The seams between autocratic systems

When Iranian protesters created social media accounts during the 2022 uprisings, many were identified within hours. It was not because they posted incriminating content, but because of the verification process itself. SIM cards registered at government-licensed shops linked to device IMEIs. Phone numbers cross-referenced against existing databases. Network behavior patterns matched profiles of known activists. The platform verification designed to prove someone is a real person became the evidence trail that led to arrests.

The same patterns emerged during China's white paper protests. Authorities didn't need to monitor what people posted. They identified participants through the identity signals required to access domestic platforms: real-name registration, device attestation, and payment-linked verification.

This is what identity-based repression looks like now. Governments don't just block websites. They instrument the verification systems that platforms require, turning proof-of-personhood into proof-of-target.

For a decade, internet freedom advocates relied on a different bet: authoritarian regimes wouldn't block major platforms because the economic damage would be too severe. Host your content on Amazon's servers, and blocking you means blocking Amazon. Put your news site behind Cloudflare, and censoring you means disrupting thousands of businesses. This was collateral freedom, using shared infrastructure as a shield.

That bet is losing.

Iran's National Information Network demonstrates why. The regime built a domestic internet that keeps banking, government services, and e-commerce running while severing most international connections. During protests, they can now cut global access without collapsing daily life. The collateral costs that once constrained censorship have been engineered away.

Russia is moving in the same direction. So is China, which pioneered the approach. But these regimes aren't just building walls. They are actively excluding people outside their control from accessing their sovereign information spaces. China's real-name registration requirements, device attestation systems, and payment-linked identity verification make it nearly impossible for foreign researchers or exiled journalists to maintain accounts on domestic platforms. Russia has accelerated similar measures since 2022, requiring phone numbers from approved carriers, blocking foreign VoIP services, and tightening identity requirements on VK and Telegram alternatives.

The message is clear if you're not legible to the state, you don't get to participate in the information space it controls. Autocrats have learned they don't need the same pipes as everyone else. They can build their own and decide who gets in. But here's what they haven't figured out: how to trust each other.

Distrust as leverage.

Systems arbitrage works differently than collateral freedom. Instead of relying on shared infrastructure, it exploits the gaps between systems that don't coordinate. Specifically, it exploits the gaps between verification and identity regimes that can't or won't recognize each other.

Consider identity verification. When a platform needs to confirm someone is real, it often accepts foreign credentials: a passport from country X, a phone number from carrier Y, and a government ID verified by service Z. Each system has its own standards. None fully trusts the others. In that space between verification regimes, where format compliance substitutes for actual cross-checking, opportunities open up.

The technical version: platforms can't reliably distinguish a real camera feed from a virtual one when the operating system presents it as a genuine device. Identity proofing becomes a simulation problem. The geopolitical version: cross-regime validation is incomplete because governments and corporations can't agree on what counts as verified. In that gap (where format compliance substitutes for actual cross-checking) opportunities open up for legitimate research accounts, newsroom monitoring, and source-safe access that would otherwise be impossible.

Exploiting jurisdictional seams isn't new. For centuries, people have used gaps between systems that don't coordinate. Smugglers moved goods through territories where customs regimes didn't share information. Swiss banks built an industry on the fact that other countries couldn't compel disclosure. Companies incorporated in Delaware or the Caymans because corporate transparency requirements varied by jurisdiction. The principle is old: when systems don't trust each other enough to share enforcement, the spaces between them become navigable.

The digital version emerged as soon as the internet crossed borders. Early file-sharing networks routed around copyright enforcement by hosting servers in jurisdictions that didn't recognize US intellectual property claims. Offshore gambling sites exploited the gap between where bets were placed and where servers were located. Cryptocurrency exchanges incorporated wherever regulatory frameworks were weakest. Each case followed the same logic: find the seam, operate in it.

What's changed is where the seams now sit. Identity verification stacks, platform compliance systems, cloud infrastructure, payment rails, AI moderation layers—these didn't exist a decade ago, or existed in primitive forms. Each creates new coordination problems between systems.

The coordination problems create potential leverage. The attack surface has expanded dramatically, and so have the opportunities for those who learn to navigate it.

Invisible walls need constant work.

Collateral freedom assumed autocrats needed the same pipes as everyone else. Systems arbitrage assumes autocrats don't trust each other enough to build seamless coordination across their systems.

Think of Iran's stealth blackout earlier this year. Routes still announced, pings still worked, but actual functionality collapsed through selective border enforcement. The regime maintained the appearance of connectivity while killing international access through protocol whitelisting, DNS manipulation, and deep packet inspection. It looked normal from the outside. It was unusable inside.

