I wish this article went into more details on what the "National Information Network" is. I would guess it's at least a set of nationally managed DNS servers that will always resolve national IPs even if upstream global DNS is cut off.
Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.
It's simply not going to be possible to meaningfully use the Internet unauthenticated and unapproved in a few years. Costs to reach mass audiences online will increase until only the big players can do it, and it'll be their platforms or nothing. There's going to be no room for anything that those with millions and billions of dollars don't want or can't make money off of in some way.
Overall, this makes me want to reduce the role of the Internet and tech in my life. I don't need the fastest data plan, latest PC, newest phone, or whatever AI trend is hot to use the apps I need for daily life or to line up events and meetings with others that I actually know.
> Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.
This is defeatist. You're probably right 'for the masses' but there will always be those networking and collaborating and bypassing whatever restrictions get put in place. I have online contacts in 'firewalled' regimes that use v2ray/shadowsocks or whatever the thing of the now is to get around the restrictions.
There's a ton of cheap tools now that can be used for running local or citywide networks, hams have their own packet radio stuff. There's now all those new LoRa networks that only really popped up in the past few years.
What I'm trying to say is the stuff is there and it's accessible, but it's only going to be a minority of people that use it just as it's a small minority that comments on posts like this (people like us) and even smaller yet again that write content on how to do it and create those tools to begin with. But it has always been this way....
>there will always be those networking and collaborating and bypassing whatever restrictions get put in place.
I don't think so. It's just a question of the severity of the punishment for violating regulations. A couple of small fines for an unlicensed networking and collaborating - and there will be no one left.
>There's a ton of cheap tools now that can be used for running local or citywide networks, hams have their own packet radio stuff.
The issue has never been in the technical plane. The equipment for building and operating networks has become dozens of times more accessible over the past couple of decades. The problem is in the increasing number of regulations that purposefully lock all clients into a few select controlled service providers. They have a goal and they have the tools to achieve it, so it's only a matter of time before they reach the minority of network-enthusiasts.
> It's just a question of the severity of the punishment for violating regulations. A couple of small fines for an unlicensed networking and collaborating - and there will be no one left.
I don't think you give people enough credit. There have been dissidents in totalitarian regimes the world over, even when the punishment was death or being sent to a labour camp.
You might think that unlicenced networking isn't important enough, but I think many people would see it as the start of China-like censorship. Especially now that we've had decades of a mostly-free Internet, I don't think people will react kindly to politicians taking it away.
I dunno, the reaction to the anti-porn laws in Texas haven’t gotten too much pushback, as far as I’m aware. Sure, keeping kids off porn is good, but do you trust the Christian nationalist government of Texas to only define porn as the thing that needs logged identification?
> What I'm trying to say is the stuff is there and it's accessible, but it's only going to be a minority of people that use it
Exactly. This is why the tech has to be made resistant to surveillance and censorship by default. Until usage of alternative connectivity and circumvention methods sticks out as a sore thumb (turns out, for most tools it does), it applies a constant pressure on anyone under oppression to stop, increasing the risks for those who continue to use them.
it seems to me that a nation determined to control wired network traffic within its borders cannot be circumvented. if they can control the ISPs and observe packet flows then they can just obstruct any connection they cannot conclusively prove is acceptable.
it seems then that store-and-forward ad hoc p2p (ie extremely high unpredictable latency) is the only option for those who can reach some node with a connection to the outside (maybe laser near the border). or perhaps really clever steganography with outside partners assisting.
does that mean the authorities can’t locate someone transmitting or receiving to/from starlink? in many places the consequences of detection could be dire…
I don't think personal reprisal because you posted something critical is generally the most scalable or realistic concern. It seems far easier to just let citizens know that if they're disruptive, you don't have protections; for everyone else, who knows if others can even see what you post?
The current american administration clearly wants to stamp down on disruption, too. If they can't deport us I think they'd be fine with prison or working us to death. Future administrations won't be so dumb to think this is just related to criticizing Israel, either, but anything.... disruptive.
We got basically three different things. First we got APRS, mostly used for position reports (go on aprs.fi for a map). That is pretty nice but unusable for anything more than a SMS worth of things, and you need repeaters and not just internet gateway collectors to actually have something that's resilient.
Next thing is AX25, the technical foundation behind APRS. Yes you can use it to create actual data links, but it's about modem speeds so virtually useless outside of toying around.
And finally there is HamNet but it's line of sight based and not cross routed to the internet, and identically to all things ham radio, encryption is banned by law.
And on top of that, you can expect regulatory agencies to crack down on ham radio fast and hard, should it be used for political dissency motives at scale. It's already against ham practice to talk politics, especially with people in repressive countries - we don't want more countries other than Yemen and North Korea to just blanket ban ham radio.
Am I right to assume that it's easy to locate the source of ham radio signals?
i.e. if there's a blanket ban, can you use your radio hidden in your house or can the government easily find out that the user they've noticed on the airwaves is located there and knock down your door?
The units used for detecting and locating clandestine transmitters started WW2 as large truck mounted facilities to hand carried units (with antennas) that fit inside suitcase-sized containers.
Modern ham groups engage in transmitter hunting as part of organized events. Bunny hunting and fox hunting are alternate names for such activities.
> can the government easily find out that the user they've noticed on the airwaves is located there and knock down your door?
Sadly, yes. A bunch of SDRs spread over the whole country with precise clocks or a scheme like the one used in ADS-B MLAT reception (that's based on using the internal SDR clocks without requiring precise clocks on the host) is enough to use multilateration to hone in on any kind of signal, even looking up in raw signals in the past.
If I were to guess, I'd assume that even in nominal democracies the secret agencies are already running such monitoring stations so it's probably already the case that, should need be, all communications can be triangulated.
