Big Tech could help Iranian protesters by using an old tool
But these workarounds aren’t enough. Though the first Starlink satellites have been smuggled into Iran, restoring the internet will likely require several thousand more. Signal tells MIT Technology Review that it has been vexed by “Iranian telecommunications providers preventing some SMS validation codes from being delivered.” And Iran has already detected and shut down Google’s VPN, which is what happens when any single VPN grows too popular (plus, unlike most VPNs, Outline costs money).
What’s more, “there’s no reliable mechanism for Iranian users to find these proxies,” Nima Fatemi, head of global cybersecurity nonprofit Kandoo, points out. They’re being promoted on social media networks that are themselves banned in Iran. “While I appreciate their effort,” he adds, “it feels half-baked and half-assed.”
There is something more that Big Tech could do, according to some pro-democracy activists and experts on digital freedom. But it has received little attention—even though it’s something several major service providers offered until just a few years ago.
“One thing people don’t talk about is domain fronting,” says Mahsa Alimardani, an internet researcher at the University of Oxford and Article19, a human rights organization focused on freedom of expression and information. It’s a technique developers used for years to skirt internet restrictions like those that have made it incredibly difficult for Iranians to communicate safely. In essence, domain fronting allows apps to disguise traffic directed towards them; for instance, when someone types a site into a web browser, this technique steps into that bit of browser-to-site communication and can scramble what the computer sees on the backend to disguise the end site’s true identity.
In the days of domain fronting, “cloud platforms were used for circumvention,” Alimardani explains. From 2016 to 2018, secure messaging apps like Telegram and Signal used the cloud hosting infrastructure of Google, Amazon, and Microsoft—which most of the web runs on—to disguise user traffic and successfully thwart bans and surveillance in Russia and across the Middle East.
But Google and Amazon discontinued the practice in 2018, following pushback from the Russian government and citing security concerns about how it could be abused by hackers. Now activists who work at the intersection of human rights and technology say reinstating the technique, with some tweaks, is a tool Big Tech could use to quickly get Iranians back online.
Domain fronting “is a good place to start” if tech giants really want to help, Alimardani says. “They need to be investing in helping with circumvention technology, and having stamped out domain fronting is really not a good look.”
Domain fronting could be a critical tool to help protesters and activists stay in touch with each other for planning and safety purposes, and to allow them to update worried family and friends during a dangerous period. “We recognize the possibility that we might not come back home every time we go out,” says Elmira, an Iranian woman in her 30s who asked to be identified only by her first name for security reasons.