This invisibility-by-design makes older circumvention strategies less effective. But it also reveals a weakness: these systems require constant maintenance, constant updating, and constant attention to emerging gaps. The same selective control that makes censorship cheaper also creates new seams to exploit.

When verification regimes fragment across jurisdictions, when platforms accept credentials they can't fully validate, and when AI moderation differs between services and countries, each mismatch becomes potential leverage.

Why this matters to journalism: can't hear, can't verify, can't reach.

For exiled and underground newsrooms, this shift isn't abstract infrastructure theory. It's an access crisis.

In many countries, the most important public conversation no longer happens on the open web. It happens inside government-influenced platforms, identity-gated messaging apps, and domestic internet ecosystems that require phone-number registration, device attestation, and escalating real-name verification. For newsrooms operating from abroad, these requirements aren't friction. They are denial of entry.

When reporters can't safely verify their identity, they lose three things at once.

First, source access: if sources organize and share tips inside platforms requiring state-linked identity, exile media can't be present without exposing staff and contacts. The newsroom goes deaf, unable to hear what communities are saying in real time and unable to maintain trusted channels for inbound information.

Second, verification capability. Investigating propaganda and tracking disinformation now requires observing closed spaces from inside. Without access, journalists can't see how claims originate, how they spread, and which accounts coordinate them.

Third, audience reach. When states build domestic alternatives and throttle international services, audience attention shifts to platforms that still work. Exiled outlets may remain technically reachable on the open internet but become practically invisible where it matters.

Collateral freedom helped when the fight was primarily about blocked websites. Systems arbitrage matters because the battlefield has moved upstream to identity, credentials, and platform admission. The same distrust that prevents autocrats from building seamless cross-border verification creates the seams that exiled journalism can use to regain access for listening, reporting, and distribution inside closed platforms.

Same tools, different hands.

Systems arbitrage techniques aren't inherently good or bad. The same methods that help a journalist in Tehran reach international audiences can help bad actors bypass sanctions or commit fraud. The same gaps that let researchers access restricted information let criminals launder money.

This dual-use nature makes the approach uncomfortable. Unlike collateral freedom, which had a clear moral framing (we're just using the same services as everyone else), systems arbitrage requires acknowledging that you're exploiting weaknesses that exist precisely because systems weren't designed to coordinate perfectly.

The honest position: these techniques have legitimate uses in research, journalism, and human rights work, and they also have misuse potential. The seams exist whether we use them or not. The question is who learns to navigate them and for what purposes.

Mutual distrust buys time.

The shift from collateral freedom to systems arbitrage changes what internet freedom tools need to do. Less emphasis on hiding within shared infrastructure. More emphasis on exploiting specific coordination failures between systems.

It also changes the timeline. Collateral freedom worked until regimes reorganized their infrastructure. Systems arbitrage works until regimes coordinate their verification systems, which requires levels of mutual trust that currently don't exist between most autocratic governments. Russia doesn't trust China's identity systems. Iran doesn't fully accept either. Each maintains its own standards, its own bureaucracies, and its own technical implementations.

That lack of coordination is the new constraint to exploit.States and criminals figured this out long ago. The novelty is recognizing that the seam map now includes layers that didn't exist a decade ago, and that those layers create opportunities for people trying to move information across borders that would rather stay closed.

Whether this creates sustainable advantage depends on who adapts faster: the systems trying to close gaps, or the people trying to find new ones.

Ideals create trust. Trust enables coordination.

In our research, we've actively exploited these multi-country verification gaps, using the seams between systems to maintain access that would otherwise be impossible. It works. But technique alone isn't a strategy.

What's needed now is clear-headed coalition building. Researchers, journalists, technologists, and funders committed to liberal democracy and free expression need to support each other across these fragmented spaces. We need shared knowledge about which gaps exist, which are closing, and which new ones are emerging. We need operational security practices that account for identity-layer threats, not just network-layer ones. We need funding models that understand this work.

We have one advantage that autocratic systems don't: we're not just maximizing revenue or optimizing for control. The platforms and regimes building these identity walls are often opportunistic rent-seekers, extracting value from verification requirements that serve their interests. The coalitions opposing them are held together by something else, shared commitments to the idea that information should flow, that journalism matters, and that people have a right to know what their governments do.

That's not nothing. Ideals create trust. Trust enables coordination. And coordination across borders is exactly what systems arbitrage requires.

The seams exist. The question is whether the people who believe in open information can organize well enough to use them.