tehranbureau An independent source of news on Iran and the Iranian diaspora

What's monitored online?

by AUSTIN HEAP in San Francisco

18 Jan 2010 03:1210 Comments

A few tips.

iran-internet-filter.jpg[ dispatch ] Iran has vowed to step up its efforts in digital censorship, claiming that the era of "mercy" is over. In a statement released by the Iranian Labor News Agency, national police chief Ismail Ahmadi Moghaddam stated, "These people should know where they are sending the SMS and email as these systems are under control. They should not think using proxies will prevent their identification." He added that those who have used the Internet for organizing the opposition had "committed a worse crime than those who come to the streets."

Let's break down these claims.

Proxies can be tracked and are easy to detect. A proxy server is something that can help one evade the Internet censorship in Iran. It acts as a go-between for a user in Iran trying to connect to the Internet. For example, instead of connecting directly to Facebook (which is blocked) the user's computer first connects to the proxy, which then connects to Facebook on the user's behalf. BUT -- just because this can help get around the filtering does not mean your request is not being monitored/altered: If one is not using an encrypted proxy, the contents can be read and even altered.

Text messages (SMSs) can be tracked and read. This, unfortunately, is also true. Iran (along with the United States) uses the same monitoring technology sold by Nokia Siemens. What they call "lawful intercept" technology can track and read text messages sent from cell phones. Whenever possible, people should use prepaid cell phones and calling cards to disassociate their locations and identities. It is very important to understand that by carrying a cellphone, one is essentially carrying a tracking beacon that broadcasts your location.

Email can also be tracked and read. This is certainly true for clear-text email. When you send an email from -- let's say Hotmail to Gmail - it is routed between Hotmail's servers and Gmail's servers in plain text for the whole world to see. Good news though: it's easy to protect your e-mail. People should be accessing their email using an encrypted connection (POP + SSL or IMAPS). For extra security, they should use PGP/GPG encryption for email. Great tutorials are available for Mac and Windows.

Bottom line: If you control the network, you can control and inspect the contents. Think of sending an email like sending a FedEx package. What FedEx is to your package, the government is to your emails in Iran. But what if FedEx decided to open every box, poke around inside, and change or remove anything it didn't like? That's how it is with communications in Iran.

In a recent interview with PRI's The World, I discussed how the Iranian government will ramp up censorship on certain days considered crucial in suppressing the opposition. This demonstrates further that they are shifting tactics, grasping for an effective policy of strategic covert oppression over manic street violence.

First, it shows the regime knows the power of the Internet. They realize arresting, beating, and killing thousands of protesters inspires more and more Iranians to oppose the regime. Now, they will try to focus on silencing the organizers by controlling digital communications. Ultimately, this strategy will fail because the strength of the opposition has been its diffuseness: the organizers and protesters are one in the same.

Moreover, this new strategy demonstrates the continuing and pressing need to disseminate information and technology in Iran to allow people free communications, without fear of retribution. With the passage of time, will the government give up on the public violence against the protesters? Or are they trying to murder the vox populi before it can assume a degree of control? Either way, this is exactly why tools like Haystack, a program designed to specifically target the Iranian government's web filtering mechanisms, are crucial to the people in Iran.

Austin Heap founded the Censorship Research Center and Haystack to improve access to information and communications in Iran.

Copyright © 2009 Tehran Bureau

SHAREtwitterfacebookSTUMBLEUPONbalatarin reddit digg del.icio.us


What is monitored? What if we say, NOTHING.
A while back Iranians realized the value of satellite cell phones along with foreign based cell phones. Ant message can be transmitted over the border and onto the free world where a dedicated ‘majority’ posts them on every place of desire.


We will win. losing is not an option.


IRANIAN PEOPLE / January 18, 2010 5:13 AM

A few questions for the author:

The Nokia technology is said to give the capability to monitor all telephone conversations and email communications.

Obviously, Iran's Intelligence Ministry does not have the manpower to listen in on every single of millions of conversations and screen millions of emails per day.

1- Does this mean the system is automatic & "keyword sensitive" (by voice or text)? How does it work exactly? Is the Intelligence's capability overrated or exaggerated in terms of actually being able to monitor effectively?

2- Another rumor in Tehran is that the Intelligence Ministry & Telecommunications Company "records" ALL telephonic conversations and keeps them on file to use when needed. Is this true or is it a scare tactic?

3- Lastly, how many cases do we know of that resulted in arrests and home raids based on monitoring and tracking down callers and internet users?

Given these factors, may not Iranians' paranoia toward the Intelligence Ministry's "all-seeing, all-hearing" reach? Can this be the result of psychological warfare waged by the regime to threaten people in self-censoring fear, rather than any real capability?

Answers to these questions could cause some Iranians to rethink their self-censoring paranoia ... if the danger is overrated.

T / January 18, 2010 7:28 AM

Thank you for posting this informative article. The regime is trying to create FUD (Fear, Uncertainty and Doubt) among the opposition.

Technically, it is possible to inspect all traffic, using DPI (Deep Packet Inspection). However, it is simply USELESS to do so when too many false results are produced.

For example, if more than 10% of SMS messages contain the word 'movement' and there are >1000,000 messages in 24 hours, it will result in 100,000 SMS messages that have to be read or further processed to find real 'movement' related messages, in 24 hours. A monumental task!

It may be possible to beat the system by encouraging everyone to send messages that contain suspicious KEYWORDS.

Maziar Irani / January 18, 2010 10:03 AM

Just to note, there is a easier tool to encrypt email called "TMEEC" Trend Micro Email Encryption Client. You can send a email to anyone in the world and without any additional software installed and it will be encrypted. Only the pepole who is on the TO field will be availbe to read the email.

EssaM / January 18, 2010 11:25 AM

I appreciate the informative comments but I feel that such information is much more useful when they are in context. For example, most people consider monitoring nefarious if they question the integrity of the monitor.

Take for example communication in the U.S. under the patriot act and its various appendages. Every email, posting, cell communication, data transmission, including postings to this site and every other news site and blog site is monitored. It may be useless but it is being done!

Is that good or bad? Well, most people in the U.S. tolerate it and those who think it is wrong can't get the legal system engaged. I suspect it is the same in Iran.

Jay / January 18, 2010 9:08 PM

Be careful that eve when you encrypt the message
the regime gets info who sends to whom, which is informative to them to chart groups. So try to send from and to anonymous adresses.

Japi3 / January 18, 2010 10:24 PM

Deep packet inspection involves inserting equipment into a flow of online data, from emails and Internet phone calls to images and messages on social-networking sites such as Facebook and Twitter. Every digitized packet of online data is deconstructed, examined for keywords and reconstructed within milliseconds. In Iran's case, this is done for the entire country at a single choke point, according to networking engineers familiar with the country's system. It couldn't be determined whether the equipment from Nokia Siemens Networks is used specifically for deep packet inspection.

Ano / January 18, 2010 11:00 PM

I was also curious about the level of security through skype ?

amir / January 19, 2010 5:50 AM

Too bad viewing the episode of Frontline is restricted to the US. Are there any mirrors of this episode viewable outside the US?

Anonymous / January 27, 2010 1:52 AM

>When you send an email from -- let's say Hotmail to Gmail - it is routed between Hotmail's servers and Gmail's servers in plain text for the whole world to see.

I would consider changing the phrase 'it is routed' to 'may be routed' (in plain text). With the advent of SMTP support for SSL and TLS which has been around for about 10 years, many of the MTA's support encrypted transfer of email traffic between each other.

David Bennett / September 18, 2010 12:06 PM