Iran in 2022 - A Political crisis
Amini’s death over Hijab sparked protests in Iran, so the government decided to use censorship + its so-called Moral police in response to the protests.
Such is the nature of Authoritarian Governments, where people lack basic rights, where decisions often benefit the wealthy, and where people have almost no influence over the state.
The need to Communicate Privately
In such times, effective and private communication can protect people from abuse and even life-threatening situations.
So, during the protests, people from privacy and security communities started recommending WhatsApp, Telegram, and Signal, due to their commitment towards encryption and privacy. But, of course, these apps were quickly blocked by Iran. So, to tackle censorship, many people started hosting proxies for these messaging apps.
IMO, Signal is the best choice here because of it’s commitment towards transparency, encryption, and political stance. Unlike Telegram and WhatsApp, Signal also doesn’t store detailed information about it’s users.
So is it the best app?
Hmmm… Not really.
You see, proxies can help you bypass censorship, encryption can preserve your privacy, but these “secure apps” aren’t really designed to handle a political breakdown.
Issues with Centralized Messaging Apps
Let’s first talk about the most used app in Iran - Telegram. They say it’s private, but technically it is not even close to private. To make matters worse, less secure third-party clients of Telegram are very popular in Iran. Who knows, some of these clients might even be operated by the state to collect data and disrupt communications during a crisis. See, how the two most popular Telegram forks of Iran were used to scrape data from millions of users.
Moreover, people can be tracked using metadata that is beyond the control of these apps. For example, the telecom operators, which are probably already involved with the state, can get into a Telegram account by intercepting Telegram’s OTP and export the entire chat history (unless the Telegram registration lock is enabled). This at least not possible with apps like Signal or WhatsApp because your chat history isn’t stored on their servers. However, their requirement of phone numbers still puts people at risk as the telecom operators can determine the location of phone numbers receiving the OTPs.
All in all, these secure apps can only protect your messages but not you, and during a political crisis even strong privacy protections becomes useless without anonymity.
When the internet is censored, proxies to one or two services can’t help. You can send messages with Signal, but where will you get your news from? How will you find out what’s going on at the protests? How can you follow people when social media is blocked? Furthermore, proxies hosted outside of Iran are kinda useless are they are inaccessible due to ISPs blocking connections to Non-Iranian IPs.
At this point, Tor might be the only option to connect to with the real Internet. So, if you want to help, I’d suggest hosting Tor nodes rather than service-specific proxies. Visit Tor’s website to learn more about their goals and technology.
Now comes the worst part.
What will everyone do if the internet goes down completely? Are proxies or even Tor useful then? Centralized systems can’t work when the center itself is the culprit.
Of course, this does not imply that all systems should be crisis-ready, but recommending them during a crisis is the absolute last thing anyone should do.
Instead, we should recommend, the most decentralized, zero-trust solutions like Briar, which allows people to communicate without relying on third parties services of any kind, not even the Internet.
What if you could send messages using, only your phone? Yeah, that’s possible with Briar.
Briar doesn’t ask for a phone number, or any other personal identifiers. When connected to the the Internet it can route your messages over Tor. So, you can communicate privately and anonymously while also bypassing censorship. There are no centralized servers involved.
During an Internet shutdown, Briar can use Wi-Fi or Bluetooth to communicate with other Briar users nearby, and also share the Briar app to those who don’t have it. With enough devices, people can even build a large scale Briar communications network.
If wireless is not your thing, Briar allows you to send messages by exchanging USB drives.
All communication is always end-to-end encrypted. So, almost nothing can stand between you are your right to communicate.
According to Briar’s website, it is already resistant to attacks involving Metadata Surveillance, Content Surveillance/Filtering/Takedown orders, like some other E2EE apps, but it is also resistant to DDoS attacks, Server side Zero-day vulnerabilities, Internet Blackouts, Communication interference/failure, Compromised users, and even attacks where someone decides to deploy nearly unlimited Briar devices.
The only caveat is that Briar being only available on Android. This is not because the team is uninterested in it, but because Apple is uninterested in user freedom and privacy, while advertising that it does. Anyways, Briar project is planning something for iOS users.
Now, go visit Briar’s homepage and its Manual, where you can, explore download options, and learn more about how the app works, the team, and their funding strategy.