ir   Iran

During the June 2025 Iran shutdown, circumvention tool performance diverged sharply by transport design. Psiphon's multi-protocol architecture sustained 1.5 million concurrent users—roughly one-third of its normal Iranian base. Lantern's "proxyless" protocol (domain-fronting via CDN, ~40% of Lantern's Iranian traffic) showed moderate success. Tor usage collapsed during the blackout but bridge connections surged and rebounded quickly after lifting. BeePass (serving 500k+ daily users at shutdown onset) used live A/B testing of port/obfuscation-prefix combinations to probe the censors' blocking parameters in real time. The Ceno Browser's P2P network grew from 600 active peers on June 13 to ~8,000 by July 11, indicating that decentralized fallback paths stayed up even during peak blocking.

2025-iran-shutdown-measurement §Tool Performance evaluation

The June 2025 Iran shutdown—carried out during the Iran-Israel war beginning ~June 19—did not use BGP route withdrawals as in 2019. Instead, authorities applied service-level restrictions at the national border: DNS poisoning of foreign destinations, protocol whitelisting permitting only pre-approved domestic services, and DPI to block circumvention-tool traffic. Iran's international traffic fell roughly 90% while the country's BGP routes remained advertised, making the shutdown invisible to BGP-based monitoring systems. OONI measurement volume, which totalled 121,333 in June 2025, collapsed to under 200 submissions on June 19-20.

2025-iran-shutdown-measurement Executive Summary / §2 detection

During the June 2025 shutdown, Iranian authorities blocked international One-Time Password (OTP) SMS delivery, preventing new sign-ins to foreign secure-messaging platforms and VPN services. This forced users toward government-approved domestic platforms that lack security and privacy protections. The blockade of OTPs effectively weaponized account-recovery flows as a secondary shutdown layer, disproportionately affecting users who needed to activate new circumvention tools during the crisis.

2025-iran-shutdown-measurement §Human Rights Implications policy

Article 19 documents that Iran's National Information Network (NIN / SHOMA) was designed with explicit reference to China's Great Firewall as a model, with institutional mirroring: Iran's Supreme Council of Cyberspace parallels China's Cyberspace Administration of China, and both governments share a "cyber sovereignty" doctrine used to justify domestic content controls and cross-border technology transfer. The report frames Iran's filtering infrastructure as deliberately architected to replicate GFW capabilities, not as an independently developed system.

2026-article19-tightening-the-net §2, §3 policy

Article 19 documents that Iran combines technical filtering with formal coercion of major foreign platforms (including Telegram, Instagram, and WhatsApp) to comply with content removal orders under threat of full blocking. The report notes that Iran's 2022 Women Life Freedom protests accelerated platform blocking when foreign operators refused compliance, demonstrating that the censorship system operates in two modes: coerce-and-allow for compliant platforms, block for non-compliant ones. Domain fronting via these platforms is therefore subject to sudden revocation if political conditions change.

2026-article19-tightening-the-net §6 policy

The report maps specific Belt and Road Initiative Digital Silk Road projects through which Chinese technology vendors have transferred censorship and surveillance infrastructure to Iran, including fiber backbone investments, data-center co-location agreements, and equipment supply chains. Specific vendors named include Huawei and ZTE as network infrastructure providers, with the report noting that equipment exports include filtering-capable hardware that Iran's ISPs have deployed at network choke points.

2026-article19-tightening-the-net §4, §5 deployment

NATA requires no endpoint compromise, no Tor-browser modification, and no payload decryption; it operates solely from (1) an upstream gateway controlling Tor TCP connections via standard Linux tc/wondershaper rate-limiting and (2) one or more adversary-controlled exit relays passively recording packet traces. The shaper identifies Tor connections using flow-level metadata (client IP, relay IP, port, transport protocol), meaning the adversary needs only ISP or AS-level vantage, not host-level access.

2026-fan-activeflowmark-assessing-tor §III-A, §IV-A detection

During the January 8–9, 2026 shutdown, Iran's .ir DNS zone became unavailable in-country, with resolution routed exclusively to a single nameserver located in Amsterdam. This infrastructure takeover was simultaneous with the routing blackout, eliminating DNS as an independent resolution path.

2026-free-the-internet-iran-internet-shutdown §Abstract deployment

Iran executed a full-stack internet shutdown beginning at 18:45 UTC on January 8, 2026, withdrawing BGP prefix announcements nationwide and causing routing failures that prevented clients from completing TCP handshakes. Traffic dropped to effectively zero within hours of the shutdown's onset.

2026-free-the-internet-iran-internet-shutdown §Issue body / Abstract deployment

The January 2026 Iranian shutdown encompassed not only global internet connectivity but also domestic inter-network connectivity and PSTN telephony — even domestic phone calls were reported impossible during the blackout period. This represents a broader telecommunications blockade beyond IP-layer isolation.

2026-free-the-internet-iran-internet-shutdown §Issue body deployment

Iran's January 8, 2026 shutdown was confirmed by Cloudflare Radar traffic telemetry showing a near-instantaneous collapse in Iranian internet traffic to effectively zero. The shutdown was implemented rapidly enough that the Cloudflare Radar timestamp (18:45 UTC) serves as a precise onset marker.

2026-free-the-internet-iran-internet-shutdown §Issue body / Cloudflare Radar source evaluation

During Iran's near-complete February 2026 shutdown, DNS-based tunneling (dnstt over UDP port 53) was identified by the community as the only functioning circumvention method, with participants successfully sharing public dnstt server configurations to maintain connectivity.

2026-gusgustavo-iran-internet-shutdown Issue body / community comments defense

Iran experienced a near-complete internet shutdown on February 28, 2026 beginning at approximately 07:00 UTC, with Cloudflare Radar measuring ~98% connectivity loss relative to the previous week, affecting Tehran, Fars, Isfahan, Alborz Province, and Razavi Khorasan simultaneously.

2026-gusgustavo-iran-internet-shutdown Issue body evaluation

IODA data confirmed the February 28, 2026 Iran shutdown was implemented via BGP route withdrawals and collapse of IP-space announcements, not merely application-layer blocking — the underlying routing infrastructure itself was withdrawn.

2026-gusgustavo-iran-internet-shutdown Issue body (IODA reference) deployment

Community experimentation during the February 2026 Iran shutdown revealed heterogeneity across ISPs in what survived: participants tested different DNS resolvers and ISPs to find working dnstt paths, indicating the BGP withdrawal was not perfectly uniform across all Iranian autonomous systems.

2026-gusgustavo-iran-internet-shutdown Issue comments evaluation

CensorLess's threat model explicitly relies on a rational-censor assumption: the censor will not block entire cloud-provider IP ranges or domain namespaces because the collateral damage to legitimate business services would be politically and economically unacceptable. AWS Lambda's inherent IP-address ephemerality (new IPs on each invocation, function lifetime up to 15 minutes) means even censors willing to attempt enumeration face a continuously shifting target distributed across the cloud provider's global address space.

2026-kang-censorless-serverless §4.2 defense

The paper documents the compounding effect of U.S. sanctions and Iranian state censorship on app distribution: sanctions block Iranian users from Apple's App Store via IP/payment geolocation, while Iranian censorship simultaneously blocks Apple's CDN endpoints for app downloads. The combined effect forces 100% of iOS app distribution in Iran through unofficial channels, making the sanctions-censorship interaction a structural condition rather than an edge case.

2026-khanlari-iranian-ios-stores §1, §2 policy

The study finds that apps distributed via Iranian third-party iOS stores frequently contain embedded third-party tracking SDKs and piracy libraries inserted during repackaging, and that cracked/modified binaries have stripped or replaced code-signing certificates with enterprise distribution certificates. The paper quantifies developer revenue loss from piracy and documents that the repackaging process introduces both surveillance and integrity risks that users are generally unaware of.

2026-khanlari-iranian-ios-stores §5, §6 evaluation

Khanlari and Rahmati conduct the first comprehensive empirical study of Iranian third-party iOS app stores, collecting over 1,700 iOS app packages from three major stores. The ecosystem emerged because U.S. sanctions barred Iranian users and developers from accessing Apple's App Store and developer services, while Iranian censorship simultaneously blocked official app download infrastructure. The stores distribute both Iranian-exclusive apps (unavailable on the App Store) and cracked/modified versions of paid international apps.

2026-khanlari-iranian-ios-stores §3, §4 deployment

Both Firefox and Chromium leak cleartext DNS before establishing encrypted DNS connections: they first send an unencrypted UDP DNS query to resolve the DoH server's domain (e.g., doh.opendns.com). An in-path censor can intercept and poison this initial query, making encrypted DNS in browsers completely ineffective without additional circumvention of the resolver-lookup step. Additionally, Chromium always includes the SNI extension in the encrypted DNS TLS handshake (e.g., "doh.opendns.com"), leaking the resolver identity even after the initial lookup. No resolver requires SNI to be present for certificate validation when the resolver's IP certificate is configured.

2026-lange-towards §2.4, §7, §10 detection

DNS censorship of encrypted protocols is inconsistent in both China and Iran. In China, Yandex resolvers are censored only when the SNI extension is present; omitting SNI bypasses censorship for these resolvers. In Iran, DoH requires SNI omission for Quad9, Google, Adguard, CleanBrowsing, and NextDNS resolvers, but works with SNI for Yandex and Cisco resolvers. These inconsistencies suggest resolvers have been accidentally missed by censors, highlighting the value of automated tools that trial all resolver-mode combinations rather than hard-coding a single strategy. The support evaluation found 47 resolvers supporting DoH, 16 supporting DoH3, and only 8 supporting DoQ out of ~65 tested.

2026-lange-towards §6.2, Table 2 evaluation

DPYProxy-DNS tested 8 circumvention modes against DNS censorship from vantage points in Iran (AS201295, Mashhad) and China (AS4837, China Unicom). In Iran, DoQ was entirely uncensored even with the SNI extension present; DoH3 worked for all Cloudflare and NextDNS resolvers. Iran's censor operates in-path (not on-path like the GFW), making the "Last Response" mode (wait 3s for the last UDP reply) ineffective in Iran but highly effective in China. Auto-mode averaged 12.32s (median 8.28s) in Iran and 13.78s (median 12.90s) in China to discover a working combination.

2026-lange-towards §6.2, §6.3 evaluation

TCP segmentation (splitting a DNS message into 20-byte TCP fragments) successfully circumvented DNS censorship in China for nearly all resolvers that support TCP. In Iran, TCP segmentation was only partially effective due to the censor's ability to reassemble TCP fragments when system load permits—some runs succeeded completely, others failed entirely across all resolvers. The "Last Response" mode (wait 3 seconds for the final UDP reply) was highly effective against China's on-path GFW injector for all resolvers except the fully IP-blocked Cloudflare 1.1.1.1 resolver.

2026-lange-towards §4.1, §6.2.1, §6.2.2 defense

All major browsers (Firefox, Chromium) issue an unencrypted DNS-over-UDP query to resolve their configured DoH resolver's domain before initiating any encrypted DNS session. In Iran, nearly all tested DoH resolver domains are directly censored at the DNS layer (returning block-page IPs), which renders browser-native encrypted DNS ineffective regardless of whether the underlying encrypted protocol would otherwise succeed. Additionally, browsers always include the SNI extension in TLS handshakes with DNS resolvers even though no tested resolver requires it.

2026-niere-dpyproxy-dns §7 detection

DPYProxy-DNS's automated probe-and-select mode identified a working DNS circumvention in an average of 13.78 seconds (median 12.90s) in China and 12.32 seconds (median 8.28s) in Iran across 100 runs each; best-case startup was 0.32s (China) and 0.47s (Iran) when the first-tried combination succeeded, while worst-case exceeded 30.72s in China and 58.16s in Iran due to the slow Last Response mode (3s fixed wait per attempt) being selected early in the randomized probe order.

2026-niere-dpyproxy-dns §6.3 evaluation

Iran's DNS censorship is largely ineffective against encrypted DNS: DoQ is not censored at all (with or without SNI present), DoH3 works for all tested Cloudflare and NextDNS resolvers, and most DoT/DoH resolvers work when the SNI extension is omitted. Iran's censorship of unencrypted DNS is in-path (queries never reach the real resolver), which means the GFW-style 'last response' technique fails entirely in Iran because the client's original query is dropped before reaching its destination.