The HF bands are all small enough to be sampled whole with a single cheap RTL-SDR each, a KiwiSDR can sample literally all of them at the same time, only the VHF/UHF bands need more dedicated equipment (e.g. a BladeRF) - all of that is inside the range that hobbyists can easily afford.
> but it's about modem speeds so virtually useless outside of toying around.
I don’t understand this sentiment. For exchanging information, modem speeds were great. Wikipedia, forums like this one, instant messengers, etc all worked fine
If we go back to 1990's tech (example: BBSes, IRC, gopher, HTTP sites with little to no javascript), possibly fine. Today I see static web sites built with heavyweight JS frameworks that load multiple megabytes. You'll be waiting for minutes.
> Wikipedia, forums like this one, instant messengers, etc all worked fine
The problem is, websites got wasteful. You're not going to get any modern website - including Wikipedia - to load in anything close to usable waiting times over a modem speed constraints. HN and maybe Old Reddit are an exception but HN is a niche forum and Old Reddit is probably going to get dumped once Reddit manages to port over all features that were only exclusive to Old Reddit for like six years or so. IRC is all but gone, in no small part "thanks" to Freenode going down the drain and Slack/Discord/Teams eating its lunch.
Also, keep in mind that APRS is generally 1200 baud (though I did see some mention of 9600 now.) This is way worse than anything most people experienced during the dialup Internet days.
I was talking about AX.25, that allows for higher bandwidth than its subset APRS or POCSAG. But yeah, not that much, 9.600 baud is all you're gonna get on UHF/VHF, if you stick with HF it's 300 baud...
> Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.
I feel like I’ve been hearing this for decades. During the initial wave of Napster-era piracy debates a lot of people assumed the end of the free internet was near because corporations wouldn’t allow it.
> It's simply not going to be possible to meaningfully use the Internet unauthenticated and unapproved in a few years.
I will take the opposite of that bet any day. Certain countries like Iran will impose their restrictions, but if you think the average country is going to restrict internet access in only a couple of years I don’t know what to say.
Well, the internet is not national anymore (for now!), but isn't Google AI Mode US only?
Anyway, the only google service that did work at that time was google search as far as I know nothing else worked (no gmail, maps, etc.).
> the only google service that did work at that time was google search as far as I know nothing else worked (no gmail, maps, etc.)
Yea, sounds like they resorted to a hard whitelist. How were other Internet services impacted in Iran? My understanding is payment is increasingly tap-to-pay or via digital wallets within Iran? How was that impacted during the shutdown?
Well, Iran is sanctioned as fuck, so no global payment system works in Iran anyway. All the payment systems used by Iranians are local so they work even in national internet.
Yep! What I meant was during the recent conflict, was the domestic payment system working? How brittle or robust was it during that, especially given that my understanding is that Iran has transitioned to a cashless society?
This is just pendulum swinging between centralized and distributed. This is true for "online services", the Internet, computing (mainframes, PCs,cloud, mobile, etc.). If it swings one way, it'll swing back eventually. Just look for the innovations that make one option viable compared to others.
> I wish this article went into more details on what the "National Information Network" is.
It's AS12880, the state owned telecom company which all ISPs are obligated to be downstream of. It operates Iran's international links to other global scale ISPs via Turkey and other paths.
Even 20 years ago the so-called “geeks” were reacting to those news with “We can fix that!”, and indeed were making the tools. They were often primitive, but modern ones are based on those developments and collected knowledge.
Today's crowd is full of lickspittles who are constantly searching for someone or something to kneel before. Money, power, or at least flavour-of-the-month fame. A lot of work was put into spreading those ideals, and not teaching anything “outdated”, “dissenting” or “controversial”.
So you're not just waving the white flag even before anyone intimidates you personally, you're actively working for that cause, willingly or unwillingly.
Something tells me that you were not using 56 bit encryption when posting. In a different world, you would, and lament how pathetic and insecure it is to let someone calling themselves “government” have access to everything, but how understandable it is in presence of communists, terrorists, degenerates who have rejected the democratic values and thus stopped being humans, etc.
Dystopias and the dystopian outlook actually helps any kind of high profile swindler a lot. People treat them as the portrayal of “how the world really works”, and expect it to be normal when someone does it, or just hints at such option to scare the public, while they were intended to portray how stupid people can be if they cease to think. Please choose some higher standards.
The current global Internet is an anomaly in space and time, and it's held together by spit, prayers, and the hope the reliability gains from multiple redundant paths outweigh the reliability losses from so many distinct actors being involved. It would be quite easy for any major government to cause major problems in global connectivity. So far, they mostly seem content to only cut themselves off, and the ones with the power to mess up the global net don't seem to want to. But the NSA was diverting a whole lot of intra-Europe traffic via the USA at one time so they could snoop it.
> WireGuard uses UDP and a small handshake footprint, making detection and blocking via DPI harder.
Not quite true. Wireguard is already actively detected and suppressed if necessary. There's already a fork that employs basic changes to improve the protocol in this regard. AmneziaWG was shown to be more robust to detection for now.
True. but based on my researches don't use DPI on the NIN, so you might be able to use WG or OpenVpn on a VPS inside Iran but not to a VPS on let's say digital ocean. They can also selectively increase the or decrease the strength of their DPI as well, for example a range of IP can be graylisted and nothing will work on it, or they put more active probing effort on some ranges of IPs.
This "National Information Network" seems like a blueprint all countries should apply. While I also do not want to have a censored internet and I am a fan of international collaboration, Cyber Warfare is unfortunately common nowadays and turning a blind eye on protecting the fundamental services it is quite stupid.
The status quo of allowing multiple foreign intelligence agencies to run unlimited information warfare needs disruption. Read about the Internet Research Agency. More informational borders between nations will give us the appetite for lower physical borders between nations.
