites.

      Besides, Skype isn't near-impo

  • by Anonymous Coward

    ... Since they can only use Bing to search....

  • There are war mongers -- and then there's Slashdot,
    and I for one would like to keep it that way.

  • Is there a way for the world at large to help out, without imposing ourselves? Can we support efforts to provide technical workarounds? Can we find ways to make it harder - and costlier - for governments to censor their citizens?
    • by nomad63 (686331) on Sunday March 10, 2013 @08:56PM (#43134377)
      You can run a VPN server at your home. Those governments can only block so many IP addresses and they have the big VPN providers in their crosshairs. If you and another few thousand of you can spare few gigabytes per month from your bandwidth cap and somehow find a way to reach out to those people and direct them to use *your* VPN service (free of charge of course), you can safely say that you have done your part.
      • by Cito (1725214) on Sunday March 10, 2013 @09:05PM (#43134423) Homepage

        the largest "tool" that was blocked is Tor.

        Tor has thousands of exit nodes, and all were blocked, they don't have to block specific ports they use deep packet inspection to identify if it's a proxy request or direct request and can deny all which is why at the moment Tor don't work from Iran

        • by kasperd (592156)

          Tor has thousands of exit nodes, and all were blocked

          This makes no sense. The client isn't talking directly to the exit node. The exit node is communicating with the server, and when both are outside of Iran and their communication isn't going through Iran, then any blocking of the exit nodes by the Iranian regime, won't have any effect.

          They can try to block the communication between Tor clients and the entry point to the Tor network. But there are secret entry relays. A user can acquire a small list of

      • by Anonymous Coward on Sunday March 10, 2013 @09:53PM (#43134651)

        One problem with this: Iran has a history of doing Deep Packet inspection and dropping all encrypted connections (or at least, non-whitelisted encrypted connections). For now, obfsproxy gets around this. Running a simple VPN will not.

      • by cdp0 (1979036)

        Those governments can only block so many IP addresses and they have the big VPN providers in their crosshairs.

        You obviously haven't considered DPI. I have been to Iran in the past and OpenVPN to my own server in Europe was entirely blocked, no matter what protocol/port combination I used. I could see the initial packet exchange (tcpdump), and after a short while the connection was identified as illegal and dropped, and the protocol/port combination entirely blocked from there on.

        However, they did allow PPTP (possibly because it's so insecure), and SSH. As a side note, I haven't seen any try to do MITM on SSH.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      There's obfsproxy, a tool put out by the Tor project, designed to get around the Deep Packet inspection Iran was doing about a year ago or so. Running an obfsproxy tor bridge is probably one of the best things you can do to help. And for those not versed in Tor, running a bridge is NOT the same as running an exit node, nor does it come with the risk factor of mistaken identity resulting in excess hassling.

      https://www.torproject.org/projects/obfsproxy.html.en

    • Can we find ways to make it harder - and costlier - for governments to censor their citizens?

      That's kinda the whole point of Freenet, but you'd need an internet connection to the outside world for that to work. If governments and corporations keep interfering with the free flow of ideas over the internet, I'm sure a technical solution will found. Necessity is the mother of invention, after all. I wonder if in a few years when wireless networks become ubiquitous if we can abandon large ISPs altogether in favor of many decentralized services or some sort of peer-to-peer network.

  • by asserted (818761) on Sunday March 10, 2013 @09:33PM (#43134553)

    This seems inconsistent.

    So, of the three search engines only Google will actually use SSL, even if you go to http://google.com/ [google.com] the form is submitted over https. The other two not only won't do that, they will *downgrade* you to http even if you explicitly navigate to https://yahoo.com/ [yahoo.com] or https://bing.com/ [bing.com]. Iranians can easily use DPI to spy on Yahoo and Bing users, only Google presents a problem. So I'm not surprised Bing didn't get blocked, it's not clear to me why Yahoo did.

