In an increasingly digital world, our personal data, communications, and even civic participation flow through the internet, making online privacy essential for protecting our identities, freedoms, and safety. When a government imposes an internet shutdown—whether to quell dissent, control information, or respond to emergencies—those safeguards can disappear overnight, leaving citizens cut off from vital news, emergency services, and the ability to connect with loved ones. Understanding how to safeguard your privacy and how to respond when connectivity is deliberately disrupted allows you to maintain access to reliable information, preserve your digital rights, and stay resilient in the face of sudden, state‑driven network outages.
In this guide we aim to provide you with the most up-to-date and reliable services and methods of staying safe online, how to circumvent internet filtering, and what to do if you lose internet connectivity completely.
This guide will be updated regularly. If you have any suggestions, corrections, or anything else that may be of use, please contact us at [email protected].
Filter circumvention
Filter circumvention involves bypassing internet restrictions imposed by governments, organizations, or entities to access blocked content. Tools like VPNs, the Tor network, and proxy servers enable users to circumvent censorship by encrypting traffic, anonymizing identities, or routing requests through alternative IP addresses.
In heavily censored regions like Iran, individuals use these tools to access blocked news, social media, and information. However, governments view circumvention as a threat, often employing countermeasures like blocking access to these tools or penalizing users.
With the 1404 protests, Iran’s regime has implemented the strictest internet restrictions ever seen to control narratives and hide their crimes against humanity. As these restrictions continue with no end in sight, understanding and using circumvention tools is crucial for protecting online privacy and accessing vital information.
VPNs
While a VPN can greatly improve privacy and bypass censorship, it cannot be relied on completely to protect a user’s anonymity. When selecting a VPN, it is recommended that you also do your own research on which is best for you. Things to consider when researching which VPN are:
- Jurisdiction – Choose a provider in a privacy friendly location such as Switzerland, Panama, or Iceland.
- Data logging – Does the provider keep logs and does it comply with requests from governments to access logs? Most VPNs have had some kind of independent verification of no-logs claims.
- Encryption – Does the provider use up to date and modern protocols (e.g. AES-256)?
- Server distribution – The more servers available means servers aren’t overloaded and provide better speeds.
- Remember – Always download VPN apps from trusted sources. The Iranian government is known to try and trick users with fake apps.
If there is a complete internet shutdown (e.g. all external connections are halted) then a VPN is not going to work as there is no network to encrypt or route.
Below are several recommended VPNs to consider, in no particular order:
ProtonVPN is a privacy-focused VPN from the creators of ProtonMail, offering strong encryption and custom “Secure Core” multi-hop routing. The service is based in Switzerland and has undergone independent audits to validate its no-logs policy. ProtonVPN offers a free plan with unlimited bandwidth, as well as a paid plan with access to over 16,000 servers in 127 countries.
Pros: strong encryption, Secure Core servers, and a free version with unlimited bandwidth. Cons: some platforms have limited features, and ProtonVPN may not circumvent strict internet filtering.
PrivadoVPN is a decent free VPN that offers 10GB of high-speed internet per month and unlimited slower data. The service is available on multiple platforms, including Windows, Mac, iOS, Android, and Linux, and provides industry-standard AES-256 encryption and a built-in kill switch. PrivadoVPN supports torrenting and helps users circumvent some levels of internet censorship. A paid-for version is available that offers unlimited usage, ad-blocking and increased access to servers worldwide.
Pros: free version available, easy-to-use interface, and supports torrenting. Cons: 10GB monthly fast data cap, limited server locations, and no third-party audits.
Windscribe is a free VPN that offers strong user privacy and supports streaming, torrenting, and private browsing. The service is available on multiple platforms and provides 14 free servers in 11 locations. Windscribe also offers access to its custom R.O.B.E.R.T. browsing protection service and supports WireGuard and OpenVPN protocols. A paid-for version is available offering, unlimited usage and more features.
