The Proxy Fight for Iranian Democracy

If you put 65 million people in a locked room, they’re going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran’s crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC.

A proxy server is a simple bit of software that you run on your computer. It effectively lets you share your computer with anonymous strangers as a “repeater” for content that they aren’t allowed to fetch themselves. For example, an Iranian web browser might be manually configured to use your computer (identified by an IP address and a port number) as a Web proxy. When your anonymous friend reads twitter.com, or posts a tweet, the request goes via your computer, instead of to Twitter’s web server directly. Except for a little delay, and the fact that your friend gets to see what the uncensored Internet looks like from New York or London or São Paolo instead of Tabriz or Qom, surfing through a proxy is pretty much like surfing without one.

As you might imagine, open web proxies are valuable commodities in places where it’s forbidden, possibly dangerous, to surf the Internet. Iran’s opposition movement has been vigorously trading lists of open proxies over the past week. And as you might further imagine, the Iranian government censors have worked overtime to identify these proxies and add them to the daily blacklists.

As an experiment, we geolocated a list of about 2,000 web proxies (unique IP addresses and port numbers) that were shared on Twitter and other web sites over the course of the last week, to see if we could discern patterns in the places that are hosting them. Most of these are no longer reachable from inside Iran, of course, precisely because they were made public. The following map shows the distribution of those proxies worldwide.

proxycount.png

The USA and Western Europe were well-represented, but so were China, India, Russia, Romania, Bulgaria, Vietnam, … 87 countries in all, a pretty impressive breadth of representation, considering the relatively small size of this sample. (You can also see about a dozen Iranian IP addresses represented in the set. Not surprisingly, all but one of these belong to networks originated by DCI, the government-run service provider who operates the modern-day Internet equivalent of the Alamūt Castle.)

Here’s a geographic visualization of the proxies, drawn in Google Earth. In the first one, we’ve drawn Iran in green, with some of their domestic network sketched in white, and their major international connections drawn in red. Each of the colored arcs represents a single open web proxy; they are “fountaining” out of a cable landing or Internet traffic exchange point that makes approximate sense for their Iranian Internet routing. For example, all of the web proxies in Europe are drawn from the Marseilles termination of the Sea-Me-We-4 cable. The web proxies in Turkey are drawn in light blue, radiating from Ankara, where the Iran-Turkey gas pipeline passes through on its way from Bazargan. Those unusual Iranian proxies emerge from Tehran, and so forth.

third_2.png

If we rotate the globe, you can see how the countries of Asia are doing their part to keep the bits flowing in Iran. India, China, South Korea, Taiwan, Vietnam, and Japan are all visible sources of web proxy activity.

third_3.png


I’d like to be able to say that these maps are a measure of the strength of the democratic impulse and volunteer spirit in all the countries of the world. But that might be a stretch. You see, looked at another way, an open proxy is a security hole, something you might find in a machine that’s been compromised, or at the very least, badly administered. Security purists think of them as the “unlocked gun cabinet” of the Internet — a resource for anyone who wants to abuse a website, commit fraud, cover their tracks.

Some of the proxies in this dataset are undoubtedly fresh, created by people who want to keep the Internet alive for the Iranian people. But many of these proxies have probably been around for months or years, mapped out by those that map out such things.

We did see a few organizers try to explain the concept of an ACL (Access Control List) to all the new proud parents of open proxies. If you are diligent, it is possible to restrict the anonymous users of your new proxy to just the Iranians, or even just the Iranian non-government networks, if you have a good enough list of the IP address blocks (network prefixes) in question. But I expect that the complexity of configuring anything tighter than an “open access” proxy is going to prove too high a barrier to entry for most people who might volunteer to run one.

For one thing, we know how hard this is. Renesys has pretty good lists of per-country networks and their transit patterns, based on our analysis of the global routing tables, and trust me, they take some work to maintain. And even given good maps of Iran’s address space to work from, ACLs are notoriously hard to test, if you don’t have Iranian friends who can try your server from inside the protest zone and report back to you with problems. Most people aren’t going to bother, and that’s probably okay. Freedom is messy. There’ll be time for security later.

world_proxies.png


Perhaps the strangest thing of all, given how diverse and active and vocal the proxy server farmers have been, is that by and large, it isn’t working. The rate with which new proxies are being created has slumped over the last few days. It’s getting harder and harder to propagate new proxies to the people who need them, as the government consolidates its hold on the filtering mechanisms. Any new proxy addresses that are posted to Twitter, or emailed, will be blocked very quickly.

People we talk to inside Iran say that almost no proxies are usable any more. Freegate, a Chinese anti-censorship application that makes use of networks of open proxies, has proven popular in Iran. But this week, it, too, has been experiencing problems. Many popular applications, like Yahoo! Messenger, have stopped working. The authorities are said to be using power interruptions as a cyberweapon, causing brief outages during rallies that cause computers to reboot, just as people are trying to upload images and video. The net result, as Arbor’s excellent analysis shows, has been a drastic reduction in inbound traffic on filtered ports since the election.

