During the month of August, the Filterwatch team learned of a sharp drop in Instagram traffic coming from Iran. This comes at a time when Iranian authorities are rolling out a host of new information control policies and are interfering with internationally-based applications. The Filterwatch team investigated this issue to better understand the technical causes and policy rationale behind the reduced traffic.

Based on our initial analysis and data obtained from OONI test results, we believe that  Instagram has become a main target of Iran’s censorship regime. This comes as no surprise given Instagram’s soaring popularity among Iranians and, until recently, it was one of the only uncensored foreign social media platforms in Iran. Rather than outright blocking the platform, authorities have blamed technical issues in the Telecommunication Infrastructure Company (TIC)’s LCT (Large Capacity Tandem) building for the heavy disruptions, which have made Instagram virtually inaccessible at times. TIC is effectively a subsidiary of the government and the LCT building has been responsible in the past for disrupting the internet among Iran’s internet providers and other companies. Earlier this year in March, electric issues led to a fire in the very same building.

From a policy perspective, Instagram’s disruption resembles what happened to WhatsApp, Psiphon, Google Outline, and others. In June Iranian authorities appeared to attack the encryption protocols of popular international circumvention tools, including Psiphon and Google Outline making it difficult for Iranian end users to access the internet using these methods. At the same time, authorities appear to be hijacking the DNS of the Google Search engine to set Google Safe Search as a default feature for all users. WhatsApp experienced disruptions during this same period making voice calls impossible. Eventually the disruption stopped in late July for reasons Miaan cannot confirm. Miaan believes that authorities have taken these actions to set the stage for two emerging information control policies: “legal VPNs” and an internet “appropriate” for children. The Children’s Internet, as it has been dubbed, was initiated by a resolution of the Supreme Council of Cyberspace (SCC) and aims to create SIM cards that provide curated access to content based on age and gender.

Currently, TIC is targeting only some Instagram addresses and SSL/TLS connections.

They also dropped Instagram packets at the TIC level.

TIC is targeting these addresses but not all at the same time, likely because authorities want to majorly disrupt Instagram without fully blocking it. Based on our observations, we believe that authorities aim to frustrate users into eventually abandoning the platform rather than outright banning it. Previous instances of heavy instagram disruptions resulted in public outcry and this will likely happen again. Given Instagram’s popularity in Iran, a ban could be politically costly.

Furthermore, these ongoing disruptions closely mirror disruptions that Viber experienced a few years ago. It was a very popular messaging app among Iranians but authorities essentially made it unusable without fully blocking it. As a result, Iranians were eventually discouraged from using it and Viber grew obsolete at essentially no political cost.

The targeted Instagram addresses include:

1. instagram.com
2. i.instagram.com
3. static.cdninstagram.com
4. scontent-ams4-1.cdninstagram.com
5. static.xx.fbcdn.net
6. edge-chat.instagram.com
7. scontent-vie1-1.cdninstagram.com
8. scontent.cdninstagram.com
9. graph.instagram.com
10. instagram.fpnq1-1.fna.fbcdn.net
11. instagram.fsvg2-1.fna.fbcdn.net
12. connect.facebook.net
13. scontent-cdg2-1.cdninstagram.com
14. instagram.fdtm1-1.fna.fbcdn.net

Finally, authorities are also blocking text messages from Instagram and WhatsApp (as well as Twitter and Telegram) that send codes for the purposes of verifying a phone number during application installation and setup. Any text message that contains “code” or “xxxxx is your Instagram code. Don’t share it.” won’t deliver. As you can see in the following screenshot, even when the user sends this kind of text to themself, they don’t receive the text message.

All these issues create challenges in terms of both access and security as they prevent the safe setup of relatively secure, international messaging platforms. It is possible that two factor authentication codes are facing the same issues.

Local digital rights activists put together an effective campaign criticizing the interference with Instagram and the multi-platform blocking of text messaging. Iranian officials and telecommunication companies responded by denying that they blocked text messages or disrupted Instagram traffic. They are blaming Meta and other international tech firms for this  issue.

Timeline of Regional Disruptions

NOTE:  In some cases the available data allows Filterwatch to determine if the disruption is a type of shutdown of access or throttling (i.e., a dramatic slowing of connection speeds). In other cases we can just observe a disruption or outage of some kind without more specificity. Overall, our existing tools are not always able to accurately identify and fully examine the nature and scale of disruptions to Iran’s domestic internet connections. 

Timeline of internet outages based on regions and cities:

• August 1: Two brief outages occurred in Mazandaran, Tehran. A brief outage occurred in the province Semnan, Bushehr, Kerman, Hormozgan.

• August 1-3: Qazvin province experienced a prolonged outage.

• August 1-11: Illam and Fars provinces faced prolonged outages.
• August 2: A brief outage occurred in West Azerbaijan, and Sistan & Baluchestan provinces. Two brief outages in East Azerbaijan, Ardebil, Markazi, and Kerman. Three brief outages occurred in Tehran.
• August 2-14: Users in Mazandaran province experienced a prolonged outage.
• August 2-22: A prolonged outage occurred in Hamadan province.

• August 3: Sistan & Baluchestan experienced two outages.
• August 6: A prolonged outage in East Azerbaijan.

• August 9: The province of Sistan & Baluchestan experienced an outage.

• August 9-10: Two outages occured in Zanjan.

• August 10: Brief internet outage in the province of East Azerbaijan.
• August 10-31: Brief outages occured daily in Ardabil. These outages took place at about the same time each day: from roughly midnight to 4 am. A prolonged outage occurred in Kerman Province.
• August 11-21: A prolonged outage in East Azerbaijan.
• August 11: A brief outage occurred in Alborz, Yazd.

