Iran Says Crafting Technology to Identify Web Users at First Click

Tehran has been known to exaggerate, but an Israeli expert notes that the communications minister’s comments are not the stuff of science fiction.


Iran is developing technology capable of identifying Internet users the moment they go online, Iranian Communications Minister Mahmoud Vaezi has told the Iranian Students’ News Agency.

“In the future, when people want to use the Internet, they will be identified,” he said.

The new technology would join other tools that Iran seeks to develop to keep an eye on web surfers. Agence France-Presse has quoted Vaezi as saying that within six months Iran will run a smart filter on all content the government defines as offensive or criminal.

As these snooping tools are being crafted, services such as Facebook, YouTube and Twitter remain blocked in the Islamic Republic since 2009, when security forces put down the opposition protesting irregularities during the presidential election that year.

Iranian officials have been known to exaggerate, but web-application expert Raviv Raz says that in this case Vaezi might be telling the truth. Raz is the chief executive of Hybrid Security, which specializes in detecting suspicious online activity.

Although Vaezi did not mention any specific technological tool, his comments are not the stuff of science fiction, Raz says. The technology, which exists in the West as well, is based on public studies.

Raz noted that technology exists at several levels to identify online users. At the most basic level, there’s the computer’s Internet Protocol address.

Of course, a web user could simply opt for a computer at an Internet cafe, so two years ago Tehran began keeping tabs on visitors to such places.

Many companies, including Israeli-based ones, focus on identification based on web users’ behavior — on mobile devices as well.

“Quite a few companies can create a kind of biometric signature for online surfers. They insert Javascript code that looks at mouse movement as well as the rhythm and pattern of the surfer’s clicks,” Raz said.

“Some also engage in provocations such as hiding the cursor or moving elements. That requires the user to fix the situation, and that’s usually an unnecessary fix that helps identify him.”

According to Raz, “The Iranians aren’t stupid. I imagine they can develop similar things because everything is based on academic research.”

In any case, Tehran has an advantage in such spy tactics. Because it controls the country’s Internet, it can insert code via an Internet service provider to make surfers think they’re visiting websites outside the country.

There are ways to evade snooping, but this is a hard task when the state controls the ISPs, Raz says. He notes other ways to identify web users, such as a government service like a written driver’s test, because everyone uses a computer for the task.