Yaftar Company is one of the contractors implementing internet filtering in Iran. One of the methods this company is pursuing, revealed in hacked documents from the Attorney General’s office, involves filtering through simulated shells. If implemented, this method would allow the government not only to control and restrict access to social media content but also to access user information.
In this article, we examine the Iranian government’s efforts to monitor internet users through shell creation—a strategy employed in various ways to limit and control users’ access to the free flow of information according to its policies. These actions, in a broader context, aim to capture citizens’ information and data to oversee all aspects of their lives.
In the latest episode of the “Seventh Layer” podcast, we delve deeply into this topic, specifically analyzing the features of the “Next-Generation Proxy” proposed by Yaftar Company to the Tehran Prosecutor’s Office.
A Persistent Focus on Surveillance
Since public access to the internet began, the Islamic Republic has consistently emphasized one aspect in its policies, which continues to manifest in different forms and methods: surveillance. This includes monitoring data, controlling access, and overseeing user activities across all areas of the internet.
Pursuing this approach led the Iranian government, much like China and Russia, to strive for the so-called “National Information Network” or national Internet. According to the document outlining the requirements of this network, it should meet all user needs domestically while granting the government authority to access user information and censor content accessible to users.
The approval of the resolution titled “Examining Strategies to Increase the Share of Domestic Traffic and Combat Filter-Breakers,” concerning the prohibition of VPNs and providing services of filtered platforms through native shells in the final days of February 2024, became a controversial topic in government surveillance over cyberspace.
Implementing “Governable Platforms”
Article 4 of this resolution emphasizes that services of widely used foreign platforms must be offered to Iranian users through “governable platforms.” Providing services via “governable” formats is not a new phenomenon; we’ve previously seen examples like “Golden Telegram” and “Hotgram.”
After the government’s extensive efforts to filter Telegram in 2018, users attempting to join Golden Telegram instead of the main Telegram app were prompted to enter a code sent to their Telegram channel after submitting their mobile number for app access. Although Telegram warned users not to share this code with others, accessing the Golden Telegram page was impossible without entering it.
At the time, media outlets reported user information leaks through this method, warning about government and various state institutions accessing people’s data.
Yaftar’s Role in the New Filtering Method
According to a Filterwatch report, hacked documents from the Attorney General’s office dated November 3, 2022, include instructions issued by the Committee for Determining Criminal Content (the Filtering Committee), emphasizing that Yaftar Company is one of the contractors executing filtering in Iran.
In another resolution, titled “Strategies to Increase the Share of Domestic Traffic and Combat Circumvention Tools,” approved in February 2024, the use of foreign platforms is permitted if they are offered through shells or simulated versions that are accountable to the Islamic Republic government.
In an investigative report published by Filterwatch, one of the methods used by Yaftar Company for internet filtering has been exposed. In this method, website services are provided through a simulated shell resembling the original site.
Using phishing techniques, Yaftar Company obtains users’ usernames and passwords, connecting them to the foreign site through a simulated gateway. Along this path, all incoming and outgoing user information can be examined by the filtering system. Whenever a search result or query includes censorable content, a filtering page is displayed to the user.
This system also allows the filtering operator to generate reports on user traffic (visited sites and request details).
The “Next-Generation Filtering System”
This plan, known as the “Next-Generation Filtering System,” was presented by the Yaftar group to the Attorney General’s office in 2019. As a test example, they considered the site Pinterest, an American social network for photo sharing.
In this experimental plan, users enter a site similar to Pinterest, which operates under the supervision of the Islamic Republic’s laws. Its content can be reviewed and censored according to the Filtering Committee’s requests.
In this approach, not only is filtering applied to user searches but according to Yaftar’s plan, the user’s personal information is also stored in this system.
Based on the proposal submitted by Yaftar Company, the proxy system accesses users’ information without their consent or knowledge, enabling the intermediary system to store, process, and use this data.
Furthermore, the plan is designed so that the foreign platform remains unaware that a bot—instead of a real user—is accessing its information.
Legal and Ethical Implications
This proposal and similar actions in the Islamic Republic are occurring despite Articles 730 and 740 of the Islamic Penal Code, which consider unauthorized interception of people’s communications content and storing it without user permission as a crime.
These government actions align with provisions in the Seventh Development Plan draft. This plan envisions a system to monitor citizens’ lifestyles—a resource that enhances the government’s ability to maintain citizen information and create personal profiles of each individual. It enables quick and precise analysis and identification of people’s tendencies, thoughts, and lifestyles—a step that helps complete the puzzle of comprehensive government surveillance over citizens’ lives.
