Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.
It's simply not going to be possible to meaningfully use the Internet unauthenticated and unapproved in a few years. Costs to reach mass audiences online will increase until only the big players can do it, and it'll be their platforms or nothing. There's going to be no room for anything that those with millions and billions of dollars don't want or can't make money off of in some way.
Overall, this makes me want to reduce the role of the Internet and tech in my life. I don't need the fastest data plan, latest PC, newest phone, or whatever AI trend is hot to use the apps I need for daily life or to line up events and meetings with others that I actually know.
Some sources [0][1]
> I would guess it's at least a set of nationally managed DNS servers that will always resolve national IPs even if upstream global DNS is cut off.
Yep. Along with an entire ecosystem of domestically created and regulated search engines, DPI, centrally managed certs, AV, networking backbone, etc.
It's similar in intention to the Great Firewall in China, except much more restrictive.
Imagine corporate IT restrictions and posture being deployed nationwide on all endpoints, that's how these kind of initiatives tend to architected.
SSE/Zero Trust, DPI, Cert Mgmt, etc are all dual-use, and it's essentially a logistics and organization problem.
[0] - https://apps.dtic.mil/sti/pdfs/AD1107324.pdf
[1] - https://www.article19.org/data/files/medialibrary/38316/The-...
It is way more than just DNS.
> the only google service that did work at that time was google search as far as I know nothing else worked (no gmail, maps, etc.)
Yea, sounds like they resorted to a hard whitelist. How were other Internet services impacted in Iran? My understanding is payment is increasingly tap-to-pay or via digital wallets within Iran? How was that impacted during the shutdown?
This is defeatist. You're probably right 'for the masses' but there will always be those networking and collaborating and bypassing whatever restrictions get put in place. I have online contacts in 'firewalled' regimes that use v2ray/shadowsocks or whatever the thing of the now is to get around the restrictions.
There's a ton of cheap tools now that can be used for running local or citywide networks, hams have their own packet radio stuff. There's now all those new LoRa networks that only really popped up in the past few years.
What I'm trying to say is the stuff is there and it's accessible, but it's only going to be a minority of people that use it just as it's a small minority that comments on posts like this (people like us) and even smaller yet again that write content on how to do it and create those tools to begin with. But it has always been this way....
Exactly. This is why the tech has to be made resistant to surveillance and censorship by default. Until usage of alternative connectivity and circumvention methods sticks out as a sore thumb (turns out, for most tools it does), it applies a constant pressure on anyone under oppression to stop, increasing the risks for those who continue to use them.
We got basically three different things. First we got APRS, mostly used for position reports (go on aprs.fi for a map). That is pretty nice but unusable for anything more than a SMS worth of things, and you need repeaters and not just internet gateway collectors to actually have something that's resilient.
Next thing is AX25, the technical foundation behind APRS. Yes you can use it to create actual data links, but it's about modem speeds so virtually useless outside of toying around.
And finally there is HamNet but it's line of sight based and not cross routed to the internet, and identically to all things ham radio, encryption is banned by law.
And on top of that, you can expect regulatory agencies to crack down on ham radio fast and hard, should it be used for political dissency motives at scale. It's already against ham practice to talk politics, especially with people in repressive countries - we don't want more countries other than Yemen and North Korea to just blanket ban ham radio.
i.e. if there's a blanket ban, can you use your radio hidden in your house or can the government easily find out that the user they've noticed on the airwaves is located there and knock down your door?
I don’t understand this sentiment. For exchanging information, modem speeds were great. Wikipedia, forums like this one, instant messengers, etc all worked fine
I don't think so. It's just a question of the severity of the punishment for violating regulations. A couple of small fines for an unlicensed networking and collaborating - and there will be no one left.
>There's a ton of cheap tools now that can be used for running local or citywide networks, hams have their own packet radio stuff.
The issue has never been in the technical plane. The equipment for building and operating networks has become dozens of times more accessible over the past couple of decades. The problem is in the increasing number of regulations that purposefully lock all clients into a few select controlled service providers. They have a goal and they have the tools to achieve it, so it's only a matter of time before they reach the minority of network-enthusiasts.
it seems then that store-and-forward ad hoc p2p (ie extremely high unpredictable latency) is the only option for those who can reach some node with a connection to the outside (maybe laser near the border). or perhaps really clever steganography with outside partners assisting.
Starlink/Kuiper and the geostationary satellites are an alternative. Not perfect... but far better than *nothing*
You’ll be found on the internet too btw. But far more easily.
I feel like I’ve been hearing this for decades. During the initial wave of Napster-era piracy debates a lot of people assumed the end of the free internet was near because corporations wouldn’t allow it.
> It's simply not going to be possible to meaningfully use the Internet unauthenticated and unapproved in a few years.
I will take the opposite of that bet any day. Certain countries like Iran will impose their restrictions, but if you think the average country is going to restrict internet access in only a couple of years I don’t know what to say.
Not quite true. Wireguard is already actively detected and suppressed if necessary. There's already a fork that employs basic changes to improve the protocol in this regard. AmneziaWG was shown to be more robust to detection for now.
https://docs.amnezia.org/documentation/amnezia-wg/
Too bad managing WG is such a pain and Tailscale/Netbird don't support this protocol yet. The following two issues need attention:
We just upstreamed our patch to quinn-rs that pads Datagrams to MTU: https://github.com/quinn-rs/quinn/pull/2274
enable
configure terminal
router bgp <your-AS-number>
neighbor <neighbor-IP-address> shutdown
end
Easy
SMS everywhere is unencrypted
This is surprising to me. Surely iranian ISPs would have directly allocated IP space?
Or alternatively, surely Iran's gov would be in the routers and be able to blackhole any routes leaving the country?
(Fun fact about sanctions: the International Criminal Court is sanctioned away from Microsoft, so they can't legally get access to Windows or Office. This is because they prosecuted a war criminal the USA likes.)
naryJane•5h ago
justusthane•5h ago
I found the whole article to be unfortunately light on both technical details and practical details, and certainly wouldn’t suggest that anyone use it as a guide.
Vulturus•3h ago
immibis•2h ago
Matrix isn't meaningfully encrypted, so it's mostly irrelevant, hooray!
joecool1029•5h ago
Other stuff is weird in their post and suggests they are speaking for Iranians without actually knowing any online. I know a few from the Cellmapper community and SMS is very much not expensive. 1000 SMS costs around 0.03USD worst case: https://irancell.ir/en/p/3771/tariffs-and-voice-packages-en
Finally it's not really that Starlink uses proprietary encryption that's special. They can use any sort of common encryption standard and there's not much Iran can do but locate and seize the terminal since they don't have the keys to it. I imagine at some point they were start looking for signal emissions in known Starlink bands and use that to locate terminals. Allegedly Russia has a detection system 'Kalinka' already built: https://www.space.com/space-exploration/tech/russia-and-chin...