Pros: unlimited simultaneous connections, reliably unblocks censored content, and supports P2P and torrenting. Cons: data limits (2GB/15GB), can require email verification, features vary across platforms, and the interface can be cramped.
TunnelBear is a user-friendly VPN based in Canada, available on multiple platforms (Android, Windows, macOS, and iOS devices). It offers a free version with limited data and paid plans with more features.
Pros: easy-to-use interface, strong encryption, and annual published security audits. Cons: limited free data and server locations.
MahsaNG is a free, easy-to-use Android-only VPN designed to bypass internet restrictions in Iran and other countries with censored internet. The service uses VPN configurations from multiple sources but provided from a central server. An alternative version is available called NikaNG which supports more advanced connection options but requires user specified config files.
Pros: free and effective in bypassing censorship, easy-to-use. Cons: limited platform support, performance instability, reported DNS leaks, slower speeds and higher latency.
Psiphon is a free, open-source application that combines VPN, SSH, and proxy technologies to help users bypass censorship and access blocked content. The service is available on multiple platforms, including Android, Windows, and MacOS, and offers a simple, easy-to-use interface. Paid upgrades are available (via “PsiCash”) mainly to remove speed limits or adverts.
Pros: effective in bypassing censorship, no data caps, and easy to set up. Cons: lacks strong privacy protections, slow speed, leaks DNS, logs user metadata, and has missing security features like a kill switch.
OblivionVPN is a free, open-source VPN service that leverages Cloudflare’s Warp technology to provide users with secure and optimized internet access. The service is available on multiple platforms, including Windows, Linux, MacOS, and Android devices, and offers a custom implementation of the WireGuard protocol for “enterprise-level” encryption.
Pros: free, open-source, and customizable, with multiple connection methods and advanced network configuration options. Cons: may not work against advanced censorship, uses Cloudflare Warp which may log connection details, and has reported inconsistencies in performance and frequent outages.
Additionally, a couple of paid-for only options:
ExpressVPN is a reliable VPN that offers consistent performance and strong unblocking capabilities. The service includes all key VPN features, such as a kill switch, split tunnelling, and obfuscation. ExpressVPN is available on multiple platforms and offers three pricing tiers (Basic, Advanced, and Pro) with additional tools like a password manager.
Pros: top-tier privacy and transparency, RAM-only servers, fast speeds, and easy-to-use interfaces. Cons: no free version, fastest speeds only available on Windows, and some features are platform-dependent. The company has links to Israel.
NordVPN is a popular VPN known for its strong security features, high speeds, and reliable streaming capabilities. The service has undergone multiple independent audits to validate its no-logs policy and has a large global server network. NordVPN offers four subscription tiers (Basic, Plus, Complete, Prime) with advanced features like Double VPN and Onion over VPN.
Pros: strong encryption, RAM-only servers, high speeds, advanced features, and a large server network. Cons: no free version, can be expensive, and features are not consistent across platforms.
Additional tools
There are a variety of other useful tools related to anonymity and censorship circumvention:
Tor is a well-known anonymity tool that allows users to browse the web anonymously and access .onion sites/hidden services. The service hides a user’s real IP address and other system information from visited websites and services.
Pros: strong anonymity, and access to .onion sites. Cons: can be slow, and incorrect use can lead to deanonymization. Some websites also block connections from Tor browsers.
Orbot is a free proxy app that provides anonymity on the internet for Android and iOS users by routing traffic through the Tor network. The service offers multiple modes, including VPN Mode, Proxy Mode, and Kindness Mode, which allows users to help others bypass censorship. Proxy mode supports SOCKS5 or HTTP proxies.
Pros: strong anonymity, free, customisable, and multiple modes. Cons: may be slow due to the Tor network, and Kindness Mode should not be enabled by users in Iran.
Lantern is a free and open-source censorship circumvention tool available on multiple platforms. The service uses various protocols and techniques to obfuscate network traffic and claims not to log user activity or connection metadata.