How easy is detecting a transmitting starlink terminal? I assume is pretty easy but i don't know if the phased array antenna and beamforming make detecting from ground harder. Could i detect it with a SDR while driving around, wardriving-style?
> IPv4 addresses are limited and constantly reallocated. Most are rented and passed between hosting providers, resold between datacenters, or migrated across regions. The Iranian filtering system uses GeoIP databases and BGP information to decide which IP ranges to trust and which to block. But those records lag behind the changes.
This is surprising to me. Surely iranian ISPs would have directly allocated IP space?
Or alternatively, surely Iran's gov would be in the routers and be able to blackhole any routes leaving the country?
I'm ignorant about this, but I'm surprised there isn't just some physical switch that just straight up airgaps all network routes going out of the country.
There is, so that's why you need to use Starlink as the exit. A Starlink terminal connects directly to a stattelite bypassing all local infrastructure. Unless Iran confiscates those terminals or shoots down those satellites, they can't block it.
Yes also typical disturbance noises seem to not work on these satellites otherwise they would've done it. probably due to them being LEO satellites. because they have stronger signals and that makes it harder for noise/jammers to overpower legitimate signals (higher signal-to-noise ratio).
Are they sanctioned away from RIPE, like Russia is? Russia isn't allowed to be allocated any IP addresses they don't already have. They're Russia, so they already have a bunch, but if they didn't, they'd have to keep borrowing them on grey markets, possibly different ones each time. Iran might be that way.
(Fun fact about sanctions: the International Criminal Court is sanctioned away from Microsoft, so they can't legally get access to Windows or Office. This is because they prosecuted a war criminal the USA likes.)
Also hosting technical wikis would be super useful (because there won't be any other way to use ChatGPT or google stuff), and efficient (storage wise) if deployed with kiwix
I appreciate the final paragraphs which suggest a solid method for those inside the country and under this oppressive regime to remain connected without surveillance. I wonder how many are up to this, and what active resistance or movements inside the country look like these days.
Synapse sucks to run and it doesn't minimize metadata collection. It's not a great choice unless you're running it outside the country where they can't seize the server (but then you have all the problems of not being able to access it when the country is cut off from the rest of the world). It's a pig on resources which means it has to be run on hardware that can handle it, barely runs on SBC's.
Other stuff is weird in their post and suggests they are speaking for Iranians without actually knowing any online. I know a few from the Cellmapper community and SMS is very much not expensive. 1000 SMS costs around 0.03USD worst case: https://irancell.ir/en/p/3771/tariffs-and-voice-packages-en
Finally it's not really that Starlink uses proprietary encryption that's special. They can use any sort of common encryption standard and there's not much Iran can do but locate and seize the terminal since they don't have the keys to it. I imagine at some point they were start looking for signal emissions in known Starlink bands and use that to locate terminals. Allegedly Russia has a detection system 'Kalinka' already built: https://www.space.com/space-exploration/tech/russia-and-chin...
Does it, though? It doesn’t mention whether or not hosting your own encrypted messaging platform is illegal, what the repercussions are, or how to hide that you are doing so.
I found the whole article to be unfortunately light on both technical details and practical details, and certainly wouldn’t suggest that anyone use it as a guide.
I was wondering myself, if it isn't very dangerous to host those kinds of services in an opressive state such as Iran? Hosting a site on Iranian IPs certainly sounds easy to track and I'm sure a Starlink receiver also makes substential RF noise. Anyone has any information about how likely is the Iranian government is to shut down such a site/service? Also, doesn't encrypted traffic in general (like Matrix servers) fall into this category?
> I wonder how many are up to this, and what active resistance or movements inside the country look like these days.
Hard to find that out, as I can imagine outlets like HN are actively monitored as well - if an Iranian account would be like "hello I am in the resistance movement", they'd be painting a target on themselves.
But the US is heading this way too if I may put on my conspiracy thinking hat; "we" already knew, but the Snowden leaks confirmed that the NSA and co are inside all of the major internet companies, probably including Starlink.
When the shit hits the fan, it is us techy internet peoples' responsibility to ensure information continues to flow freely, be it through access to information (like these local portable wifi network devices that have a small internet full of knowledge like Wikipedia pages), communication (the Matrix servers mentioned in the article), and communication to the outside world.
On that note, what would be the next option if for example the US cut itself off of the global internet and Starlink? Ham radio / whispernet? I mean I'm pretty confident that at the moment there's just too much freedom still for an internet shutdown to be viable, but having the knowledge is important nevertheless.
ok conspiracy hat off. Disclaimer, I don't live in the US, but my grandparents did live through WW2, during which people had secret radios because the Nazis confiscated all of them to try and keep people uninformed. The radios were essential for the resistance movements, with public BBC broadcasts containing secret messages informing the reistance of e.g. sabotage supply drops. See https://en.wikipedia.org/wiki/Dutch_resistance for a good starting point, and https://en.wikipedia.org/wiki/Resistance_during_World_War_II for the rest of Europe.
The important part is its use. You could call it magic key negotiation and I wouldn't care. RCS and SMS are fundamentally different technologies in every way.
They are presented to the user in the same way. They serve the same function. From a user perspective, its about as different as http2 is from http1.1 or 3. (I.e. very different under the hood but not in a user visible way)
If you are ever thinking of writing somethings like this: please be aware that people could be executed based upon the validity of your assumptions and advice offered.
It certainly looks like it is compiled by a neural net or human that has no idea how people they talk about actually live. Places of actual discussion of censorship circumvention tools are full of much different talk on how to fool the external or internal DPI servers, on tunnelling through white-listed protocols, and so on.
Also, those who can be executed like that have already realised that “safe” way of being a “good citizen” does not exist, it's a phantom for people who are — at the moment — rich, happy and walled from the rest (either physically or in their minds). They probably don't need to be told not to trust someone who is offering to solve all their problems.