• August 11-13: Tehran experienced a prolonged outage.
• August 11-21: A prolonged outage in East Azerbaijan, Qom.

• August 11-22: A prolonged outage occurred in Gilan province. A brief, second outage occurred on the 22nd before reliable services resumed.

• August 11-31: A prolonged outage lasting from August 11 to the end of August occurred in Semnan.
• August 12: A brief outage occurred in Zanjan.
• August 13: A brief outage occurred in Zanjan, Khuzestan, Golestan, South Khorasan.

• August 15: A brief outage occurred in Qazvin, and South Khorasan.
• August 15-31: Lorestan experienced an outage lasting from August 15 through the end of the month.

• August 16-18: Fars, Kohgiluyeh & Buyer Ahmad provinces experienced prolonged outages.
• August 16-31: An ongoing outage in Zanjan lasting through the end of August.
• August 17: A brief outage occurred in Hormozgan, and Sistan & Baluchestan.
• August 18: A brief outage in Tehran, Ilam, Bushehr, and Hormozgan. Two brief outages occurred in the province of Alborz.
• August 19: A brief outage occurred in South Khorasan. Two brief outages occurred in Alborz provinces.
• August 19-22: A prolonged outage occurred in Hormozgan. The province experienced a second, brief outage before reliable service returned.

• August 20: An outage occurred in Fars, and Kohgiluyeh & Buyer Ahmad provinces.

• August 21: Brief internet outages in the provinces of Mazandaran, Buyer Ahmad and Fars.
• August 21-22: An outage occurred in Qazvin.

• August 22: A brief outage in Ilam.

• August 22-31: An outage occurred in Fars, and Buyer Ahmad provinces lasting the remainder of August.

• August 23: A brief outage occurred in Kordestan, Kermanshah, Alborz, and Ilam provinces.

• August 23-31: A prolonged outage occurred in Hamadan lasting through the end of August.
• August 24: A brief outage occurred in Kordestan, and Qom.
• August 30: Alborz experienced a brief outage.
• August 30-31: An ongoing outage lasting through the end of August occured in East Azerbaijan.

Provider Outages

Provider outages are aggregated at the month-level.

• AS56402 of Dadeh Gostar Asr Novin P.J.S. Co.. This outage affected users in the province of Tehran.

• AS47262 of Hamara System Tabriz Engineering Company This outage affected users in East Azerbaijan.

• AS39308 of ANDISHE SABZ KHAZAR CO. P.J.S.. This outage affected users in the provinces of East Azerbaijan.
• AS44285 of Sefroyek Pardaz Engineering Co. LTD. This outage affected users in East Azerbaijan, and Tehran provinces.
• AS44400 of Ertebatat Sabet Parsian Co. PJS. This outage affected users in Tehran, Esfahan, Fars, Khuzestan, and Ilam provinces.

• AS25184 of Afranet. This outage affected users in Hamadan, and Tehran provinces.
• AS43395 of Pooya Parto Qeshm Cooperative Company. This outage affected users in Tehran, Esfahan, and Hormozgan provinces.
• AS56466 of Pars Fonoun Ofogh Information Technology and Communications Company LTD. This outage affected users in Tehran, and Hamadan provinces.
• AS50591 of Dadeh Gostar Asr Novin P.J.S. Co.. This outage affected users in Fars, and Hormozgan provinces.

• AS50558 of Rayaneh Pardazan Baran Co. Ltd.. This outage affected users in the province of Tehran.

• AS50530 of Laser Company LTD.. This outage affected users in Tehran province.
• AS202391 of Cooperative Afra ertebatat-e-sabet-e Rasa Co. This outage affected users in Tehran, Golestan and Fars provinces.
• AS200645 of Gilass Rayaneh Sirjan Co (PJS). This outage affected users in Kerman, and Tehran provinces.
• AS48309 of Ariana Gostar Spadana (PJSC). This outage affected users in Esfahan, Bushehr, and Tehran provinces.
• AS9147 of Homaye Jahan Nama Co. (PJS). This outage affected users in Qom province.
• AS34636 of Laser Company Ltd. This outage affected users in East Azerbaijan, and Tehran provinces.
• AS51074 of GOSTARESH-E-ERTEBATAT-E MABNA COMPANY (Private Joint Stock). This outage affected users in Tehran province.
• AS43395 of Farahoosh Dena PLC. This outage affected users in Tehran, Fars, Bushehr, and Kohgiluyeh & Buyer Ahmad provinces.
• AS204650 of Toloe Rayaneh Loghman Educational and Cultural Co.. This outage affected users in Tehran, Semnan, and Khuzestan provinces.
• AS202468 of Noyan Abr Arvan Co. (PJS). This outage affected users in Tehran province.
• AS60976 of Pars Online PJS. This outage affected users in Tehran province.
• AS34078 of TOSE’EH ERTEBATAT NOVIN ARIA CO PJS. This outage affected users in Tehran, Gilan, and Khuzestan provinces.
• AS29068 of University of Tehran Informatics Center. This outage affected users in Tehran province.
• AS6736 of Institute for Research in Fundamental Sciences. This outage affected users in Tehran province
• AS58256 of Rayaneh Gostar Farzanegan Ahwaz Company LTD. This outage affected users in Tehran, Khuzestan provinces.

• AS39074 of Sepanta Communication Development Co. Ltd.. This outage affected users in Tehran province.