A colleague sent me a link to a fascinating discussion of Iranian internet traffic patterns surrounding the election and what they say about what methods of access to and distribution of media the Iranian regime cut off to control information.

They’re using something called, amongst other things, “traffic shaping.” Basically it allows different types of traffic – web browsing vs. SSH vs. file-sharing vs. WoW vs. whatever – to be throttled or shut down without affecting other applications. As they note, WoW traffic went undisturbed but access to Flash video was all but eradicated. (I choose to forgive their mangling of WoW cosmology – Azeroth is a continent and the planet on which it is found, not an island – in light of their clever off-hand suggestion that WoW be a meeting place to organize protests in the real world.)

Looking at the final graph, here’s what they most blocked in descending order:

  • SSH, normally used for encrypted command-line access but also very useful as a sneaky way to proxy web traffic. If you have a co-worker who can always get to anything online no matter what your IT staff does, and SSH is allowed, that co-worker is using an SSH proxy. (For purposes of full disclosure, guess who’s shite at getting that to work? Moi. I’ve just never cared that much.) Other possible transgressive uses of SSH: terminal session to an external host that has a command-line IRC client installed; encrypted file transfer; etc. If the chart listing percentage dropped is also a rough guide to their list of concerns then they are quite right to consider SSH the most subtle threat to their attempted smothering of information access.
  • Flash, used by basically every video site, including YouTube and many news sites, to embed video.
  • Bittorrent, which of course would make an excellent way to distribute, say, video of the militia murdering someone in the street without it being localized or necessarily traceable to the original person who held the camera.
  • POP, because you don’t want just anyone receiving email from their international friends and relatives, do you?
  • Alternative web ports and HTTP proxies are always a popular target for IT staff who want to control access to porn or, you know, news. I’m going to guess they’re just taking a stab at random ports that are likely candidates for alternate web traffic (say, TCP 8080 or 8181) but maybe they’re packing the serious web filtering heat on that scale. If so then I have to wonder if there are some embargoes being broken.
  • Web cam = citizen journalist/potential YouTube star/access to international friends and family who’ve pointed a web cam at their HDTV tuned to CNN. Verboten!
  • SMB: surprise, Microsoft is super-chatty in Farsi, too. Also file-sharing, though gods help the poor bastard who’s down to trying to share drives across international lines. Any modern ISP that is at all conscious of what it’s doing will be blocking this at its own borders anyway.
  • Then, waaaaaaaaaaaaaaaay down the list: normal old web traffic, email (I’m assuming they mean SMTP and IMAP only, since they list POP separately) and FTP.

So, related to my web filtering comment above, I don’t know a damned thing about what embargoes are in place. Ever since I got yelled at by a corporate VP in 1994 for calling up the Commerce Dept. on my own initiative to ask them about regulations related to international shipping of books that discuss encryption I’ve kind of let the lawyers worry about that stuff. That said, the ability to do this kind of traffic shaping on this scale suggests access to equipment that I would expect is embargoed. I don’t know, though. Maybe they can just buy all their Networking Company X equipment directly from X’s contracted manufacturer in China, y’know? I sure don’t. (Know, that is.) Maybe they’ve got enough people sitting around that they can just write up manual access-lists and try to filter everything by port on whatever devices they’ve got that can take ACLs and that’s why they’re only blocking some of this. I don’t know. In some ways the article raises more questions than it answers, for me, since it makes me want to know the specific techniques and technologies being applied.

All that aside, doesn’t it just kind of stab the ghost of my freshman self through the heart with an icicle to see the internet used to limit information and mask access to the truth? Yes it does. Why it still surprises me I’ll never know.