Skip to content

CONCEPT Cited by 1 source

Whitelist Internet access

Whitelist Internet access is a censorship architecture in which connectivity is granted by explicit allowance, not denial: only a curated list of approved domains / services is reachable, and only a curated list of users (via approved SIM cards, accounts, or device IDs) is permitted to connect at all. Everything not on the whitelist is silently dropped.

It is the most extreme point on the filtering-based shutdown spectrum — tighter than Great-Firewall-style blacklisting, which permits by default and denies known-bad. Whitelisting flips the default and denies by default, permitting only known-approved.

The canonical form (Iran, 2026)

The February 28, 2026 Iran shutdown was implemented with the whitelist architecture: "'whitelists' and 'white SIM cards' restricting access to only approved Internet sites by selected users." From Cloudflare Radar's vantage point:

  • Traffic from Iran fell to well under 1% of previous levels.
  • Only "small amounts of Web and DNS traffic" egressed the country.
  • IPv4 announcements stayed consistent and IPv6 announcements remained in a "consistently volatile" state — neither consistent with BGP-driven shutdown, both consistent with edge-filtering + allowlisting.

Why whitelisting over blacklisting

Blacklist-based censorship must enumerate and filter new adversarial surfaces as they appear (new domains, new VPN providers, new protocols). Whitelisting inverts the cost:

  • Filter scope shrinks to a curated permit list — everything else is dropped implicitly, so the censor's operational cost stops growing with the adversary's creativity.
  • Residual traffic is predictable — the population of reachable endpoints is bounded, making load planning and surveillance tractable.
  • Collateral economic damage is dampened — government, military, banking, and critical-service endpoints can stay on the whitelist, preserving state operations while the general population is offline.
  • Politically sustainable for longer — the combination of low collateral + tight adversary containment lets the state hold the shutdown for weeks or months, not hours or days.

The trade-off: whitelisting is operationally expensive to stand up initially. Every approved SIM card, every approved domain, every approved service endpoint is a manual (or semi-manual) allowance. Once the list exists, maintaining it is cheap; building it from scratch in an emergency is not. Evidence of a functioning whitelist is therefore also evidence of pre-existing censorship infrastructure.

"White SIM cards"

The white-SIM mechanism binds the allowlist to a physical subscriber identity rather than a dynamic network address. Approved users — government employees, military personnel, key businesses, selected journalists — are issued SIM cards whose IMSI / subscriber profile the operator flags as unrestricted. Everyone else's SIMs are dropped at the carrier edge.

This is a structural barrier to circumvention because the line between "can access the Internet" and "cannot" is drawn at the carrier before any IP-layer shenanigans become possible. VPNs and obfuscation don't help if the SIM itself is rate-limited or null-routed at the carrier.

Detection signature from external observatories

Whitelisting produces a distinctive signal:

  • BGP routes stay announced — the country is still on the global routing table.
  • Traffic collapses to a stable, nonzero floor — usually <1% of baseline — rather than dropping cleanly to zero.
  • The floor is composed of familiar endpoints — disproportionately banks, government portals, payment systems, essential logistics — and unusual absences of the rest.
  • The duration extends for weeks — whitelisting is operationally sustainable for long durations in a way that cruder mechanisms are not.

Seen in

  • sources/2026-04-28-cloudflare-q1-2026-internet-disruption-summary — canonical wiki instance; Iran's February 28 2026 nationwide shutdown used "'whitelists' and 'white SIM cards' restricting access to only approved Internet sites by selected users." Traffic fell to <1% of previous levels; the shutdown remained largely in place through late April (two months and counting), making it "one of the longest sustained Internet disruptions observed in recent years." The white-SIM + whitelist pair is the observed mechanism behind that sustainability.
Last updated · 433 distilled / 1,256 read