Accessing the internet through only google.com
Iranians right now are using a javascript based proxy to access the internet somewhat, it's what i'm using to access tildes.
I thought it'd be interesting to share, we don't have access to script.google.com but we do have access to www.google.com, so there's another method to access it and set it up.
Someone wrote a quick android app for it. link
It's limited from google's side as they've put a 20,000 requests daily limit on scripts, but it gets us online somewhat and... feels nice, to be able to have a way through.
We're also using github actions to download files to private repo's and download them from there (releases is still blocked, raw is not) which also seems to have a 2000 minute monthly limit.
From one side google colab also has Iran sanctioned so we can't access that, but that would be another way to get online aswell.
From another side we're also using DNS servers to tunnel traffic, but they get blacklisted after the user count goes up.
This is precisely what Tor is for. Try it out. Spread the word.
Stay safe.
Edit: If you're not terrified of your government busting down your door and have the tech chops, setup relays. If you're in an uncensored country, setup an exit node.
Thank you.
Tor is blocked.
Iran is whitelisting IPs, even if you set up a relay and exit node on a whitelisted IP the traffic is quickly recognized and killed.
How about I2P? I know there are some I2P exit nodes for access to the open Web. It's way slower than tor in my experience, but it could be an option.
From what i can tell i2p is dependant on i2p.novg.net, so no dice.
Are cloud provider ip blocks blacklisted?
ssh -Dwill set up a socks5 proxy over the ssh session so you can get internet immediately through the remote machine after setting up a new cloud host. Then you can go on to more high effort methods like VPN servers.ssh proxy is a easy one to block, iirc it was blocked a few years ago even, we needed and still need to ssh through a vpn so the traffic was obfuscated and not killed.
Currently useless sadly, thank you for chiming in.
Sounds like they just killed ssh across unencrypted channels then, right?
Sorry, I'm not trying to be argumentative. I'm just trying to understand the limitations you're working with.
The same question remains though: are cloud hosting IPs blocked, or do you have access to cloud hosting provider portals (to configure your cloud vm)? Then once the host is configured to serve a VPN, can you connect to that VPN (or is that IP block blacklisted)?
It's alright i didn't see it as mean or anything of the sorts.
The situation as far as i can tell is as such:
There is a tiered system in place at the carrier level putting people in one of three pools, whitelist based filtering, blacklist based filtering, no filtering.
The blacklist based filtering is what we had before, but right now it is being sold to specific people and requires them to go through a identity check process of sorts. i know university professors can have this.
The no filtering is for the upper guys and is inaccessible to us, it's what was used by the propaganda people when everyone elses internet was cut.
The whitelist based filtering is what me and tens of millions have right now. the intranet (hostings inside Iran) aren't blocked but everything else is. sites and IPs have to be put in the whitelist for us to access things.
There's a Internet Pro that's being sold at a more wider scale but i'm not sure if it's unfiltered or blacklist based, i will not even entertain the idea of buying it just to check this. no one i know has.
Seems like there used to be DPI work arounds that have since been blocked, but until a certain point some could access foreign IPs through the whitelist filtering.
Some sites like google.com accounts.google.com mail.google.com translate.google.com github.com and some sites being fastly cdn have been whitelisted. These are what the average person has access to (and some others like tradingview and such, i'm not aware of the full list)
There are also very few global hosting IPs that are open and paid VPNs are being sold on them, the VPN sellers have made a lot of money these days. It's either one of the own government peoples or a IP that slipped through or bribery based whitelisting, i don't know which or how and i'm not in a position to know.
These servers connect as if there's no problem whatsoever, It's supposedly 1gig for 3$ USD (roughly converted) but the allocated quota finishes extremely quick for the people who buy it, it might be backed up system updates that everyone has or it might be less than a gig, i ain't sure.
For the normal whitelisted internet the method i'm connected with right now uses domain fronting to access script.google.com, then uses a js based proxy to get data through. i know there were methods with Vercel and Netlify but i couldn't get them to work, they weren't direct access methods and needed some MITM to work. sorry i don't know more about it.
I think there are still methods working through changing the TCP handshake byte lengths or something. There's also another one using google AMP cache that works for 15 minutes at a time. It's all just a mess, a big ol' mess. The most reliable one is still google scripts based, it can't pass captchas but it works.
Update: github.com and fastly stuff are blocked now, at the very least google still works
You may have luck with pluggable transports. For what it's worth, I remember using Psiphon in contexts where Tor was blocked and it worked beautifully.
The different bridges don't work, there was a time where some had ping but the connection was instantly blocked, there days there's no ping whatsoever.
Psiphon is a classic, but also completely blocked when used normally, conduit can't reach the server to get a list of users and is out of the picture aswell.
There was a time when there was a setup like http proxy -> dnstt server -> psiphon which worked, but the IP got blacklisted and i haven't found another one like it.
It’s a great way to have CSAM go through your network.
According to this, there are no known instances of prosecution or convictions due to this. Because the routing of unknown material in itself is not illegal.
There is risk of raid, seizure, or arrest, but the odds of getting actually prosecuted for doing so is minimal.
Of course the risk of raid and arrest or attracting police attention of any kind is not good. Depending on what you have going on, you may find yourself prosecuted for something else unrelated that the police find on your property. I wouldn’t run a tor exit from my meth lab for instance.
As I learned long ago: Only break one law at a time.
If you're otherwise 'clean,' maybe have a lawyer pre-informed, you'd be doing a great service that helps out many.
FWIW, they don't reccomend running an exit node from your home. Linode, for example, does not ban exit nodes. This suggests that they are aware of the legal risks and have the confidence (and resources) to overcome them. They say you might get an automated ToS violation to respond to, suggest taking steps to limit torrent traffic, but that's also just one provider, there are many.