Shahin Sorkh's Blog

My Personal Weblog

 updated at 07 Dec 2019
With ♥️ by Shahin Sorkh Hosted on GitLab Pages — Theme by mattgraham
Can be found at Telegram , Twitter , Instagram , LinkedIn , StackOverflow Can be called via email or mobile

What is it like to be a dev in Iran

Iran   Censorship   Sanctions   Coding

It is going to cover censorship and sanctions. Read in Russian.

Censorship


Censorship comes along with traces of governments always!

In many countries all over the world, governments tend to block their citizens to access some certain domains/ips across the internet. Some say, “It’s there to keep culture and moral healthy!”. They block pornographies and so. Even in the US we can find certain domains that are blocked and cannot be accessed like those which contain CP.

However, in Iran (and most other countries) that’s not the case!

They block many things. We cannot visit media websites like BBC, Fox News or VOA, social media websites like Twitter or Facebook, messengers like Telegram, WeChat, Kik or SnapChat, or services like YouTube, and —you may not believe— but even some SourceForge subdomains!

Why? Because that is how the totalitarian government can live. Though they sell VPNs and proxies, they spy on their people and they eliminate unwanted elements of the society way easily. You may never find out what happened to your friend who you just visited few days ago!

The filtering/cyber-censorship is a really profitable industry! For both the government and private companies, since they get paid much more than a typical IT company here!

Sometimes, you see they place heavy filtering on some services, e.g. Telegram, to promote their own service! Sometimes, they say fancy things about a service, for example: “It is Israeli!” I mean, so what? Haven’t you used Israeli weapons during the war with Iraq (1980-1988)? It wasn’t a thing then, but now it is!

Sometimes, they break SSL/TLS! I recently saw something similar: Kazakhstan intercepting HTTPS Traffic, officially MITM-ing their citizens!

Ok, what is affecting me, as a dev? You know, their systems are not perfect. Sometimes you come up with losing access to some must-have services, like GitHub! Why? Because the filtering program dropped the connections to GitHub due to an accident or misconfigs! Sometimes, you come up with totally broken SSL handshakes! Sometimes, SSL handshakes can take long forever and break at the end! Sometimes, CloudFlare resists serving due to broken TCP packets!

It is a pain in the ass when you are going to learn something new; no YouTube, no Reddit, no Medium, painfully surfing the web and so on.

I don’t talk about low quality internet access, like 200kB/s on home WiFi!

Sanctions


If you follow world news, you have definitely heard about sanctions against Iran because of Iran’s nuclear programs. Though it is not just limited to physics and nuclear things. Many companies have obeyed US sanctions against Iran.

Nobody really cares about what would happen to the people. The people are worth nothing. That’s what they believe. Both Iran’s government and international institutions, you say the UN.

People are dying due to an absence of medicines. People are starving. The economic system is falling apart and the politicians and their children are all abroad! None of them have any sense about what is going on the streets.

What happens to us, IT men? Sanctions!

What are we missing? FOSS! We are missing Free Open Source Softwares! You see?

Sanctions of Docker

Few months ago, the Slack team, decided to join the sanctions. They simply deleted every single user who they found out is Iranian! With no real prior notices! Many people have lost their data on Slack and no one was going to do anything! They had some Iranian users who were living abroad for many years and hadn’t even visited Iran in a long time, but their account got deleted along with others! There were lots of people complaining about it on the Twitter. And even more. (I guess you got the idea.)

We cannot have MasterCard/Visa easily, thanks to economic banking sanctions. Thus, we cannot create AWS account, we cannot buy anything on Amazon/Ebay, we cannot have Google Store console, we cannot use (almost) any enterprise service.

Android dev returns HTTP 403, Docker docs returns HTTP 403, bintray returns HTTP 403, Schema.org returns HTTP 403, GitLab returns HTTP 403 and so on. (There is a long list available)

Dev experience


You may have no sense of what I am talking about. Imagine you are supposed to build something with a new technology you know nothing about for your company. The first step is to find the technology documentations and try to figure out how to make it work.