? A totalitarian regime doesn't need much motivation to have people killed, to the point where even having knowledge or reading the wrong thing will have you put on a list.
I don't think the islamic regime is that advanced intl wise to track every single movement on the internet. maybe true for US if it turns totalitarian one day. But i do agree that they want to do so, not denying that at all.
Chinese users typically rely on Shadowsocks (a SOCKS5 proxy designed to be undetectable), custom V2Ray configurations with obfuscation, or corporate VPNs that operate in legal gray areas, though the government continuously improves detection capabilities forcing constant adaptation of circumvention techniques.
Also obfs4 i believe is widely used there, either with tor or standalone(obfs4 over SSH). And dynamic port forwarding using SSH alone is widely used and fairly simple.
this is much more severe than in China. I've never been completely shut of Internet before. each time one of my servers had access to global Internet. this time no connection whatsoever. I hope people realise that encryption needs transmission, with no wire to transfer data encryption won't help you
>Why should we care how a country manages their internal affairs?
The government of Iran supplies Russia with weapons used in their invasion of Ukraine, funds Houthi rebels who fire weapons indiscriminately at international shipping off the coast of Yemen, supplies terrorist groups in southern Lebanon, and advised the Syrian government during the Syrian Civil War which kicked off the greatest wave of human migration in recent history as people fled the brutality.
By caring about their internal affairs there is a chance their external affairs may be influenced.
Also, they execute rape victims, hang homosexuals in public, and kidnap and torture women who don't want to wear cloth on their head.
Please, I'm begging you from the bottom of my heart, don't "buh whaddabow" me. It's pathetic.
Re. Whataboutism. At times it is worthwhile looking in the mirror. In 2003 we bombed and occupied Iraq based on fabrications and propaganda by the Bush administration. According to the Lancet, there were 650,000 excess deaths attributed to violence 95% confidence. The middle east was thrown into turmoil and the effects are very much being felt by neighboring countries and Europe.
Sooo .. if we are curious about how other countries run their affairs, maybe we should study high school education in Finland. They did a remarkable job of turning their system around to where their kids outperform American kids on the average.
I do what i can do, I do care about surveillance by Google, Meta and others, that's why i wrote a book on privacy. This was just an observation i shared.
Because it might help us understand how the rest of the world works or how privileged a lot of us are in enjoying internet like we do or give us a better understanding of Iran the next time we see it on the news.
I wish this article went into more details on what the "National Information Network" is. I would guess it's at least a set of nationally managed DNS servers that will always resolve national IPs even if upstream global DNS is cut off.
Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.
It's simply not going to be possible to meaningfully use the Internet unauthenticated and unapproved in a few years. Costs to reach mass audiences online will increase until only the big players can do it, and it'll be their platforms or nothing. There's going to be no room for anything that those with millions and billions of dollars don't want or can't make money off of in some way.
Overall, this makes me want to reduce the role of the Internet and tech in my life. I don't need the fastest data plan, latest PC, newest phone, or whatever AI trend is hot to use the apps I need for daily life or to line up events and meetings with others that I actually know.
> Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.
This is defeatist. You're probably right 'for the masses' but there will always be those networking and collaborating and bypassing whatever restrictions get put in place. I have online contacts in 'firewalled' regimes that use v2ray/shadowsocks or whatever the thing of the now is to get around the restrictions.
There's a ton of cheap tools now that can be used for running local or citywide networks, hams have their own packet radio stuff. There's now all those new LoRa networks that only really popped up in the past few years.
What I'm trying to say is the stuff is there and it's accessible, but it's only going to be a minority of people that use it just as it's a small minority that comments on posts like this (people like us) and even smaller yet again that write content on how to do it and create those tools to begin with. But it has always been this way....
>there will always be those networking and collaborating and bypassing whatever restrictions get put in place.
I don't think so. It's just a question of the severity of the punishment for violating regulations. A couple of small fines for an unlicensed networking and collaborating - and there will be no one left.
>There's a ton of cheap tools now that can be used for running local or citywide networks, hams have their own packet radio stuff.
The issue has never been in the technical plane. The equipment for building and operating networks has become dozens of times more accessible over the past couple of decades. The problem is in the increasing number of regulations that purposefully lock all clients into a few select controlled service providers. They have a goal and they have the tools to achieve it, so it's only a matter of time before they reach the minority of network-enthusiasts.
> It's just a question of the severity of the punishment for violating regulations. A couple of small fines for an unlicensed networking and collaborating - and there will be no one left.
I don't think you give people enough credit. There have been dissidents in totalitarian regimes the world over, even when the punishment was death or being sent to a labour camp.
You might think that unlicenced networking isn't important enough, but I think many people would see it as the start of China-like censorship. Especially now that we've had decades of a mostly-free Internet, I don't think people will react kindly to politicians taking it away.
I dunno, the reaction to the anti-porn laws in Texas haven’t gotten too much pushback, as far as I’m aware. Sure, keeping kids off porn is good, but do you trust the Christian nationalist government of Texas to only define porn as the thing that needs logged identification?
I think it's trivial for people to circumvent this ID, no? So no need to pushback. Kind of like everyone going 120 on the highway
how is it trivial to circumvent?
The impact of that minority might still be decent.
Pirate radio isn't new, and hardware has gotten both cheaper and more sophisticated since kids drove around in cars with haywire FM transmitters.
> What I'm trying to say is the stuff is there and it's accessible, but it's only going to be a minority of people that use it
Exactly. This is why the tech has to be made resistant to surveillance and censorship by default. Until usage of alternative connectivity and circumvention methods sticks out as a sore thumb (turns out, for most tools it does), it applies a constant pressure on anyone under oppression to stop, increasing the risks for those who continue to use them.
it seems to me that a nation determined to control wired network traffic within its borders cannot be circumvented. if they can control the ISPs and observe packet flows then they can just obstruct any connection they cannot conclusively prove is acceptable.
it seems then that store-and-forward ad hoc p2p (ie extremely high unpredictable latency) is the only option for those who can reach some node with a connection to the outside (maybe laser near the border). or perhaps really clever steganography with outside partners assisting.