2026-niere-dpyproxy-dns §6.2.2 evaluation

TCP segmentation — splitting DNS-over-TCP messages into 20-byte fragments — successfully circumvented DNS censorship for 40 of 41 tested resolvers in China. In Iran, TCP segmentation is inconsistently effective: it succeeds in some scan runs and fails entirely in others, suggesting the Iranian censor can reassemble TCP fragments when processing capacity permits.

2026-niere-dpyproxy-dns §6.2.1, §6.2.2 defense

As of May 2026, at least four major CDN providers — Google (fronted via www.google.com), Fastly (fronted via www.python.org), Vercel (fronted via nextjs.org), and Netlify/CloudFront (fronted via kubernetes.io) — route requests based on the HTTP Host header regardless of the outer TLS SNI, enabling domain fronting across more than 20 distinct high-value destinations. The correct fronting SNI for each CDN is selected by inspecting the SAN list of the CDN edge certificate and choosing a co-hosted domain the censor permits.

2026-patterniha-mitm-domainfronting README / Supported destinations evaluation

On non-rooted Android, user-installed CA certificates are honored by Chromium-based browsers natively and by Firefox only after enabling a hidden debug toggle ('Use third-party CA certificates' in Secret Settings), but are not trusted by native apps that use certificate pinning. This restricts MITM-DomainFronting to browser sessions on non-rooted devices and means standalone apps such as the Google Meet native client cannot be fronted without root access.

2026-patterniha-mitm-domainfronting README / Android setup and warnings evaluation

MITM-DomainFronting achieves fully client-side domain fronting without any server-side infrastructure by intercepting browser TLS via a user-generated personal CA, reading the plaintext HTTP Host header, then re-encrypting outbound connections to the CDN edge with a mismatched SNI. The private CA key never leaves the device, eliminating the traditional requirement for a proxy co-located inside a CDN's network and reducing operational cost to zero.

2026-patterniha-mitm-domainfronting README / Mechanism description defense

The SNI-to-destination mapping in MITM-DomainFronting is hand-curated by inspecting CDN certificate SAN lists with no automatic discovery; the author explicitly flags that these mappings must be refreshed whenever a CDN changes its SAN list or edge topology. This maintenance burden is evidenced by 20 versioned releases published in under five months (through May 18, 2026), making the config effectively a continuously-updated snapshot of 'what CDN fronting pairs are valid from Iran this week.'

2026-patterniha-mitm-domainfronting README / Limitations evaluation

MITM-DomainFronting reached 1.8k GitHub stars and 170 forks by May 2026 and was merged into Xray-core mainline (PR XTLS/Xray-core#4348), making it deployable via a standard v2rayN/v2rayNG JSON config with no separate install step. The author additionally notes that Gemini explicitly IP-blocks Iranian addresses, demonstrating that certain Google services enforce IP-geolocation blocking at the application layer — a layer that SNI-based CDN fronting cannot bypass regardless of the fronted SNI.

2026-patterniha-mitm-domainfronting README / intro and limitations deployment

Obscura proxies resist active probing by never exposing open ports or accepting incoming connections; combined with a large ephemeral volunteer pool (analogous to Snowflake's scale), the vast IP address space and rapid proxy rotation make exhaustive enumeration infeasible without causing sufficient collateral damage to deter the censor — consistent with the absence of observed blind-blocking campaigns against Snowflake.

2026-vilalonga-obscura-enabling-ephemeral §5.1 defense

Authoritarian regimes blocked Snowflake primarily through DPI targeting fingerprints in Pion's DTLS handshake and TLS fingerprints in complementary WebRTC protocols, not through ML-based traffic analysis — confirming that cost-effective censors consistently favor simple, deterministic methods over computationally expensive classifiers.

2026-vilalonga-obscura-enabling-ephemeral §1 detection

IODA Active Probing shows Iran's global Internet connectivity dropped to approximately 3% on February 28, 2026, and had not recovered as of the report date (59+ days). This matches the near-3% floor seen during the January 2026 protests shutdown, establishing a repeatable operational baseline for the regime's tiered blocking posture.

2026-wkrp-internet-pro-tiered IODA Data: The Discrepancy in the Signals evaluation

Iran officially unveiled 'Internet Pro' on April 14, 2026: a permanent tiered-access system granting selective unfiltered international connectivity to state actors and approved businesses at ~10x normal pricing (~$1–3/GB), while restricting the general population to the National Information Network (NIN). This institutionalizes what the regime frames as 'Internet Sovereignty,' converting international access from a general right to a government-granted privilege.

2026-wkrp-internet-pro-tiered The Architecture of Tiered Access: "Internet Pro" policy

IODA telescope and Google Product signals, corroborated by Cloudflare Radar and Kentik traffic data, show selective whitelist restoration: Google Search and Images are accessible via the NIN while Google Maps is not, and IranCell (AS44244) shows a slight diurnal Telescope traffic increase consistent with 'Internet Pro' access—demonstrating that selective per-service and per-ASN whitelisting is operationally active.

2026-wkrp-internet-pro-tiered IODA Data: The Discrepancy in the Signals deployment

The economic cost of Iran's ongoing Internet shutdown is estimated at 40 million USD per day (FactNameh), with the digital retail sector collapsing and approximately 10 million Iranians dependent on the digital economy losing access. VPN workarounds under 'Internet Pro' pricing are prohibitively expensive, rendering circumvention economically unviable for the general population.

2026-wkrp-internet-pro-tiered The Economic Toll evaluation

During the June 2025 Israel-Iran war, IODA observed that BGP routing announcements remained largely intact while Active Probing and Telescope signals showed a near-total Internet blackout—a 'stealth blackout' technique that hides shutdown actions behind maintained routing infrastructure. This pattern was replicated in the February 28, 2026 shutdown, where Active Probing dropped to ~3% while BGP remained stable.

2026-wkrp-internet-pro-tiered The New Normal in Comparative Perspective detection

A Russian user ran a self-built snowflake-proxy from inside the censored country using the 'random-and-mimic' fingerprint option, successfully serving Iranian, Turkmen, Russian, and German Tor users, demonstrating that the blocking is unidirectional (targeting client DTLS hellos) and that snowflake-broker and rendezvous domains (snowflake-broker.torproject.net, snowflake-01/02.torproject.net) remained accessible behind the .net SNI — only the DTLS data channel was filtered.

2026-wkrp-snowflake-targeted-dtls-filtering kad09 original report, Issue #422 comment evaluation

An internet-wide scan of 500k IP addresses from an in-country VPS vantage point found TCP establishment-interception injections on 43,479 addresses (8.7% of scanned), with over 70% concentrated in two Akamai ASes (AS16625 and AS20940). The injection pattern — triggered by the first packet sent to these addresses — is consistent with targeted blocking of domain-fronting proxies hosted on Akamai CDN.

2025-alaraj-iran-refraction §4.1.2 detection

Iran's censorship of refraction-networking proxies (Conjure via Psiphon) is not monolithic: different ISPs independently deploy different techniques and timelines. Over 800 million logged Conjure connections from July 2023–February 2025 across 10+ Iranian ASes show TCI (AS58224, ~33% of traffic) uses packet injection, while MCCI/Hamrah-e Avval (AS197207, ~22%) applies IP-based blocking, and some ASes (Parsonline AS16322, Shatel AS31549) show no proxy blocking at all.

2025-alaraj-iran-refraction §4 detection

Two Iranian ASes apply a protocol allowlist that drops traffic not matching known application-layer protocol patterns (after ~6 packets), independently of the destination IP. Experiments with fresh /26 phantom subnets showed that prefixing Conjure connections with a plain HTTP GET payload evaded this blocking for four weeks, while TLS Client Hello-prefixed and SSH-prefixed connections were blocked within 72 hours (TLS) or 72 hours after port rotation (SSH). HTTP GET on port 80 was the only tested prefix that survived the full experiment window.

2025-alaraj-iran-refraction §4.4, §5 detection

MCCI (AS197207) blocks proxy IPs proportionally to observed connection volume: the more connections a phantom IP receives, the faster it gets blocked. A controlled experiment with a fresh /27 IPv4 subnet divided into 7 /30 sub-ranges with increasing weights confirmed that higher-weighted subnets were blocked first, demonstrating that the censor infers proxy IP reputation from traffic rate rather than from a static blocklist.

2025-alaraj-iran-refraction §4.2.3 detection

VPN search demand in Iran spiked approximately 707% during the June 2025 stealth blackout, as measured by Top10VPN analytics, making it one of the highest-documented circumvention-demand spikes associated with a single shutdown event. Despite this demand, many VPN connections failed because the protocol whitelist eliminated non-HTTPS tunneling methods and HTTP-level filters could detect known VPN signatures on port 443.

2025-aryapour-stealth-blackout §1, §5 evaluation

TTL-based path analysis showed that all censorship actions (DNS poisoning, HTTP injection, TLS resets) in the June 2025 shutdown occurred at the same network hop across all tested ISPs, indicating a single centralized national border gateway—likely TCI AS gateways—rather than per-ISP enforcement. Global BGP announcements were kept intact throughout, making the shutdown invisible to routing monitors while domestic connectivity collapsed.

2025-aryapour-stealth-blackout §4.5 deployment

Over 90% of tested censored domains returned private IP addresses in the 10.10.34.0/24 range (chiefly 10.10.34.34) via injected DNS replies during the June 2025 shutdown, with poisoned response TTLs often very low—consistent with inline DPI injection rather than a recursive DNS lookup. A small set of domains including Google and state-approved services were whitelisted and resolved correctly.

2025-aryapour-stealth-blackout §4.1 detection

Iran's June 2025 shutdown enforced a strict national protocol whitelist: only DNS (UDP/53), HTTP (port 80), and HTTPS (port 443) traffic from Iranian networks to external servers was forwarded; all other protocols—including OpenVPN (UDP/1194), SSH (port 22), and arbitrary TCP/UDP ports—were silently dropped without response by DPI at the border.

2025-aryapour-stealth-blackout §4.4 detection

TLS connections to blocked services (instagram.com, telegram.org) were terminated by TCP RST immediately after the client's ClientHello, before any certificate exchange, confirming SNI-based DPI that reads the plaintext SNI extension and aborts the handshake. HTTP filtering additionally matched Host headers and URL keywords case-sensitively, with injected HTTP 403 pages or TCP RST responses, and case-change evasions were sometimes effective.

2025-aryapour-stealth-blackout §4.2, §4.3 detection

Iran's DNS censor injects a correct, static IP address for 385 domains across 10 groups — including 372 Google-related domains (resolving to 216.239.38.120), 2 Bing domains, 2 DuckDuckGo domains, Yandex, CIA, MI5, and Mossad. This previously unreported behavior likely enables surveillance (routing traffic to a controlled IP) or rapid follow-on blocking (nullrouting the injected static IP is cheaper than maintaining DPI rules per domain).

2025-lange-i-ra-nconsistencies §3.1, Table 6, Figure 3 detection

Iran's DNS censor now injects two distinct block-page IPs: 10.10.34.36 (≈87% of 47,633 censored domains) and 10.10.34.34 (≈13%). Both originate from the same network node at Iran's border. Prior research (Aryan et al. 2013) described only 10.10.34.34. The IP injected correlates strongly with the HTTP censorship method applied: domains with 10.10.34.34 in DNS receive TCP RST via HTTP (86.8% of RST cases), while domains with 10.10.34.36 in DNS receive HTTP block pages (84.6% of block-page cases).

2025-lange-i-ra-nconsistencies §3.1, Table 2 detection

Iran's HTTP censor exhibits several parsing inconsistencies exploitable for evasion: (1) it is case-sensitive and ignores lowercase method variant "gET"; (2) it does not censor the Host header for HTTP version strings "HTTP", "1.1", and "example" (suggests a version regex of HTTP/.*); (3) when the Host header is absent, the path is not censored for versions "HTTP" and "HTTP/1"; (4) the body is never analyzed regardless of version. All HTTP and DNS censorship occurs at the same last-hop border node, suggesting centralized architecture.