If there’s a lesson here for the rest of the world, perhaps it’s this: Install a few proxy instances on machines you control. Learn how to lock them down properly. Swap them with your friends overseas who live in places where the Internet is fragile. Set up your tunnels and test them. And don’t wait until the tanks are in the streets to figure this out, because by that point, you may have already lost the proxy war.

30 comments
John (not really)
John (not really)

Check this out. You can download that, link is at the bottom. It´s a proxy finder tool. Proxy Finder is the fastest fresh proxy list leech tool.Automatically search & leech proxies servers from internet, which offers often updated HTTP proxy list. In 2 minutes, it will get 10000+ fresh proxy servers. Intelligent and Automatic - It just connects to hundreds of internet forums and web sites that publish free public proxy lists daily, then picks up proxies automatically. Search Very Fast - Just in 2 minutes, it will give you 10000+ public HTTP proxies. No any duplicate. Fresh - All the fresh proxy lists that be updated very often, most be updated every day even every minute. Easy - Very easy to use. Just need to click one "Find" button. Filter - Automatically remove gov, military & planetlab IP. Random Order - All the proxies addresses will be displayed in random order. Download link http://rapidshare.com/files/117084065/pougramaBaucana005.rar

behrang
behrang

I am iranian and becauase in our country we donot have any access to some websitesbecause of filtering by government, so I would be grateful If you can send me some anticensorship and proxy websites to use them for visiting websites

yokim's me2DAY
yokim's me2DAY

김용호의 생각 sookyung님 here's an idea: have yr friend consider supporting her ppl in Xinjiang by providing open proxies http://twurl.nl/fa5xaf HT Mlsif님

parsa
parsa

plz send me new proxy every day

psalm34one
psalm34one

Great info! That is why there is #irantech. The Iranian govmt. even tried to break through that as well and take it down:-)

arash
arash

send me proxy

hamid111
hamid111

i need a new anti filter

youtube proxy
youtube proxy

there are tools in checking whether you're being block or not but why bother there are a lot of proxy sites out there if there's a time that you can't login to website just try using a proxy site if it still doesn't work then there must be a deeper problem than block

orion
orion

Please be careful replying to people asking here for proxy info. The safest thing to do is work with others, configure your proxy correctly, allowing only Iranian IPs. http://nedanet.org/ has been set up to support the underground effort. PLEASE do not post proxy info in public. You should submit your proxies to the addresses listed on the web site, and then they make their way in-country, as secure as people can make it. There is also an ACL based tor network being set up. nedanet.org has info on that also. -orion

pari
pari

i'm really sorry for my self and also for other iranian young people!there is abig qestion before asking any question! where is our freedom whit this governments?????!!!!!!!!!!!!!! i need a proxy too!

adel
adel

i need to Free Proxy Sites!

terra
terra

ive been running tor for a week, as a relay. id like the just be able to help those who need it, but as i check my logs from a packet app, i see in the past few days almost 1000 hits that lead to serious pedo photo sharing sites. so this sets up an issue for me, can i easily limit use of tor, and if not, does this mean theres now 1000 records of my personal ip on all these ped sites? any advice is appreciated...

iman
iman

pay attention ... gmail isn't filtered yet :D

saman
saman

i need an anti-filter.

Alireza
Alireza

I'm from Iran, can I have your proxy?

Alireza
Alireza

I found this website while I was searching for an anti filter (I mean in Iran), so I'm very happy to be a volunteer to test these proxies, but how can I get these proxies?

mehdi
mehdi

plz send me new proxy every day

Collin Anderson
Collin Anderson

@anon8mizer -- Chinese spammers seem to be having a good time with all these proxies. I accidentally left mine open and notice most the hits were Chinese ips towards advertising sites.

Collin Anderson
Collin Anderson

Jim, could we develop a tool to automatically test whether a proxy (or website) is being blocked? Time to find volunteer servers in Iran, perhaps?

anon8mizer
anon8mizer

I created a proxy. I noticed that very few connections came in from Iran. Most have been from China.

Arrash
Arrash

I'm an Iranian, lucky me

Nart
Nart

Quick question: When you say "no longer reachable from inside Iran" did you manage to test them from inside Iran? How many of the 2000 are still accessible from Iran, how many are still accessible to anyone? I'm wondering how many are no longer reachable just because they are random open proxies and how many are no longer reachable because the Iranian authorities blocked them? {Excellent question, Nart. We were told that most have been closed, but we were unable to independently verify that. Perhaps we need volunteers inside Iran to run open proxies, so that we can use them to test whether Iran can still see these open proxies! It gets a bit recursive. --jim}

Glenn Rempe
Glenn Rempe

This analysis seems to focus on traditional open web proxies. It would be interesting to understand the usage and rate of growth change for the Tor (The Onion Router) network which provides secure anonymous proxy services. I added a Tor Relay yesterday, and I'm sure I'm not alone. You could track and geocode the number of nodes in the Tor network, and the exit points available. http://www.torproject.org/

Collin Anderson
Collin Anderson

I'm curious, how many of these proxies are AWS instances (174.129.*.*)? {Three, all out of equinix ashburn. --jim }