After Googling the name of it, you find many related links including links to the official documentation. You click on the link and suddenly an annoying, ugly, stupid page pops out which has a big text on it “You are sanctioned by the US and we cannot serve you”.

You get back to the Google results and try to find something else. You see YouTube and Medium links there but you know they are censored or unavailable for where you live in and you cannot use them either.

A link to a StackOverflow question takes your attention and you click on it. The question is about something likely advanced in that technology and you have no idea what are they talking about! You have no choice to get to Google results, page 2. On page 2 to page 100,000 there is no related links!

You go to your boss and tell them, “This technology is not working here. Find something else or cancel the project”. The next day, you are looking for a new position somewhere else!

How do we survive?


We have to bypass both, sanctions and censorship.

HTTP proxies


Proxies are one of the (currently almost) working solutions.

It is not easy to find a proper proxy, it is not safe to use any proxy, and proxies don’t cover everything.

There is a personal community funded proxy server named FOD, which only accepts some certain domains and denies any other domain. It is not an easy task for everyone to config their system to use that proxy for those certain domains. And they don’t cover all domains, the list is getting longer whenever someone finds some domains not covered and notices that to the server owner. Another limit is that, this proxy does NOT cover censored services.

DNS proxies


There is a DNS proxy running by Sharif university of technology which can bypass sanctions only. But since it is recommended by the government, it doesn’t sound like a safe option! In the front page, they have tutorials for users to set their DNS server on the OS to point to the proxy servers, means the proxy server is going to resolve all your DNS queries! Personally, I don’t like a third party (which is recommended by the government), to spy on all my DNS queries. I won’t change my DNS server from 1.1.1.1 to theirs!

Public VPNs


Not a safe, but a working solution.

Free and paid VPNs are mostly driven by the government. They do spy on every single request and investigate any suspicious thing they recognize. Obviously compromising safety and privacy.

Any other non-governmental VPN gets banned by the government and you need to look for new working VPN 2-3 times a week!

Private VPNs


Safe and working but an expensive solution.

There are some private VPNs out there you can use, or you can even run your own, they are completely safe and privacy friendly, but they’re also expensive! Not all people can buy/serve a private VPN.

TOR project


The most reliable but not the best solution.

TOR is the unbannable privacy promising solution out there, which bypass obviously both, sanctions AND censorship. But there is a big problem with it, not all servers like to get traffic from TOR. For instance, CloudFlare annoys when you are accessing its servers through TOR. Google makes you solve lots of reCaptchas. And some servers simply don’t serve anything due to odd TCP traffic of TOR.

Besides, Iran’s government has tried to limit connecting to TOR, though they can never block TOR completely (unless they block foreign servers entirely!), but they prevents you to connect to the TOR network directly. There comes obfs bridges! However you need to get to bridge.torproject.org somehow first.

How do I survive


I use a mix of all the above!

I have configured bind/named to proxy few certain domain queries through shecan and privoxy to tunnel all supported domains by FOD through FOD, and others through TOR.

I also use GitHub gists to save and spread TOR bridges among trusted people.


I just wanted to write about how difficult can it be to do all the things people do daily without even thinking about it! I bet you cannot imagine internet without YouTube. You never experienced losing your data all of a sudden with no prior notice! You cannot believe how is it painful to survive heavy censorship and sanctions. You have no idea how is it like to wait for a VPN connection for more than 10 minutes, and then get rejected!

The painful fact is “All this is happening just because we are living in Iran, where no one cares about the people. Not even the people!”


Update 29 Jul 2019


At first, I would never thought this blog is going to get this mass of feedback! Thanks to all kind people commenting literally everywhere! Below this page, on Reddit, on Hacker News and on Twitter, people who reached out via WhatsApp, Telegram and Hotmail!

Thanks to DigitalEcosystems for the Russian translation. And thanks to Lahiru Himesh Madusanka for his supporting blog post.

And I have to apologize that I didn’t know I need to go to disqus page to approve guest comments! This is my first try with disqus to be honest.

I was updating this post to cover new GitHub actions, but it needs its own post.

Read more. (to be continued..)

Note: Please fix my typos and grammar mistakes (source). Thanks for reading.