Resources for Digital Freedom
Practical tools, safety guidance, and organisations working to protect internet freedom in Iran.
Security Warning: Iranian Government-Linked Applications
Multiple independent security researchers, human rights organisations, and investigative journalists have documented that messaging applications and platforms developed under the jurisdiction of the Islamic Republic of Iran are used as surveillance tools against their own users. These applications lack independent security audits, are required to store data on servers inside Iran accessible to intelligence agencies, and have been directly linked to the identification, arrest, and prosecution of activists, journalists, and ordinary citizens.
Applications of concern include but are not limited to: Rubika, Soroush, Eitaa, Bale, iGap, and BisPhone. These platforms operate under direct or indirect oversight of Iranian state institutions including the IRGC (Islamic Revolutionary Guard Corps) and the Ministry of ICT.
We strongly advise all users inside Iran to avoid these platforms for any sensitive communication. Use internationally audited, end-to-end encrypted alternatives such as Signal or Briar instead. Your safety depends on it.
Understanding the data on this dashboard
What we measure vs. what you experience
This dashboard monitors Iran’s internet at the infrastructure level :: BGP routes, DNS responses, HTTP reachability, OONI anomaly rates.
This is NOT the same as your experience using an app. A service may appear “active” in our data while being effectively unusable.
Why the difference matters
Iran employs multi-layered censorship: IP blocking, DNS poisoning, DPI for protocol detection, SNI filtering, and bandwidth throttling.
A “Low Anomaly” OONI reading for WhatsApp means the TCP handshake succeeds :: it does not mean messaging, calls, or media sharing works.
Circumvention Tools
The most well-known anonymity tool. Use bridges (especially Snowflake or obfs4) to bypass censorship.
A pluggable transport that disguises Tor traffic as WebRTC. Harder for censors to detect.
Digital Safety
Use end-to-end encrypted messaging
Signal provides the strongest E2E encryption. Briar works without internet via Bluetooth/Wi-Fi.
Keep multiple VPN tools ready
During shutdowns, some tools are blocked before others. Have 2-3 options ready.
Understand metadata risks
Even with a VPN, your ISP can see you’re using one. Consider obfuscated protocols.
Avoid domestic messaging apps for sensitive communication
Iranian domestic platforms (Soroush, Eitaa, Bale, Rubika) are subject to government surveillance.
Major Iran Internet Shutdown Timeline
Documented events where Iran significantly disrupted internet access.
Near-total internet blackout for 5+ days during fuel price protests. Estimated 1,500+ killed.
Repeated shutdowns during Woman, Life, Freedom movement. Mobile data cut, platforms blocked.
Persistent blocking of major social platforms. Increased DPI deployment.
Near-total internet shutdown since 28 Feb 2026 following joint US-Israel military strikes. International connectivity dropped to 1–2%. Only whitelisted accounts have global access. General public forced onto National Information Network (SHOMA). The longest recorded shutdown in Iran’s history at 26+ days and counting.
Over 50% of the top 500 websites are filtered. SHOMA aims to further isolate Iran’s internet.
Javid Projects
Tools built specifically for the Iranian digital freedom context. All projects are free and documented in both English and Farsi.
Decentralised people-managed internet for Iran
JavidNet (جاویدنت، "Eternal Network") is a technical proposal for a decentralised, people-managed internet infrastructure designed to maintain connectivity during complete internet shutdowns. When the Iranian government cuts international connectivity, internal networks often remain operational. JavidNet proposes using hidden satellite internet terminals (Starlink or similar) as exit nodes that bridge functioning internal networks to the global internet, bypassing ISP-level controls entirely.
- •Decentralised architecture with no single point of failure، volunteer-operated nodes across the country
- •Snowflake-inspired relay system operating over Iran’s internal network to route traffic to hidden satellite exit nodes
- •Multi-layer security: TLS 1.3 encryption, traffic obfuscation, and anti-fingerprinting measures
- •Realistic capacity estimates: 5 Starlink terminals (~500 Mbps) can serve 2,000–10,000 concurrent text messaging users
- •Designed for accessibility، non-technical users can connect through simple client software
- •Four-phase implementation plan: Foundation (R&D), Infrastructure (deployment), Scaling (expansion), Resilience (hardening)
github.com/Iman/javidnet
Privacy protection suite for Starlink users in Iran
Javid Mask is a comprehensive suite of Ansible-automated privacy protection solutions using Raspberry Pi, designed to protect Starlink users in Iran from identity correlation attacks. When Starlink users visit Iranian websites, they risk exposing their identity through cookies, browser fingerprints, or login sessions combined with their foreign IP address، creating a red flag that authorities can use for identification. Javid Mask prevents this by blocking connections to Iranian domains and IPs at the network level.
