In this issue of Khat-e-Solh, we have approached “Fereydoun” and “Sohand” as representatives of the group “Article 19”, who have chosen their name in accordance with Article 19 of the Universal Declaration of Human Rights of the United Nations, and asked them about their group’s activities regarding bypassing filtering and safe use of the internet.

Another topic that has been pursued in this conversation is hacktivism, or using computer codes for public motivations and how effective it can be in achieving similar results as activist or civil disobedience movements. Additionally, we have asked whether security experts are the same as hackers…

It should not be overlooked that these days, hacktivism is a popular method for internet activists. The most well-known recent activity of hacktivists in the world was the disclosure of thousands of private emails of the President of Syria and his wife, which revealed many personal opinions of Syrian leaders that were not reflected in official interviews and tribunes. This operation was carried out by the group “Anonymous”, who are one of the most famous hacktivists in the world.

As the first question, tell us a little about the background and formation of your group. Also, if possible, please let us know how many members are in your group.

Fereydoun: Our group has been working as a research project for over three years in the field of access to information and methods that internet users in Iran must use to access filtered website content. Our group has grown over time and our activities have also increased accordingly. Currently, we are active in several different areas, one of which, as I mentioned, is still and always will be focused on filtering and creating better access for Iranian users, as well as gathering a lot of information on the subject of cyber security.

Regarding the second part of your question, I must also mention that the group initially started with four members and now has more than ten members.

Sohand: Basically, the focus of our group is on IT human rights and in short, we try to find a way for Iranian users to access any information they want. Secondly, we aim to make information more transparent and easily accessible through a comfortable medium. And lastly, we conduct research in the field of human rights.

Origin 19, a while ago, due to helping bypass internet censorship in Iran and having efficient access to free information, was nominated for the Laleh Human Rights Award in the Netherlands. How do these helps from you look like?

Fereydoun: Our help from the very beginning was to create a very safe and reliable environment for users. Such an environment was formed on the original 19 website with forums and networks that existed around it. We tried to research and gather trusted VPNs and provide ways for users to access these VPNs and also explain how to use them correctly and appropriately. During this time, we established a very close relationship with the company Psiphon, which is one of the producers of VPNs, and over the years we have helped many Psiphon users to use this software better. Additionally, we are always conducting research in this field to find ways to prevent the government of Iran from censoring these VPNs and to help the engineering team of this company to prevent the filtering of this software in Iran, so that it can remain accessible to the people of Iran. This was one of the things I explained to you and besides that, we also provide help to internet users and try to be

Sohand: In summary, Article 19 is essentially a bridge between software developers of censorship circumvention tools and Iranian users; meaning that we transfer the needs of both parties. Additionally, since many tools are in English and users may not have enough information about them, we help with education in this area, such as how to find safe ways to browse the web and how to use suitable tools for each task.

Approximately, how many visitors come to you as users who want to bypass filtering?

Fereydoun: It’s a difficult question, especially if a percentage is supposed to be presented; because it’s a hot topic and an ongoing debate about how many internet users Iran has in general. That’s why we can’t estimate an accurate and specific number, but for example, tools like Psiphon and other circumvention tools that we have on our website, are popular free VPNs in the community that people use. However, it can’t be said that a high percentage of Iranian users use our services, because there are many other resources available.

Sohand: Perhaps we can estimate the approximate amount of several hundred thousand, the exact amount is not available.

For what purpose did you launch the website for monitoring and overseeing the parliament and how successful do you consider the results of your activities in such projects?

Sohand: The parliament watchdog, which is still in its early stages as the 19th child, and we are still developing it and it is just the beginning. This project requires a lot of work and we want to accurately monitor the activities of all members of parliament and show our audience more transparently which direction and opinions each representative has in parliament and which faction they are closer to.

The Rouhani Meter project, which initially focused more on the promises and pledges made by Mr. Rouhani at the beginning of the elections, has since expanded and we closely research all of Mr. Rouhani’s activities and try to have an evaluation and analysis to see if the promises have been fulfilled or not.

Alongside that, we work on many platforms and have been actively involved in various fields. For example, we have published our own research and reports in media outlets such as Al Jazeera.

Fereydoun: Our projects have more than anything else a research aspect, and one of the main beliefs of principle 19 is access to information, which is why we usually work in this field; especially these two projects, Majlis Monitor and Rohani Sanj, have more of an informational aspect and we gather the necessary information, which may be scattered, and provide it in a specific environment for users interested in these topics to make access to such information easier. Fortunately, the new platform created by the internet also helps make information much more easily and widely available to the public.

In terms of success, we may never be able to have a proper evaluation, but from the perspective of communication, the large community that has formed on Facebook and the number of users who visit these websites may indicate the success of these projects and encourage us to continue our work.

