On March 28, Russia’s media regulator said in a press release that it was sending letters to 10 VPN providers asking them to block users’ access to “blacklisted” websites in Russia.
The letters demand that VPN providers plug into the “Federal State Information System” (FGIS), a technical system that will signal to their services which websites need to be blocked. The move comes as part of the regulator’s implementation of a censorship circumvention law that came into effect on January 1, 2017.
Contrary to some headlines, the law does not ban VPN services altogether. Instead, it requires them to abide by the government’s extensive “black list” of banned websites and prevent Russian users from accessing them.
Of course, this defeats the purpose of a VPN, a technology used primarily to help people access websites that are blocked in the jurisdiction where they are located. The law is one of various measures taken by media regulator Roskomnadzor (short for Federal Service for Supervision of Communications, Information Technology and Mass Media) in recent years, in an effort to better control what Russians can and cannot see online.
If these VPN services refuse to comply with the law at Roskomnadzor’s written request, the press release says, the agency will consider “limiting access to the VPN service.”
Nevertheless, for VPN service providers, there may be no real upside to agreeing with Roskomnadzor’s request. Internet freedom activist Vyacheslav Zdolnikov explained in a comment to Novaya Gazeta:
Ни один зарубежный VPN-сервис не согласится выполнять этот закон по двум причинам.
Во-первых, это противоречит самой сути VPN-сервисов, которые, в том числе, работают на обход блокировок и защиту трафика.
Во-вторых, это огромный ущерб для каждого VPN-сервиса. Новость о том, что какой-то из сервисов начал фильтровать сайты, моментально отобьет желание пользователей их использовать.
No foreign VPN service will ever agree to follow this law for two reasons.
Firstly, this goes against the very principle of every VPN service whose purpose, among others, is precisely to circumvent blockages and protecting traffic.
Secondly, this can be a major blow to any VPN service which dares to comply. News of one of the services beginning to filter access to websites will immediately put off any customer.
The list of VPN services currently on notice includes NordVPN, Hide My Ass!, Hola VPN, OpenVPN, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection and VPN Unlimited. OpenVPN is not itself a service, but an open-source technology that enables it.
Almost all have already publicly stated their intent to refuse to comply with Roskomnadzor’s demands:
Hello. Having in mind the complexity of the request, we have no other option but not to comply.
— NordVPN (@NordVPN) 29 марта 2019 г.
Some, such as TorGuard, have also declared that they will be removing their servers from Russial soil:
At the time of this writing TorGuard has taken steps to remove all physical server presence in Russia. We have wiped clean all servers in our Saint Petersburg and Moscow locations and will no longer be doing business with data centers in the region.
The only exception on the list is Kaspersky Secure Connection, a service provided by the cybersecurity research firm Kaspersky Labs. The group is headquartered in Moscow, and thus uniquely vulnerable to local laws. Nevertheless, some people balked at their decision to comply with the news rules:
VPN-сервис (!!!) Kaspersky Secure Connection…
Даже не знаю с чем и сравнить сей абсурд.
Kaspersky Secure Connection согласен на полное сотрудничество с Роскомнадзором.
— Александр Лисовцев (@A_Lisovtsev) 29 марта 2019 г.
VPN-service (!!!) Kaspersky Secure Connection…
I’m not sure what to compare this absurdity to.
Kaspersky Secure Connection fully agrees to cooperate with Roskomnadzor. Why would anyone be surprised at that!