back to article Iran draws veil over secure internet access

The Tor Project is reporting Iran has blocked access to nearly all SSL/TLS traffic within its borders and is calling for help to break the embargo. In a site posting Jacob Appelbaum said that the problems had begun around 48 hours ago, with secure traffic slowing before being completely blocked on Iranian ISPs. Tor has …

COMMENTS

This topic is closed for new posts.
  1. NoneSuch Silver badge

    Better get used to it. Western governments are already accessing your data although they are not as blatant as the Iranians. They are charging people for posting innocuous comments on Twitter and Facebook even when there is no evidence of malicious action. It amazes me that various governments are requesting backdoors for Hotmail, GMail, Skype and RIM monitoring, but never threw up a fuss over HTTPS traffic. The only answer to that can be that they don't need too because they already have access to it. So by default, they know where you are going, what you are buying and what you are looking for online.

    but it is all for YOUR protection. Or so they say.

    1. stranger

      "never threw up a fuss over HTTPS traffic"

      man-in-the-middle-attack is their friend, but the problem with this approach is, it can only catch "live" data. If something haven't been transmitted after they started getting interested in you, then they can't catch it. That is why they want the backdoor access, to catch the _historical_ data that you have had access to.

    2. nexsphil

      indeed.

      Protection from what? Onions?

  2. Richard Cartledge
    Thumb Down

    Applebaum is the enemy.

    1. DaveK

      If Applebaum is your enemy ...

      ... you must work for or support a repressive government. Or perhaps the RIAA.

      1. This post has been deleted by its author

    2. Matt Bryant Silver badge
      Boffin

      RE: Applebaum is the enemy

      Debateable. His links to Wikileaks make him a suspected accessory in the Manning case, and he has worked with hacking groups before, but at the same time he has done work with "good" intent such as Tor (although Tor also presents a perfect, if unintentional ,opportunity for criminals as well). Either way, he hasn't actually been convicted of a criminal act yet that would class him as an "enemy", unlike A$$nut who has prior convictions. I suspect Applebaum may be misguided, egotistical, and probably a bit naive, but not really an "enemy". I haven't heard any blatently stupid statements accredited him like those that A$$nut has made (such as the "f*ck the grasses, they deserve it" comment), but it may just be I missed them. If you have any info on Applebaum to the contrary then please share.

    3. This post has been deleted by its author

  3. . 3

    Would be interested to hear how they are filtering the SSL traffic. If it's by port, then it's trivial for hosts to circumvent. If there's packet inspection going on then SSH port forwarding to a friendly proxy may be a good substitute? I doubt even a deranged government would attempt to block all ssh traffic on spec as too much stuff would break. They may as well just turn the whole WAN off and be done with it.

    1. DaveK

      Perhaps you underestimate the degree of their derangement.

      Everything is broken, according to the various references linked in the story; Gmail, FB, banking sites, everything. They just don't care what breaks as long as they can control everything that still works.

      1. Silverburn
        Black Helicopters

        @ DaveK

        Naturally the Imperialist terrorist dogs were monitoring Iranian SSL traffic, so their glorious leader switched it off. Deranged? Yep. And paranoid.

  4. Wanda Lust
    Holmes

    Don't upset the...

    Methinks that protests by Mr "Jacob Appelbaum" aren't going to be taken too seriously in old Tehran.

  5. Charles 9

    They're probably trying to break ALL encryption.

    This appears to be the inevitable path the most paranoid states are talking. The only way they can verify all traffic is to make sure they can read and analyze all of it. At some point, they'll probably consider any datastream they can't interpret to be suspect and look into it. And since most bitstreams can be interpreted as being something of some sort, that will limit covert communication options pretty much to steganography, which can only work in limited circumstances or you risk giving yourself away.

    1. Steve Evans

      My thoughts exactly... We can't read it, so it must be bad.

      Someone need to throw a big roll of cat5 over the border into a neighbouring stable country... Oh, yes, sorry, I see the problem now.

    2. JimC

      Paranoid States...