> it seems to me that a nation determined to control wired network traffic within its borders cannot be circumvented.
Starlink/Kuiper and the geostationary satellites are an alternative. Not perfect... but far better than *nothing*
None of the major mobile satellite networks work without the terminal’s position being known.
i believe the base stations for those can be triangulated leading to knocks on the for for unsanctioned traffic.
> Starlink
Only when (if) Stalink removes the need for base stations and just sends the traffic directly between satellites.
It already does that. That's how Starlink works over the ocean.
does that mean the authorities can’t locate someone transmitting or receiving to/from starlink? in many places the consequences of detection could be dire…
Live in China/Iran for a few years and see if you would still post this same comment.
I don't think personal reprisal because you posted something critical is generally the most scalable or realistic concern. It seems far easier to just let citizens know that if they're disruptive, you don't have protections; for everyone else, who knows if others can even see what you post?
The current american administration clearly wants to stamp down on disruption, too. If they can't deport us I think they'd be fine with prison or working us to death. Future administrations won't be so dumb to think this is just related to criticizing Israel, either, but anything.... disruptive.
> hams have their own packet radio stuff
We got basically three different things. First we got APRS, mostly used for position reports (go on aprs.fi for a map). That is pretty nice but unusable for anything more than a SMS worth of things, and you need repeaters and not just internet gateway collectors to actually have something that's resilient.
Next thing is AX25, the technical foundation behind APRS. Yes you can use it to create actual data links, but it's about modem speeds so virtually useless outside of toying around.
And finally there is HamNet but it's line of sight based and not cross routed to the internet, and identically to all things ham radio, encryption is banned by law.
And on top of that, you can expect regulatory agencies to crack down on ham radio fast and hard, should it be used for political dissency motives at scale. It's already against ham practice to talk politics, especially with people in repressive countries - we don't want more countries other than Yemen and North Korea to just blanket ban ham radio.
Am I right to assume that it's easy to locate the source of ham radio signals?
i.e. if there's a blanket ban, can you use your radio hidden in your house or can the government easily find out that the user they've noticed on the airwaves is located there and knock down your door?
Very easy.
"Huff Duff" is WW2 technology.
https://en.wikipedia.org/wiki/High-frequency_direction_findi...
The units used for detecting and locating clandestine transmitters started WW2 as large truck mounted facilities to hand carried units (with antennas) that fit inside suitcase-sized containers.
Modern ham groups engage in transmitter hunting as part of organized events. Bunny hunting and fox hunting are alternate names for such activities.
https://en.wikipedia.org/wiki/Transmitter_hunting
How to do it: https://www.youtube.com/watch?v=PN-c5DQFuhI
Governments use much large automated facilities:
https://en.wikipedia.org/wiki/Circularly_disposed_antenna_ar... https://en.wikipedia.org/wiki/AN/FRD-10
It's very easy, has been for a long time. See the story of Israeli Eli Cohen, an operative in Syria.
https://en.wikipedia.org/wiki/Eli_Cohen
> can the government easily find out that the user they've noticed on the airwaves is located there and knock down your door?
Sadly, yes. A bunch of SDRs spread over the whole country with precise clocks or a scheme like the one used in ADS-B MLAT reception (that's based on using the internal SDR clocks without requiring precise clocks on the host) is enough to use multilateration to hone in on any kind of signal, even looking up in raw signals in the past.
If I were to guess, I'd assume that even in nominal democracies the secret agencies are already running such monitoring stations so it's probably already the case that, should need be, all communications can be triangulated.
The HF bands are all small enough to be sampled whole with a single cheap RTL-SDR each, a KiwiSDR can sample literally all of them at the same time, only the VHF/UHF bands need more dedicated equipment (e.g. a BladeRF) - all of that is inside the range that hobbyists can easily afford.
> but it's about modem speeds so virtually useless outside of toying around.
I don’t understand this sentiment. For exchanging information, modem speeds were great. Wikipedia, forums like this one, instant messengers, etc all worked fine
If we go back to 1990's tech (example: BBSes, IRC, gopher, HTTP sites with little to no javascript), possibly fine. Today I see static web sites built with heavyweight JS frameworks that load multiple megabytes. You'll be waiting for minutes.
> Wikipedia, forums like this one, instant messengers, etc all worked fine
The problem is, websites got wasteful. You're not going to get any modern website - including Wikipedia - to load in anything close to usable waiting times over a modem speed constraints. HN and maybe Old Reddit are an exception but HN is a niche forum and Old Reddit is probably going to get dumped once Reddit manages to port over all features that were only exclusive to Old Reddit for like six years or so. IRC is all but gone, in no small part "thanks" to Freenode going down the drain and Slack/Discord/Teams eating its lunch.
Also, keep in mind that APRS is generally 1200 baud (though I did see some mention of 9600 now.) This is way worse than anything most people experienced during the dialup Internet days.
I was talking about AX.25, that allows for higher bandwidth than its subset APRS or POCSAG. But yeah, not that much, 9.600 baud is all you're gonna get on UHF/VHF, if you stick with HF it's 300 baud...
Heh. My first dialup modem was 1200 baud, way back in 1987.
> Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.
I feel like I’ve been hearing this for decades. During the initial wave of Napster-era piracy debates a lot of people assumed the end of the free internet was near because corporations wouldn’t allow it.
> It's simply not going to be possible to meaningfully use the Internet unauthenticated and unapproved in a few years.
