June 23, 2009, 11:42 AM — An inspection of the proxy servers offered up online over the past few days as a way to help Iranians maintain access to unfiltered Web content, shows that the servers are being hosted in as many as 87 countries.
What's unclear, though, is just how many of the proxy servers were set up for the explicit purpose of helping Iranians circumvent Internet censorship and how many were up and running before the recent communications crackdown there, according to James Cowie, CTO of Renesys Corp., a Manchester, N.H.-based Internet monitoring firm.
A proxy server can allow someone to access a Web site or a Web service anonymously. For instance, a user in Iran trying to access an external news site that might have been blocked within the country can configure a browser to access the site via a proxy service. The user's browser doesn't contact the Web site directly, nor does it directly receive any content from the Web site, because the requests and responses are passed through the proxy server. All the user needs is the IP address of the proxy server and a port number to access it.
Software is available that allows pretty much any user to turn his or her computer -- or someone else's computer -- into a proxy system.
Since post-election unrest began in Iran about a week ago, supporters of the Iranian opposition movement have been propagating lists of available proxy servers to Iranians via Twitter and numerous Web sites. An inspection of about 2,000 such servers shows that while many are hosted in the U.S and Western Europe, proxy services have also been available from numerous other countries, including China, India, Russia, Romania, Bulgaria and Vietnam.
While that geographic spread might suggest widespread support for the opposition movement in Iran, the reality might be different, Cowie said. In many cases, computers that host proxy services are previously compromised machines with malware installed on them that make them proxy servers. "I suspect that many of these hosts may not be aware that they are running open proxies," he said.
It is also likely that many of the proxies circulating on the Web in recent days are old servers that are being "pressed into service for the Iranian people," he said. "Some of the proxies in this data set are undoubtedly fresh, created by people who want to keep the Internet alive for the Iranian people."
But many are not, he said.
It's hard to say how many of the proxy services are still available to people inside the country. A majority of the services are likely to have been blocked by Iranian authorities soon after they were publicized on Twitter and elsewhere, he said. Based on anecdotal evidence and on speaking with people inside Iran, the rate at which new proxies are being created has fallen over the past few days -- and it's getting harder to get the information about them to people who need it.
The Renesys analysis comes at a time when Web traffic, video and other interactive communications have sharply fallen in Iran as a result of a tightening censorship in the country. An analysis of the network traffic in and outside the Iranian borders by Arbor Networks last week showed that Web traffic has dropped by 50% while secure shell traffic, video and Bitorrent traffic have all dropped by over 80% because of what appears to be heavy filtering inside Iran.
Renesys' full report is available online.