      As the old cliche goes, you're not paranoid if they really *are* all out to get you. And in the case of Iran...

  6. Tom Maddox Silver badge

    Wait for it . . .

    Cue the "Western governments are no better" comments in . . . dammit, too late.

  7. Curious

    Stenography HTTP proxies?

    If they were restricting by port, then it would only be because the engineers are trying to fake compliance while leaving loopholes available.

    Looks like they'll have to redevelop a version of tor that transmits data in other ways.

    Proxies that introduce image / video stenography, altered ip packet data, even packet timing to convey information.

    1. zoodle
      Childcatcher

      Stenography HTTP proxies?

      Why do secretaries need port blocking?

      stenography = shorthand typing

      steganography = concealing messages within other information

  8. The Man Who Fell To Earth Silver badge

    Idiots all around

    Tor has been easy to slow down/block for quite some time simply because so many idiots running Tor servers give them domain names like "I_am_a_tor_server.net" rather than innocuous names.

    1. Cucumber C Face
      Facepalm

      re: Idiots all around

      <snip>Tor has been easy to slow down/block for quite some time simply because so many idiots running Tor servers give them domain names like "I_am_a_tor_server.net"</snip>

      More simply anyone can go to sites linked to the organisation and download CSV files containing the IP addresses of all Tor exit nodes and relays e.g. http://torstatus.blutmagie.de/

      1. This post has been deleted by its author

  9. Bill Neal
    Happy

    Draws veil...

    the Camel Hair Curtain? tm

    tm for free unlimited use on the register, of course. Forget it... GPL everyone jump in!

  10. 0_Flybert_0
    Mushroom

    I have an idea ..

    there can not be that many backbone network feeds from but a few Global Tier 1 routers going into Iran ..

    just cut Iran off from the backbones for a time .. no usable internet outside the country .. no email

    they want to live behind a firewall, let's help them out

    1. stranger
      Thumb Down

      Re: I have an idea ..

      the problem; the government make a decision to invade the privacy of its people.

      Your solution, cut the _people_ off the internet.... to teach the _government_ a lesson? You do realize that the _government_ is the one that wants to build the firewall, not the people? You see, the government have a problem with the _people_ having free (not in free beer) access to the internet, not the other way around.

  11. This post has been deleted by its author

  12. This post has been deleted by its author

    1. The Man Who Fell To Earth Silver badge
      Mushroom

      @Turgut Kalfaoglu

      Typical of dictators. Blame someone else for your problems. Remember, Iran is in the political situation it is because the theocracy there believed in "one man, one vote, but only once" in the early 1980's. And their continued grip tightening by their "thought police" is because even their own people by & large hate those running the place. Iran is in the economic situation they are in because they were caught red handed violating their non-proliferation treaty obligations. Those obligations required them to tell the world they were going to enrich uranium BEFORE they started doing so, but which they did secretly for quite a while and only unveiled their clandestine program days before the IAEA was going to publicly reveal it had caught them red handed in violation of their treaty obligations. Hence the reason even the Russians and Chinese don't trust the Iranian government, much less the rest of the world nor their own people. But it's always easier for a dictator to distract the sheeple by blaming some external boogey man, than it is for the dictator to govern competently.

      1. Local Group
        Mushroom

        @ The Man Who Fell To Earth

        So Israel has no nuclear weapons, because if they did, their non-proliferation treaty obligations would require them to tell the world they were going to enrich uranium before Vanunu said they had. Or maybe Israel, by not signing the non-proliferation treaty, has a 'get out of jail' free pass and is in good standing with everybody because they didn't sign it. Or maybe Israel is 'grandfathered' in the nuclear 'good old boys' club because it's been at the same location for 5000 years.

        Or maybe we only want Friend's of West to have the bomb, we don't care how they get it, and we'll drop the Bull $hit Bomb on everybody else.

