That's the trick isn't it: having an entire population know something an oppressive government doesn't.

Even if you teach everyone how to deploy their own servers, then that's the knowledge the government will start targeting. You can make blocks expensive, i.e. blocking other major, useful services that would disrupt society too much for them to want to deal with, but this of course has its own costs.

It's censorship and surveillance all the way down.

As far as I know, Iran is much too open an society to actually prevent its citizens from knowing anything in particular.

That's not to say it's a free society or that censorship doesn't exist there, just that it's not the sort of regime that is particularly good at it.

If I had to guess, Iranian expats would be a likely set of people to start up proxy servers for their family and friends back home.

Yes, which is why Signal is doing a disservice by telling people to announce their proxies on Twitter. The expats should just tell their friends and family, and tell them to pass the word on only to people they trust.

But this doesn't stop them from doing that. If you have an expat friend or family member with a proxy, use theirs, if not, check the latest tweet with the hashtag and use that.

That is precisely why I am suggesting using a CDN. Old school CDN that is. Back in the day, if you had Akamai, your site would just use one (or many) of their generic names. Nowadays you can use your own domain to front their network, but you don't have to. If Signal was using a few CDN's and cycled through many generic end-point names, then Iran would have to block all the CDN's which would be nearly the same as shutting off the internet. This would not have to be the default mode of Signal. It could be an option that the client suggests. "Hey, it appears we are blocked. Use alternate proxies?" Then cycle through many different CDN's using many generic end-point names. Some of the CDN's can also do layer 4 vips and not have to decrypt anything. They can just act as a TCP tunnel if need be, just costs more.

At some point, the easier option is for there to be a revolution or some sort of governmental change.

Easy to say when it is not your life or your families’ lives at risk.

True but not everyone is keen to experience the civil war that often accompanies such a change.

That's what lead to this mess in the first place!

Communication is key to both of those things.

I think Signal is clearly recognising that nearly sny server or system they create will be blocked, which is why they recommended this being done on an individual layer.

From the article:

> A more discrete approach would be to only send the link via a DM or a non-public message. You can post something like this on your favorite social network:

> * #IRanASignalProxy Reply to this thread if you want the connection details, and follow me so I can DM you the link.*

No good; people working for the Iranian state will DM. Signal didn't think this through. No one should announce proxies via social media. Tell people how to set one up for friends and family.

> No good; people working for the Iranian state will DM.

They'll probably try, but it's not very scalable. It's tough to build and maintain a Twitter account with a history that looks like a real regular person, much less create a bunch of them fast with history that dates back before the day you started. If most of them make a modest effort to verify users, most of them should remain unblocked. It's all pretty decentralized, so it's not that big as deal if a few of them do get discovered and blocked.

People working for the Iranian state generally would be discernible from their Twitter account, and by controlling the information you hand out you can also flag the hidden accounts that aren't easily recognized.

You also overestimate how committed Iran is to stopping this. Doing this in public risks the state finding out, but outside of times of crisis the state is usually pretty slow to respond. Keeping it private tanks participation rates.

There are about 700,000 people of Iranian descent in the Los Angeles area alone (the largest such community in the US). Most of them are in the US to escape the regime, and most of friends and family in Iran who they keep in touch with. The people in Iran also have their own networks.

So a down-low friends and family approach could reach a lot of people.

If you just filter the amount of those 700,000 down to how many are aware Signal exists, I bet we'd already be at a low enough number to see the problem with your plan.

There are plenty of people that don't have friends of family in Iran but would still like to help.

> How would you let users know about this proxy without letting their government know about it?

From the blog post, "A more discrete approach would be to only send the link via a DM or a non-public message."

> how about randomly giving out random proxies in some header that the app could query on cloudflare or google or akamai

That would "..increases the chance that Iranian censors will simply add those IPs to their block list"

It looks like the solution provided in the blog post is limited to helping folks run their own proxy for people they know.

Generally speaking censorship by a government needs to be pretty poorly done at best. Taking out the bulk of the usage of Signal is easy, removing it completely is hard. Much better to apply minimum cost and effort where it counts most.

Yup, I would run one but I don't know any Iranians...