On average, around 250,000 computers worldwide are connected to the Tor network at any time, making it the leading anti-surveillance technology online.
But in mid-January, as revolutionary fervour swept the Middle East, the number of computers connected to the Tor network via one major Iranian broadband provider collapsed almost overnight from more than 11,000 to zero.
Investigations by the Tor Project, the not-for-profit company that runs the system, have since revealed that, crucially, other encrypted traffic such as internet banking was still flowing.
It meant Iranian authorities had for the first time found a way to identify and block only Tor connections, and therefore a way to potentially identify dissidents.
The technology responsible for the new threat was Deep Packet Inspection (DPI), a type of high-end network equipment that uses ultra-fast microchips to read and classify internet traffic in transit. The Iranian authorities used DPI to detect the highly specific parameters Tor uses to establish an encrypted connection.
“
From an engineering perspective this is fantastic,” said Mr Lewman of his adversaries' efforts. (...)
In the last few weeks developers have redesigned the software so that its traffic looks just like any other when it sets up an encrypted connection, and Iranian user numbers are now back to normal. (...)
It is unknown who supplied Iran with the DPI technology, but few technology manufacturers build equipment capable of reading and classifying internet traffic at the necessary scale and speed. Last year, Nokia-Siemens faced a European Parliament hearing after it admitted selling a mass communications “monitoring centre” to an Iranian mobile network.
Whoever the supplier,
the temporary block on Tor does show that Iran is now more advanced than even China and its Great Firewall in terms of the technology it uses to suppress dissent online, said Mr Lewman.
Bookmarks