2025-lange-i-ra-nconsistencies §3.2, Table 1 detection

Iran's DNS censor temporarily null-routed all DNS requests containing the string "wpad" at any position, including benign domains like wpad.net, showpad.com, and meowpad.me. The overblocking was no longer reproducible at the time of publication, suggesting a censor configuration error later corrected. The affected domains are unrelated to proxy auto-discovery in most cases, indicating a substring-match rule without context.

2025-lange-i-ra-nconsistencies §3.1 detection

Ceno Browser's decentralized peer-to-peer network grew from approximately 600 active peers on June 13 to nearly 8,000 by July 11, 2025 — a 13× increase in under 30 days — with some Ceno connections remaining online throughout the full blackout, indicating that P2P architectures without fixed enumerable infrastructure can survive centralized application-layer shutdowns.

2025-miaan-stealth-blackout Executive Summary — Resilient Response evaluation

The June 2025 Iran shutdown achieved approximately 90% reduction in international traffic without BGP withdrawal by combining DNS poisoning, protocol whitelisting, and DPI at the national border — maintaining an outward appearance of normal connectivity for traditional monitoring tools while severing the population's access to the global Internet. Unlike the 2019 shutdown, which was implemented per-provider over 24+ hours, the 2025 operation was centralized and covert.

2025-miaan-stealth-blackout Executive Summary — Technical and Strategic Evolution detection

The Iranian government blocked international One-Time Passwords (OTPs) during the June 2025 shutdown, forcing citizens to abandon secure international platforms and migrate to government-approved domestic services with known security and privacy vulnerabilities — using authentication infrastructure as a deliberate chokepoint to coerce adoption of surveilled platforms at scale.

2025-miaan-stealth-blackout Executive Summary — Human Rights Implications detection

Lantern's proxyless protocol accounted for approximately 40% of its traffic during the June 2025 Iran shutdown, demonstrating that a direct-server / proxyless transport mode provided a significant load-bearing fallback when conventional proxy infrastructure was blocked by centralized DPI enforcement.

2025-miaan-stealth-blackout Executive Summary — Resilient Response evaluation

Psiphon's multi-protocol design maintained access for approximately 1.5 million users during the June 2025 Iran shutdown — roughly one-third of its normal user base — while traffic throttling rendered many single-protocol circumvention tools functionally useless for anything beyond basic text communication.

2025-miaan-stealth-blackout Executive Summary — Resilient Response evaluation

Neither China nor Iran directly block ECH ClientHello messages; instead both effectively prevent ECH by censoring encrypted DNS resolvers. China blocks Cloudflare's DoH/DoT resolver (mozilla.cloudflare-dns.com) via SNI-based blocking in TLS and QUIC, causing residual censorship of up to 360 and 180 seconds respectively. Iran blocks both Cloudflare and NextDNS DoH hostnames via DNS block-page injection, TLS TCP RST, and HTTP block pages. Iran cannot analyze QUIC, so DoQ is uncensored and enables ECH in Iran. China's NextDNS IP blackholing affected only one of two resolved IPs, leaving an uncensored path.

2025-niere-encrypted §5, Table 1, Figure 5 detection

Chrome and Firefox send GREASE ECH extensions in every ClientHello message, meaning a censor that blocks all ECH-containing ClientHellos would block all Chrome and Firefox TLS traffic. Cloudflare's static outer SNI "cloudflare-ech.com" in all its ECH configurations makes real ECH connections trivially distinguishable from GREASE ECH — censors can block real ECH connections to Cloudflare without triggering GREASE collateral damage. Cloudflare rejects ECH handshakes with omitted or invalidated outer SNI values; non-Cloudflare ECH deployments accept missing and invalid outer SNIs.

2025-niere-encrypted §2.1, §4.1, §6 detection

Iran's June 2025 shutdown enforced a four-layer DPI topology: ISP-administered DPI boxes, centrally commanded DPI at large ISPs under the Communications Regulatory Authority, DPI at Tehran IX that filters domestic-only transit traffic, and DPI at internationally-linked networks — almost all funneling through AS48159 (Telecommunications Infrastructure Company, TIC).

2025-piotrowska-nym-iran-blackout How is the blackout being enforced? detection

Between 21–25 June 2025, Iranian fixed-line networks partially restored access via TCP-based protocols (SSH, WebSockets) while mobile networks and UDP-based protocols remained heavily restricted, indicating deliberate asymmetric enforcement to restore domestic data-center operation without re-enabling VPN circumvention.

2025-piotrowska-nym-iran-blackout What is working now? (As of 25 June 2025) evaluation

During the June 2025 blackout, virtually all UDP-based protocols were blocked across major Iranian networks — WireGuard, AmneziaWG, QUIC, WebRTC, and OpenVPN — with the sole deliberate exception of UDP port 53 (DNS), preserved to avoid cascading failures in internal infrastructure.

2025-piotrowska-nym-iran-blackout Protocol-level blocking detection

IP blocking during the June 2025 Iran shutdown targeted large portions of address space belonging to major VPS hosting providers — Hetzner, DigitalOcean, Linode, and others — commonly used to host VPN and proxy servers, with small exceptions carved out for infrastructure deemed critical.

2025-piotrowska-nym-iran-blackout IP blocking of hosting providers detection

NymVPN experienced a 387% increase in demand during the June 2025 Iran blackout but was itself caught by protocol-level UDP restrictions and could not function as a reliable circumvention tool because TCP fallback and other censorship-resistance countermeasures had not yet shipped.

2025-piotrowska-nym-iran-blackout So does NymVPN work in Iran? deployment

The blocking-resistance of CenPush derives from the collateral damage a censor would incur by blocking APNs or FCM: doing so would break push notifications for every app on iOS or Android respectively. This is the same collateral-damage deterrent mechanism that makes CDN-based domain fronting and TLS-over-CDN transports resilient, applied to the control plane rather than the data plane.

2025-sharma-cenpush §2, §4 defense

Censorship enforcement varies dramatically across Iranian ASes. AS58224 (TCI, 3.6M IPs) blocks 89-98% of IPs across DNS injectors and 87.6% for UDP. AS197207 (MCCI, 2.3M IPs) and AS44244 (IranCell, 1.3M IPs) show near-zero censorship (0.15-0.76% across injectors). AS31549 (RASANA, 577k IPs) blocks 97-99% for DNS/HTTP but 64% for UDP. Some IPs— including those belonging to the Iranian President's website and Ministry of Foreign Affairs—are deliberately exempted from bidirectional censorship. Two exempted MFA IPs (109.201.19.184 and 109.201.27.67) appear linked to APT15 (Playful Taurus) C&C infrastructure.

2025-tai-irblock §5.1, §5.2, Table 1 evaluation

IRBlock discovered that 1.7M of 3.3M blocked apex domains (52%) were attributed to blanket suffix-level blocking rules rather than individual domain listings. Examples include regex patterns targeting all Israeli domains (.il TLD), adult content (.porn), and country-coded suffixes (.com.mx, .my.id). Of 87K Tranco-ranked apex domains analyzed, 37% fell into adult content, with entertainment and gambling following. Approximately 1.27M apex domains were jointly censored by both DNS and HTTP filters, while the two filters maintained operationally independent blocklists for a significant fraction of domains.

2025-tai-irblock §5.3 detection

Over 2.5 months (Nov 2024–Jan 15, 2025), IRBlock scanned all 11M Iranian IPv4 addresses daily, finding 6.8M IPs subject to DNS poisoning and HTTP blockpage injection, and 5.4M IPs subject to UDP-based traffic disruption. Testing over 700M FQDNs (500M apex domains) revealed 6M banned FQDNs from 3.3M censored apex domains. Of 537 active ASes in Iran, 485 (90.3%) exhibited blocking for at least 25% of assigned IPs. DNS and HTTP censorship overlapped at >99% of censored IPs; UDP blocking was a strict subset of DNS-censored IPs, affecting ~5M addresses.

2025-tai-irblock §5.1, §1 evaluation

The GFI's HTTP and HTTPS filters are now stateful (requiring initial SYN packet with matching sequence numbers) and have been activated on all TCP ports—not only standard ports 80 and 443 as reported by prior studies. This is a significant departure from previous work that found stateless HTTP/HTTPS blocking limited to standard ports. The HTTP filter injects a 403 Forbidden blockpage (not RST packets as used by the GFW), while HTTPS injects a single RST+ACK packet. The GFI also exhibits TCP non-compliance (not requiring a full three-way handshake to trigger filtering), enabling outside-in measurement without in-country servers.

2025-tai-irblock §2.1, §3.2 detection

The GFI operates three distinct DNS/HTTP injectors with different fake IP addresses (10.10.34.34, 10.10.34.35, 10.10.34.36) and partially overlapping blocklists—mirroring the GFW's triplet-censor architecture. Injector 10.10.34.35 exhibits TTL reflection (injected response TTL = probe TTL − hop count), identical to the GFW. No IP exclusively receives injections from 10.10.34.34 (a smaller, selective component); the two primary injectors 10.10.34.35 and 10.10.34.36 handle the majority of censorship. Different injectors maintain distinct domain blocklists, meaning which domains a user sees as censored depends on routing through their AS.

2025-tai-irblock §5.4, Table 2 detection

Proxy placement requirements vary dramatically by country topology: Turkmenistan requires just 1 AS for 75% coverage, Oman requires 3, Afghanistan 5, Iran 10, and China 12. Turkmenistan's extreme centralization means a single transit AS intercepts virtually all paths, whereas China's fragmented routing fabric demands far more deployment sites to achieve equivalent coverage.

2025-umesh-improved §5.4, Table 4, Figure 6 evaluation

When politically uncooperative ASes are excluded from the candidate pool — specifically Russia's AS12389 and Iranian transit ASes AS49100 and AS198154 — the framework recomputes cumulative coverage over remaining candidates and still identifies viable cooperative deployment sites for Iran. This demonstrates that geopolitical filtering can be incorporated into the placement optimization without losing coverage entirely.

2025-umesh-improved §5.3, Figure 5 deployment

For Iran, a greedy cumulative-coverage analysis over 22,799 resolver-to-uncensored-AS paths shows that the top 5 ASes cover 59% and the top 10 ASes cover 76.6% of all DNS resolution paths. AS3257 (GTT Communications) and AS174 (Cogent Communications) each appear in approximately 15.7% of paths and contribute nearly all their usage as unique (non-overlapping) paths.

2025-umesh-improved §5.2, Figure 3–4 evaluation

Snowflake's sustained operation in heavily censored regions demonstrates that WebRTC must remain accessible to users, which in turn requires that TURN servers remain unblocked to support NAT traversal for peer-to-peer WebRTC connections. This transitive unblockability makes TURN service providers viable rendezvous channels for the Bridge Distribution Problem.

2025-vilalonga-extended §3.2 Bridge Distribution Problem defense

The system targets a threat model where the censor performs passive DPI to fingerprint and block the client-to-TURN-proxy channel, and also conducts active enumeration attacks to discover and block proxy endpoints. The paper explicitly notes that traffic splitting may introduce distinct fingerprints of its own that require empirical evaluation — acknowledging that multi-path approaches are not fingerprint-free.

2025-vilalonga-extended §3.1 Threat Model defense

Active mid-connection bandwidth throttling (e.g., 100 Mbps → 50 Mbps) cleanly separates BBR from Hysteria and TCP-Brutal: BBR converges to the new rate within a few probing cycles, while Hysteria and Brutal interpret reduced bandwidth as increased packet loss and raise their sending rate further. This active probing technique resolves the BBR ambiguity that passive measurement alone cannot.

2025-wang-custom §4.4 detection

WATER (WebAssembly Transport Executables at Runtime) defines a pluggable-transport architecture in which the transport logic is compiled to a WASM module that is loaded and executed at runtime by a thin Go host process. This separates the stable host ABI (dial, accept, read, write) from the rapidly-evolving transport logic, allowing new or updated transports to be delivered as small WASM binaries without recompiling or redeploying the host application.

2017-frolov-water-pluggable §2–3 defense

Snowflake has been deployed in Tor Browser and Orbot for several years and served as a significant circumvention tool during the Russia 2021 network disruptions and Iran 2022 protests. The paper documents a history of deployment and blocking attempts, providing empirical evidence that the ephemeral WebRTC proxy design has sustained availability under real censor pressure across multiple high-profile events.

