Home News Newsletter archive Shutdown in Iran: Nine Days of Controlled Isolation
Newsletter archive

Shutdown in Iran: Nine Days of Controlled Isolation

Dear friends, 

The eyes of technologists and the Internet Freedom community are once again on Iran, where a series of near-total internet shutdowns has unfolded over the past nine days. The severity of the disruptions is comparable to the 2019 blackout, when the Iranian state cut off almost all external internet service for six days during nationwide protests. In 2022, we saw a more calculated approach with an “internet curfew” — disabling mobile data at night while preserving daytime service. But the June 2025 shutdown is different.

This time, the technical precision of the disconnection stands out. Rather than a blunt-force blackout, Iran’s shutdown now reflects a mature infrastructure capable of maintaining domestic functionality while severing all international links. As Director of Project Ainita notes:

“We had full shutdowns four times since 2009. Each one was different as the regime learned. The first time they tried in 2009 it was a disaster — everything broke. Now, after 16 years of trial and error, they can manage it rather successfully.”

The Iranian government has strengthened its National Information Network (NIN) to preserve access to domestic services and strategic platforms, even under full external isolation. State-backed platforms, mobile banking, internal messaging services, and government infrastructure remain reachable for users inside Iran — while access to the global internet is cut off. From abroad, relatives and friends are unable to reach their loved ones. Incoming international traffic barely reaches Iranian servers, DNS resolution outside the NIN fails, and basic messaging platforms like WhatsApp and Signal are largely inaccessible.

As Doug Madory, Director of Internet Analysis at Kentic explains:

“The NIN was designed to let the country continue functioning during a national shutdown. But while it supports continuity inside Iran, it doesn’t shield the economy or the population from the severe consequences of cutting off global communication.”

===============================================

WHAT WE KNOW SO FAR 

Researchers at eQualitie — working with our Advisory Council and external experts in network measurement — are closely tracking the situation. Here’s what’s been observed so far:

  • June 17: A partial shutdown affected several major mobile networks, including MCI, Irancell, and Rightel. Connectivity dropped for a few hours.
  • June 18–20: The outage intensified into a near-total disruption of external traffic. Most ASNs inside Iran failed to reach international destinations.
  • June 20: Reports confirm no international traffic in or out of the country for the majority of the day.
  • June 21: Signs of partial (but unstable) return of connectivity, possibly due to policy propagation delays.
  • June 22–23: Some smaller ASNs briefly allowed outbound traffic, suggesting a whitelist model is now in place. 
  • June 24-25: Connectivity slowly being restored, with a return to pre-shutdown levels around 5:00 UTC on June 25th. However, novel filtering patterns are still ongoing and are under scrutiny of the network measurements community.

The outage appears to follow a wave-like pattern, with inconsistent filtering across different providers and autonomous systems (ASNs). This aligns with anecdotal reports from users in Iran who have experienced on-off access even within the same day.

===============================================

FILTERING ARCHITECTURE

To understand the fluctuating effects, we need to look at the infrastructure of filtering. Experts from Project Ainita describe the Iranian censorship system as decentralized, operating across multiple enforcement layers: “In the early days, everything was routed through the International Gateway. Now, filtering happens in layers.”

  • First Layer: ISP-level filtering. These are “black boxes” embedded in large ISPs like MCI, Irancell, and Shatel. The devices are remotely managed — the ISPs have no control over them. Policy updates are pushed from a centralized system operated by the Communications Regulatory Authority (CRA).
  • Second Layer: Domestic Internet Exchange (Tehran IX). These filters are designed to control domestic traffic between Iranian ASNs, allowing for internal censorship, throttling, or segmentation within the NIN.
  • Third Layer: TIC gateway filters. Located at the Telecommunication Infrastructure Company (TIC), this layer targets smaller ISPs who lack the equipment for in-house censorship. It provides national-level enforcement fallback.

Due to the multi-tiered and partly manual nature of this system, policies don’t propagate instantly. Some ASNs “leak” traffic during the update window. CRA receives direct complaints and service issues during outages and is reportedly toggling filters and adjusting routes live, based on feedback.