I will take the opposite of that bet any day. Certain countries like Iran will impose their restrictions, but if you think the average country is going to restrict internet access in only a couple of years I don’t know what to say.
I wrote a blog post which hopefully clears up the "National Network": https://ahrm.github.io/jekyll/update/2025/06/20/iran-interne...
It is way more than just DNS.
Is Google's AI Mode working? That might solve the problem you mentioned.
Well, the internet is not national anymore (for now!), but isn't Google AI Mode US only? Anyway, the only google service that did work at that time was google search as far as I know nothing else worked (no gmail, maps, etc.).
Ah - I didn't realize Google AI Mode is US Only!
> the only google service that did work at that time was google search as far as I know nothing else worked (no gmail, maps, etc.)
Yea, sounds like they resorted to a hard whitelist. How were other Internet services impacted in Iran? My understanding is payment is increasingly tap-to-pay or via digital wallets within Iran? How was that impacted during the shutdown?
Well, Iran is sanctioned as fuck, so no global payment system works in Iran anyway. All the payment systems used by Iranians are local so they work even in national internet.
Yep! What I meant was during the recent conflict, was the domestic payment system working? How brittle or robust was it during that, especially given that my understanding is that Iran has transitioned to a cashless society?
Yes, it was working at least in my experience.
Probably a good thing.
End of the day, what happened to Slashdot 20 years ago happened to society - an endless stream of trolls and jerks ruined everything.
This is just pendulum swinging between centralized and distributed. This is true for "online services", the Internet, computing (mainframes, PCs,cloud, mobile, etc.). If it swings one way, it'll swing back eventually. Just look for the innovations that make one option viable compared to others.
> I wish this article went into more details on what the "National Information Network" is.
It's AS12880, the state owned telecom company which all ISPs are obligated to be downstream of. It operates Iran's international links to other global scale ISPs via Turkey and other paths.
https://www.peeringdb.com/asn/12880
https://bgp.he.net/AS12880
And its also government run counterpart, the "TIC"
https://bgp.he.net/AS49666#_asinfo
https://www.google.com/search?client=firefox-b-d&q=AS12880+i...
The only way to have global uncensored sharing of information is shortwave radio. Always has been, always will be.
Couldn't someone just jam an active shortwave band?
Yeah, also a good source of getting information from the world in full internet shutdowns.
Triangulation exists to locate such stations
Did I say untraceable?
You’ll be found on the internet too btw. But far more easily.
Maybe, or Starlink and software destabilize the authoritarians.
Yes, they will, im saying it with such certainty because of how much they're scared of it. It shows when they criminalize it and call it "spyware".
But no matter what they do there will be light at the end. it cannot always be night.
Even 20 years ago the so-called “geeks” were reacting to those news with “We can fix that!”, and indeed were making the tools. They were often primitive, but modern ones are based on those developments and collected knowledge.
Today's crowd is full of lickspittles who are constantly searching for someone or something to kneel before. Money, power, or at least flavour-of-the-month fame. A lot of work was put into spreading those ideals, and not teaching anything “outdated”, “dissenting” or “controversial”.
So you're not just waving the white flag even before anyone intimidates you personally, you're actively working for that cause, willingly or unwillingly.
Something tells me that you were not using 56 bit encryption when posting. In a different world, you would, and lament how pathetic and insecure it is to let someone calling themselves “government” have access to everything, but how understandable it is in presence of communists, terrorists, degenerates who have rejected the democratic values and thus stopped being humans, etc.
Dystopias and the dystopian outlook actually helps any kind of high profile swindler a lot. People treat them as the portrayal of “how the world really works”, and expect it to be normal when someone does it, or just hints at such option to scare the public, while they were intended to portray how stupid people can be if they cease to think. Please choose some higher standards.
I have to do more research on NIN, it's hard to know what they're exactly doing.
The current global Internet is an anomaly in space and time, and it's held together by spit, prayers, and the hope the reliability gains from multiple redundant paths outweigh the reliability losses from so many distinct actors being involved. It would be quite easy for any major government to cause major problems in global connectivity. So far, they mostly seem content to only cut themselves off, and the ones with the power to mess up the global net don't seem to want to. But the NSA was diverting a whole lot of intra-Europe traffic via the USA at one time so they could snoop it.
> more details on what the "National Information Network" is
Some sources [0][1]
> I would guess it's at least a set of nationally managed DNS servers that will always resolve national IPs even if upstream global DNS is cut off.
Yep. Along with an entire ecosystem of domestically created and regulated search engines, DPI, centrally managed certs, AV, networking backbone, etc.
It's similar in intention to the Great Firewall in China, except much more restrictive.
Imagine corporate IT restrictions and posture being deployed nationwide on all endpoints, that's how these kind of initiatives tend to architected.
SSE/Zero Trust, DPI, Cert Mgmt, etc are all dual-use, and it's essentially a logistics and organization problem.
[0] - https://apps.dtic.mil/sti/pdfs/AD1107324.pdf
[1] - https://www.article19.org/data/files/medialibrary/38316/The-...
> WireGuard uses UDP and a small handshake footprint, making detection and blocking via DPI harder.
Not quite true. Wireguard is already actively detected and suppressed if necessary. There's already a fork that employs basic changes to improve the protocol in this regard. AmneziaWG was shown to be more robust to detection for now.
https://docs.amnezia.org/documentation/amnezia-wg/
Too bad managing WG is such a pain and Tailscale/Netbird don't support this protocol yet. The following two issues need attention:
https://github.com/tailscale/tailscale/issues/10696
https://github.com/netbirdio/netbird/issues/1096
At Obscura we just tunnel WireGuard over QUIC's unreliable datagram mechanism to make it look like HTTP/3 (for DPI): https://github.com/Sovereign-Engineering/obscuravpn-client/b...