In your opinion, why should free circulation of information be a goal and what impact does it have on society?

Fereydoun: Many members of our group believe that access to information is of great importance and may even go beyond the discussion of human rights. In any case, everyone should have access to information and only in such a situation can proper discussions take place. Of course, our goal is not to start these discussions, but rather we are more interested in gathering necessary information and disseminating it through technology and the internet, which has the potential to expand, in order to promote intellectual growth in society and inform people about current issues in Iran and the world.

Some believe that the best security experts are hackers; to what extent do you agree with this theory?

Sohand: Well, hackers, as you know, are divided into several categories. Some hackers are destructive, some are employed by governments, and some are known as white hat hackers, who are considered good hackers. It can be said that this theory is somewhat true, but usually, the organizations that are more successful are the ones that have a group of these hackers and focus on a specific project. If we consider a hacker as someone who, for example, attacks a website or defends it, this work and these hackers will not be very successful.

Regarding security, contrary to the belief that hackers have been ahead for some time, in reality, large and active organizations in the field of cybersecurity are conducting extensive research, which leads to technological advancements in the field of security. Hackers are only a small part of these organizations, who simply discover ways of penetration or sometimes reflect their own creativity.

Are you also active in the field of hacktivism?

Fereydoun: I cannot say that our activities are in line with hacktivism, but what we always do is finding better ways to access information and other things. That’s why many of our projects may involve hacking, but it is not necessarily our main focus.

Sohand: Specifically, we never spread any kind of subsidy code to attack anyone.

“Hactivists are individuals who engage in hacking activities in order to promote and advertise their beliefs or to achieve specific political goals. Hactivism movements are based on the belief that the strategic use of computer codes can have similar results to those of activist movements or civil disobedience. To what extent do you agree with this definition?”

Sohand: This is not very close to our field of work, but it depends on the goal. For example, if the goal is to attack Israeli websites and these hackers manage to take down the sites for 10 days and then they come back, this achievement does not have any special impact other than protesting a limited part of society. But if, for example, hackers like Mr. Edward Snowden come forward and provide a series of documents to experts and the public, this is a valuable move and it will increase the public’s knowledge about the state of online privacy, and I personally agree with it.

Some hacking groups like “Ashiyane”, which if I’m not mistaken were previously known for being white hat hackers, have turned to collaborating with Iranian security organizations. Although they usually deny it, their support for government websites and political content in the messages they publish after hacking a subject, indicates this reality. What is your opinion about this group of hackers and how destructive do you assess their capabilities, especially towards Iranian civil society?

Some hacking groups, such as “Ashiyane”, which were previously known for being famous white hat hackers, have now turned to collaborating with Iranian security organizations. Although they usually deny it, their support for government websites and political content in the messages they publish after hacking a target, indicates this reality. What is your opinion about this group of hackers and how destructive do you assess their capabilities, especially towards Iranian civil society?

Sohand: Because this group has a very close relationship with the Iranian government, we are not aware of the small activities and government agreements it has. We also suspect that the Ashiyane group is using the technology it has to attack the goals that the Iranian government has under its supervision, but I personally do not know to what extent it is destroying Iranian civil society.

It is possible that the Ashiyane group, in the form of consultation, has provided a series of individuals and technologies to the government of Iran or, for example, the Cyber Police organization. In such circumstances, and considering that the Cyber Police arrests individuals in its own name, the issue remains unknown and we do not know if a specific action has been taken by the Cyber Police or with the help of the Ashiyane group or at least with the assistance of members and technologies that this group possesses.

As a final question, if you want to briefly advise website managers on security, what do you say?

Sohand: Like everyone else, the first thing I recommend is to keep your server up to date and also make sure all the software you use is updated. The next step is to use strong passwords and avoid using short passwords with simple letters. Use available tools for system administrators such as antivirus or firewalls, and try to use open source software that is being worked on by a large group of people who will quickly update it if a security breach is detected. If you use old software, abandoned software, or cracked software, the risk of your server or website being attacked is high.

Fereydoun: Another issue that may go beyond technical problems is the discussion of social engineering, and perhaps in many cases, the most successful way to attack websites is derived from this discussion. Sometimes website owners do not pay attention to many of their behaviors on the web that may seem insignificant to them, such as sharing their date of birth or schools they have studied in, and so on; giving too much information on Facebook or other platforms that are accessible to everyone, is one of these cases. In such situations, it becomes easier for a hacker or someone who wants to access specific information; by researching about a person and using that information, they can guess the password or even pretend to be that person and establish contact with the hosting company or other companies they use services from, causing many problems. Well, this happens a lot and that’s why they should pay more attention to the behavior and ethics they have in the online space.

Thank you and your team for taking the time to help us…