- •Three architecture levels: Sifter (DNS-only filtering), Singleton (WiFi AP + Xray proxy), Triangle (WiFi AP + WireGuard VPN with kill switch)
- •Blocks 131,576+ Iranian domains and 763 Iranian IP CIDRs to prevent identity correlation
- •DNS-over-HTTPS encryption via Cloudflared to prevent DNS snooping by ISPs
- •Anti-DPI obfuscation support through Xray (VLESS/VMess/Reality protocols)
- •IPv6 leak prevention and full kill switch functionality in Triangle mode
- •Fully automated deployment via Ansible playbooks on any Debian-based system
github.com/Iman/javid-mask
Hide messages inside images that survive social media compression
Javid Steganography is a Python toolkit for concealing text or images within image files in ways that withstand social media platform processing, including JPEG recompression. Traditional steganography breaks when platforms like WhatsApp, Telegram, or X.com recompress uploaded images. This toolkit implements specialised methods، including block-based luminance encoding with Hamming error correction، that survive recompression at quality levels as low as 70%, enabling covert communication through everyday photo sharing.
- •Three tools: Simple (metadata embedding), Advanced (ROBUST pixel-level encoding), and Image-in-Image (hide entire images inside carrier images)
- •ROBUST method uses 8×8 block luminance encoding with Hamming(7,4) error correction and 3× redundancy، survives JPEG recompression
- •Platform-tested: works on WhatsApp (photo mode), Telegram, X.com, and other platforms that recompress images
- •PBKDF2 key derivation with XOR cipher for payload encryption, CRC32 integrity verification
- •Full UTF-8 support including Persian, Arabic, and other non-Latin scripts، up to 500 characters per image
- •Simple CLI: hide messages with ‘python text-image-advance.py hide "message" password input.jpg output.jpg’
github.com/Iman/javid-steganography
Javid No-Code Uncensored LLMs
Javid No-Code Uncensored LLMsRun uncensored AI models locally، no coding required
A practical guide for running uncensored language models locally without any coding, supporting both English and Farsi. When access to cloud AI services is blocked or surveilled, local models provide unrestricted access to information and assistance. The guide covers deployment across all hardware، from Raspberry Pi and IoT devices to GPU workstations and mobile phones (Android/iOS)، using Ollama for zero-configuration setup.
- •Nano models (sub-2B parameters) optimised for Raspberry Pi and IoT devices with as little as 1GB RAM
- •Qwen3 abliterated models (0.6B–32B) with strong native Farsi language support
- •Gemma 3/3n abliterated variants using Google’s efficient architecture for mobile deployment
- •Specialised uncensored coding models: Qwen3-Coder and Qwen2.5-Coder for developers
- •Reasoning models: DeepSeek-R1 abliterated and QwQ-32B for complex analysis tasks
- •One-command install via Ollama: ‘ollama run huihui_ai/qwen3-abliterated:4b’، no Python, Docker, or GPU drivers needed
github.com/Iman/javid-no-code-uncensored
JavidGorz
جاویدگرزFree anti-censorship client for everyday users in Iran
JavidGorz is a ground-up recreation of the 2013 tool originally written for journalists and activists, released April 2026. It creates a secure connection between your device and the open internet: data is fully protected, routed safely, and delivered without inspection or modification. Your everyday local apps and services continue to work at full speed.
- •Strict no-logs policy: no IP addresses, browsing history, connection times, or any other metadata recorded
- •No accounts, no registration, and no way to link your identity to your usage
- •Zero telemetry, analytics, crash reporting, or hidden network calls, the application does exactly what it says and nothing more
- •Designed for everyday users in Iran, no technical knowledge required
- •Official site: javidgorz.com
- •Telegram: @javidgorz
javidgorz.com
Circumvention Tools & Protocols Reference
Every tool and protocol referenced in our Protocol Guide, with links to official sources. Always download from official repositories only.
