But these solutions are not enough. Although the first Starlink satellites have been smuggled into Iran, restoring the Internet will likely require several thousand more. Signal tells MIT Technology Review that “Iranian telecom providers prevent some SMS validation codes from being delivered.” And Iran has already detected and shut down Google’s VPN, which is what happens when a single VPN becomes too popular (plus, unlike most VPNs, Outline costs money).
Also, “there is no reliable mechanism for Iranian users to find these proxies,” notes Nima Fatemi, head of global cybersecurity nonprofit Kandoo. They are promoting themselves on social networks which are banned in Iran. “While I appreciate his effort,” he adds, “it feels half-baked and half-baked.”
There’s more that Big Tech could do, according to some pro-democracy activists and digital freedom experts. But it has received little attention, even though it’s something that several major service providers have been offering until just a few years ago.
“One thing people don’t talk about is the domain front,” says Mahsa Alimardani, an Internet researcher at the University of Oxford and Article19, a human rights organization focused on freedom of expression and information. It’s a technique developers used for years to circumvent Internet restrictions like those that have made it incredibly difficult for Iranians to communicate securely. In essence, domain fronting allows applications to disguise traffic directed at them; for example, when someone types a site into a web browser, this technique goes into that part of browser-to-site communication and can encode what the computer sees in the backend to disguise the true identity of the final site.
In the days of domain fronting, “cloud platforms were used to avoid that,” Alimardani explains. From 2016 to 2018, secure messaging apps like Telegram and Signal used Google, Amazon and Microsoft’s cloud hosting infrastructure, where most of the web runs, to disguise user traffic and successfully thwart prohibitions and surveillance in Russia and throughout the Middle East. .
But Google and Amazon stopped the practice in 2018, following a crackdown by the Russian government and citing security concerns about how it could be abused by hackers. Now, activists working at the intersection of human rights and technology say that restoring the technique, with a few tweaks, is a tool Big Tech could use to quickly reconnect Iranians.
The domain front “is a good place to start” if the tech giants really want to help, Alimardani says. “They have to invest to help with the circumvention technology, and having the domain front removed is not really a good look.”
The domain front could be a critical tool to help protesters and activists stay in touch with each other for planning and security purposes, and to allow them to update worried family and friends during a dangerous time. “We recognize the possibility that we may not return home every time we go out,” says Elmira, an Iranian woman in her 30s who asked to be identified only by her first name for security reasons.