Hello friends, Today OONI published a new research report, titled: "DNS over TLS blocked in Iran". You can access this report here: https://ooni.org/post/2020-iran-dot/ DNS over TLS (DoT) is a network protocol that secures DNS queries (https://ooni.org/support/glossary/#dns-query). DoT improves the privacy and security of DNS queries, and makes DNS-based blocking harder. We investigated whether DoT works in Iran by gathering a list of 31 well-known DoT endpoints and running experiments from four distinct Iranian mobile and fixed-line Internet Service Providers (ISPs): MCI, TCI, Irancell, and Shatel. We discovered that: * 57% of the endpoints are blocked on a least one ISP; * the blocking is not implemented uniformly across ISPs; * most blocking happens by interfering with the TLS handshake; * in some cases TLS handshake blocking seems to depend on the SNI, while in other cases it seems to depend strictly on the TCP endpoint being used; * forcing TLSv1.3 does not change the rate of successful TLS handshakes compared to letting the server choose a TLS version between v1.0 and v1.3. In our report, we share details from our experiments and findings. Please share our research: https://twitter.com/OpenObservatory/status/1275842846520741888 Thanks, ~ OONI team. -- Maria Xynou Research & Partnerships Director Open Observatory of Network Interference (OONI) https://ooni.org/ PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E