TunnelBear has been around for almost ten years. For much of this time, we’ve been providing free bandwidth support to countries experiencing censorship crises.

The story goes like this: whenever we noticed partial online outages in a given country, we would upgrade our freemium offering in that country. We’d then engage in what the internet freedom community calls the “cat and mouse” game of censorship, where we’d continuously have to unblock ourselves in that country so its residents can benefit from our VPN service.

On and on it went for about seven years.

In 2020, we took a more active approach, and focused our efforts on a four stage model, which takes us from the first stage of censorship (app distribution) to the most technically advanced stage (maintaining a VPN connection). We’ve focused our research, community, and development efforts on a country that experiences all four stages - Iran.

Freedom House lists Iran as one of the worst countries in the world for internet freedom. Our team has been working with a testing and digital rights community in Iran to better understand the on-the-ground realities of censorship while strategically working through our four stage model. Our working theory is that the capabilities we build to tackle censorship in a country as restrictive as Iran will help us bypass censors in other regions as well (while also keeping in mind the importance of local context).

The Freedom House team publishes an in-depth annual report about the status of online freedoms in countries all over the world. We’re going to take you through our four stage model through excerpts from their 2020 Iran report.

Stage 1: Access

“The government regularly seeks to disrupt access to VPN”

The first way VPN providers are blocked is access, or distribution. This is when governments block VPN on the app store or play store level, which is very much a reality in Iran. Notably, the issue of access often intersects with the economic dimensions of censorship as well. For example, “MTN Irancell announced that consumers using VPNs would not receive [a] 50 percent discount when accessing domestic content, further discouraging the use of circumvention tools to access restricted content.” This type of announcement deters those who need VPN the most from its access.

Beyond technical and economic blockers, Iran’s Supreme Council for Cyberspace recently announced a ‘legal VPN’ scheme, in which the government would roll-out their own VPN for students and members of civil society, effectively restricting access to consumer VPN. What’s more, “the government may be able to control and monitor the levels of access different people will have to the internet, [which] exacerbate[s] existing socioeconomic divides, among other effect[s]”.

TunnelBear is tackling the issues of access through the NGO Support Network and partnership with the Paskoocheh team, who equip Iranians with digital security tools through their app store.

Stage 2: API Blocking

API blocking refers to blocking a domain name, and is the most common type of technical censorship. There are tens of thousands of blocked VPN domains in different countries around the world. In Iran:

"Authorities employ a centralized filtering system that can effectively block a website within a few hours across the entire network. Private ISPs are forced to either use the bandwidth provided by the government or route traffic containing site-visit requests through government-issued filtering boxes developed by software companies within Iran. The filtering boxes inspect URL requests submitted by users for banned text strings—either keywords or domain names—and block access accordingly. This method only limits access to content retrieved through unencrypted Hypertext Transfer Protocol (HTTP) connections. Individual pages remain available over an encrypted connection (HTTPS), which disguises the banned text, requiring censors to block the entire site in order to restrict access to specific content."

Despite the protections which HTTPS websites offer, TunnelBear acknowledged a potential privacy loophole within HTTPS, the SNI field, and is tackling stage 2 by implementing Encrypted SNI.

Stages 3 and 4: Connecting to a VPN, Maintaining a VPN Connection

These stages refer to technical blocking at the connection protocol level. Countries who employ these types of online restrictions are among the most technically savvy and therefore committed to online censorship. In Iran, the state has the ability to “throttle foreign connection speeds during politically sensitive periods… [and] the Telecommunication Company of Iran retains a monopoly on internet traffic flowing in and out of the country.”

This type of monopoly over online activity means that the state has the ability to disrupt a VPN connection even after it is successfully secured. The TunnelBear team are tackling stages 3 and 4 in Iran through localized connection failure prompts that tell us at which point connection failures occur throughout the user’s journey.

What next?

The above framework lays out the challenges facing the internet freedom community into ambitious development goals which our team is excitedly tackling. We will continue to update you on our progress on the Internet Freedom hub.

Sincerely rawrs,
the TunnelBear Team

TunnelBear is a very simple virtual private network (VPN) that allows users to browse the web privately and securely. It secures browsing from hackers, ISPs, and anyone that is monitoring the network. TunnelBear believes you should have access to an open and uncensored internet, wherever you are.