Usually an efficient way to setup communication with the outside world in a restrained environment is to use a DNS tunnel, yet I'm really not sure at which level the censorship operates so it's hard to tell if it would work or not
I think they have a whitelist of IPs and domains that citizens can connect to, but the internal servers have access to an internet where some domains and some IPs are blocked. It's a little bit messy, to be honest.
hi there, there are two problems:
1- only a single datacenter is still connected to the outside world, people are getting notices for their proxies being identified and that they need to get to the Iranian police of cyber crimes and report their activites and well, actually we don't know what would happen when we are there! by the looks of it, they could have execution pools ni the back yard and just kill people there :/
2- there is no connection at all. I can't ping the 8.8.8.8 or 4.2.2.4.
we need to setup tor on the server(inside Iran) and hope it can connect, but again, we need to connect our friends too, so we could get identified. (to register a server, one would need to give their national identification number)
so, two problems. how we can securely connect to our machines in Iran? how can we hide the traffic that we are using a proxy, and how can we hide the traffic of this server to the outside world?
there sure is a Deep Packet Inspection in place. we tried a mirror for pypi server, docker registery and etc. and tried to use that for a cover and I just got noticed that the owner (my friend) is asked to get his licenses and papers and go to the Iranian cyber police.
so even covers are failing. we don't know how are they finding out about the proxies, we don't know which level should be worked on so they can identify us.
(belive it or not, with every siren and AK47 round going off in our street, I think this one is for my house and me and my wife, and am writing it with shaky hands. so sorry if it's hard to understand, im really risking my life here with this message)
At the risk of understating this, it's a fucking serious situation.
I'm trying to see what kind of options you have but I'm only going to talk about technology and have no idea what means are put in place to fight against this.
Low tech is probably best, the priority could be in establishing a working email relay. You probably already have the binaries for that. Those use files as sending pools, you can probably use USB drives to move emails around in a meshed way. Sign/encrypt them with GPG when possible. Also, put a lot of noise in there (fake/meaningless content).
WiFi sounds like a good option to establish a meshed network. The only issue is that it's very easy to spot WiFi networks. I'm thinking about 5Ghz WiFi networks because there is less compatible equipment so probably less scanners available also. I'm guessing that if you don't want to be easy to track down you need to produce a lot of noise on the same channel.
Satellite communication is probably harder to detect as it's a very narrow beam. Unsure about that but if you can have a directional antenna aiming at a satellite link you can probably get something. Unless the government ruled that out as well?
I'll post more ideas here if I have. I can also provide servers outside of Iran, so let me know if I can help.
If you can run secure obfs4 tor bridges (that are hidden) please send them to me (or others you know) to distribute. Just don't publish them within the default registry, they'll be closed really fast then
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm curious, what can you reach and from where?
Usually an efficient way to setup communication with the outside world in a restrained environment is to use a DNS tunnel, yet I'm really not sure at which level the censorship operates so it's hard to tell if it would work or not
I think they have a whitelist of IPs and domains that citizens can connect to, but the internal servers have access to an internet where some domains and some IPs are blocked. It's a little bit messy, to be honest.
hi there, there are two problems:
1- only a single datacenter is still connected to the outside world, people are getting notices for their proxies being identified and that they need to get to the Iranian police of cyber crimes and report their activites and well, actually we don't know what would happen when we are there! by the looks of it, they could have execution pools ni the back yard and just kill people there :/
2- there is no connection at all. I can't ping the 8.8.8.8 or 4.2.2.4.
we need to setup tor on the server(inside Iran) and hope it can connect, but again, we need to connect our friends too, so we could get identified. (to register a server, one would need to give their national identification number)
so, two problems. how we can securely connect to our machines in Iran? how can we hide the traffic that we are using a proxy, and how can we hide the traffic of this server to the outside world?
there sure is a Deep Packet Inspection in place. we tried a mirror for pypi server, docker registery and etc. and tried to use that for a cover and I just got noticed that the owner (my friend) is asked to get his licenses and papers and go to the Iranian cyber police.
so even covers are failing. we don't know how are they finding out about the proxies, we don't know which level should be worked on so they can identify us.
(belive it or not, with every siren and AK47 round going off in our street, I think this one is for my house and me and my wife, and am writing it with shaky hands. so sorry if it's hard to understand, im really risking my life here with this message)
At the risk of understating this, it's a fucking serious situation.
I'm trying to see what kind of options you have but I'm only going to talk about technology and have no idea what means are put in place to fight against this.
Low tech is probably best, the priority could be in establishing a working email relay. You probably already have the binaries for that. Those use files as sending pools, you can probably use USB drives to move emails around in a meshed way. Sign/encrypt them with GPG when possible. Also, put a lot of noise in there (fake/meaningless content).
WiFi sounds like a good option to establish a meshed network. The only issue is that it's very easy to spot WiFi networks. I'm thinking about 5Ghz WiFi networks because there is less compatible equipment so probably less scanners available also. I'm guessing that if you don't want to be easy to track down you need to produce a lot of noise on the same channel.
Satellite communication is probably harder to detect as it's a very narrow beam. Unsure about that but if you can have a directional antenna aiming at a satellite link you can probably get something. Unless the government ruled that out as well?
I'll post more ideas here if I have. I can also provide servers outside of Iran, so let me know if I can help.
If you can run secure obfs4 tor bridges (that are hidden) please send them to me (or others you know) to distribute. Just don't publish them within the default registry, they'll be closed really fast then