Pros: effective in bypassing censorship, free, and open-source. Cons: not an anonymity tool like Tor, and may not be suitable for users seeking strong anonymity.
Ceno is a free mobile browser that enables users to access and share web content even when their internet access is restricted. The service uses a peer-to-peer (P2P) network based on BitTorrent to share and access web content. The browser operates in two modes: Public and Personal.
Pros: enables access to content in censored or restricted networks, and open-source infrastructure. Cons: using public mode can create a record of user activity, and the Ceno Injectors can see request details.
Warning – In a complete internet blackout Ceno cannot restore live access to website or fresh content but it might be able to retrieve cached content from local networks.
Protecting your data
Beyond circumventing any filters, it is important to keep your data and communications safe and secure. This can be done by using encrypted messaging and email apps or by directly encrypting the data yourself.
Messaging and Email Apps
Signal is a secure messaging app that allows users to send encrypted texts, images, and make voice or video calls, similar to apps like WhatsApp or iMessage. It is available for Android and iOS devices and also has a desktop version for Windows and Linux. It uses end-to-end encryption, ensuring only the sender and recipient can read messages. Signal requires users to create an account with their telephone number.
Signal doesn’t log user activity or metadata, ensuring minimal data collection.
Session App is an open-source, privacy-focused messaging platform designed to prioritize user anonymity and secure communication. Session operates on a decentralized network of servers, eliminating the need for personal information such as a phone number or an email address during account creation and instead uses a Session ID.
Session does not collect or store metadata such as geolocation, network information, or device data. It utilizes Message-Time-to-Live so messages can be set to expire after anything from seconds to a week.
Session supports the sending of encrypted messages, audios, gifs, files, and photos.
Proton Mail is a Swiss end-to-end encrypted email service launched in 2014. Proton Mail uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com.
Although the source code for the back end of Proton Mail remains closed-source, Proton Mail has released the source code for the web interface, iOS and Android apps, and the Proton Mail Bridge app under an open-source licence.
Tuta (previously Tutanota) is a dedicated email service set up in 2011 by Tutao GmbH. It is similar to traditional email provides such as Gmail and Yahoo etc. however, it is focussed on security. Since its launch, it has established itself as a trusted app available as open-source with the source code being available for review on GitHub.
The service provides end-to-end encryption as default and like a VPN encrypts all your network data, it encrypts all your emails. This protects a user’s emails from man-in-the-middle, spying, phishing, other cyberattacks, and surveillance by governments or ISPs (which could be passing your data onto government or law enforcement agencies).
Encryption Apps
Nahoft is an encryption app made for Android and iOS mobile phones and is not a messaging app, therefore it is fully offline. Nahoft allows users to encrypt private message into a string of Persian words or hide encrypted messages in a photo before sending it via any messaging app. Nahoft has a ‘Destruction code’ feature which purges all data in the app if a user logs in with the code. It can be downloaded from the relevant market place or directly from the Nahoft website.
Pretty Good Privacy (PGP)
PGP is an encryption software suite developed in 1991 that provides cryptographic privacy and authentication for data communication which is popular with privacy-conscious individuals, activists and journalists. PGP is primarily used for securing email, file encryption, and digital signatures.
PGP’s protects sensitive information from interception or tampering, making it a powerful tool against surveillance and unauthorized access. It works by generating a pair of public and private keys: the public key can be shared openly, while the private key remains secret and is used to decrypt messages ensuring that even if intercepted, this data remains unreadable without the corresponding private key.
The use of PGP can be quite complex and as such this may be a barrier for casual, non-technical users.
Recommended PGP software:
What to do in a complete outage
The following apps and tools have been designed to support users in complete internet outages.
DW Access is an app, made in conjunction with Paskoocheh, that lets people read DW news even when their government blocks the internet or censors information. It is currently only available on Android phones.
The app is not available through app stores which can be blocked. Instead, it can be downloaded from the website above or received through messaging apps, Bluetooth, or the Paskoocheh platform.
Key features of DW Access are listed below:
- Built in VPN (Outline): connects you securely and hides your traffic.
