Last Updated on
When countries start to heavily censor the intranet, it’s easy to imagine where they’ll end up – running a State controlled intranet. We can see it happening now in Iran, there’s news across the net reporting that the country is building up to it’s (ahem) democratic elections in June. One of the steps they are taking is attempting to block all proxies and VPNs being used in the country. It’s something China have been doing for years and although they have a much more sophisticated approach it’s incredibly difficult to do – read here about the Chinese TOR probe. Iran are reportedly trying to block all ‘non-approved’ VPNs and proxies basically to ensure that nobody is using them to avoid the countries growing content filters and blocked web site list.
Iranians will still be able to use the approved VPN providers, although why those who are concerned with state spying and internet filtering would want to use these is completely irrational. The reality is that it is an information war that the Iranians will lose, for every block or control they put up someone, somewhere will figure out a way around it. For example you can block access to web sites and indeed VPN services in a variety of ways.
Create Blacklist of Proxies and VPN Services
This is what a lot of countries like Iran do initially and how many commercial filters work. You just build up a database of specific IP addresses and URLs of known services and just completely block access to them. This means that the user will not be able to make that initial connection to encrypt or bypass the content filters. But there is a huge flaw with this technique, anyone with a little knowledge could set up a VPN or proxy service on a hosted server somewhere in minutes. There are customised scripts and simple installations of proxies like Glype and Squid that can be set up by anyone on a shared server. It’s simply impossible to keep track of all these servers – remember it’s the Iranian Regime’s IT workers VS the rest of the Internet – who’s your money on?
Deep Packet and Pattern Inspection
You can attempt a more sophisticated technique by trying to look inside the traffic and figure out when a VPN or proxy is being used. Even if you control the internet boundaries in your country this is very difficult to do. For a start it’s almost impossible to analyse every packet that leaves and enters the country via the internet. The amount of resources you will use would be enormous, not to say you end up pretty much crippling internet access at the same time. So you have to restrict your checks to certain patterns – perhaps selecting traffic leaving or using specific ports – maybe 443 for example. This is still going to use an enormous amount of resources and of course there’s nothing to say a specific service has to use a specific port number for connection.
Just look at one of the configuration screens of my preferred security software – . >.
Just look at the options there in one screen for cloaking, modifying port redirection and simply changing individual elements of the connection protocol. It’s extremely difficult to look for specific patterns when there is this amount of customization is available in the connection methods. Of course most security/VPN software don’t offer anywhere near this level of sophistication, but the market would soon be created if there is a demand created by increased filtering.
Wrecking the Digital Economy
This might not be of concern to Iran, but for countries like China it is a very real issue. Whether they like it or not any successful business needs the internet, if you start breaking or restricting the infrastructure they’ll simply go elsewhere. Any multinational business will use VPNs to connect back to their corporate networks safely and securely. Will they be prepared to use Iranian approved VPNs instead of the tried and tested commercial alternatives? Every web site that is blocked, every VPN closed down makes it more and more difficult to operate in a specific country. The benefits of a digital economy are eroded and a countries economy will without doubt suffer. As mentioned it may not matter if religious and political ideals are the primary goal, but as we have seen from the Arab spring – economic woes causes revolutions too.
These are just a few simple reasons why many believe that the technological reasons mean that inevitably the level of control required by someone like the Iranian Government will lead to an intranet. Just to clarify that would involve blocking all access to the outside and internet and restricting access to content created and hosted in Iran. Sounds fun, doesn’t it but Iran has been working on this since the Spring of 2011 and is the only way they can control what people see from their phones and laptops. Of course they’ll be dragging the country back into the dark ages when they do it but perhaps that’s not a problem.