2024-bocovich-snowflake §1, §6 deployment

Snowflake's blocking resistance rests on a large, constantly changing pool of volunteer WebRTC proxies implemented as lightweight JavaScript browser extensions or web pages. Because the proxy population is in constant churn and new addresses appear faster than censors can enumerate and block them, IP-list blocking is structurally ineffective. The system is designed so that when an in-use proxy goes offline, the client seamlessly migrates to another with no disruption to upper network layers.

2024-bocovich-snowflake §1, §2 defense

Testing from a VPS in Iran showed that standard DTLS handshakes are blocked at that vantage point, but Oscur0 avoids this blocking by transmitting only Application Data packets (with Connection ID extension per RFC 9146) after the initial one-shot setup packet, never completing a visible DTLS handshake. A proof-of-concept was implemented in approximately 600 lines of Go using the pion/dtls library.

2024-chen-extended §3 Design / Implementation evaluation

WATER (WebAssembly Transport Executables Runtime) separates transport logic from the host application by compiling it to a WASM module (WATM) that is distributed and loaded independently at runtime. Deploying a new or updated circumvention technique requires only distributing the new WATM binary and optional configuration — no change to the host application and no app-store update cycle is required.

2024-chi-just §1, §3 defense

Traditional circumvention tool development and deployment is slow because new strategies must be developed, integrated into each tool separately, and then distributed via platform app-stores. WATER's WASM module architecture specifically addresses this asymmetry: censors evolve blocking techniques quickly, while circumventors are bottlenecked by binary release cycles. The paper argues that dynamic WATM delivery breaks this bottleneck by decoupling transport updates from application releases.

2024-chi-just §1 defense

HTTP Request Smuggling—a web-security vulnerability that exploits CL/TE header parsing ambiguities between a front-end (censor) and back-end (web server)—can be systematically repurposed as a censorship circumvention technique. By hiding a censored Host in the body of a benign outer request, the censor parses only the uncensored outer request while the destination server processes both, successfully bypassing HTTP censorship in China (19 vectors), Iran (254 vectors), and Russia (all 2,015 vectors) from the evaluated vantage points.

2024-m-ller-turning §3 / §8 defense

Iran's censor contains an implementation bug: when the Content-Length header carries an invalid (non-integer) value and a Transfer-Encoding header is also present, the censor gracefully skips the invalid CL value and attempts to parse subsequent traffic, but fails to correctly interpret the TE header—causing it to pass the smuggled (censored) request. This bug enabled 254 of 2,015 evaluated test vectors to bypass Iranian censorship, all using the CL*/TE or CL/TE* vector types.

2024-m-ller-turning §5.2 / §5.3 detection

HTTP request smuggling (HRS) vectors that exploit CL/TE header parsing divergence between a censor-as-middlebox and a destination web server can circumvent HTTP censorship in China, Iran, and Russia. Of 4,488 test vectors derived from prior HRS research, 2,015 (44.9%) were accepted by at least one web server; CL*/TE vectors achieved a 99.0% web-server acceptance rate while TE/CL* vectors achieved 0%.

2024-niere-http-smuggling §3, §5.1, Table 1 defense

Iran's censor injects an HTTP block page consistently but contains an implementation bug: it fails to parse the TE header when a CL header with an invalid (non-integer) value is present, causing it to pass subsequent traffic. 254 of the evaluated test vectors circumvented Iran's censor; the 'Wrapping' CL*/TE strategy (e.g., 'Content-Length: <len>\u00FF\x0aX: X') was especially effective, exploiting this graceful-degradation fault.

2024-niere-http-smuggling §5.3 (Wrapping strategy, Iran discussion) detection

The SQS rendezvous method was deployed in Snowflake v2.9.0 / Tor Browser 13.0.10 (February 2024) and as of 2024-06-22 had served over 14,808 client connections from over 20 countries including Iran, China, the United States, and Russia, while remaining within the AWS Free Tier limit of 1 million requests per month and incurring no monetary cost.

2024-pu-exploring §4 deployment

The merged KIO-IODA dataset (Jan 2018–Aug 2021) documents 219 national-scale Internet shutdowns across 35 countries and 714 spontaneous outages across 150 countries; the 35 shutdown-affected countries collectively represent more than 1 billion estimated Internet users. Myanmar (53 IODA events), Syria (52), and Iraq (38) are the most frequently affected countries in the shutdown dataset.

2023-bischof-destination §4, Table 2 evaluation

DNS censorship complexity varies sharply by country: Iran injects static forged IPs exclusively from 10.0.0.0/8 and Turkmenistan uses only 127.0.0.1, making detection trivial, while China's constant fake-IP churn across ASes demands dynamic ML approaches; models trained without country-specific ASN features still perform well, enabling transfer to countries where GFWatch-equivalent infrastructure does not exist.

2023-brown-augmenting §5 detection

IP and port blocking dropped from 30% of countries historically to only 9% during the study period (six countries), with the decline attributed to difficulty maintaining ephemeral blocklists, CDN collateral damage, and IPv6 expansion. Iran is a significant exception: it has implemented port allowlisting — permitting only ports 80, 443, and 53 — on multiple occasions, blocking all other ports entirely.

2023-master-worldwide §4.3, Table 2 evaluation

Protocol fingerprinting — including DPI-based identification of VPNs, circumvention tools, and E2EE messengers — was active in only 6% of countries during the measurement period (13% all-time), but all confirmed instances came from focused individual studies, not from mass measurement platforms like OONI or Censored Planet. The authors flag encrypted traffic analysis (ETA) tools and next-generation firewalls (NGFWs) capable of blocking Signal or Tor Browser as an emerging threat to freedom of expression.

2023-master-worldwide §4.3 detection

Residual censorship — where a censor detects an objectionable connection via one method and then blocks all traffic between the same 3-tuple (client IP + server IP + port) or 4-tuple (client IP + port + server IP + port) for a short duration — was documented in China, Iran, and Kazakhstan. This means a single detected circumvention attempt can trigger temporary IP-level blocking of the entire endpoint regardless of protocol.

2023-master-worldwide §4.3 detection

Post-handshake tampering signatures (⟨SYN;ACK→RST⟩ and ⟨SYN;ACK→RST+ACK⟩) constitute 34.4% of tampered connections from Iranian networks, but over 70% from Sri Lanka networks and over 81% from Turkmenistan networks, suggesting that censors in the latter two countries disproportionately block at the IP/TCP-handshake level before any application-layer content is visible — consistent with IP-list-based blocking rather than SNI-based DPI.

2023-raman-global §4.1 detection

Censoring middleboxes predominantly use RST injection rather than in-path packet dropping because injecting forged RST/RST+ACK packets does not require the middlebox to sit in the data path — off-path copies of packets suffice. The GFW specifically injects both RST and RST+ACK packets simultaneously after an offending PSH, a known idiosyncratic signature, while Iran's censor uses post-handshake RST injection (⟨SYN;ACK→RST⟩) and packet drops at the same stage.

2023-raman-global §2.1, §4.1 detection

CERTainty identifies DNS manipulation by attempting a full TLS handshake with the IP returned by a remote resolver and inspecting whether the resulting certificate belongs to the legitimate origin or to an injected blockpage destination. This certificate-based ground truth substantially reduces false positives compared to prior DNS measurement systems that could not distinguish intentional manipulation from CDN geo-DNS or captive portals.

2023-ramesh-certainty Abstract / §1 evaluation

CERTainty measured DNS manipulation across thousands of resolvers in 102 countries, identifying state-level censorship in China, Iran, and Russia, among others. The breadth of coverage — both resolver count and country count — demonstrates that TLS certificate validation scales to Internet-wide vantage-point studies.

2023-ramesh-certainty Abstract / §5 evaluation

CERTainty demonstrates that state-level DNS censorship in China, Iran, and Russia operates through resolver-level injection: queries sent to in-country resolvers return IPs whose TLS certificates do not correspond to the queried domain, revealing blockpage or sinkhole destinations. This pattern is distinguishable from CDN or geographic DNS behavior precisely because blockpage servers cannot present a valid certificate for the censored hostname.

2023-ramesh-certainty Abstract / §5–6 evaluation

The proposed crowdsourced system runs multiple isolated Geneva training pools on a controlled server — one pool per censorship system (initially China and Iran) — and instructs volunteer browsers via JavaScript to send forbidden requests to isolated ports, with no download or software installation required from the user. The server monitors per-strategy success or failure to drive genetic evolution entirely from the server side.

2023-tran-crowdsourcing §3 Design defense

DNS manipulation is widespread across China (305 domains via local resolvers, 300 via public resolvers) and Russia (251 local, 205 public), but simply switching to a public DNS resolver already evades local-resolver-only filtering for many domains, reducing apparent censorship at the public-resolver layer. On-path filtering systems that poison queries to public resolvers represent a harder threat class requiring encrypted DNS.

2022-hoang-measuring §4.1, Table 2 evaluation

Using DoH plus ESNI, DNEye successfully unblocked 130/230 (56%) of DNS-filtered domains in China and 53/56 (95%) in Russia, but 0/49 (0%) in Iran. The primary failure mode in China (84 domains) and Iran (47 domains) was SNI-based filtering at the TLS layer for domains that do not support ESNI, which remains visible in the ClientHello.

2022-hoang-measuring §4.3, Table 3 evaluation

DNEye detected DoTH (DoT and DoH) blocking across the largest number of ASes in China, with interference against Cloudflare, Quad9, AdGuard, and CleanBrowsing resolvers emerging in early March 2021. Blocking patterns varied per-AS rather than following a centralized GFW DNS-level policy, indicating individual ISP implementation. Saudi Arabia, by contrast, showed coordinated SNI-based blocking of the same DoH resolvers across different ASes, indicating centralized policy.

2022-hoang-measuring §4.2, Table 5 detection

Dominant failure modes differ systematically by country: China (AS45090) shows connect timeouts in 75% of DoT failures (IP-level blocking); Kazakhstan (AS48716) shows post-TLS-handshake timeouts in 72% of DoT failures (likely ACK or segment discard after handshake); Iran (AS197207) shows TLS handshake timeouts in 80% of DoT failures. Packet capture analysis confirmed that timeouts during and after the TLS handshake correspond to unacknowledged TCP segments, not connection resets.

2021-basso-measuring §V-F, §V-G, Table VIII evaluation

MCI (AS197207, Iran) intercepts cleartext DNS and returns the bogon address 10.10.34.36 for dns.adguard.com A queries regardless of which upstream resolver is used (system, 8.8.8.8, or 9.9.9.9), and intercepted queries never reached a researcher-controlled DNS-over-UDP server. This bogon falls in the same /24 documented in prior Iranian censorship research. Additionally, SNI blocking for dns.adguard.com was confirmed independently on both port 853 (DoT) and port 443 (DoH).

2021-basso-measuring §V-D detection

In AS197207 (Iran, MCI), approximately 50% of DoT endpoints failed consistently — the only case across all tested ASN/protocol combinations where failure exceeded 20%. In Kazakhstan (AS48716) and China (AS45090), more than 80% of DoT and DoH endpoints were always reachable.

2021-basso-measuring §V-F, Table VII evaluation

In AS197207 (Iran), Google's DoT endpoint 8.8.4.4:853 is blocked 100% of the time while 8.8.8.8:853 is always accessible, regardless of SNI value. TLSv1.3 handshake analysis (hiding server certificates) confirmed no SNI correlation, establishing that Google's DoT blocking depends solely on the destination IP endpoint.

2021-basso-measuring §V-I, Table X detection

Internet-wide IPv4 scanning found 386,187 IP addresses yielding amplification factors ≥ 100× via TCP middlebox reflection, with 82.9% of responses from the top 1 million IPs confirmed as originating from on-path middleboxes rather than endpoints. Nation-state censorship infrastructure dominates: China's GFW alone accounts for approximately 154 million responding IP addresses sharing a 3× RST+ACK (54 bytes each) fingerprint.