        1. Matt Bryant Silver badge
          Facepalm

          RE: @ The Man Who Fell To Earth

          "....their non-proliferation treaty obligations...." Erm, think you'll find that Israel has never signed the NPT, unlike Iran (http://en.wikipedia.org/wiki/Nuclear_Non-Proliferation_Treaty#India.2C_Israel.2C_and_Pakistan) . Well, if you did some reading before ranting.

          1. Local Group
            Pint

            @Matt Potter and the Policy of Opacity

            Sir Dude:

            Here's what I said in the post you reference.

            "So Israel has no nuclear weapons, because if they did, their non-proliferation treaty obligations would require them to tell the world they were going to enrich uranium before Vanunu said they had.******* Or maybe Israel, by not signing the non-proliferation treaty, has a 'get out of jail' free pass and is in good standing with everybody because they didn't sign it.******* Here's what Wikipedia said in the citation you sent to me.

            "More countries have ratified the NPT than any other arms limitation and disarmament agreement, a testament to the Treaty's significance.[1] Four non-parties to the treaty are known or believed to possess nuclear weapons: India, Pakistan and North Korea have openly tested and declared that they possess nuclear weapons, while Israel has had a policy of opacity regarding its own nuclear weapons program. North Korea acceded to the treaty in 1985, but never etc.

            There's not a farthing's worth of difference between what I said and what your citation says.  Quite a foursome Israel finds itself in. North Korea is plainly nuts. Check out India and Pakistan's nuttiness here.

            http://m.wimp.com/indiapakistan/

            I'll show you my opacity if you show me yours. :o)

            1. Matt Bryant Silver badge
              Facepalm

              RE: @Matt Potter and the Policy of Opacity

              I was merely pointing out that your kneejerk, anti-Semitic response of trying to tar Israel was silly seeing as Israel has not signed the NPT, whereas Iran has. Plenty of smarter people have already tried the lawfare angle on Israel's nukes and come away emptyhanded, so I suggest you forget that silliness. It is also not surprising that the Iranians have gone for an information lockdown in the week before Ahm-Mad-In-A-Dinnerjacket makes some "big announcement", probably some unfounded claim to having a working nuke weapon. The Iranians will not want any info to the contrary leaking out.

              1. Local Group
                Unhappy

                “For the powerful, crimes are those that others commit.”

                Sir. All I did was point out that Iran had signed the NPT, while Israel had not. Yet Iran's cage is being mightily rattled, while Israel has a standing invitation for tea and cake.

                You, Sir, would clepe me an anti-Semite if I dared to complain about bus service in Jerusalem.

                "Loyality to Israel always. Loyality to Israel's government when it deserves it."

                Nevertheless, Matt, Happy Valentine's Day. :-)

                1. Matt Bryant Silver badge
                  FAIL

                  Re: “For the powerful, crimes are those that others commit.”

                  "....Iran had signed the NPT, while Israel had not...." Yet failed to draw the correct conclusion from that - i.e., that Iran has broken the terms of an international treaty whilst Israel has not - by implying they are just as bad as each other. You also forgot to mention that Iran's great "scientific breakthrough" is nothing more than than copying the work of another non-NPT nation, Pakistan, and another international pariah, North Korea (which attempted to gain the advantages of the NPT, played at meeting the requirements, then ducked out in 2003). In short, comparing Iran and Israel on nukes is poor judgement and likely based on prejudice rather than an understanding of the NPT and its obligations.

                2. Matt Bryant Silver badge
                  Pirate

                  Re: “For the powerful, crimes are those that others commit.”

                  Forgot to add, your own driving ideal seems to be "unquestioning cirticism of America and her allies, of capitalism, and unquestionig support for her enemies, always". I have to wonder what experience (or simply lack of) made you so anti-Yank?

                  1. Local Group
                    Happy

                    Re: Re: “For the powerful, crimes are those that others commit.”

                    Here are the words of men who know whereof they speak:

                    True patriotism sometimes requires of men to act exactly contrary, at one period, to that which it does at another, and the motive which impels them is the desire to do right is precisely the same.

