Bypassing Iran’s National Information Network (ShoMA)

Following my previous articles on Iran’s “filternet” and the new (sort of) National Network (ShoMA) which are both attempts from the government of Iran to block internet access for Iranians (officially just to create a “clean” Internet, free of security threats and un-Islamic content), this article suggests some options to bypass ShoMA. It may be a case of cat-and-mouse between being able to access a site to download the software in the first place, before you can then bypass ShoMA. The regime can’t block everything, so basically there will ALWAYS be a way to bypass ShoMA

There is much talk online by Iranians in supporting ShoMA! You must wonder if they are supported by or live in fear of the regime

I think as it’s impossible for the regime to block access to all Internet websites, ShoMA could perhaps be most effective (assuming you cannot bypass it) at throttling Internet access speeds to sites anywhere outside of the ShoMA Intranet.

Smartphone access

The Iranian regime is finding it hard to combat the massive market for smartphones accessing Western-based social media applications which the regime is trying to ban/block/discourage such as WhatsApp, Viber, and Telegram. More Iranians access the Internet via their smartphones than they do from PCs/laptops, etc. which mirrors how most people around the world access the Internet.

The regime is trying to encourage Iranians to use domestic equivalent applications via Iran’s equivalent to Google Play, for example, but why would anyone want to do that when they can continue to get access to the rest of the Internet and speak with friends outside of Iran?

Anonymous VPNs

Just Google for “iranian vpns” shows some likely providers which are popular in Iran right now (2016), such as the following:

  1. NordVPN
  2. IPVANISHVPN
  3. SAFERVPN
  4. VPN AREA
  5. VYPRVPN
  6. TorGuard VPN

Obvious/not-so-obvious features to look for in a good Anonymous VPN are:

  • SSL tunnels for encryption of traffic (not much point using a VPN if it cannot do this!).
  • “Stealth” features that will bypass DPI (Deep Packet Inspection) firewalls & unlike normal VPN traffic which can be filtered or blocked by an ISP, services will appear as regular HTTPS traffic making it virtually impossible to block (you will have the double protection of using a VPN and proxy). TorGuard’s Stealth VPN Service, for example, offers this. See here for details. You can view a video on this feature here.
  • Unlimited server switching and IP addresses.
  • Application support to run on your phone as well as your PC.
  • Use a combination of VPN and online stealthed proxy servers or use VPNs with Tor (very slow/may be blocked!).

Other previous popularly downloaded VPN software in Iran (some of which may now be blocked, so check!) by platform (Windows PC or Android) are/were:

Windows: 

  • Psiphon 3
  • Freedome
  • Hotspot Shield
  • Lantern
  • Ultrasurf
  • Freegate

Android:

  • Hotspot Shield
  • Psiphon
  • F-secure Freedom VPN
  • Rakhsh
  • Hola
  • Gospeed
  • Tunnelbar
  • ShellFire
  • GoVPN
  • Haftkhan VPN
  • FreeVPN In Touch
  • North Ghost Touch VPN
  • Your Freedom VPN
  • Globus VPN


Tor/Orbot

Tor is used less in Iran than previously, because it’s easier for the regime to block the traffic, and because the speeds are VERY SLOW, so VPN access will always be sought by Iranians in the balance between speed of access and security/anonymity. Tor may work even if standard VPNs, proxies, and SSH tunnels will not.

Online proxy servers

These are sites where you can either get in or get out of Iranian networks and are sites which the regime may try and block/the servers themselves may only be temporary. Typically comprise HTTP (for speed, not security) or HTTPS (for security) connections typically connecting via ports 8080; 80; 3128 or 8888. You simply set your browser to use the socket proxy settings so all traffic goes through that proxy. Some example sites that list Iranian proxy servers are:

SSH Tunnels

You may be able to access a server you already pay for and connect to it via the SSH (Secure Shell) protocol; you can then tunnel all your traffic via that server. If SSH connections are blocked, then you won’t be able to connect to the server.

DNS Filtering

This is least likely to work, but involves changing the DNS servers through which to request. Some Internet service providers have implemented filtering by changing their DNS servers to redirect requests for the blocked websites to another website. Examples include OpenDNS or Google public DNS servers, but these would be likely blocked by ShoMA.

Satellite access: a fantasy?

Assuming you can afford this expensive option and can get a subscription and a portable VSAT (Very Small Aperture Terminal), then satellite Internet access could be a way to bypass ShoMA, as the regime will not have access over satellite providers and they cannot disrupt or jam all such connections? VSATs are used in Internet cafes but you would need to present your national ID in such places…

The cost to purchase and run is very high and would need to be shared by many people to be affordable, so is maybe just a fantasy.

  

Iran’s “National Internet” Project: Doomed to Fail.

The National Internet aka Intranet

Iran has rolled out the start of the “National Internet” Project for all Iranian citizens to “enjoy”. According to Tasnim news agency, the national internet operates independently of all others networks (in other words, the Internet we all know and love)and is designed to operate domestically.

The national internet was started in 2005(delayed by increased costs and delays)and the final two phases are due to be completed by 2017. The second phase will add cutting-edge content such as videos. Expect that in February 2017. The third and final phase will include among other things, services for Iranian business with international services. Err…

Filternet: it’s all over

The previous attempt by the Iranian regime known as the “filternet” or the “smart web” (designed to limit access to the evil parts of the existing internet), has failed miserably because it is easy for Iranians to use proxy servers or VPN connections to get around the “filters” put in place by the regime.  

Mahmoud Vaezi: filternet was all his fault


Iran‘s Communications and Information Technology minister Mahmoud Vaezi was behind the smart web filtering project, but he now says that the “filternet” is inefficient. So, he’s really saying it has not worked. And it’s all his fault. You can see here that Vaezi thought “filternet” was a great success, while hypocritically using foreign companies to help set it up. Confused? No doubt Vaezi will have to wipe the egg off his face when not only the “filternet” but also the national internet, fails to stop Iranians from accessing sites on the WWW.

Iran seems fine with the hypocrisy that use of a Californian company’s SmartFilter was used in the development of “filternet”…

Why bother?

To replace “filternet”, the national internet is deliberately meant to create an isolated domestic intranet for Islamic content and also attempt to improve cyber security (by not exposing Iranians to the evil Western Internet).

Well, Iran’s president Hassan Rouhani thinks it will magically strengthen the independence of the country. At a meeting of the Supreme Council of Cyberspace, according to the Iranian Republic News Agency (IRNA), Rouhani said that Iranian independence is increased by “not relying on external information networks for internal communications in today’s world”.

Hassan Rouhani: backing the National Internet

Rouhani vainly tries to convince Iranians (no one is falling for it), that they will play a more active role in furthering Iran’s role in the world if Iranians get access to a, “national, trustworthy, stable, high-quality and secure network” (cyber security in Iran is a bit of a hot topic in a post-Stuxnet world).

What this really means is that Iranians are meant to only be able to access content that is delivered from within Iran, with all servers being based in Iran.

Don’t panic

Like the failure of the existing “filternet”, the “National Internet” will NOT be able to control Iranian access to the wider, “unclean” Internet. Why not? Well, if filters can be easily bypassed, so can this. If Iran cannot control use of Telegram for example (Telegram has no servers in Iran), does she really think control can be made otherwise? 

Less computer-literate people may not normally be able to access sites such as Facebook, Twitter, Flickr, YouTube, etc. but such sites can still be accessible using means such as described above.