2021-bock-weaponizing §5.3, §5.5, Table 4 evaluation

Nation-state censors produce characteristic TCP response fingerprints: China's GFW sends 3× RST+ACK (54 bytes each) from ~170 million IPs; Iran's infrastructure sends 402–405-byte FIN+PSH+ACK plus 54-byte RST+PSH+ACK from 8.6 million IPs (75.7% of responsive Iranian addresses); Saudi Arabia sends a 97-byte PSH+ACK plus 2× 1,354-byte PSH+ACKs at 18.9× amplification from 400,000+ IPs. Most nation-state censors produce less than 4× amplification due to compact block pages.

2021-bock-weaponizing §5.5, Table 4 detection

A low-bandwidth attacker can sustain indefinite availability attacks by periodically re-triggering residual censorship: China's 3-tuple HTTP system requires only 4 spoofed packets every 3 minutes. For 4-tuple systems requiring full source-port coverage (65,535 ports), Kazakhstan needs 1,093 packets/sec (~634 kbps HTTP) and Iran needs 729 packets/sec (~422 kbps HTTP)—achievable with commodity hardware. Iran achieved 100% attack success against all 17 geographically disparate victim vantage points tested.

2021-bock-your §V.B, §VI evaluation

Switching source IP via VPN, Tor, or HTTP proxy is the primary victim-side mitigation because residual censorship is tuple-keyed; however, if the proxy entry node's path also crosses the censor, the attacker can redirect the attack at the proxy itself. On the censor side, null-routing middleboxes could eliminate the vulnerability by validating TCP sequence/acknowledgment numbers before dropping traffic, or by replacing null routing with an explicit block-page response.

2021-bock-your §VII defense

Residual censorship—where a censor continues blocking all traffic on a 3- or 4-tuple after an initial censorship event—is active in China (HTTP: 90s 3-tuple RST injection; ESNI: 120–180s 3+4-tuple null routing), Iran (HTTP+SNI: 180s 4-tuple null routing, occasionally up to 5 minutes; protocol filter: 60s), and Kazakhstan (HTTP+SNI: 120s 4-tuple null routing). A December 2020 Quack scan found 3-tuple stateful disruption in 33 countries and null-routing censorship in 18, suggesting much broader applicability.

2021-bock-your §IV, Table I evaluation

All tested censors (China, Iran, Kazakhstan) can be triggered statelessly—without completing a TCP 3-way handshake—using a SYN with decremented sequence number followed by a PSH+ACK containing the forbidden payload. This stateless triggering enables fully off-path, source-spoofed attacks: an adversary with packet-spoofing capability can residually censor a victim pair they have no on-path access to.

2021-bock-your §IV, §V.A detection

Iran and Kazakhstan reset the residual censorship timer whenever the censor observes any matching packet from the victim, so TCP retransmissions from the victim's own stack inadvertently extend the blocking window far beyond the nominal 120–180s. China's HTTP residual censorship has only ~50% per-request reliability from some vantage points due to heterogeneous GFW middlebox load-balancing, but reliability plateaus near 100% after 7 repeated censorship triggers sent ahead of time.

2021-bock-your §IV (timer reset), §IV (reliability), Fig. 2 evaluation

In Iran (AS62442), HTTPS connections fail at 34.4% (mostly TLS-hs-to, consistent with SNI filtering), while HTTP/3 over QUIC fails at only 16.2%. SNI spoofing reduces TCP failure from 60.1% to 10.2% but has zero effect on QUIC (20.1% both with real and spoofed SNI), indicating Iranian censors apply separate UDP endpoint blocking to QUIC rather than SNI-based identification.

2021-elmenhorst-web §5.2, Table 3 detection

Only approximately 5% of domains from the combined Citizen Lab and Tranco Top-4000 test lists supported QUIC in early 2021, heavily skewing the measurable set toward large global .com domains (e.g., Google properties). This bias means the study predominantly captures censorship of internationally targeted sites rather than country-specific domains.

2021-elmenhorst-web §4.3 evaluation

Across all four studied countries (China, Iran, India, Kazakhstan), HTTP/3 over QUIC had consistently lower failure rates than HTTPS over TCP: 27.1% vs 37.3% in China, 16.2% vs 34.4% in Iran, and 12.0% vs 15.0% in India (AS55836). The only QUIC-specific interference method observed was black-holing during the QUIC handshake (QUIC-hs-to); no RST injection or SNI-based QUIC filtering was detected.

2021-elmenhorst-web §5, Table 1 evaluation

Anycast CDN architecture dominates popular web content delivery: in the US, 59% of Alexa top-1k websites use anycast CDNs vs. 19% DNS-based; in Saudi Arabia, 57% use anycast CDNs. IP geolocation databases such as Maxmind are severely inaccurate for anycast infrastructure — reporting only <15% of Saudi Alexa websites as in-country vs. 90% measured by RTT-based multilateration — causing prior research to incorrectly attribute "nation-state hegemony" over developing-country Internet traffic.

2021-gosain-too §4.4, §6.3, Table 1 evaluation

CDN infrastructure causes 61%–92% of country-specific Alexa top-1k websites to be hosted within the client's own country across India, Iran, Saudi Arabia, Brazil, and the US, as measured by the authors' R-CBG multilateration technique achieving >89% accuracy. This traffic localization means web requests to popular sites rarely cross national borders, undermining the foundational assumption of decoy routing, domain fronting, CacheBrowser, and CovertCast.

2021-gosain-too §4.2, §5.2 evaluation

Meteor is proven secure against chosen-hiddentext attacks: any PPT adversary distinguishing Meteor output from honest model output can be reduced to breaking the underlying PRG. The scheme produces stegotext provably indistinguishable from the generative model's own output distribution, and requires only a shared public model — not a secret channel — making the model analogous to a common random string. On GPU the encoding overhead is ~1× model-load time; on CPU ~4.6×; on mobile ~49.5×.

2021-kaptchuk-meteor §5.2 / §6 / Table 2 defense

When a censor controls the WebRTC signaling plane, it can mount MITM attacks against CRON's vanilla covert encoding because the encoding 'fully replaces the video payload with an apparently random covert data signal that results in a scrambled video image at the receiver's endpoint.' By replaying the captured video through a WebRTC gateway, the censor obtains direct visual evidence of payload manipulation.

2020-barradas-towards §4.2 detection

CRON's stego circuits defend against adversary-controlled WebRTC services by embedding covert data into encoded video frames at the compressed data domain using video steganography algorithms, maintaining the visual characteristics of the video feed rather than replacing it entirely. Endpoint authentication uses public-key encryption with keys exchanged out-of-band, preventing MITM key substitution through the censor-controlled signaling server.

2020-barradas-towards §4.2 defense

Even when individual WebRTC flows pass traffic analysis, a censor can identify CRON users via three long-term statistical attack types: S1 (simultaneous video calls, atypical for normal users), S2 (sudden connections to previously unknown parties), and S3 (calls at anomalous times, frequencies, or durations). Relay nodes in multi-hop circuits are particularly exposed via S1 because conducting multiple simultaneous video calls is highly atypical in normal user profiles.

2020-barradas-towards §4.1 detection

The paper presents 11 purely server-side censorship evasion strategies requiring zero client-side software, successfully bypassing censorship in China, India, Iran, and Kazakhstan across DNS-over-TCP, FTP, HTTP, HTTPS, and SMTP. All strategies manipulate only TCP handshake packets (primarily the SYN+ACK) and were verified against 17 versions of 6 client operating systems (Windows XP–Server 2018, MacOS, iOS, Android, Ubuntu, CentOS) with unmodified clients.

2020-bock-come §1, §5, Table 2 defense

TCP Window Reduction (Strategy 8)—reducing the SYN+ACK TCP window to 10 bytes and stripping wscale options, forcing the client to segment its request—achieves 100% evasion success against HTTP in India and Kazakhstan, 100% against HTTP and HTTPS in Iran, and 100% against SMTP in China, because none of these censors can reassemble TCP segments. The strategy is compatible with all 17 tested client OS versions when implemented without SYN+ACK payloads, making it the most broadly deployable server-side strategy found.

2020-bock-come §5.1, §5.2, §7, Table 2 defense

Using Geneva's genetic algorithm trained against Iran's live protocol filter, four evasion strategies achieving 100% success were discovered in under two hours: (1) injecting a fingerprint-matching PSH/ACK with a corrupt checksum before the real data; (2) sending two FIN packets before the SYN; (3) sending nine non-data-carrying packets (any flags, any seq/ack) during the handshake to exhaust the filter's per-flow packet limit; (4) a server-side variant that sends nine corrupted SYN+ACKs, inducing nine client RSTs before the real ACK, enabling fully unmodified clients to benefit.

2020-bock-detecting §5.2–§5.3 defense

The protocol filter's HTTPS fingerprint requires only that the first 5 bytes match a TLS header (type 0x16, version 0x03 0x01–0x03, correct length field); all subsequent bytes of the Client Hello are unchecked. Any TLS-based circumvention tool naturally satisfies this fingerprint and will bypass the filter by default. Furthermore, any one of the three permitted fingerprints (DNS, HTTP, HTTPS) can be used on any of the three monitored ports to whitelist an entire flow.

2020-bock-detecting §4.3 defense

Testing the Alexa top-20,000 websites from within Iran, 3,595 IP addresses (17.9%) triggered the protocol filter at least 8 out of 10 times, and 3,499 (17.4%) were affected all 10 times. IP address provider is not correlated with filtering; instead, specific IP prefixes are targeted—for Cloudflare, only two prefixes (104.18.0.0/16 and 104.31.82.0/24) were fully affected while all others were unaffected.

2020-bock-detecting §4.2 evaluation

Iran's protocol filter monitors only the first two data-carrying packets of a TCP connection on ports 53, 80, and 443, permitting only DNS, HTTP, and HTTPS. Once tripped, it drops all subsequent client-side packets for 60 seconds, with the timer resetting on each TCP retransmit. The filter is unidirectional (client-inside-Iran only), cannot reassemble TCP segments, and does not verify checksums.

2020-bock-detecting §4.1 detection

Existing segmentation strategies effective against Iran's standard HTTP DPI can be counterproductive when the protocol filter is also active: if the first segment is fewer than 8 bytes, it fails the HTTP fingerprint check and trips the filter. However, segmenting such that the first segment is a valid HTTP fingerprint (≥8 bytes, well-formed verb + space) while splitting the Host: header into the second segment defeats both the protocol filter and the standard DPI censor simultaneously.

2020-bock-detecting §5.1 defense

In Iran in 2013, censors dropped or throttled certain TCP connections after 60 seconds, severely disrupting circumvention protocols like obfs4 that fuse session state with a single long-lived TCP connection, while short-lived HTTP connections were largely unaffected. obfs4 has no session concept independent of the underlying TCP connection; when that connection is terminated, all end-to-end state is lost and a new session must restart from scratch.

2020-fifield-turbo §1 detection

Survey data indicates 31% of Chinese Internet users use VPN services compared to Tor's approximately 2 million daily users globally, and centralized non-anonymous systems like Lantern and Psiphon dominate adoption over anonymity-focused tools. The paper argues this demonstrates that the majority of censored users prioritize blocking resistance over anonymity, supporting a separation-of-properties design principle.

2020-nasr-massbrowser §III-B policy

The majority of censored websites are blocked in only one or two countries, with political and news content showing the strongest geographic specificity. Figure 3 shows that of domains blocked in China, Iran, and Turkey, only 29 are blocked in both China and Turkey, while 27,852 are China-only and 1,564 are Iran-only, demonstrating that cross-region client-to-client proxying is broadly applicable.

2020-nasr-massbrowser §III-C, Figure 3 evaluation

In a traffic sample from a major non-anonymous circumvention tool (3.56 TB total, Feb 21, 2008), 48% of all proxied traffic belonged to websites that were not censored in Iran. Integrating CacheBrowsing to fetch CDN-hosted censored content directly further saves 41% of Buddy bandwidth for Alexa top-1000 websites.

2020-nasr-massbrowser §IV-B, §V-C evaluation

Between January 2017 and September 2018, ICLab conducted 53,906,532 measurements of 45,565 URLs across 62 countries and 234 ASes, detecting blocking of 3,602 unique URLs in 60 countries via DNS manipulation, TCP packet injection, and block page delivery. Iran blocked 20–30% of Alexa top-500 URLs — more than any other monitored country — while Saudi Arabia consistently blocked roughly 10%. The global trend in detected censorship shows a steady decrease, which the authors attribute to rising adoption of TLS and circumvention tools.