                    Robert E. Lee, Letter to General P. G. T. Beauregard, October 3, 1865

                    "My country, right or wrong," is a thing that no patriot would think of saying except in a desperate case. It is like saying, "My mother, drunk or sober."

                    G. K. Chesterton

                    I presume you know a thing or two about 'drunk and sober'.

                    You know, I must have seen Rosamund Pike in P&P, but for some reason I was paying too much attention to Keira Knightly, I didn't notice Rosamund at all. (did you date her?)

                    I came to el reg and first read you just about the time I saw Mr Bean goes to the swimming pool. Now, whenever see your post or your name, I see Mr Bean naked with his hands crossed in front of him, hiding his thing.

                    I'm anxious to acquaint you with my storied patriotism. It's not one you hear about in pubs -- even for someone who spends as much time in them as you do.

                    Congenital modesty prevents me from blabbing about it in front of the tough assemblage here. :-)

                    1. Matt Bryant Silver badge
                      FAIL

                      Re: Re: Re: “For the powerful, crimes are those that others commit.”

                      <Yawn> Ooh, instead of falling back on films, LG is now regurgitating the words of others! Is this supposed to make us believe he is somehow cultured and knowledgeable? It's not working.

                      "....I presume you know a thing or two about 'drunk and sober'...." Quite a bit, thanks. I - unlike you, LG - am of an age where drinking is legal. Still think you're a result of hard drug abuse, though, and probably an inherited habit.

                      Once again, LG has run out of "arguments". It would be nice to see him even manage two posts in a thread related to the topic.

                      1. Local Group
                        Happy

                        Still putting down the movies, Matt? That wouldn't be because they won't let you in without your Mum?

                        "I presume you kinow a thing or two about 'drunk and sober'. Quite a bit, thanks." That's what I hear from the folks at Alcoholics Anonymous. Almost two years sober. For tweenager. Congrats.

                        El reg is intellegent and funny without you, but I kinda miss the foolishness you lend the conversation. Glad your'e back. :-)

                  2. Local Group
                    Angel

                    Permit me to respond to your charges of sedition and treason

                    May 30, my birthday, used to be Memorial Day in America.   What Easter is to Christmas, May 30 was to the Fourth of July.  The honor of being born on such a day was not wasted on me.

                    In the mid 50's when I was in high school, I often stayed up late on Friday and Saturday nights to watch black and white movies on black and white tv. When the movies were over at about 12:30 am, the station would go off the air. But before it signed off, it played the Star Spangled Banner and showed a black and white American flag waving in the breeze.  I would always stand up --- usually in underwear -- when I saw the flag and heard the anthem and never switch off the set until the last note.  (When I was in England, I remember seeing your countrymen tripping all over each other to get out of Covent Garden before they played God Save The Queen.)

                    A public display occurred when I returned from Amsterdam in 1963. I had been in Europe for over 2 months and had caught some sort of upper respiratory thingy in Zurich.  I was tired and sick and just wanted to get back to New York.  I had a habit when I flew, to sit near the door so I could be the first person out of the plane and the first to get my bag.  Which I was. And first at the door to the room with the custom agents.  The door was thrown open.  I was elated at being home. I was first to enter the large room with a dozen agents watching the passengers. Moving at a quick walk and carrying my bag, I walked past a large American Flag. I grabbed the lower corner of the flag and kissed it in front of all the custom agents and a hundred and fifty fellow passengers most of whom were looking at me as I was quite dashing in those days.

                    "Pray tell me sir, whose dog are you?". : o)

                    1963 and the years to follow changed my view of everything. Let me know if that piques your curiosity.

                    1. Local Group
                      Thumb Down

                      @Matt: This is probably a lot more than you want to know :-)

                      So about 3 or 4 months after my display at Idlewild Airport, Kennedy was assassinated and they renamed Idlewild, JFK.  The assassination was the work of the anti-communist war party, imho. The military industrial complex, Eisenhower had warned us about.

                      Johnson played it cool about expanding the war. He ran as a peace candidate in 1964, saying, "I won't send American boys to do the fighting for Asian troops." Then he sent a lot.

