On Monday, Iranian law enforcement authorities ordered Internet service providers to block traffic from the Telegram anonymous chat application, four days after Iran’s Telcommunications Infrastructure Company rescinded Telegram’s license to operate in the country. Tehran’s chief prosecutor claimed that the service is used by pornographers and terrorists and ordered that the ban be enforced in a way that would prevent users from bypassing it via a virtual private network.

Iran had previously tied Telegram to the ISIS attacks in Tehran in July of 2017. And the Iranian government had previously blocked Telegram temporarily in January during nation-wide demonstrations for what officials claimed were national security reasons. But according to Iranian press agency MNA, Iran’s Parliament Committee of National Security and Foreign Policy Chairman Alaeddin Boroujerdi said in an April 1 radio interview that the service would be permanently banned and replaced with a domestically developed alternative.

Iran’s move mirrors that of the Russian government, which continues its efforts to block Telegram after the application’s developers refused to provide encryption keys to access users’ messages. Efforts to block Telegram in Russia have led to Russian ISPs blocking large swaths of Internet addresses at cloud providers, including Google and Amazon, as Telegram users began to employ proxy services and VPNs set up in the cloud. Protests continue in Russia over the government’s move, including a protest on Monday in which thousands of people threw paper planes representing Telegram’s logo.

Thank you, each and one of the 12,000+ people who stood up to support the freedom of internet and Telegram today in central Moscow. You make me proud and excited to be Russian. https://t.co/1Vwa1FQgIO

— Pavel Durov (@durov) April 30, 2018

The Iranian ban has had an impact on many government-connected organizations in Iran, since more than 40 million Iranians are believed to use the service. Those organizations have been moving to Soroush, the Iran-developed alternative promoted by the government that was released last week. The app comes complete with a “Death to America” emoji and “stickers” with messages supporting Iran’s leadership.

Gimme the cache

Until last week, Telegram was actually operating an Iran-based encrypted cache service, similar to other local servers in Turkey and Indonesia. Telegram launched the caches in July in a number of countries, including Indonesia and Turkey, proclaiming in a blog post, “Thanks to this technology, the download speed for public photos and videos in places like South America, Turkey, Indonesia, India, Iran, or Iraq will significantly increase without the slightest compromise in security.” According to Oracle Internet Intelligence (the organization formerly known as Dyn), the Iran cache site—as well as the caches in Indonesia and Turkey—went quiet suddenly on April 26, around the same time Iranian officials formally launched Soroush.

@Telegram local cache network (AS44907) in Iran, Turkey, Indonesia disappears from the Internet as Iran moves to ban the popular messaging service. Routes pulled around 5:00 UTC on 26 April 2018. https://t.co/EYLybWPZ30 pic.twitter.com/ehplBouWTS

— InternetIntelligence (@InternetIntel) May 1, 2018

Indonesia, another country with a large number of Telegram users, had banned the application in July of last year over terrorism fears, then lifted that ban last August.

The volume of the blocking being done by Iranian ISPs to stop Telegram access is difficult to assess so far, but network operators did see a very large drop in traffic from Iran this morning.

John Graham-Cumming, CTO at Cloudflare, told Ars that network engineers at Cloudflare had seen a significant hit “at about 07:45 UTC this morning—it was some, but not all of Cloudflare that’s been blocked, but it was pretty significant. At one point it was about 85 percent.” Since then, he said, traffic has returned back to near-normal levels.

“We did see that we were not the only people affected,” Graham-Cumming added, “so something happened in Iran that caused fairly widespread blocking. They blocked such a wide range of IP addresses, it’s hard to tell what they were targeting.” Some Cloudflare sites are still being blocked, but they don’t have a clear relationship to the Telegram ban.

The Tor Project has also seen a spike in bridge connections to the anonymizing network from Iran as Iranians attempt to bypass blocks implemented by ISPs.

https://arstechnica.com/?p=1301789