2020-niaki-iclab §V evaluation

Anonymization and circumvention tools (VPNs, Tor, etc.) are among the three most commonly blocked content categories across all commercial filters surveyed, alongside pornography and gambling. This holds across diverse products including Fortinet, Cisco, and government-deployed firewalls in Iran, Saudi Arabia, and Bahrain.

2020-raman-measuring §V-A-1, Fig. 7 evaluation

FilterMap identified 90 blockpage clusters from 90 vendors and actors across 103 countries using 374 million measurements from ~45,000 vantage points against 18,736 sensitive domains; 87 of these signatures were previously unknown. Commercial filters were detected in 36 out of 48 countries rated 'Not Free' or 'Partly Free' by Freedom House, with Fortinet alone present in at least 60 countries.

2020-raman-measuring §V deployment

The Great Firewall of China does not inject blockpages — it resets connections via TCP RST injection — making it invisible to blockpage-based detection systems. In contrast, the Iran firewall accounted for 97.1% of disruptions observed in Iranian vantage points, and the Bahrain and Saudi Arabia firewalls caused 71.2% and 80.2% of disruptions respectively, all using application-layer blockpage injection.

2020-raman-measuring §V-A-2 detection

Frolov and Wustrow show that every major TLS-based circumvention tool (Tor Browser, Lantern, OpenVPN, Psiphon, etc.) produces a TLS ClientHello fingerprint that is statistically distinguishable from real Chrome or Firefox: differences include cipher-suite ordering, extension set, extension ordering, ALPN values, and curve preferences. A passive observer with a classifier over ClientHello fields can identify the tool with high precision without decrypting any traffic.

2015-frolov-the-use-of-tls §3–4 detection

Beyond the ClientHello, circumvention tools diverge from real browsers in TLS record-layer behavior: Go's crypto/tls splits the first application-data write differently than NSS or BoringSSL, and Go does not send a TLS ChangeCipherSpec in the same byte sequence as Chrome. These post-handshake divergences are detectable even when the ClientHello has been patched with uTLS, requiring record-layer mimicry in addition to hello-field mimicry for full fingerprint resistance.

2015-frolov-the-use-of-tls §4.3 detection

The paper introduces the uTLS library, which allows a Go TLS client to impersonate a specific browser's TLS fingerprint by replaying a recorded ClientHello template (including exact cipher suites, extensions, and GREASE bytes) rather than constructing one from Go's crypto/tls. Using a Chrome 70 uTLS template reduces fingerprint-distinctiveness to near zero against a passive classifier trained on real Chrome traffic.

2015-frolov-the-use-of-tls §5 defense

Monitoring ESNI-related censorship across 14 geographic regions — including Mainland China, Iran, UAE, South Korea, and 10 others — found no blocking of ESNI traffic or interference with ESNIKey retrieval via DNS TXT records as of mid-2019, contradicting a widely circulated report claiming South Korea had already blocked ESNI. Additionally, the GFW's residual censorship window after a triggered RST was measured at 60 seconds (down from the previously reported 90 seconds).

2019-chai-importance §4.4, §6 evaluation

Over one month, 54K measurements from 1.7K ASes in 164 countries detected I2P blocking in exactly five countries: China (DNS poisoning of homepage and 3 of 10 reseed servers), Iran (TCP RST injection with HTTP 403 on mirror site), Oman and Qatar (SNI-based blocking of HTTPS homepage plus TCP injection with block-page redirect on HTTP mirror), and Kuwait (TCP injection on mirror site at AS47589 only). All other tested countries left I2P fully reachable.

2019-hoang-measuring §5, Table 2 evaluation

A measurement infrastructure built on VPN Gate's 192K volunteer-operated residential vantage points (3.5K ASes, 181 countries) detected I2P blocking events that were missed entirely by both OONI—which had no test data for four of the five affected countries—and ICLab—which had vantage points in only two of the five countries and obtained only intermittent connections there. Residential vantage points reveal filtering policies invisible from datacenter-hosted probes, with ISP-level granularity confirming partial national blocking (one of six Kuwaiti ASes, heterogeneous Chinese AS behavior) that aggregate measurements would miss.

2019-hoang-measuring §5.4, §7 evaluation

Across all tested countries, circumvention and anonymization tools are the most consistently blocked category: www.hotspotshield.com is blocked in 5 of 13 detected censoring countries, and three Tor Project properties (bridges.torproject.org, www.torproject.org, ooni.torproject.org) each appear in the top-10 most broadly blocked domains. Collateral damage is also documented — Iran blocks psiphonhealthyliving.com as a substring match for the psiphon.ca circumvention domain.

2018-vandersloot-quack §6.2, Figure 12 evaluation

By comparing echo-server (bidirectional) versus discard-server (inbound-only) results across 11 censoring countries, Quack finds that only 4 countries (China, Egypt, Jordan, Turkey) also block inbound traffic; the remaining 7 apply DPI exclusively to outbound data. Direction-sensitive blocking is a confirmed capability of deployed middleboxes.

2018-vandersloot-quack §6.3 detection

Iran's number of blocked domains increases from 25 (HTTP keyword blocking) to 374 (TLS SNI-based blocking) — a 15× increase — with the newly blocked domains shifting composition to predominantly News, Human Rights, and Anonymization tools. This demonstrates that Iran maintains a distinct, more aggressive SNI blocklist for HTTPS traffic that is largely invisible to HTTP-only measurement.

2018-vandersloot-quack §6.4 detection

32 of 108 identified censoring ASes leak their censorship policies to other ASes, and 18 leak to other countries. Sweden's AS1299 leaked censorship to 9 countries including the United States, Ukraine, and Singapore; China's AS4812 leaked to 5 countries. Censorship leakage occurs when a transit AS implements filtering that affects traffic for users outside the censor's jurisdiction.

2017-cho-churn §3.3, §4, Table 3 evaluation

Censors in Russia, Iran, and India implement all three measured censorship techniques simultaneously: block pages, RST injection, and TTL anomalies. Iran and Cyprus censoring ASes censor content across many URL categories (including General News, Internet Services, Pornography, Gambling), while most other censoring ASes restrict only a few category types.

2017-cho-churn §4, Table 2 detection

The 30 key ASes computed from globally popular sites also intercept over 90% of paths to country-specific popular sites in nine censorious nations (China, Venezuela, Russia, Syria, Bahrain, Pakistan, Saudi Arabia, Egypt, Iran), covering 93.3% of paths to the top-50 country-specific sites. The same key AS set remained stable across repeated experiments conducted four months apart, suggesting durability over time.

2017-gosain-devil-s §6.1–6.2, Figure 8 evaluation

Iran's censor and AT&T's Stream Saver restrict DPI inspection strictly to port 80; traffic on any other TCP port escapes classification entirely. Iran additionally inspects the full flow (not just initial packets), unlike T-Mobile and the testbed device which only inspect the first few packets, making packet-count-based evasion insufficient against Iran on port 80.

2017-li-lib-cdot-erate §1 (key findings), §6.3 detection

TCP segment splitting and out-of-order delivery evades DPI classification in the testbed, T-Mobile, and Iran, but fails against the GFC—which performs extensive packet validation and correctly reassembles reordered streams—and AT&T, which uses a transparent HTTP proxy that normalizes all traffic before inspection. Payload splitting to one byte in the first packet is sufficient to defeat packet-count-limited classifiers.

2017-li-lib-cdot-erate §4.3, Table 3 evaluation

lib·erate's TTL-limited inert packet insertion—sending a decoy packet with TTL set to expire at the middlebox but carrying a misclassifying payload—successfully evades classification in a carrier-grade testbed DPI device, T-Mobile's Binge On, and the Great Firewall of China, but fails against Iran's censor and AT&T (Table 3). When bilateral server support is available, inserting a single dummy packet at flow start evades classification in all four deployments.

2017-li-lib-cdot-erate §4.3, Table 3 evaluation

None of the operational networks tested—T-Mobile, AT&T, the Great Firewall of China, and Iran—classify UDP traffic; the authors describe this as 'a surprisingly easy way to evade their policies.' Iran's censor inspects the entire TCP flow but leaves UDP flows untouched across all tested applications.

2017-li-lib-cdot-erate §1 (key findings), §6 detection

77% of public bridges offer only vanilla Tor, which is trivially detectable via TLS certificate pattern matching. An additional 15% offer Pluggable Transports with conflicting security properties (e.g., obfs4 + obfs3 + obfs2 co-deployed on the same bridge), allowing a censor to confirm and block the bridge via the weakest PT and thereby disable all stronger PTs on the same IP — including active-probing-resistant transports like obfs4 and ScrambleSuit.

2017-matic-dissecting §V-C, Table I defense

Default bridges — whose IP addresses are hardcoded in the Tor Browser Bundle — carry 91.4% of all bridge clients globally in April 2016, and 86.1% in Iran and 69.2% in Syria. Because these addresses are trivially obtainable from the Tor Browser Bundle configuration files, a censor can block the vast majority of bridge users in a country at any time.

2017-matic-dissecting §V-E, Table II evaluation

Four OR ports (443, 8443, 444, 9001) account for 82% of all active public bridge fingerprints as of April 2016, down from 95% in March 2013 but still concentrated. Scanning just three of these ports (443, 8443, 9001) is sufficient to deanonymize 71% of all active public bridges. Additionally, CollecTor's published per-bridge usage statistics allow a censor to rank bridges by client count per country and identify the highest-impact OR ports to scan next.

2017-matic-dissecting §V-D, Figure 6, Table IV detection

Iris detected 41,778 manipulated DNS responses (0.31% of 13.5 million queries) across 58 countries and 1,408 domains in a two-day measurement window in January 2017. Iranian resolvers exhibited the highest median manipulation rate at 6.02% per resolver; China followed at 5.22%. Iran and China together accounted for roughly 55% of all manipulated responses despite contributing only approximately 6% of total query volume.

2017-pearce-global §5.2, Table 6 evaluation

Iranian DNS censorship returns special-purpose/private IPv4 addresses in 99.99% of manipulated responses (only 0.01% public), whereas Chinese manipulation returns public IPs 99.46% of the time—often addresses that host no services at all. The 10 most frequent Chinese censor-injected IPs constituted approximately 75% of all Chinese manipulated DNS responses.

2017-pearce-global §5.2, Table 8 detection

DNS manipulation is heterogeneous within countries, not uniform across ISPs. In Iran, one cluster of domains is manipulated by approximately 80% of in-country resolvers while a second group is manipulated by fewer than 10%, consistent with differential blackholing by separate DNS manipulation infrastructure tiers. China shows a similar bimodal split (~80% vs ~50%), while Greece and Kuwait exhibit more homogeneous cross-resolver manipulation.

2017-pearce-global §5.3, Figure 7 evaluation

Salmon simulations show that a censor with agents comprising 1% of 10,000 users can block at most 4A servers (one block per agent per full group) against a system with 1,000–2,000 servers; server groups with a hard cap of M=10 users that fill entirely with legitimate users before any agent joins become permanently invincible to server discovery. The censor's optimal strategy is to ensure each agent is always alone in its group at the time of joining, which requires knowing the user arrival rate — information Salmon withholds by not publishing user statistics.

2016-douglas-salmon §5.1 / §5 evaluation

Without recommendation-tree grouping logic, a censor starting agents at trust level 6 who each recommend 1–2 additional agents (requiring 4–5 months of waiting) can cut off over 95% of users even at agent percentages in the 15–30% range, as shown in Figure 6. With recommendation-tree grouping enforced, the same attack at equivalent agent fractions produces dramatically lower service disruption because agents cluster among themselves rather than spreading across innocent user groups.

2016-douglas-salmon §5.3 / Figure 6 detection

Salmon's trust-level mechanism (7 discrete levels; promotion from level n to n+1 requires 2^(n+1) days; banning triggered when suspicion exceeds T=1/3) reduces the fraction of users cut off by an attacking censor by more than 3× relative to rBridge under the same agent-percentage conditions. Simulations with 10,000 users (1–10% censor agents) and 1,000–2,000 servers show that trust levels keep high-seniority innocent users isolated from newer users where agents concentrate.