“It’s not a smooth system,” one engineer explains. “They get flooded with phone calls about things breaking. So they patch it in real time — turn off something here, tweak something there. That’s why you see inconsistencies.”

An important technical shift in the current shutdown is the use of whitelists. Instead of selectively blocking services or ports, authorities appear to have blocked all outbound traffic by default and selectively enabled connectivity for specific routes or services.

This is reflected in limited observations of international traffic passing through:

ASN 43754 – Asiatech

ASN 57218 – Rightel

ASN 50810 – Mobinnet

These networks likely have localized exceptions in place — either due to technical delay, special-purpose permissions, or gaps in enforcement.

In parallel, Tasnim News, affiliated with the IRGC, reported that the Tehran Internet Exchange Point (IXP) would remain closed until the end of the week — suggesting sustained limitations at the domestic peering level.

===============================================

TOOLS THAT WORK

Iranians deploy creative ways to stay connected using domestic platforms. We deliberately do not disclose the precise tactics used for circumvention since this may help censors to improve their technologies.

Starlink – turns out to be the most reliable tool to get external traffic, however it has become extremely expensive (up to $4000 for a terminal). Mark Pashmfouroush, network engineer and expert at Isovalent, precises: 

“Most recent reports on usage of Starlink in Iran speak about over 30k active dishes. The risks for users are mainly physical discovery because neighbours may be regime loyalists, as well as visiting domestic websites over starlink, which would leak the fact that you are connecting over starlink as well as being logged in to a site which is tied to your identity”. While the geopolitical tension between US and Iran could become a reason to avoid using Starlinks, Mark considers that “nobody is afraid of Elon Musk or surveillance from outside Iran”.

Toosheh – https://www.toosheh.org/ – satellite-based file casting project Toosheh uses Yah-sat satellite to deliver digital content (mostly news media) saw a user surge during the week of shutdowns. As Toosheh representative explained to us, “there was a shift on the kinds of content that are being sent and the frequency. Before the war, we would send one 5GB bundle per day, now we are sending two 2GB bundles a day. Previously the content was more diverse, now it is mostly about the war”. 

Ceno Browser – https://censorship.no/en/index.html – BitTorrent and Ouinet content delivery system Ceno enables distribution of cached content across peers. It has an active Iranian user base, and we’ve seen increased use across several provinces. As of June 18, Ceno peers have been observed in: Alborz, Esfahan, Fars, Hamadan, Khuzestan, Kordestan, Mazandaran, Qazvin, Qom, Tehran, Zanjan. Ceno usage has shown steady growth during the outage, indicating that peer-to-peer solutions with preloaded caches may remain usable even under strict filtering, particularly for static content and shared guides.

Recent peer counts by ASN:

ASN: 197207 (MCCI) – 18 peers

ASN: 58224 (TCI) – 17

ASN: 44244 (Irancell) – 16

ASN: 43754 (Asiatech) – 5

ASN: 50810 (Mobinnet) – 4

ASN: 57218 (Rightel) – 4

Matrix Servers on Domestic Infrastructure – eQualitie and partners have deployed Matrix home-servers within Iran’s internal infrastructure. These allow secure communication inside the NIN, without requiring external routing.

Delta Chat (with domestic SMTP) – https://delta.chat – reports from local users confirm that Delta Chat continues to function using local mail servers, though SMTP filtering appears to be increasing.

=============================================== 

KEY TAKEAWAYS

Tools like Ceno, Matrix, and Delta Chat only work because they were already in use before the crisis began. The current shutdown is a stark reminder that resilience must be built in peacetime — not improvised under pressure.

“We can’t really break isolation for everybody,” says an engineer from Project Ainita, “but we should be working now to spread decentralized tools, invest in readiness, and coordinate as a community. That’s the only way we stay connected — even when everything else goes dark.”

===============================================

THANK YOU

SplinterCon is a platform and event series addressing internet fragmentation. We convene technologists, researchers, and advocates working to build and sustain an open, resilient internet. This newsletter was compiled by the SplinterCon team, with contributions from members of our community — to whom we’re deeply grateful. 

Contribute to newsletter, submit a talk or publication: cfp@splintercon.net 

More texts and materials: splintercon.net

General inquiries: info@splintercon.net