V2Ray / Xray
The engine behind VLESS + Reality, VMess, and most modern V2Ray protocols. Supports XTLS-Vision, SplitHTTP, gRPC, WebSocket, and HTTP/2 transports. Reality allows mimicking TLS handshakes to real websites, making traffic indistinguishable from legitimate HTTPS.
github.com/XTLS/Xray-core
The original V2Ray project. Supports VMess and various transports. Xray-core is a more actively maintained fork with additional features like VLESS and Reality.
github.com/v2fly/v2ray-core
Universal proxy platform supporting multiple protocols (VLESS, VMess, Trojan, Shadowsocks, Hysteria, TUIC, WireGuard) in a single binary. Modern alternative to V2Ray-core with cleaner configuration.
github.com/SagerNet/sing-box
Windows GUI client for V2Ray/Xray. Supports VLESS+Reality, VMess, Trojan, Shadowsocks, and more. Includes subscription management and routing rules.
github.com/2dust/v2rayN
Android client for V2Ray/Xray protocols. Supports all major protocols and transports including Reality. Available on GitHub releases (not Google Play).
github.com/2dust/v2rayNG
Cross-platform GUI client (Windows, Linux, Android) based on sing-box. Supports V2Ray, Xray, and sing-box cores with an intuitive interface.
github.com/MatsuriDayo/nekoray
Multi-platform client and server manager supporting VLESS+Reality, VMess, Trojan, Shadowsocks, Hysteria, and more. Includes one-click server setup.
github.com/hiddify/hiddify-app
Server management panel for deploying V2Ray/Xray nodes with multiple users, traffic monitoring, and subscription links.
github.com/Gozargah/Marzban
CDN-Fronted Routes
V2Ray/Xray traffic can be routed through Cloudflare CDN using WebSocket or gRPC transports. Since Iran cannot block all of Cloudflare without breaking major websites, this makes traffic very hard to filter. Requires a free Cloudflare account and a domain.
developers.cloudflare.com/workers/
Cloudflare's free VPN service built on WireGuard. Sometimes works in Iran when direct WireGuard is blocked because traffic goes through Cloudflare's network.
one.one.one.one/
Shadowsocks
Modern Rust implementation of Shadowsocks supporting the 2022 AEAD cipher suite. The 2022 variant is more resistant to detection than older versions. Fast and memory-efficient.
github.com/shadowsocks/shadowsocks-rust
Official Android client for Shadowsocks. Supports plugins for transport obfuscation.
github.com/shadowsocks/shadowsocks-android
A plugin for Shadowsocks that wraps traffic in WebSocket + TLS, making it look like normal HTTPS. Can also be routed through CDNs.
github.com/shadowsocks/v2ray-plugin
A proxy that performs a real TLS handshake with a cover server (e.g., microsoft.com) before tunnelling data. Version 3 is resistant to active probing attacks. Used alongside Shadowsocks.
github.com/ihciah/shadow-tls
QUIC-Based Proxies
High-performance proxy built on QUIC (HTTP/3). Features built-in obfuscation and can achieve very high speeds. Uses UDP, which may be blocked by some Iranian ISPs but works well when available.
github.com/apernet/hysteria
QUIC-based proxy with multiplexing support. Reduces latency by handling multiple streams over a single connection. Similar trade-offs to Hysteria (UDP-dependent).
github.com/EAimTY/tuic
TLS-Mimicking Proxies
Uses Chromium's network stack to make proxy traffic indistinguishable from normal Chrome browser traffic. Extremely hard for DPI to fingerprint because it IS real Chrome network code.
github.com/klzgrad/naiveproxy
Proxy protocol that mimics standard HTTPS (TLS 1.3) traffic. Traffic appears identical to normal web browsing. Requires a valid TLS certificate and a real web server as cover.
github.com/trojan-gfw/trojan
Extended version of Trojan written in Go. Adds WebSocket transport, multiplexing, CDN support, and Shadowsocks AEAD fallback.