We just upstreamed our patch to quinn-rs that pads Datagrams to MTU: https://github.com/quinn-rs/quinn/pull/2274
Some DPIs just flat out block HTTP/3 already.
> Some DPIs just flat out block HTTP/3 already.
Actually, some DPIs just straight-up reject UDP (and since DNS and NTP are UDP-based*, just straight-up interception-and-redirect).
* TCP DNS exists but practically not used for most "normal" tasks, and at this point the censor is trying to block anything anyways.
> Too bad managing [Wireguard] is such a pain[.]
It is? My clients on OpenBSD need about ten lines in /etc/hostname.wg[0-9]+ and that includes the routes!
True. but based on my researches don't use DPI on the NIN, so you might be able to use WG or OpenVpn on a VPS inside Iran but not to a VPS on let's say digital ocean. They can also selectively increase the or decrease the strength of their DPI as well, for example a range of IP can be graylisted and nothing will work on it, or they put more active probing effort on some ranges of IPs.
This "National Information Network" seems like a blueprint all countries should apply. While I also do not want to have a censored internet and I am a fan of international collaboration, Cyber Warfare is unfortunately common nowadays and turning a blind eye on protecting the fundamental services it is quite stupid.
The status quo of allowing multiple foreign intelligence agencies to run unlimited information warfare needs disruption. Read about the Internet Research Agency. More informational borders between nations will give us the appetite for lower physical borders between nations.
[dead]
How easy is detecting a transmitting starlink terminal? I assume is pretty easy but i don't know if the phased array antenna and beamforming make detecting from ground harder. Could i detect it with a SDR while driving around, wardriving-style?
> IPv4 addresses are limited and constantly reallocated. Most are rented and passed between hosting providers, resold between datacenters, or migrated across regions. The Iranian filtering system uses GeoIP databases and BGP information to decide which IP ranges to trust and which to block. But those records lag behind the changes.
This is surprising to me. Surely iranian ISPs would have directly allocated IP space?
Or alternatively, surely Iran's gov would be in the routers and be able to blackhole any routes leaving the country?
I'm ignorant about this, but I'm surprised there isn't just some physical switch that just straight up airgaps all network routes going out of the country.
There is, so that's why you need to use Starlink as the exit. A Starlink terminal connects directly to a stattelite bypassing all local infrastructure. Unless Iran confiscates those terminals or shoots down those satellites, they can't block it.
Yes also typical disturbance noises seem to not work on these satellites otherwise they would've done it. probably due to them being LEO satellites. because they have stronger signals and that makes it harder for noise/jammers to overpower legitimate signals (higher signal-to-noise ratio).
That seems inconsistent with what the article is claiming.
Are they sanctioned away from RIPE, like Russia is? Russia isn't allowed to be allocated any IP addresses they don't already have. They're Russia, so they already have a bunch, but if they didn't, they'd have to keep borrowing them on grey markets, possibly different ones each time. Iran might be that way.
(Fun fact about sanctions: the International Criminal Court is sanctioned away from Microsoft, so they can't legally get access to Windows or Office. This is because they prosecuted a war criminal the USA likes.)
> Fun fact about sanctions: the International Criminal Court is sanctioned away from Microsoft, so they can't legally get access to Windows or Office.
How does that even work? There are many companies in the EU that (legally) sells second hand Windows and Office licenses to anyone.
Also hosting technical wikis would be super useful (because there won't be any other way to use ChatGPT or google stuff), and efficient (storage wise) if deployed with kiwix
I appreciate the final paragraphs which suggest a solid method for those inside the country and under this oppressive regime to remain connected without surveillance. I wonder how many are up to this, and what active resistance or movements inside the country look like these days.
Synapse sucks to run and it doesn't minimize metadata collection. It's not a great choice unless you're running it outside the country where they can't seize the server (but then you have all the problems of not being able to access it when the country is cut off from the rest of the world). It's a pig on resources which means it has to be run on hardware that can handle it, barely runs on SBC's.
Other stuff is weird in their post and suggests they are speaking for Iranians without actually knowing any online. I know a few from the Cellmapper community and SMS is very much not expensive. 1000 SMS costs around 0.03USD worst case: https://irancell.ir/en/p/3771/tariffs-and-voice-packages-en
Finally it's not really that Starlink uses proprietary encryption that's special. They can use any sort of common encryption standard and there's not much Iran can do but locate and seize the terminal since they don't have the keys to it. I imagine at some point they were start looking for signal emissions in known Starlink bands and use that to locate terminals. Allegedly Russia has a detection system 'Kalinka' already built: https://www.space.com/space-exploration/tech/russia-and-chin...
It's better than SMS, isn't it? In these situations perfection is not viable.
Does it, though? It doesn’t mention whether or not hosting your own encrypted messaging platform is illegal, what the repercussions are, or how to hide that you are doing so.
I found the whole article to be unfortunately light on both technical details and practical details, and certainly wouldn’t suggest that anyone use it as a guide.
I was wondering myself, if it isn't very dangerous to host those kinds of services in an opressive state such as Iran? Hosting a site on Iranian IPs certainly sounds easy to track and I'm sure a Starlink receiver also makes substential RF noise. Anyone has any information about how likely is the Iranian government is to shut down such a site/service? Also, doesn't encrypted traffic in general (like Matrix servers) fall into this category?
> whether or not hosting your own encrypted messaging platform is illegal
Matrix isn't meaningfully encrypted, so it's mostly irrelevant, hooray!
> I wonder how many are up to this, and what active resistance or movements inside the country look like these days.
Hard to find that out, as I can imagine outlets like HN are actively monitored as well - if an Iranian account would be like "hello I am in the resistance movement", they'd be painting a target on themselves.
But the US is heading this way too if I may put on my conspiracy thinking hat; "we" already knew, but the Snowden leaks confirmed that the NSA and co are inside all of the major internet companies, probably including Starlink.