2016-douglas-salmon §5.2 / §3.6 defense

A single harvesting script running for 9 days on one free Amazon EC2 instance verified 3,101 working VPN Gate servers by testing 44,039 IP addresses, demonstrating that VPN Gate's collective defense mechanism — which relies on detecting automated scanning patterns — can be fully bypassed by routing successive queries through previously verified VPN servers. This result implies that a censor could, with no collateral damage, essentially completely shut down VPN Gate by blocking all verified servers.

2016-douglas-salmon §4.1 evaluation

Salmon's defense against the active zig-zag attack — where a censor blocks a known server to force users onto new ones and watches for correlated reassignments — requires both per-user authentication (unique login credentials per server so unauthorized probes receive a plausible HTTPS page) and traffic camouflage. Without authentication, the server must respond as a functioning proxy to any connection, fully exposing itself to the censor; without camouflage, even a rejected connection may reveal the server's nature.

2016-douglas-salmon §3.10 defense

The Great Firewall of China blocked newly published obfs4 Tor Browser default bridges after delays of 7, 2, 18, 11, and 36 days following the first public software release, and up to 57 days after bridges were first discoverable via bug-tracker ticket filing. Iran showed no blocking of the same default bridges across the entire five-month measurement period.

2016-fifield-censors §4 Results, Table 2 evaluation

Anderson's analysis of Iran's network connectivity from January 2010 to 2013 uncovered two extended throttling periods with 77% and 69% decreases in download throughput respectively, plus eight to nine shorter periods; these often coincided with holidays, protest events, international political turmoils, and important anniversaries.

2016-khattak-sok §2.4.2 detection

Naive interference measurement systematically misclassifies CDN geographic routing as blocking (and vice versa): when China or Russia resolves twitter.com to a non-US IP, a naive detector must decide whether that is a CDN point of presence or interference. Joint iterative analysis of DomainSimilarity and IPTrust scores is required to separate authentic CDN footprints from block-page redirections.

2016-scott-satellite §1, §2.4, §2.4.1 detection

Satellite detected a spike in anomalous DNS resolutions across Iranian ISPs in the second half of 2015, correlating with Iranian authorities' public statements about beginning a 'second phase of filtering,' followed by additional newly inaccessible domains in the lead-up to the February 2016 elections — demonstrating longitudinal DNS measurement can detect and time censor policy escalations.

2016-scott-satellite §4.4, Figure 12 evaluation

Iran's national policy forces all domestic ASes to route through a single national telecom AS (AS 12880), resulting in Iran connecting to only 6 international networks. By contrast, Singapore has 257 domestic ASes connected to 3,022 international ASes despite similar geographic scale.

2016-singh-politics §1, §5 detection

A survey of the top 10,000 Alexa websites found that only 6% (Class 1) are fully hosted on shared CDNs with HTTPS deployments that allow removal of destination leakage — the only class browsable with plausible unobservability against a competent DPI-equipped censor — while 64% are partial-CDN sites (Class 4) whose CDN-hosted content (images, videos) can still be reached via content wrappers or dynamic mirrors at negligible operational overhead.

2016-zolfaghari-practical §5.1 evaluation

A domain-based website fingerprinting attack against CDNBrowsing traffic — using the per-domain packet volume exchanged during a browsing session as a decision-tree feature vector — achieves 0.991 ± 0.002 accuracy against CacheBrowser on 100 China/Iran-blocked HTTPS pages, modestly outperforming the state-of-the-art k-NN classifier of Wang et al. (0.94 ± 0.002) while being two orders of magnitude faster: 0.60 CPU-seconds training and 10 µs classification versus 90 CPU-seconds and 0.05 CPU-seconds on an Intel Xeon 3.5 GHz processor.

2016-zolfaghari-practical §3.2 detection

Real-world CDN HTTPS deployments leak the identity of visited websites through three distinct channels — TLS certificate contents (A2, B1, B2 deployments), the plaintext SNI field (B1), and dedicated IP address mappings (B2) — enabling censors to block CDNBrowsing connections via standard DPI or IP filtering without collateral damage to non-forbidden CDN content. Each leakage channel requires inspecting only a single packet from an HTTPS connection, making the attack low-cost and deployable on off-the-shelf censorship boxes.

2016-zolfaghari-practical §3.1 detection

Table 1 of the survey documents that by 2013–2014 censors were deploying simultaneous blocking across BGP, DNS, IP/port filtering, TCP disruption, TLS, and application-layer keyword filtering. No single detection tool in the survey covers all six layers; the most comprehensive, OONI (2012), covers DNS, IP/port, TCP, TLS, keyword, and HTTP but notes only partial BGP coverage.

2015-aceto-internet Table 1 detection

Applying a regional binomial hypothesis test (p=0.7, significance 0.05) to Encore measurements independently confirmed censorship of youtube.com in Pakistan, Iran, and China, and of twitter.com and facebook.com in China and Iran, validating passive cross-origin measurement against prior independent reports of filtering.

2015-burnett-encore §7.2 evaluation

Encore collected 141,626 measurements from 88,260 distinct IPs in 170 countries over seven months (May 2014–January 2015) using as few as 17 volunteer webmaster deployments, demonstrating that passive cross-origin measurement can achieve broader geographic vantage-point coverage than custom-software deployments without recruiting individual end-users.

2015-burnett-encore §7 evaluation

Randomization-based obfuscation systems (obfs2/3, obfs4, ScrambleSuit, Dust) resist blacklist DPI but fail entirely under protocol-whitelist filtering, as explicitly demonstrated during the Iranian elections where censors permitted only known-good protocols. Pure randomization provides no signal of being a permitted protocol, making it trivially blockable under any whitelist regime.

2015-dyer-marionette §1, §2 detection

Domain fronting exploits the fact that major CDN providers (Google, Amazon CloudFront, Akamai, Microsoft Azure) terminate TLS at the edge before inspecting the Host header, so the SNI visible to a censor names a permitted CDN domain (e.g., www.google.com) while the inner HTTP Host header routes the request to a blocked destination. Blocking the fronted service requires blocking the entire CDN, creating collateral damage that most censors are unwilling to accept for major providers.

2015-fifield-blocking-resistant §2 defense

The meek pluggable transport, implementing domain fronting over HTTPS, achieved median download throughput of roughly 1–2 Mbps in controlled tests from censored regions (China, Iran), confirming that CDN-fronted tunnels are viable for real users at consumer broadband speeds. Latency overhead compared to direct connections was measurable (tens of milliseconds per round-trip through the CDN edge) but acceptable for browsing workloads.

2015-fifield-blocking-resistant §5 evaluation

The paper formally characterizes the censor's visibility gap: the SNI field in the TLS ClientHello and the HTTP Host header inside the tunnel are the two places that reveal destination, and CDNs that terminate TLS before forwarding HTTP requests prevent censors from correlating them. Any censor capable of correlating SNI to inner-Host (e.g., through CDN cooperation or plaintext HTTP/2 framing) can defeat domain fronting without CDN blocking.

2015-fifield-blocking-resistant §3 detection

Iran's censorship infrastructure shifted from fully decentralized (Jaccard similarity ~0 across ISPs in 2007) to highly centralized by June 2011, when the Jaccard similarity between the national gateway AS 12880 and two other ISPs reached 0.94 and 0.95. Almost all 2011 blocking was accompanied by a blockpage containing an iframe redirecting to internal IP 10.10.34.34, providing direct evidence of a single choke-point filtering infrastructure.

2015-gill-characterizing §4.5, Table V detection

Across MENA countries (UAE, Tunisia, Oman, Iran, Qatar, Yemen, Saudi Arabia, Burma), over 80% of blockpage-delivering tests delivered the blockpage without DNS redirection, indicating transparent web proxies performing deep HTTP inspection rather than the cheaper DNS-intercept approach dominant in China. McAfee SmartFilter was identified in Qatar, Saudi Arabia, and UAE; Netsweepr in Qatar, UAE, and Yemen.

2015-gill-characterizing §5.1, Table VI evaluation

The Encore system collected censorship measurements from 88,260 distinct IP addresses across 170 countries over seven months via installations by at least 17 volunteer website operators. China, India, the United Kingdom, and Brazil each contributed at least 1,000 measurements; Egypt, South Korea, Iran, Pakistan, Turkey, and Saudi Arabia each contributed more than 100.

2015-narayanan-no Introduction evaluation

ACM SIGCOMM 2015's program committee accepted the Encore paper with an unprecedented 'signing statement' after heated ethical debate. The committee's core objections were: (1) users accessing censored URLs might face repercussions in regimes without due process; (2) most users under censorship would be unlikely to consent to the measurements; and (3) unlike ad-tracker third-party requests, Encore requests do not reflect any user intent.

2015-narayanan-no Ethical Oversight by Program Committees policy

Encore's architecture turns ordinary web visitors into measurement vantage points, which the researchers argue prevents censors from detecting and disabling dedicated measurement probes. However, this benefit comes with the trade-off that the individuals whose browsers are co-opted face potential legal or physical risk that differs by country and by the specific censored content accessed.

2015-narayanan-no Background / Analysis policy

Throughput variance across Iranian ISPs collapsed nearly simultaneously during suspected throttling events, consistent with a centrally-coordinated administrative order rather than independent ISP-level decisions. Former ISP staff accounts cited in the paper indicate throttling orders were delivered by phone or fax, with smaller regional providers potentially delaying compliance—implying a brief window before universal enforcement.

2013-anderson-dimming §5.2, Fig. 8–9 evaluation

Throughput drops correlated directly with political mobilizations: the 2012-02-14 anniversary of political detentions registered a -102.9% weekly-minimum change relative to the two-month mean, and the October 2012 currency protests showed a -86.2% weekly minimum. Round-trip time did not increase proportionally during these drops, distinguishing them from ordinary congestion.

2013-anderson-dimming §5.1, Fig. 6 evaluation

Using M-Lab NDT measurements from Iran, the paper identifies two extended throttling periods: November 30, 2011 – August 15, 2012 (77% decrease in median download throughput) and October 4 – November 22, 2012 (69% decrease), plus 8–9 shorter-term disruptions. Weekly variance analysis yields even steeper figures of -98% and -82% for the two major events.

2013-anderson-dimming §5, §5.1 evaluation

During the November 2011 throttling event, every Iranian ASN under consideration experienced more than a 74% drop in throughput within the first two months; only one prefix (ITC's commercial hosting block 80.191.96.0/19) showed an increase. Academic networks (Sharif University AS12660, University of Tehran AS29068) recovered faster than consumer ISPs, suggesting selective prioritization or exemption for institutional traffic.

2013-anderson-dimming §5.2, Fig. 12 evaluation

Iran's censors preferred throttling over outright shutdown because it is less conspicuous and draws less controversy. The paper notes that NDT-style bulk-transfer tests cannot detect targeted, DPI-based throttling of specific protocols (VPN, Tor, streaming), since those present different traffic signatures than generic TCP bulk transfers. Iran's filtering infrastructure (TCI/ITC, AS12880) runs deep packet inspection as an auxiliary layer on top of ISP-level controls.

2013-anderson-dimming Abstract, §4.2, §6.1 detection

Measurement of Alexa top-500 websites across 18 categories found that over 50% of the internet's most-visited sites were blocked in Iran, with adult content blocked at over 95% and the Art category the third-most censored. DNS hijacking was applied selectively to only three domains (facebook.com, youtube.com, plus.google.com), while HTTP Host filtering accounted for the vast majority of blocks.

2013-aryan-internet §4.1, Table 1 evaluation

Traceroutes from one major Iranian ISP to 3,160 destination IPs across 13 countries consistently showed a single private-address node (10.10._._) as the first observable external hop, preceded by one of only two TCI-owned transit nodes. TTL-based probing confirmed that both HTTP and DNS blocking originated at this same centralized node, suggesting that the processing capacity of this national chokepoint is a key bottleneck in Iran's censorship infrastructure.

