A comprehensive report on online censorship in Iran has been published.
Key Findings:
• The Iranian government enforces complete blocking of several network protocols, including Socks5, SSTP, PPTP, IKEv2/IPsec, L2TP, SoftEther, pure OpenVPN, WireGuard, and Tor. However, some protocols—such as Shadowsocks with obfuscation, OpenVPN+Cloak, WireGuard with obfuscation (as in AmneziaWG), MTProto, SSH, obfs4, and QUIC—experience only partial blocking or bandwidth throttling and remain operational for many users.
• A significant challenge arises when foreign IP addresses transmit a large volume of unclassified data. Over time, such addresses are identified and subsequently blocked, leading to the gradual restriction of obfuscation-based protocols like V2Ray/XRay within hours, days, or weeks.
• Censorship measures vary across different IP ranges, categorized into three lists:
1. Whitelist: Contains “approved” IPs and networks, either manually exempted or not associated with known hosting providers. These addresses have shown no VPN or proxy activity in the past three months.
2. Graylist: Includes IPs flagged as potentially suspicious but not yet warranting a full block. Traffic to these addresses undergoes closer inspection. This category predominantly consists of IPs from well-known hosting services.
3. Blacklist: Fully blocked addresses.
• Access to international DNS resolvers is heavily restricted through both IP filtering and fingerprinting of widely used DNS clients, such as YogaDNS. This measure aims to push users toward ISP-controlled, censored DNS services. To circumvent these restrictions, many users deploy private DoH (DNS-over-HTTPS), DoT (DNS-over-TLS), or DoQ (DNS-over-QUIC) servers.
• In 2023, Iran implemented Active Probing, a technique where government-controlled clients attempted to establish connections with servers to detect VPN activity and enforce blocks. However, by early 2024, an upgrade to the country’s Deep Packet Inspection (DPI) infrastructure eliminated the need for active probing.
• The censorship framework outlined in the report remained effective until December 2024. However, a sudden and unexplained relaxation of certain restrictions was observed that month. The reasons behind this change remain unknown, as does whether the shift is temporary or permanent.
Source: https://raw.githubusercontent.com/irgfw/irgfw-website/ad91766f62b8b666eb705a5d90136bba0f72fc42/static/files/project1/IRGFW-Report1-English.pdf