When the shit hits the fan, it is us techy internet peoples' responsibility to ensure information continues to flow freely, be it through access to information (like these local portable wifi network devices that have a small internet full of knowledge like Wikipedia pages), communication (the Matrix servers mentioned in the article), and communication to the outside world.
On that note, what would be the next option if for example the US cut itself off of the global internet and Starlink? Ham radio / whispernet? I mean I'm pretty confident that at the moment there's just too much freedom still for an internet shutdown to be viable, but having the knowledge is important nevertheless.
ok conspiracy hat off. Disclaimer, I don't live in the US, but my grandparents did live through WW2, during which people had secret radios because the Nazis confiscated all of them to try and keep people uninformed. The radios were essential for the resistance movements, with public BBC broadcasts containing secret messages informing the reistance of e.g. sabotage supply drops. See https://en.wikipedia.org/wiki/Dutch_resistance for a good starting point, and https://en.wikipedia.org/wiki/Resistance_during_World_War_II for the rest of Europe.
Sounds like the NIN is just domestic sourcing for the infrastructure that it applies to.
>SMS in Iran is unencrypted.
SMS everywhere is unencrypted
Yes, although many people probably don't know the difference between SMS and RCS and use SMS to refer to both.
Yes, sorry my bad.
Even tech people? wowe
You mean that group that still calls TLS SSL even though its been 26 years?
The important part is its use. You could call it magic key negotiation and I wouldn't care. RCS and SMS are fundamentally different technologies in every way.
They are presented to the user in the same way. They serve the same function. From a user perspective, its about as different as http2 is from http1.1 or 3. (I.e. very different under the hood but not in a user visible way)
Excellent write-up. Sadly Starlinks are also illegal and the gov has been cracking down on them.
Thanks, yeah but illegal usually don't mean unobtainable
If you are ever thinking of writing somethings like this: please be aware that people could be executed based upon the validity of your assumptions and advice offered.
It certainly looks like it is compiled by a neural net or human that has no idea how people they talk about actually live. Places of actual discussion of censorship circumvention tools are full of much different talk on how to fool the external or internal DPI servers, on tunnelling through white-listed protocols, and so on.
Also, those who can be executed like that have already realised that “safe” way of being a “good citizen” does not exist, it's a phantom for people who are — at the moment — rich, happy and walled from the rest (either physically or in their minds). They probably don't need to be told not to trust someone who is offering to solve all their problems.
There is that iranian bot army we hear about: "dont write down knowledge or else someone somewhere will be executed!"
for what? nobody should follow anything blindly and im sure people in iran are more aware of this and they know how to take security precautions.
> for what?
? A totalitarian regime doesn't need much motivation to have people killed, to the point where even having knowledge or reading the wrong thing will have you put on a list.
I don't think the islamic regime is that advanced intl wise to track every single movement on the internet. maybe true for US if it turns totalitarian one day. But i do agree that they want to do so, not denying that at all.
The Starlink gateway out is a good solution, but I sure wouldn't share it with friends/family over the ISP networks if at all possible.
It is possible, i found this tool for it: https://github.com/nasnet-community/neighbor-link
Aren't mesh networks the ideal case for this type of scenario?
Yes they should work in these scenarios but requires mass adoption to run a proper mesh network infrastructure.
How do people do this in China?
Chinese users typically rely on Shadowsocks (a SOCKS5 proxy designed to be undetectable), custom V2Ray configurations with obfuscation, or corporate VPNs that operate in legal gray areas, though the government continuously improves detection capabilities forcing constant adaptation of circumvention techniques.
Also obfs4 i believe is widely used there, either with tor or standalone(obfs4 over SSH). And dynamic port forwarding using SSH alone is widely used and fairly simple.
this is much more severe than in China. I've never been completely shut of Internet before. each time one of my servers had access to global Internet. this time no connection whatsoever. I hope people realise that encryption needs transmission, with no wire to transfer data encryption won't help you
Shadowsocks is the common method
https://en.wikipedia.org/wiki/Shadowsocks
This has been DPI'd to death in China and hasn't been useful in a while.
Trojan and X-ray still work though, albeit hosting is the issue there.
[flagged]
Just
Democracy restored.[flagged]
>Why should we care how a country manages their internal affairs?
The government of Iran supplies Russia with weapons used in their invasion of Ukraine, funds Houthi rebels who fire weapons indiscriminately at international shipping off the coast of Yemen, supplies terrorist groups in southern Lebanon, and advised the Syrian government during the Syrian Civil War which kicked off the greatest wave of human migration in recent history as people fled the brutality.
By caring about their internal affairs there is a chance their external affairs may be influenced.
Also, they execute rape victims, hang homosexuals in public, and kidnap and torture women who don't want to wear cloth on their head.
Please, I'm begging you from the bottom of my heart, don't "buh whaddabow" me. It's pathetic.
Re. Whataboutism. At times it is worthwhile looking in the mirror. In 2003 we bombed and occupied Iraq based on fabrications and propaganda by the Bush administration. According to the Lancet, there were 650,000 excess deaths attributed to violence 95% confidence. The middle east was thrown into turmoil and the effects are very much being felt by neighboring countries and Europe.
Sooo .. if we are curious about how other countries run their affairs, maybe we should study high school education in Finland. They did a remarkable job of turning their system around to where their kids outperform American kids on the average.
https://en.wikipedia.org/wiki/Lancet_surveys_of_Iraq_War_cas...
two wrongs dont make one right
I do what i can do, I do care about surveillance by Google, Meta and others, that's why i wrote a book on privacy. This was just an observation i shared.
Because it might help us understand how the rest of the world works or how privileged a lot of us are in enjoying internet like we do or give us a better understanding of Iran the next time we see it on the news.
I would take some meddling from Europe around now, honestly.