Russia demands access to VPN providers’ servers

10 VPN service providers have been ordered to link their servers in Russia to the state censorship agency by April 26

ipsecurity protocols network security vpn
Getty Images
Current Job Listings

The Russian censorship agency Roskomnadzor has ordered 10 VPN service providers to link their servers in Russia to its network in order to stop users within the country from reaching banned sites.

If they fail to comply, their services will be blocked, according to a machine translation of the order.

The 10 VPN  providers are ExpressVPN, HideMyAss!, Hola VPN, IPVanish, Kaspersky Secure Connection, KeepSolid, NordVPN, OpenVPN, TorGuard, and VyprVPN.

In response at least five of the 10 – Express VPN, IPVanish, KeepSolid, NordVPN, TorGuard and  – say they are tearing down their servers in Russia but continuing to offer their services to Russian customers if they can reach the providers’ servers located outside of Russia. A sixth provider, Kaspersky Labs, which is based in Moscow, says it will comply with the order. The other four could not be reached for this article.

IPVanish characterized the order as another phase of “Russia’s censorship agenda” dating back to 2017 when the government enacted a law forbidding the use of VPNs to access blocked Web sites.

“Up until recently, however, they had done little to enforce such rules,” IPVanish says in its blog.  “These new demands mark a significant escalation.”

The reactions of those not complying are similar. TorGuard says it has taken steps to remove all its physical servers from Russia. It is also cutting off its business with data centers in the region

“We would like to be clear that this removal of servers was a voluntary decision by TorGuard management and no equipment seizure occurred,” TorGuard says in its blog. “We do not store any logs so even if servers were compromised it would be impossible for customer’s data to be exposed.”

TorGuard says it is deploying more servers in adjacent countries to protect fast download speeds for customers in the region.

IPVanish says it has faced similar demands from Russia before and responded similarly. In 2016, a new Russian law required online service providers to store customers’ private data for a year. “In response, we removed all physical server presence in Russia, while still offering Russians encrypted connections via servers outside of Russian borders,” the company says. “That decision was made in accordance with our strict zero-logs policy.”

KeepSolid says it had no servers in Russia, but it will not comply with the order to link with Roskomnadzor's network. KeepSolid says it will draw on its experience dealing with the Great Firewall of China to fight the Russian censorship attempt. "Our team developed a special KeepSolid Wise protocol which is designed for use in countries where the use of VPN is blocked," a spokesperson for the company said in an email statement.

NordVPN says it’s shutting  down all its Russian servers, and all of them will be shredded as of April 1. The company says in a blog that some of its customers who connected to its Russian servers without use of the NordVPN application will have to reconfigure their devices to insure their security. Those customers using the app won’t have to do anything differently because the option to connect to Russia  via the app has been removed.

ExpressVPN is also not complying with the order. "As a matter of principle, ExpressVPN will never cooperate with efforts to censor the internet by any country," said the company's vice presidentn Harold Li in an email, but he said that blocking traffic will be ineffective. "We epect that Russian internet users will still be able to find means of accessing the sites and services they want, albeit perhaps with some additional effort."

Kaspersky Labs says it will comply with the Russian order and responded to emailed questions about its reaction with this written response:

“Kaspersky Lab is aware of the new requirements from Russian regulators for VPN providers operating in the country. These requirements oblige VPN providers to restrict access to a number of websites that were listed and prohibited by the Russian Government in the country’s territory. As a responsible company, Kaspersky Lab complies with the laws of all the countries where it operates, including Russia. At the same time, the new requirements don’t affect the main purpose of Kaspersky Secure Connection which protects user privacy and ensures confidentiality and protection against data interception, for example, when using open Wi-Fi networks, making online payments at cafes, airports or hotels. Additionally, the new requirements are relevant to VPN use only in Russian territory and do not concern users in other countries.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT