Iran in 2022 - Example of a Crisis
Recently, Amini’s death over Hijab sparked protests in Iran against its Authoritarian Government, where people often lack basic rights, where decisions often benefit the wealthy, and where people have almost no influence over the state. Currently, Iran’s government is censoring the internet, and using its so-called Moral police in response to the protests. Iran blames the US for the unrest, which may be true, but that’s not the point. The point is, Iran does not even respect human rights and their leaders are just playing a blame game. Iran or the west might be the culprits, but innocents are the ones suffering.
The conflict between Russia and Ukraine is politically different, but its effects on people are similar.
In these times, a mode of communication is very important and if the mode is secure and private, it can protect people from abuse and even life-threatening situations. The most common recommendation in privacy and security communities is the Signal app. Most people who recommend the app are also asking people outside Iran to host Signal proxies to help people in Iran bypass censorship. Not understanding that the situation of internet in Iran is more complex than just Signal proxies.
Do Signal Proxies Help?
Signal is a private communication app that has been observed to be very secure in the past. It has been audited, it is open source, and run by a non-profit. It includes all the bells and whistles that helps people with human rights keep their communications away from mass surveillance. WhatsApp and Telegram have a similar story and may be inferior to Signal in some ways but superior to Signal in others. My point is that none of this matters because the situation in Iran is vastly different from mine and, most likely, yours.
Issues with Centralized Messaging Apps
Signal, WhatsApp, and Telegram all require phone numbers to function, which are linked to Iranian IDs. OTPs sent to confirm the phone numbers can be intercepted and recorded by telecom operators. Although apps like Signal will not (and sometimes cannot) provide detailed information about you, telecom companies in Iran can still determine the approximate location of phone numbers, their activity, as well as the location of sim cards. These secure apps can protect your messages but not you, because you can now be tracked using the metadata that is beyond the control of these apps. Such information collected by different companies can then be passed on to the authorities.
Telegram might be private, but technically it is not even close to Signal standards. To make matters worse, third-party clients are very popular in case of telegram. These are often not as secure as the official clients and in some cases might even be owned and operated by the state to disrupt communications, particularly in times of crisis. See how the two most popular Telegram forks of Iran were used to scrape data from millions of users. The worst part is that if your telecom company is already involved with the state, they only need an OTP from Telegram to login to read/export your entire chat history (unless you use the Telegram registration lock). This is not possible with apps like Signal or WhatsApp, but this attack also seems highly unlikely to be done on a large scale, but targeted, yes.
When the internet is heavily censored, proxies to one or two services can’t help. You can send messages with Signal, but where will you get your news? How will you find out what’s going on at the protests? How can you follow people when Iran has blocked social media platforms like Fakebook? Furthermore, proxies hosted outside of Iran are inaccessible, likely because ISPs allowing connections only to Iranian IPs. In such cases, only a few people may have access to the larger internet and only Tor can help Iranians access messaging apps, social media, news websites, and the larger internet. If you want to help, host Tor nodes rather than service-specific proxies, but before you do anything with Tor, please visit Tor’s website and learn more about their technology and goals.
What will everyone do if the internet goes down completely? Are proxies (or even Tor) useful then? Everything would lead to a failed effort with no one winning except chaos and oblivion.
Centralized apps only work when people are living in a relatively free state, but they fall apart in situations where the center is the culprit. Of course, this does not imply that all apps should be crisis-ready, but recommending them in a crisis is the absolute last thing anyone should do. Instead, we should recommend the most resilient solutions, like Briar. Its technical architecture can withstand even the most powerful blows to the flow of information. With Briar, you can communicate freely without relying on third parties. Use an App that can be used during the 1% of your battery.
What if you could send messages without relying on third parties, only using your phone (hardware) and a charged battery? Yeah, that’s Briar. It requires no phone numbers, personal identifiers, or relationship maps. It can communicate over the internet using Tor, which is excellent for circumventing censorship while also providing extra privacy/anonymity. If the internet is shutdown, it can also use Wi-Fi or Bluetooth to communicate with nearby devices. Heck, It even allows you to send messages by exchanging USB drives. All communication is always end-to-end encrypted.
It is intended to combat almost anything that stands in the way of your communication, like sharing the app to other users over a Wi-Fi hotspot. According to its website, it is already resistant to attacks involving Metadata Surveillance, Content Surveillance/Filtering/Takedown orders, just like some other E2EE apps. Because there are no servers it is also resistant to DDoS attacks, Server side Zero-day vulnerabilities, Internet Blackouts, Communication interference/failure, Compromised users, and even attacks where someone decides to deploy nearly unlimited Briar devices.
One caveat is that Briar is currently only available for Android. This is not because the team is uninterested in it, but because Apple is uninterested in user freedom and privacy, while advertising that it does. In my opinion, it is preferable to forego Apple and use Android with a custom ROM. Either way, Briar project is planning something for iOS users, but until then you can take a look at Session.
I won’t go on about Briar any further, but instead direct you Briar’s homepage and its Manual, where you can see how the app works, find download options, learn more about the team, and their funding.