- No personal data sent: the app uses a random “hash ID,” not your phone’s real ID, and never shares your IP address.
- Works offline: some articles are stored on the device and can be shared via Bluetooth.
- Data saving mode: uses less data for slow or limited connections.
- Stealth mode: A future feature which will make the app look like something else to avoid detection.
Decentralized messaging apps
A decentralized messaging app is a communication tool that routes messages directly between users’ devices instead of through a single, centrally‑controlled server and often utilize end-to-end encryption (E2EE).
Each participant’s client stores and forwards data, often using peer‑to‑peer networks or distributed hash tables. Advantages include greater privacy, as there is no central entity who can log or hand over your chats, help circumvent censorship, and allow communications to continue in case of single‑point‑of‑failure outages. The disadvantages to decentralized messaging app are they can be slower or less reliable delivery when peers are offline, difficult to setup or troubleshoot, and the need for users to securely back up their own cryptographic keys or risk losing access to their accounts.
In this next section we look at a few of the decentralized messaging apps currently available.
Briar is a messaging platform aimed at activists, journalists and those needing censorship‑resistant communication. It avoids central servers, and synchronises messages directly between devices. When the Internet is unavailable it can route traffic via Bluetooth, Wi‑Fi or memory cards, and when online it uses the Tor network to hide metadata and protect relationships from surveillance. Features include end‑to‑end‑encrypted private chats, public forums and blogs. If users are online at different times it uses “Briar Mailbox” to store messages for offline delivery. Its design prevents metadata collection, content eavesdropping, keyword filtering, takedown orders, and denial‑of‑service attacks, because every user holds an encrypted copy of the data and there is no single server to target.
Briar is distributed via F‑Droid, Google Play or direct download from its website.
Jami is available on Linux, Windows, macOS, Android and iOS and supports audio and video calls, text messaging, and secure file sharing. Jami can enable communication during a complete internet outage if users are connected to the same local network (LAN).
Every user runs a node that talks directly to peers, so there is no central authority that can store, censor, or seize your data. All communications are protected by end‑to‑end encryption (E2EE) and the app’s identifier is a cryptographic key pair generated on first launch which eliminates the need for usernames and passwords.
Jami’s code is openly available, anyone can audit it, report bugs, or contribute improvements, giving the platform a high degree of transparency and community‑driven evolution.
A warning – As the only “account” you have is your private key; lose that key and you lose access, so backing it up is essential.
Bitchat Mesh is a Bluetooth-based short-range messaging app that works without internet that was created by Twitter founder Jack Dorsey. Bitchat currently has two chat options: a public channel which is open to all users within range or send private messages to a single device at a time.
There is no need to log in or create an account. Users set their own display names, which can be changed at any time. This means you need to know the current display name of the person you’re trying to reach in advance.
Bitchat currently only supports text-based messages but does have E2EE.
Bitchat has a ‘panic mode’ which immediately deletes all messages in a private chat and is activated by pressing the app logo three times.
It is available for Android and iOS and can be downloaded from the relevant app stores or direct from its website above.
Delta Chat is a free, open source, decentralized instant messaging app for mobile and desktop that uses secure chatmail relays to deliver encrypted messages instantly via push notifications on iOS and Android. Contacts are added privately by scanning QR codes or sharing invite links, and all chats are end to end encrypted by default.
Satellite Communications
It may be possible to make use of satellite methods to maintain communications when there is no internet or phone signal.
Starlink Internet is a satellite-based broadband service provided by SpaceX, designed to deliver high-speed internet to remote and underserved areas worldwide. It uses a network of low Earth orbit (LEO) satellites, positioned about 335 miles above the Earth, to provide fast and reliable internet access. Users connect via a small satellite dish that communicates with the satellites, offering speeds comparable to cable or fiber internet, with low latency and no data caps. Starlink is particularly useful for rural areas, internet outages, emergency relief, and portable connectivity, although it can be expensive and be affected in poor weather conditions.
