| ▲ | averysmallbird a day ago | |||||||
There's no single mechanism. Iran's internet is diverse at the edge, and bottlenecked at the international gateway. Censorship, throttling, and (presumably) surveillance occurs at both layers. In some cases, also the region matters (Sistan and Baluchistan for example have experienced extended blackouts). In part that heterogeneity is because they still ideally want to keep businesses or VIPs online to mitigate the economic loss or logistical issues. Consequently, the actual means of blocking tends to be on an ISP basis: some will simply drop packets, some will have left certain endpoints open, some will leave international DNS open, etc etc. All that changes when activists notice, exploit the opening, and then the ISP finds out. And then sometimes the TIC (the gateway) will impose blanket limitations or throttling. My impression is that Iranian intelligence cares less about means than effectiveness, and ISP operators want to keep their license, livelihoods and lives, so they figure out how to meet the mandate. Given that this is something like the fourth blackout in recent years, they've gotten enough practice that there's few options out (that aren't Starlink). | ||||||||
| ▲ | helloaltalt a day ago | parent [-] | |||||||
> Consequently, the actual means of blocking tends to be on an ISP basis: some will simply drop packets, some will have left certain endpoints open, some will leave international DNS open, etc etc. All that changes when activists notice, exploit the opening, and then the ISP finds out. And then sometimes the TIC (the gateway) will impose blanket limitations or throttling. Your international dns is interesting post, can dns over https still work like cloudflare's 1.1.1.1 (I don't think cf would work but still) or any other service? Is there any iranian person in here hackernews who can test if international dns query works? There are ways to send some very important data (although small so a little limited but I think in current time if it can help 1% it helps) that I saw that we can program dns to send each other arbitrary data as well In fact there is a tool which can in fact run dns queries and create a sort of finger like protocol on it called dns.toys https://www.dns.toys/ Which can basically have some cli application like experience on top of dns and there msut be dns tools for communications as well. | ||||||||
| ||||||||