github.com/p4gefau1t/trojan-go
Tor Network
The standard way to access the Tor network. Includes Firefox ESR pre-configured for privacy and anonymity. Use bridges to bypass censorship in Iran.
www.torproject.org/download/
Pluggable transport that makes Tor traffic look like random noise. The most widely deployed Tor bridge transport. Bridges using obfs4 are available from bridges.torproject.org.
gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird
Tor pluggable transport using WebRTC. Volunteers run browser-based proxies that relay Tor traffic. Currently heavily blocked in Iran (100% OONI anomaly).
snowflake.torproject.org/
Newer Tor pluggable transport that disguises Tor traffic as regular HTTPS web browsing to a specific website. More resistant to DPI than Snowflake.
gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel
Refraction networking system. Traffic appears to go to an innocent 'phantom' host, but is actually redirected to Tor by cooperating ISPs outside the censoring country.
github.com/refraction-networking/conjure
Tor transport using domain fronting via Microsoft Azure CDN. Very slow but extremely hard to block without blocking all Azure services.
gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek
Tor proxy for Android. Routes all device traffic or specific apps through the Tor network. Supports bridges including obfs4 and Snowflake.
github.com/guardianproject/orbot
VPN Protocols
Modern, fast VPN protocol using the Noise protocol framework. Very efficient but uses UDP, which makes it easy for DPI to identify and block. Best wrapped in a WebSocket tunnel.
www.wireguard.com/
Modified WireGuard with anti-DPI features: junk packet injection, header obfuscation, and handshake masking. Designed specifically for censorship circumvention. Includes cross-platform client.
github.com/amnezia-vpn/amnezia-client
Mature VPN protocol. Easily detected by DPI in its default configuration but can be wrapped in TLS (stunnel) or disguised with Cloak for better evasion.
github.com/OpenVPN/openvpn
Pluggable transport that disguises OpenVPN or Shadowsocks traffic as normal HTTPS browsing. Multiplexes traffic and mimics legitimate TLS sessions.
github.com/cbeuw/Cloak
Tunnels any TCP or UDP traffic through WebSocket + TLS. Commonly used to wrap WireGuard or SSH traffic inside HTTPS to bypass DPI.
github.com/erebe/wstunnel
SSH Tunnelling
The standard SSH implementation. Use 'ssh -D 1080' to create a local SOCKS5 proxy. Use 'ProxyJump' for multi-hop chains through relay servers.
www.openssh.com/
Transparent proxy server that works like a VPN but uses SSH. Routes all traffic through an SSH connection without requiring server-side configuration beyond SSH access.
github.com/sshuttle/sshuttle
Low-Level Tunnels
Tunnels IPv4 traffic through DNS queries. Very slow (typically 100-500 kbps) but works when all other protocols are blocked, as long as DNS queries reach the outside world.
github.com/yarrick/iodine
Alternative DNS tunnelling tool. Creates an encrypted command channel through DNS. Useful for basic communication when other tunnels fail.
github.com/iagox86/dnscat2
Tunnels traffic through ICMP echo (ping) packets. Extremely slow and unreliable but may work when TCP and UDP are both blocked.
github.com/friedrich/hans
Updated version of ptunnel for ICMP tunnelling. Creates a TCP connection through ICMP packets. Same limitations as hans but with authentication support.
github.com/lnslbrty/ptunnel-ng
Anti-DPI Tools
Windows tool that bypasses DPI by fragmenting TCP packets and modifying TLS Client Hello messages. Does not require a VPN or external server، works locally by exploiting DPI implementation flaws.
github.com/ValdikSS/GoodbyeDPI
Linux equivalent of GoodbyeDPI. Manipulates outgoing packets at the OS level to bypass DPI. Supports multiple strategies including TCP segmentation, TLS record fragmentation, and fake packets.
github.com/bol-van/zapret
Cross-platform DPI circumvention tool (Windows, Linux, Android). Similar to GoodbyeDPI but portable and works as a SOCKS proxy.
github.com/hufrea/byedpi
Peer-to-peer censorship circumvention tool. Automatically finds and routes through available proxies. Free tier available.
lantern.io/
Links are to official project pages and repositories. We do not host, distribute, or endorse any specific tool. Verify download integrity via GPG signatures or checksums where available.