2013-anderson-dimming
findings extracted from this paper
-
Throughput variance across Iranian ISPs collapsed nearly simultaneously during suspected throttling events, consistent with a centrally-coordinated administrative order rather than independent ISP-level decisions. Former ISP staff accounts cited in the paper indicate throttling orders were delivered by phone or fax, with smaller regional providers potentially delaying compliance—implying a brief window before universal enforcement.
-
Throughput drops correlated directly with political mobilizations: the 2012-02-14 anniversary of political detentions registered a -102.9% weekly-minimum change relative to the two-month mean, and the October 2012 currency protests showed a -86.2% weekly minimum. Round-trip time did not increase proportionally during these drops, distinguishing them from ordinary congestion.
-
Using M-Lab NDT measurements from Iran, the paper identifies two extended throttling periods: November 30, 2011 – August 15, 2012 (77% decrease in median download throughput) and October 4 – November 22, 2012 (69% decrease), plus 8–9 shorter-term disruptions. Weekly variance analysis yields even steeper figures of -98% and -82% for the two major events.
-
During the November 2011 throttling event, every Iranian ASN under consideration experienced more than a 74% drop in throughput within the first two months; only one prefix (ITC's commercial hosting block 80.191.96.0/19) showed an increase. Academic networks (Sharif University AS12660, University of Tehran AS29068) recovered faster than consumer ISPs, suggesting selective prioritization or exemption for institutional traffic.
-
Iran's censors preferred throttling over outright shutdown because it is less conspicuous and draws less controversy. The paper notes that NDT-style bulk-transfer tests cannot detect targeted, DPI-based throttling of specific protocols (VPN, Tor, streaming), since those present different traffic signatures than generic TCP bulk transfers. Iran's filtering infrastructure (TCI/ITC, AS12880) runs deep packet inspection as an auxiliary layer on top of ISP-level controls.