18 comments

[ 3.5 ms ] story [ 38.3 ms ] thread
I appreciate the final paragraphs which suggest a solid method for those inside the country and under this oppressive regime to remain connected without surveillance. I wonder how many are up to this, and what active resistance or movements inside the country look like these days.
I wish this article went into more details on what the "National Information Network" is. I would guess it's at least a set of nationally managed DNS servers that will always resolve national IPs even if upstream global DNS is cut off.

Looking at a bigger picture though, honestly I think we're seeing the end of the raw global Internet for the masses. 20 years ago, it seemed impossible, but here we are.

It's simply not going to be possible to meaningfully use the Internet unauthenticated and unapproved in a few years. Costs to reach mass audiences online will increase until only the big players can do it, and it'll be their platforms or nothing. There's going to be no room for anything that those with millions and billions of dollars don't want or can't make money off of in some way.

Overall, this makes me want to reduce the role of the Internet and tech in my life. I don't need the fastest data plan, latest PC, newest phone, or whatever AI trend is hot to use the apps I need for daily life or to line up events and meetings with others that I actually know.

> WireGuard uses UDP and a small handshake footprint, making detection and blocking via DPI harder.

Not quite true. Wireguard is already actively detected and suppressed if necessary. There's already a fork that employs basic changes to improve the protocol in this regard. AmneziaWG was shown to be more robust to detection for now.

https://docs.amnezia.org/documentation/amnezia-wg/

Too bad managing WG is such a pain and Tailscale/Netbird don't support this protocol yet. The following two issues need attention:

https://github.com/tailscale/tailscale/issues/10696

https://github.com/netbirdio/netbird/issues/1096

How do people do this in China?
>SMS in Iran is unencrypted.

SMS everywhere is unencrypted

> IPv4 addresses are limited and constantly reallocated. Most are rented and passed between hosting providers, resold between datacenters, or migrated across regions. The Iranian filtering system uses GeoIP databases and BGP information to decide which IP ranges to trust and which to block. But those records lag behind the changes.

This is surprising to me. Surely iranian ISPs would have directly allocated IP space?

Or alternatively, surely Iran's gov would be in the routers and be able to blackhole any routes leaving the country?

If you are ever thinking of writing somethings like this: please be aware that people could be executed based upon the validity of your assumptions and advice offered.
The Starlink gateway out is a good solution, but I sure wouldn't share it with friends/family over the ISP networks if at all possible.
Excellent write-up. Sadly Starlinks are also illegal and the gov has been cracking down on them.
(comment deleted)
Aren't mesh networks the ideal case for this type of scenario?
How easy is detecting a transmitting starlink terminal? I assume is pretty easy but i don't know if the phased array antenna and beamforming make detecting from ground harder. Could i detect it with a SDR while driving around, wardriving-style?
Also hosting technical wikis would be super useful (because there won't be any other way to use ChatGPT or google stuff), and efficient (storage wise) if deployed with kiwix
This "National Information Network" seems like a blueprint all countries should apply. While I also do not want to have a censored internet and I am a fan of international collaboration, Cyber Warfare is unfortunately common nowadays and turning a blind eye on protecting the fundamental services it is quite stupid.
[flagged]
I do what i can do, I do care about surveillance by Google, Meta and others, that's why i wrote a book on privacy. This was just an observation i shared.
Sounds like the NIN is just domestic sourcing for the infrastructure that it applies to.