The Best VPNs for Iran and how Iran blocks content
It’s no secret that Iran maintains a vice-like grip on tech freedom in the country. During the 2009-2012 Iranian protests, known as the “Green Revolution”, this was on full display as Iran blocked most forms of online media going in and out of the country. Nevertheless, the country’s powers-that-be quickly (and some might say unwittingly) learned of the power held by the masses through social media outlets. Evidence of the public unrest appeared prominently on social media websites such as Twitter and Facebook, which Iranian authorities had difficulty blocking at the time.
Fast forward 4 years. The Iranian government has learned a few things. Twitter, Facebook, Youtube and most other social media websites are blocked wholesale, although some Iranian users still manage to get past content blocks in various ways. The non-profit organization Reporters Without Borders has listed Iran as an “Enemy of the Internet” since it first began such a list in 2006. (Note: the organization has included the United States on the list since 2014, immediately following revelations of wide-reaching domestic surveillance programs revealed by Edward Snowden).
How Does Iran Block Content?
Very little information exists on how Iran actually conducts its content filtering. As noted by the Washington Post, the citizens who “probe the network from inside the country risk reprisals from the government.” As Iran is known to jail and kill dissidents and law breakers, most citizens are unlikely to attempt to run afoul of Iranian laws or the country’s filtering efforts. Indeed, circumnavigating Iran’s content blocking is more an activity for the bold. Still, we do at least know a little bit about Iran’s filtering methods, most of which are home-grown or copied from Iran’s closest allies, China and North Korea.
According to researchers Kyle Bowen and James Merchant, Iran employs three layers (pdf) to their filtering: preventive, interceptive and reactive. They explain this best in the below screenshot:
And provide more detail on what each of these entails here:
As you can see, Iran’s content filtering methods are extremely sophisticated and multi-layered, designed, effectively, to shut off all known attempts to get around the filtering process and cut users off at the heels when they do find a method.
VPNs may be an option — but with caution
Still, there’s the possibility that some VPNs may work in Iran. The question is, which ones?
Here’s where things get tricky. As content filtering and blocking are fairly extensive, you’ll want VPNs that do all of the following (and we do mean all):
- No logging of any kind
- Highest level encryption methods
- Automatic kill switch
- DNS leak protection
If you are visiting Iran remember to download the VPN before you arrive since many VPN sites are blocked. Even those that are available within Iran, you most probably don’t want to visit without a VPN in place first to hide your activity.
Best VPN for Iran – Our top choices for 2017
NordVPN has everything you’re looking for in a VPN for Iran. AES-256-SHA encryption, kill switch, no-logs policy, DNS leak protection and obfuscation methods. Nord does take a bit of a different approach on some of these than other services.
Their obfuscation method, for example, is not their own homegrown method. Instead, NordVPN supports Obfsproxy to deliver this method. They provide a walkthrough for how to set this up. It can be a bit complicated for newcomers, so that is something you’ll want to consider when thinking through your options. Additionally, NordVPN provides a Tor over VPN option. Earlier we mentioned that Tor is one of the few anonymity tools that does work in Iran, although speeds get throttled when the systems in place detect it. You may find NordVPN gets around this with a combination of Tor and Obfsproxy. Nord informed us that Obfsproxy and L2TP, PPTP and SSTP all work in Iran. However, you’ll want to avoid PPTP as it’s not secure.
NordVPN also utilizes a DNS leak resolver that operates a bit differently than other services. It detects individual leaks, but also utilizes a process-specific kill switch. This way it does not shut off the entire internet connection if you don’t want it to. To top it all off, this service uses a “double VPN” option which is admittedly going to be slow but provides an added level of anonymity necessary for anyone in Iran.
NordVPN is one of the cheapest VPNs we’re happy to recommend, it is good value at full price but occasionally runs deals bringing prices down even further.
Find out more in our full NordVPN review.
IPVanish utilizes the best privacy features we were looking for with our list. AES-256 encryption, a kill switch, obfuscation through OpenVPN, a strict no-logging policy and leak protections.
Perhaps one of the larger benefits to IPVanish for an internet user in Iran is the extremely large number of servers and server locations. IPVanish offers up over 40,000 shared IP addresses to be utilized with its 500+ servers and 60+ server locations across the globe. This provides anyone in Iran with a lot of options.
Notably, IPVanish allows you to their obfuscation method on or off. This option is known as “Scramble”, which you can find in the application’s preferences section. Scramble will allow you to get past network traffic monitors by masking your connection to the VPN service as if it’s a standard HTTPS connection. This may help with the speed throttling that is common in Iran when the system detects the use of a VPN.
A relatively new service, StrongVPN may be a great option for those looking for a high amount of security. In particular, our testing of this service found that their kill switch and scramble features were the absolute highlights for the service. You’ll also find the standards that anyone looking for security and privacy (i.e., anyone in Iran) is looking for: a no-logging policy and multiple forms of extremely strong encryption, from AES-256 to 2048-bit SSL.
StrongVPN does not advertise DNS leak protection, although this can be compensated with the kill switch and scramble functions. StrongVPN also gets past the “Great Firewall of China”, meaning it’s likely strong enough to get past Iranian government and ISP filtering methods. That said, remember that the biggest concern for Iran is getting caught, not just getting past.