                      By 1967 there were over 200,000 civilian casualties in Viet Nam.

                      On the evening of  December 2, 1967, I took a drug called artificial mescaline, which was part amphetamine and part animal tranquilizer. On the walk home at 5 in the morning, voices appeared in my head and we discussed the war. The voices convinced me that the war was my fault, that I should go up to the roof of my brownstone when I got home, where further instructions would be waiting.

                      I don't remember anything after going up on the roof. I woke up in the ICU of Columbus Cabrini hospital with my left leg in traction for 7 weeks.  I was discharged on January 25, 1968 and immediately arrested by the NYC police for possession of pot they had found while looking for my family's phone number.

                      Released in my own recognizance, I later got off as the police had entered without a warrant.

                      5 days after I left the hospital, the Tet offensive began.

                      Admit it, Matt, you couldn't make up shit like that.

                      1. Matt Bryant Silver badge
                        FAIL

                        Re: @Matt: This is probably a lot more than you want to know :-)

                        ".....Kennedy was assassinated...." Bingo! Prediction of hippy deification of JFK right on the nail! And followed by the usually conspiracy theory drivel. You, sir, have just lost any of what remained of the credibility you may have held here.

                        ".....Johnson played it cool about expanding the war....." Neatly avoiding the fact that it was JFK that switched the focus of anti-Communist policy from Laos to Viet Nam. As eraly as 1961, JFK was ending more andf more troops as "advisers", including US Sepcial Forces, and plenty of other war material. Trying to blame the escalation on Johnson is is just blind faith in the "godlike JFK". Not surprised you missed history class, where you smoking something under the bleachers? Guess you also missed out on the fact that JFL also continued pushing Eisenhower's anti-Commie policy in Latin America, particularly the CIA's assassination agenda.

                        ".....I took a drug called artificial mescaline...." The bit of your story where you admit taking mind-altering drugs is probably about the only bit I believe.

                        "......Admit it, Matt, you couldn't make up shit like that." Oh, I believe the drugs bit, and probably some cranial impacts also helping you to the state you're in today.

                    2. Matt Bryant Silver badge
                      Facepalm

                      Re: Permit me to respond to your charges of sedition and treason

                      "......Let me know if that piques your curiosity." No, but I'm sure there are plenty of psychiatrists out there that would love to write papers about your delusions. Surprise, still nowhere close to the forum topic.

                      So, what could have upset you in 1963? Can't have been Kennedy banning travel to Cuba, all you hippies have taken to deifying JFK. Was it the debut of Iron Man? Did that story of a millionaire using industrial might to right wrongs upset your comviction that all "rich people" are evil? It must have been the debut of General Hospital on ABC, longterm exposure to that kind of tosh probably would explain the drug habit.

                      I know! It was the introductuion of ZIP codes! Another dastardly government interference in the freedom of the US postal system!

                      1. Local Group

                        Re: Re: Permit me to respond to your charges of sedition and treason

                        Yes, the assassination of Kennedy was upseting way back in 1963. But probably not as upseting for me as this story from a couple of days ago is for you.

                        http://www.asiantribune.com/news/2012/02/19/implications-iranian-afghan-leaders-visit-pak

                        Looks like we have China, Russia, India, Turkey, Syria, Pakistan and Afganistan lined up on Iran's side. With America, Canada, England, Luxembourg, Lichtenstein, and Monaco on the other side.

                        I was right all along: "Oceania has always been at war with Eastasia."

                        Yes, I know this doesn't have anything to do with Proview v Apple. But then neither did your "cultured and knowledgable" introductiuon of Iron Man into the mix

                        1. Matt Bryant Silver badge
                          Facepalm

                          Re: Re: Re: Permit me to respond to your charges of sedition and treason

                          ".....this story from a couple of days ago...." Think you completelty misunderstood the article, no-one is "siding" with Iran, and definately not Afghanistan. They simply want the Iranians to stop funding the Taleban, as the mullahs have been doing for years:

                          http://www.liveleak.com/view?i=797_1180490779

                          http://abcnews.go.com/blogs/headlines/2007/06/document_iran_c/

                          http://www.metacafe.com/watch/5176067/report_iran_funding_taliban_to_kill_u_s_troops/

                          1. Local Group

                            Re: Re: Re: Re: Permit me to respond to your charges of sedition and treason

                            Thank you for your snark-free reply.