Iranians looking to buy Starlink terminals need to be careful as it has been reported there are a number of fake Starlink vendors taking advantage of the situation in the country.
Satphones
Satellite phones, or satphones, use satellites orbiting the Earth to transmit voice, data, and messages, bypassing traditional cellular networks. They are particularly useful in remote areas where cellular coverage is unavailable or unreliable or when a government has restricted access to the communications network. Advantages of satphones include global coverage, no dependence on ground infrastructure such as phone masts, durability – made for rugged terrain, long battery life compared to smartphones, however, they are expensive to run and there can be a delay in communication due to the distance between the phone and satellite.
Well-known satphone providers include:
Toosheh is a satellite‑based file‑casting system launched in 2015 to circumvent Internet censorship in Iran and the wider Middle East which works with ordinary home satellite TV receivers.
Digital content such as text, audio, video is packaged as .ts video files and embedded in a regular satellite TV broadcast. Users record the broadcast onto a USB stick, transfer the file to a computer or smartphone, and run the free Toosheh software to decode the stream and retrieve the original files.
The technology is deliberately offline: it does not depend on any Internet infrastructure for either transmission or reception. With a minimum data‑transfer rate of about 1 Mbit/s, Toosheh can transfer tens of gigabytes of data per day. Because the data is hidden inside a normal TV signal, it is resilient to interruptions such as weather or signal‑jamming, and the satellite link is essentially untraceable, protecting users from regime surveillance.
The service is broadcast via the Yahsat Y1B satellite, which provides coverage over most of the Middle East; its geostationary position makes it difficult for the Iranian government to block the signal.
Toosheh’s software suite includes a decoder and an optional viewer‑library application that lets users archive and organize the content they receive.
Although the Toosheh website is blocked in Iran, using a VPN or other circumvention tool can be used to download the software; thereafter the software functions completely offline.
Hardware Communications
Finally, consider communication and file sharing methods focused on hardware such as USBs.
USB dead drops
A USB dead drop is a USB mass storage device installed in a public space. For example, a USB flash drive might be mounted in an outdoor brick wall and fixed in place with concrete. They can be used an anonymous, offline, peer-to-peer file sharing network.
Although USB dead drops can be used to share files anonymously in times of internet outages or just to avoid tracking by authorities, they are open to misuse and can be intentionally or unintentionally infected with malware such as a trojan horse or keylogger. This risk can be mitigated by using antivirus software, or by using a throwaway device. A fake dead drop or USB killer might be set to electrically damage any equipment connected to it and therefore cut communications with others. This risk can be mitigated by using a USB galvanic isolation adapter, which allows data exchange while physically decoupling the two circuits
Be aware that security officials could physically monitor the site to see who is using it.
Encrypted USB drives
Encrypted USB flash drives are portable storage devices with security features such as encryption to protect sensitive data and ensure only authorised users can access the information stored on them through password authentication.
In general, there are two main types of encryptions used in USB drives, hardware and software encryption.
Hardware-encrypted USB drives
These USB drives have a special security chip inside that protects your files automatically. When data is saved on the drive, it is automatically encrypted and can only be unlocked with a password, PIN, or secret code. They generally protect against malware by only running trusted software and some can even trigger a complete data wipe (known as a crypto-erase) if a brute force attack is detected.
Software-encrypted USB flash drives
Software-encrypted USB drives rely on a computer program to lock and unlock your files, making them cheaper but less secure. They’re less flexible because you can only access your data on computers with the right software, and they’re vulnerable to malware or password theft. The encryption can also be turned off by reformatting the drive, and they’re slower since they use the computer’s processing power.
Users should also consider the cross-platform compatibility of software-encrypted flash drives as they may require special software to run. For most users, hardware-encrypted USBs are the safer and more reliable choice.
Thank you for reading our guide, we hope you found this information helpful. Once again, if you have any suggestions, corrections, or anything else that may be of use to help improve this guide, please contact us at [email protected].