    The only explanation i see is that Iranian gov't is stupid - DPI is too hard, let's hijack the domains or blackhole a couple AS and go shopping (or shooting, or praying to almighty allah, or whatever). As to why Bing was left out, it's either
    a) Iranian gov't is stupid, they were just unaware of Bing's existence. Unlikely.
    b) Bing just doesn't work well enough in Arabic for the gov't to care. Also unlikely, given that Yahoo is powered by Bing and it got banned.
    c) they contacted Microsoft and reached some kind of a deal where Microsoft bends over backwards but doesn't get banned. getting caught dealing with Iranian gov't is a big risk for Microsoft, but the potential reward of being the only game in a not-so-small country of 75 million people (mostly young and active adults) is just too high.

    hmm...

    • by julian67 (1022593)

      Arabic? Iranians aren't Arabs. Their language is Farsi which, unlike Arabic, is one of the Indo-European languages.

      Your a,b,c conjectures are equally unrelated to anything factual or likely.

      • by asserted (818761)

        re: arabic vs farsi - aw, that's embarrassing. thanks for the correction.

        re: explanations as to why bing was left out - AC below suggested that bing was left out simply because it's just not popular enough. i don't know, it's still a major search engine which is bound to become popular real fast if it's not blocked when two of its competitors are. what do you think?

    • by cffrost (885375) on Sunday March 10, 2013 @11:09PM (#43135009) Homepage

      [O]f the three search engines only Google will actually use SSL, even if you go to http://google.com/ [google.com] the form is submitted over https. The other two not only won't do that, they will *downgrade* you to http even if you explicitly navigate to https://yahoo.com/ [yahoo.com] or https://bing.com/ [bing.com]. Iranians can easily use DPI to spy on Yahoo and Bing users, only Google presents a problem. So I'm not surprised Bing didn't get blocked, it's not clear to me why Yahoo did.

      https://duckduckgo.com/ [duckduckgo.com] and https://ixquick.com/ [ixquick.com] both support SSL/TLS. The latter allows viewing searched content through their embedded HTTPS proxy service.

  • I'm curious how this will affect BitCoin in Iran...
    My understanding is that any blocks generated in Iran after 20 hours (120 blocks) of a network split would be lost when the network rejoins. So even if no one tried a double spend attack, there could be "lost money" that has been spent.
    I realize that it isn't likely anyone here would know, but are there currently routes around the firewalls that people are using to avoid this situation. Or is BitCoin still connecting fine from within Iran?

    • by kasperd (592156)

      My understanding is that any blocks generated in Iran after 20 hours (120 blocks) of a network split would be lost when the network rejoins. So even if no one tried a double spend attack, there could be "lost money" that has been spent.

      I don't know enough about bitcoint to give a definitive answer. But it certainly is an aspect that could be handled. In case of double spending, there is obviously a need to decide which one is official. And the way bitcoint works, it would most likely be the one from the lar

  • by Anonymous Coward

    Why would you post anything on social networks if you lived in a country with a repressive government? It's bad enough in the civilised world, but if your government has bad habits surely you would censor yourself to avoid trouble with the authorities?

  • They are probably sniffing every network connection for that string (in multiple languages). Spring is just a few weeks away.

  • When retarded priests rule, there will be retarded laws.

    • by PopeRatzo (965947)

      aka: "The 13th Imamaluke".

    • by wmac1 (2478314)

      Wait until the media companies force the same to the US (they will reason that people use VPN to avoid ISP warnings).

    • They must have reasonably high IQs to still be in charge, and the law is clearly intended to help them stay that way; what they actually are is sickeningly controlling and unethical... Just slinging common insults like "retarded" reduces the conversation to the level of little kids that lack the vocabulary/maturity to be more specific on their own. Slashdot can do a hell of a lot better than that.

      • by PopeRatzo (965947)

        They must have reasonably high IQs to still be in charge

        You think the Kim's in North Korea have "reasonably high IQs"?

        Anyway, I didn't necessarily mean intellectually retarded.

  • As Russian "government" is fond of Iran, China and Syria, this practice will soon be implemented there. There were already voices to ban "circumvention" of recently introduced blacklist, meaning ban of VPN, proxy, TOR and any other technology which might be a nuisance for the ruling criminals.

  • by toby (759)
    Actually the serious crackdown on VPNs began as far back as 2005.

Some people have a great ambition: to build something that will last, at least until they've finished building it.

Working...