                            I apologize for linking you to, what is probably, an article in the worst English ever. Although it does say this in the recapitulative last paragraph: "In short Pakistan, Afghanistan and Iran should make a joint effort to extend their cooperation with each other and other regional countries like China, Russia, Turkey, Sri Lanka and Nepal.

                            This is the article I wanted to send you by Nicholas Burn

                            "India's support for Iran threatens its US relationship and global leadership role

                            India's statement that it will continue to purchase oil from Iran is a major setback for the US attempt to isolate the Iranian government over the nuclear issue. It's also bitterly disappointing news for those of us who have championed a close relationship with India."

                            http://www.csmonitor.com/Commentary/Opinion/2012/0214/India-s-support-for-Iran-threatens-its-US-relationship-and-global-leadership-role

  13. (AMPC) Anonymous and mostly paranoid coward
    Black Helicopters

    Preparations for cyber war defense ?

    Maybe they are trying to see just how good of a handle they have on their "national" internet. If they can successfully "break" all encrypted https traffic and sites that rely on it, perhaps the next step will be to selectively (or globally) shut down all other site traffic (except for approved "ayatollah-state" traffic). They might even be working on some kind of kill switch.

    However unless they completely unplugged the country, this too would be circumvented quickly enough once the manure hit the proverbial..... (time to start marketing sat phones).

    The Iranians have had plenty of opportunities to watch how neighboring dictatorships attempted (and failed) to shut off their own internet during periods of unrest. Perhaps they are working on their own silver bullet. Could be interesting to watch.

    And before I forget, remember that WW III has been scheduled for December 2012 (just after the election, that is). So that doesn't leave these boys much time. And you certainly can't make an omelette without breaking eggs.

  14. Anonymous Coward
    Anonymous Coward

    Over all

    Anything can be run over anything at the moment, until traffic interception and inspection, such as we have in the UK from our own government, gets better and smarter. Looking for payloads or tunnels or checking against samples made from verified internal users.

    If Iran block all SSL, https, deep packet inspect all http traffic and block anything not matching filters , there is no reason you can't tunnel using real life websites on plain html. It's just a matter of finding something with a large bandwidth that is legit and then tunneling through that with a middle man OR providing a layer of legit traffic above the blocked.

    The time delay alone lets you provide fake traffic from allowed websites and services because the filters cannot keep up or just have to block everything and anything. Hacking into one legit site is enough to allow all traffic to pass through it. One video could contain all the tweets for thousands of people.

    1. Charles 9

      Counter

      Suppose the only sites with sufficient bandwidth all belong to the state? Suppose all legit traffic is tested for covert on-the-fly alteration or mangled to squelch stego (think something like an Opera Turbo proxy, only geared to control stego).

  15. Drew V.

    Does I2P still work? Technically speaking just as easy to block as Tor, but

    1) less visible in the media so they may not be looking for this traffic, and

    2) there is no list of the IP addresses of the relays. Everyone who downloads I2P becomes a relay by default (whereas with Tor, only a select few make the effort of becoming a relay.)

    I2P has been growing steadily lately, up to 12,000 users (i.e. relays) now.

  16. John Robson Silver badge

    DNS based VPN?

    Send data as a query, the TXT response is the reply.

    I know it sucks from a latency/throughput/reliability perspective. But to try and kill DNS is a pretty interesting proposition, even for Iran...

  17. DoctorNine

    Spy vs. Spy

    Time to invest in an Iridium Access Point?

    http://www.ts2.pl/en/Iridium-AxcessPoint

This topic is closed for new posts.

Other stories you might like