Perhaps your biggest concern for this system, perhaps, will be the fact that some servers lack adequate encryption methods. You’ll want to make sure you’re paying attention to which servers you utilize.
We want to give an initial warning for VyprVPN: the company informs us that their service does indeed work in Iran. However, VyprVPN has a logging policy, which places a mark against it for anyone in Iran. This makes it a somewhat dubious choice for our list, but one we’ve included as it does hit the other main points, and the logging policy may be an acceptable thing to ignore for anyone spending only a limited time in Iran. The website of Golden Frog (the company behind VyprVPN), is blocked within Iran, however their .biz site is not so you can sign up within Iran if you haven’t done so out of country.
VyprVPN offers up solutions to the other concerns for anyone using a VPN in Iran. The service utilizes AES-256 encryption, a kill switch, and DNS leak protection. The service includes entirely necessary obfuscation methods. For Vypr, this function is accessible through their aptly-named Chameleon protocol. The Chameleon protocol is VyprVPN’s proprietary obfuscation method which maintains AES-256 encryption.
As stated, VyprVPN is a workable option, but primarily for those who may be in the country for a short amount of time. Their logging policy leads us to not recommend this service for anyone from Iran or anyone staying in Iran for the long term.
Find out more in our full VyprVPN review.
Iran’s ISPs and government work together to filter content
Filtering exists at two primary levels in Iran. The first level exists through the ISPs themselves. There are a handful of ISPs in the country operating independently from the government. All employ filtering methods that block content based on keywords.
In 2013, two anonymous Iranians and University of Michigan professor J. Alex Halderman worked together to examine Iran’s content filtering methods. They discovered that half of the websites on Alexa.com’s top 500 websites list were blocked. They also found the majority of those blocked websites, and the majority of search terms automatically filtered, were pornographic in nature. Art, society (e.g., politics), and news websites were also heavily blocked.
The second filtering layer exists at the government level. Some websites completely block any IP addresses originating from Iran, resulting in connection attempts that simply time out. Even more interestingly, the aforementioned testing revealed Iran’s content filtering includes connection speed throttling. The throttling is so extensive and sophisticated as to actually block VPN tunneling efforts, including those with obfuscation methods. The research notes that this includes Tor’s obfsproxy protocol.
Halderman and the two anonymous Iranians showed that attempts to connect through these proxy methods resulted in connection throttling that slowed speeds down to practically zero, making the connection effectively useless. The blocking of obfuscated SSH tunnels and Tor led the researchers to suggest that Iran’s ISPs and government do not utilize blacklists, but whitelists, meaning unrecognized protocols are even completely disallowed as a standard practice.
Additionally, many HTTP hosts are blocked and DNS hijacking is also employed for a number of websites, a filtering method that Halderman found occurs at the national level. The government also utilizes “man-in-the-middle” attacks and Deep Packing Inspections (DPI) to intercept and prevent users from connecting to content.
Can Iranians or travelers access banned content while in Iran?
This is a bit of a tricky subject. Based on Halderman’s findings, it’s reasonable to assume that SSH tunneling, proxies, and even Tor would not work in Iran. Unfortunately, there’s also no real way to test this either. You are about as likely to find VPN servers located in Iran as you are to find ones located in North Korea (hint: no chance at all).
What Iran can’t effectively block, they speed throttle into uselessness. However, Bowen and Marchant note that some Tor users found a few methods to get around the throttling by using a “bridge” to a wider network through a secret tunnel. The method works but is not without its faults. Given Iran monitors usage behavior, they may not be able to detect what individuals are looking at, but they can often detect when users are utilizing encrypted methods, something that would raise red flags.
Additional advice for anyone using VPNs in Iran
Install a VPN service before you leave
As we’ve detailed above, Iran is an extremely unfriendly place for anyone trying to get past content filtering. Indeed, it’s more than just unfriendly — it’s hostile and potentially dangerous. Iran is known to lock up dissidents and even kill many people who show a propensity to hit the wrong websites too often. And while there can certainly be a good amount of plausible deniability involved when you’re connecting through a VPN with no logging, we can’t guarantee anyone’s safety even then. Iran’s legal system is not known to be fair in the Western sense.
If you do plan on traveling to Iran with the desire to connect to banned or filtered websites, make sure you download your VPN first. In fact, you may want to download and install more than one VPN service. Given the ISPs and government’s method of whitelisting instead of blacklisting websites, chances are likely that you will not be able to access VPN service websites after getting into Iran. This being the case, ensure you have a VPN installed before you go.
Don’t hesitate to use the kill switch and obfuscation methods
It’s hard to emphasize how important the kill switch and obfuscation methods are going to be for anyone using VPNs in Iran. Given Iran’s current methods, it’s not inconceivable that anyone whose IP address consistently ends up on a watchlist will find themselves in some trouble. Only use VPNs with obfuscation methods, and only use VPNs with a kill switch. Make sure both are turned on at all times.
*Disclaimer: We took care to thoroughly research Iran’s filtering methods. Our goal is to provide users with useful information. However, we cannot guarantee anyone’s safety while using VPNs in Iran. Iran is among several countries where accurate information is difficult to obtain, especially from the outside. We are not experts on Iranian law, and no one outside of Iran knows for certain the extent of their monitoring process or how actively they pursue those who attempt to get past these methods.