In this article I will talk about censorship and sanctions.
Photo from the site izvestia.kiev.ua
Censorship inevitably appears with the very first rudiments of state power. In many countries around the world, the government tends to block its citizens from accessing certain Internet domains or IP addresses. Some say: "This is necessary so that the culture remains healthy and moral values ​​are preserved." Porn sites and everything like that are blocked. Even in the US, you can find some domains that are closed to the general public - for example, sites that contain child pornography or content that runs counter to humanistic values.
')
But in Iran (and many other countries) things are different.
Many sites are blocked. We cannot access media resources (BBC, FoxNews, VOA), social networks (Twitter, Facebook), instant messengers (Telegram, WeChat, Kik, Snapchat), services like YouTube. Do not believe me, but we are not allowed even on some Sourceforge subdomains!
Why? Because the only way a totalitarian government can stay afloat. They sell VPN and proxy accounts themselves, but at the same time they spy on people and eliminate unwanted elements from the society for one or two. A friend you saw a few days ago may just disappear and you will never know what happened to him.
This filtering / cyber censorship system is a very profitable business, both for the state and non-governmental organizations, which earn much more than the ordinary IT company.
Sometimes you come across the fact that they severely limit the functionality of a service, for example, Telegram, in order to promote your own product. Moreover, it happens that they give some kind of complex arguments about why this is necessary. “He was made in Israel!” So what now? Or didn’t you use the weapons that you made in Israel when you were at war with Iraq (1980-1988)? Then no one spoke about this, but now it has begun.
Sometimes they organize attacks on SSL / TLS. Recently I read something similar about Kazakhstan:
HTTPS traffic is now listening there. That is, they officially expose their citizens to an intermediary attack.
Well, how does this all affect me as a developer? Well, you see, the systems that they use are imperfect. Sometimes you are left without access to services, without which it’s completely nowhere - the same GitHub. And why? Because the program that is filtering interrupted the connection to GitHub due to a crash or misconfiguration. Sometimes everything breaks down at the SSL handshake stage. Sometimes a handshake drags on for a very long time and still fails in the end. Sometimes CloudFlare refuses to work due to broken TCP packets.
Finding some new information is still a headache: neither YouTube, nor Reddit, nor Medium, Internet browsing through a stump deck, and so on. It's generally better not to talk about Internet speed - 200 kilobytes per second on home WI-FI.
Sanctions
If you follow the world news, you probably heard that sanctions were imposed against Iran because of its nuclear program. And although this is not limited to nuclear physics, many countries have supported US sanctions on Iran. Before this affects ordinary people, no one cares. People are worthless. So they think - and the Iranian government, and international structures like the United Nations.
People are dying of hunger and lack of medicine, the economy is falling apart, and all politicians have moved abroad with their children - they have no idea what is happening on the streets.
What is happening to us, employees of the IT sector? Sanctions. What are we missing? FOSS! Open source software! Do you understand?
A few months ago, the Slack team decided to join the sanctions. They simply deleted all users who became aware that they were from Iran. Without warning. A lot of people lost all the data stored on their Slack accounts, and no one was going to do anything about it. Some users from Iran have been living abroad for many years, someone does not even appear in Iran, but they also lost their accounts, along with everyone else. They wrote a lot about this on
Twitter .
And more . I think you rated the
scale .
It is difficult for us to get a MasterCard or VisaCard because of economic sanctions for banks. Accordingly, we can not register on AWS, buy something on Amazon or Ebay, pay the Google Store console, use most of the services.
Android dev throws an HTTP 403 error, Docker docs throws an HTTP 403 error, Bintray throws an HTTP 403 error, Schema.org throws an HTTP 403 error, and so on. A long
list of unavailable domains is published here.
Developer Experience
Perhaps you do not quite understand what I'm talking about. Imagine: you need to do something for your company with the help of a new technology that you are not familiar with at all. The first step is to find documentation to figure out how to get down to business.
You google the name of the technology and you are given a lot of sources, including links to official documentation. You click on the first link and suddenly this stupid ugly window pops up with the inscription: "You are subject to US sanctions and we cannot serve you."
You return to the results page, trying to find something else. You see several links to YouTube and Medium, but you know that both sites in your country are blocked or censored and it’s useless to visit them. I’m struck by a couple of answers to Stack Overflow, you go to the site. The question is about some advanced technology capabilities, and you don’t understand what is at stake. You have no choice but to return to Google and go to the second page. On the second-hundred-thousandth pages, nothing relevant is found.
You go to the boss and say: “Nothing will come of this technology. Pick up something else or close the project. " The next day you are already in search of a new job.
How do we deal?
We have to circumvent censorship and sanctions.
HTTP proxy
Proxies - one of the working solutions (at the moment - almost working). A good proxy is not easy to find, it is in principle unsafe to use any proxy and they do not open access to everything.
The list of domains to which I referred above is taken from a private proxy server, which is maintained by the community. It accepts only those domains that are listed in this file, but does not work with the rest. People have to make a lot of efforts to configure the system and use this proxy strictly for certain domains. And not all domains are contained there - the list grows when someone notices the lack of a website and draws the attention of the server owner to it. There is another limitation: this proxy does not open sites that are prohibited by censorship.
DNS proxy
There is also a DNS proxy, which is supported by the
Sharif University of Technology , which only opens sites that are subject to sanctions. But it is recommended by the government, which means the option is unsafe. On the main page, they published tutorials on how to configure the DNS server on the axis in order to point it to the proxy server. That is, all your DNS queries will be processed by the proxy server. Personally, I don’t like the idea that a third party (and one that is approved by the government) will track all my DNS queries. I am not going to change my DNS server from 1.1.1.1. on what they offer!
Public VPN Services
Not too safe, but a working solution. Both paid and free VPN services are usually promoted by the government. And the officials really catch all the requests to the last and investigate everything that seems suspicious to them. Of course, this jeopardizes both privacy and security.
All VPN services that are independent of the government are blocked, so you have to look for a new one two to three times a week.
Private VPN Services
A working and safe, but expensive solution.
There are also private VPN services that you can use. You can even create your own. They do not carry any threats and allow you to maintain privacy, but fly into a pretty penny. Not everyone can afford to pay an account or maintain their own private VPN service.
TOR project
The most reliable, but not the best solution.
TOR is a promising way to ensure privacy that clearly circumvents both sanctions and censorship. But there is a big problem with this - not all servers like to receive traffic from TOR. For example, CloudFlare is annoying when you access its servers through TOR. Google makes you go through numerous captcha. And some servers simply do not work with “suspicious” TOR TCP traffic.
In addition, the Iranian government tried to limit the connection to TOR, although they could never block it completely (only if they did not block all foreign servers!). But they do not allow direct connection to the TOR network.
Bridges.torproject.org comes in handy
here ! However, first you need to get to it somehow.
How did I survive?
I use a mixture of all of the above!
With
bind / named, I configured to send multiple domain requests to proxies through
shecan and
privoxy to tunnel all supported domains through
FOD, and others through TOR.
I also use GitHub to maintain and distribute TOR bridges to trusted people.
I just wanted to write about how difficult it is to do everything that people do every day, without even thinking! I bet you can't imagine the internet without YouTube. Your data has never been suddenly lost without prior notice. You can’t imagine how hard it is to survive in conditions of strong censorship and sanctions. You have no idea what it is like to wait for a VPN connection for more than 10 minutes, and then get a refusal!
The biggest pain is that “all this happens only because we live in Iran, where no one cares about people. Even people! ”