VPN scams are being used in Iran as citizens manage internet censorship

Iranians are turning to virtual private networks to bypass widespread internet outages as the government tries to hide its crackdown on mass protests.

According to data from internet monitoring companies Cloudflare and NetBlocks, the outages in Iran’s telecommunication networks first started on September 19 and have continued for the past two and a half weeks.

Internet monitoring groups and digital rights advocates say they are seeing “curfew”-style network violations every day, with access restricted from 4pm local time until midnight.

Tehran has blocked access to WhatsApp and Instagram, two of Iran’s last remaining uncensored social media services. Twitter, FacebookYouTube and several other platforms have been banned for years.

As a result, Iranians have flocked to VPNs, services that encrypt and redirect their traffic to a remote server elsewhere in the world, to hide their online activities. This allowed them to regain access to restricted websites and apps.

On September 22, the day after WhatsApp and Instagram were banned, demand for VPN services increased by 2,164% compared to the previous 28 days, according to figures from VPN reviews and research site Top10VPN.

Top10VPN said that demand spiked 3,082% above average on September 26 and has remained high since then, 1,991% above normal.

“Social media plays an important role in protests around the world,” Simon Migliano, head of research at Top10VPN, told CNBC. “This allows protesters to organize and ensure that authorities cannot control narratives and suppress evidence of human rights abuses.”

“The Iranian authorities’ decision to block access to these platforms during the protests has led to an increase in demand for VPNs,” he added.

The demand is much higher than during the 2019 riots, which were fueled by rising fuel prices and caused an almost complete blackout of the internet for 12 days. At that time, peak demand was about 164% higher than normal, according to Migliano.

After the death of 22-year-old Mahsa Amini on September 16, nationwide protests against Iran’s strict Islamic dress code began. Amini died under suspicious circumstances after being detained by Iran’s so-called “morality police” for wearing her hijab too revealing. Iranian officials have denied any wrongdoing and claimed Amini died of a heart attack.

According to the non-governmental group Iran Human Rights, at least 154 people, including children, were killed in the protests. The government said 41 people had died. Tehran has tried to prevent the sharing of images of its crackdown and to block communication to organize further demonstrations.

Iran’s Foreign Ministry did not immediately respond to CNBC’s request for comment.

VPNs are a common way for people under strict internet control regimes to access blocked services. In China, for example, they are often used as a solution to restrictions on Western platforms that are blocked by Beijing. Google, Facebook and Twitter. Local platforms like Tencent’s WeChat are extremely limited in terms of what users can say.

In March, Russia saw a similar surge in demand for VPNs after Moscow tightened internet restrictions following its aggression in Ukraine.

Swiss startup Proton said daily signups to its VPN service ballooned by up to 5,000% compared to average levels at the peak of the Iranian protests. Proton is best known as the creator of ProtonMail, a popular privacy-focused email service.

“After the assassination of Mahsa Ami, we saw a huge increase in demand for Proton VPN,” Proton CEO and founder Andy Yen told CNBC. “Even before that, VPN usage was high in Iran because of the fear of censorship and surveillance.”

“Historically, we’ve seen internet hacking during unrest in Iran leading to increased VPN usage.”

According to Top10VPN, during the protests in Iran, the most popular VPN services were Lantern, Mullvad and Psiphon, with ExpressVPN also seeing huge increases. Some VPNs are free to use, while others require a monthly subscription.

Using VPNs in heavily restricted countries like Iran has not been without problems.

“It’s pretty easy for regimes to block the IP addresses of VPN servers because they’re easy to find,” said Deryck Mitchelson, chief information security officer for the EMEA region at Check Point Software.

“That’s why you’ll see open VPNs only exist for a short period of time before they’re identified and blocked.”

NetBlocks said in a blog post that periodic internet outages in Iran “continue in the form of a daily curfew”. NetBlocks said the flaw “affects connectivity at the network layer,” meaning it’s not easily resolved by using VPNs.

Mahsa Alimardani, a researcher at the Article 19 free speech campaign, said a contact she contacted in Iran showed that her network could not connect to Google despite installing a VPN.

“This is a new refined deep packet inspection technology that they have developed to make the network extremely insecure,” he said. Such technology allows internet providers and governments to monitor and block data on the network.

Authorities are more aggressive in blocking new VPN connections, he added.

Yen said Proton has “anti-censorship technologies” built into its VPN software to “secure connectivity even under difficult network conditions”.

VPNs aren’t the only method citizens can use to bypass internet censorship. Volunteers set up Snowflake proxy servers, or “proxies,” in their browsers to allow Iranians to access Tor — software that routes traffic through a worldwide “relay” network to obfuscate their activity.

“In addition to VPNs, Iranians are downloading Tor more than ever,” Yen said.

Meanwhile, encrypted messaging app Signal has compiled a guide on how Iranians can use proxies to bypass censorship and access Signal, which was blocked in Iran last year. Proxies serve a similar purpose as Tor, tunneling traffic through a community of computers to provide anonymity to users in countries where online access is restricted.