2013-aryan-internet §4.5, §6, Figure 5 evaluation

DNS queries for blocked domains were intercepted on-path and never reached the authoritative server; instead, the DNS server received 5 TCP RST packets spoofed from the client's address — despite the original queries being UDP, a likely misconfiguration. Three RST packets carried an identical random sequence number while two had a relative offset of 30 from the first three, the same distinctive 3+2 RST pattern observed in the HTTP blocking mechanism.

2013-aryan-internet §4.3, Figure 4 detection

Iran's HTTP censorship allows the TCP three-way handshake to complete normally before acting on the HTTP GET request: the censor responds with a '403 Forbidden' and simultaneously sends 5 spoofed RST packets to the destination server (3 with in-sequence numbers, 2 with seemingly random offsets). No modifications to TCP/IP or HTTP headers were observed at either endpoint, ruling out a transparent proxy and pointing to inline DPI.

2013-aryan-internet §4.2, Figure 3 detection

SSH transfers utilized only 15% of available bandwidth versus 85–89% for HTTP/HTTPS. When SSH was obfuscated by XORing payloads with a constant key (hiding the plaintext handshake), throughput dropped to near-zero during all trials. Applying the same obfuscation to HTTP transfers produced the same near-zero result, supporting the hypothesis that Iran whitelists known-approved protocols rather than blacklisting specific ones, which would preemptively block any unrecognized or randomized transport including Tor's obfsproxy.

2013-aryan-internet §4.4 detection

SkypeMorph and FreeWave both overlay a client-proxy communication model onto a peer-to-peer VoIP network; because Skype clients attempt direct peer contact before falling back to supernodes, initiating a call to a FreeWave proxy reveals its IP address directly to the caller, and proxy nodes accumulate user-to-bridge ratios that reached 8–12× in Syria/Iran and up to 120:1 in China (Figure 8), producing concentration signatures uncharacteristic of normal P2P call distributions. These architectural mismatches allow enumeration and fingerprinting attacks independent of traffic-content analysis.

2013-geddes-cover §5, Figure 8 detection

Existing censorship-resistant systems share a fundamental vulnerability: they require the user to know a finite set of entry points (bridge addresses, rendezvous points, or ISP-level collaborators) that a censor can enumerate by impersonating a legitimate user. China has blocked the majority of Tor bridges since 2010 and Iran blocked all encrypted traffic in 2012, demonstrating this attack is operationally deployed at scale.

2013-invernizzi-message §1 detection

ScrambleSuit defeats active probing by requiring clients to prove knowledge of an out-of-band shared secret before the server responds; a probing censor receives only silence. Two mechanisms are provided: session tickets (preferred for non-Tor applications) and an authenticated UniformDH handshake (optimized for Tor's shared-secret bridge distribution model), with both producing payloads computationally indistinguishable from random.

2013-winter-scramblesuit §4.1 defense

Iran deployed a new Tor-blocking strategy in February 2013 that caused direct Tor user counts to collapse from over 50,000 to near zero within weeks, as recorded by Tor Project metrics.

2013-winter-towards Figure 1, §1 evaluation

As of March 2013, Tor is documented as blocked in China, Iran, Syria, Ethiopia, the UAE, and Kazakhstan. Blocking techniques range from simple IP address blacklisting to a sophisticated hybrid consisting of deep packet inspection (DPI) and active probing.

2013-winter-towards §1 detection

Tor's TLS handshake exhibited multiple distinguishing fingerprints — including the client cipher list, server certificates, and randomly generated SNIs — that were used for TLS-based filtering in Ethiopia, China, and Iran. Inferring the exact byte-level pattern matched by DPI boxes required manual analysis and remains a difficult open problem as of 2013.

2013-winter-towards §3.1.5, §5 detection

Iran has deployed a 'dual-stack' addressing pattern in which the same server receives both a globally routable public IP and an RFC1918 private address, enabling failover between global and domestic routing. DNS records document this for entities ranging from ISPs (acc4.pishgaman.net: 81.12.49.108 / 10.8.218.4) to government organizations (Vice Presidency for Management Development: 10.30.5.163 / 10.30.5.148) and private companies.

2012-anderson-hidden §5, Appendix Fig. 8 deployment

Iran's nationwide censorship redirect page is hosted at private IP 10.10.34.34, operated by Data Communication Affairs (a subdivision of TCI's Information Technology Company, AS12880). Traceroute data confirms the final public hop before this private host is 195.146.33.29, registered to Data Communication Affairs, and 24 of 27 tested Iranian networks (89%) can reach it.

2012-anderson-hidden §4 deployment

A scan of the full 10.0.0.0/8 block from within Iran identified 45,928 active hosts, including 20,060 on Telnet (port 23), 9,960 on HTTP (port 80), 8,029 on SSH (port 22), and 2,510 on DNS (port 53). Identified participants include TCI, government ministries (Agriculture, Education, Science), universities, and ADSL providers, establishing the private network as a purposefully designed national intranet in place since at least 2010.

2012-anderson-hidden §4, §5 deployment

Using open HTTP proxies distributed across 27 Iranian ASNs, the study confirmed 89% (24/27) of tested networks could reach the private filtering page (10.10.34.34) and 77% (21/27) could reach Imam Reza University's private IP. Of 15 proxies on RFC1918 addresses themselves, 13 (87%) could also reach the filtering page, confirming nationwide — not localized — private-space reachability.

2012-anderson-hidden §4.1 evaluation

Several Iranian domains maintain DNS A records pointing to RFC1918 private addresses that resolve only when queried against Iranian nameservers (IRNIC); the same query to Google's public DNS (8.8.8.8) returns REFUSED. Domains including realm.blizz.ir (→ 10.175.27.120), isftak.ir, and geeges.co.ir exhibit this split-DNS pattern as of September 2012.

2012-anderson-hidden §5.2, §6 detection

A warden can fingerprint the specific covert destination a Telex user is visiting by comparing observed latency distributions against a pre-built database of covert-destination latencies. With an intelligently filtered database of only 10 distributions (K-S inter-entry threshold 0.8), the AUC is 0.868, and with approximately 12 collected samples the false positive rate drops below 10%. Larger databases (size 50) degrade to AUC 0.537 due to distribution similarity, but threshold-based filtering restores substantial discriminative power.

2012-schuchard-routing §5.3, Figures 7, 9 detection

A routing-capable warden can enumerate over 90% of decoy-router-deploying ASes for deployments as large as 4,000 ASes using an intersection-based discovery attack: the warden probes many paths, accumulates a set of 'clean' ASes, and prunes candidate paths until a single 'tainted' AS remains. All evaluated wardens (China, Syria, Iran, Australia, France, Venezuela) achieved roughly equal detection success across all deployment sizes.

2012-schuchard-routing §4.1 detection

Containment analysis shows that surrounding China with a 'ring' of decoy routers at AS-hop depth 1 requires covering 161 ASes; depth-2 expands by a factor of more than 23, becoming untenable, while depth-3 is slightly smaller but leaves the majority of the Internet reachable via clean paths. Cutting China off from at least half the Internet would require all 96 of the world's largest ISPs to deploy decoy routers at all exit points simultaneously.

2012-schuchard-routing §6, Table 2 evaluation

Under the Cirripede 'random ASes' deployment scenario — where 0.4%–1.0% of ASes deploy decoy routers — routing-capable wardens need only disconnect themselves from 0.85%–3.04% of the Internet to obtain clean (decoy-free) paths to all remaining destinations. Even at 10% Internet-wide deployment, wardens are cut off from only 7%–9% of non-participating ASes on average.

2012-schuchard-routing §4.2, Figure 2 detection

A passive timing attack using the Kolmogorov-Smirnov test on connection latency distributions reliably distinguishes Telex users from honest hosts: K-S scores against the overt destination max out at 0.26, while scores against covert destinations (even those within 10 ms of the Telex station) range from 0.3–1.0 with a median of 0.7 for nearby servers and 1.0 for Alexa top-100 sites. The attack is effective even for clients 50–250 ms from the Telex station, with no K-S score below 0.26 observed across 40 PlanetLab hosts.

2012-schuchard-routing §5.1–5.2, Figures 5–8 detection

Across 11 countries, censorship execution falls into at least six distinct categories: DNS redirect to localhost (Malaysia, Russia, Turkey), DNS redirect with warning page (South Korea), connection timeout with no notification (Bangladesh, India), spoofed TCP RST injection (China), spoofed HTTP 403 with warning page (Bahrain, Iran), HTTP 302 redirect (South Korea, Thailand), and spoofed HTTP 200 iframe response (Saudi Arabia). Four countries censor at DNS and eight at routers, with South Korea employing both layers simultaneously.

2012-verkamp-inferring Table 3 evaluation

Tor's fixed 512-byte cells packed into TLS 1.0 records produce a characteristic TCP payload of 586 bytes (512 + 74 bytes of TLS overhead). A perimeter filter running a simple exponential moving average (τ ← ατ + (1−α)1ₗ₌₅₈₆, α=0.1, T=0.4) identifies Tor flows within a few dozen packets; this attack succeeds at backbone rates of ~540,000 packets/second on commodity hardware. Obfsproxy does not alter packet sizes or timings and therefore does not defeat this classifier.

2012-weinberg-stegotorus §5.1, Figure 3 detection

The BBC's Geostats prototype (2010) detects censorship events by normalizing hourly traffic from two sources — a web-bug-based Livestats API and approximately 30GB/day of uncompressed Akamai streaming logs — alerting when traffic deviates ±60% from a rolling historical average keyed to hour-of-day and day-of-week. A key limitation identified is that CDN log files arrive up to 24 hours behind real-time, preventing timely detection of live blocking events.

2011-kathuria-bypassing §2.2–§2.3 evaluation

During the June 2009 blocking of BBC Persian in Iran, the BBC observed a more-than-fourfold increase in traffic to its BBC Persian TV Internet live stream, with geographic IP lookups confirming the majority of streaming originated from inside Iran. The BBC deployed Psiphon web-proxy nodes — chosen over alternatives because they required no executable installation on the user's PC and could be hosted by a trusted third party — promoted via email newsletters, Twitter, Facebook, and on-air announcements.

2011-kathuria-bypassing §3.1 deployment

BBC Chinese's multi-channel Psiphon promotion — radio broadcasts three times daily with additional trails, daily email newsletters, and ad hoc tweets — allowed its service to reach page-view parity with BBC Persian's established Psiphon deployment within eight weeks of launch in September 2010. Separately, a third-party BBC Persian iPhone app using full-text RSS feeds received over 50% of its downloads from inside China, demonstrating that syndicated full-text content distributed across multiple third-party sites and apps is difficult for censors to enumerate and block.

2011-kathuria-bypassing §3.2, §4.3 deployment

Iran and Libya each have a single point of control (1 AS), making complete national internet shutdown achievable with a single administrative action. Egypt's 2011 shutdown left one AS (Noor Group, 4.9% of connected IPs) operational for four days, apparently due to its role serving the Egyptian stock exchange and other core financial institutions.

2011-roberts-mapping §VI, Figure 7 deployment

A dynamic binary-tree partitioning algorithm solves the proxy distribution problem with at most k(1 + ⌈log₂(n/k)⌉) total proxy keys: partition n users into k groups in round 1, then halve each compromised group on each compromise event. Each of k adversaries can trigger at most ⌈log₂(n/k)⌉ compromises, bounding total proxy expenditure tightly.

2010-mahdian-fighting §4 Theorem 3 defense

The static proxy distribution problem — giving k²-adversarial users keys from m proxies so that all n−k legitimate users retain at least one uncompromised proxy — requires at most O(k² log n) keys and cannot be solved with fewer than Ω(k log(n/k)) keys. This establishes the information-theoretic cost of one-shot proxy distribution against k colluding informants among n users.

2010-mahdian-fighting §3 Theorem 2 defense

In invitation-based proxy networks (modeled on Psiphon's trust-tree), a single adversary can invite fake accounts as children in the trust tree, multiplying the effective adversary count k and invalidating sublogarithmic key budgets. For k=1 adversary on a trust tree of depth O(log n), an O(log n)-key algorithm exists by keeping the 'suspicious group' always rooted at a subtree boundary; for k>1 this remains an open problem.

2010-mahdian-fighting §5 Theorem 7 defense