Russia demands access to VPN providers’ servers

10 VPN service providers have been ordered to link their servers in Russia to the state censorship agency by April 26

The Russian censorship agency Roskomnadzor has ordered 10 VPN service providers to link their servers in Russia to its network in order to stop users within the country from reaching banned sites.

If they fail to comply, their services will be blocked, according to a machine translation of the order.

The 10 VPN  providers are ExpressVPN, HideMyAss!, Hola VPN, IPVanish, Kaspersky Secure Connection, KeepSolid, NordVPN, OpenVPN, TorGuard, and VyprVPN.

In response at least five of the 10 – Express VPN, IPVanish, KeepSolid, NordVPN, TorGuard and  – say they are tearing down their servers in Russia but continuing to offer their services to Russian customers if they can reach the providers’ servers located outside of Russia. A sixth provider, Kaspersky Labs, which is based in Moscow, says it will comply with the order. The other four could not be reached for this article.

IPVanish characterized the order as another phase of “Russia’s censorship agenda” dating back to 2017 when the government enacted a law forbidding the use of VPNs to access blocked Web sites.

“Up until recently, however, they had done little to enforce such rules,” IPVanish says in its blog.  “These new demands mark a significant escalation.”

The reactions of those not complying are similar. TorGuard says it has taken steps to remove all its physical servers from Russia. It is also cutting off its business with data centers in the region

“We would like to be clear that this removal of servers was a voluntary decision by TorGuard management and no equipment seizure occurred,” TorGuard says in its blog. “We do not store any logs so even if servers were compromised it would be impossible for customer’s data to be exposed.”

TorGuard says it is deploying more servers in adjacent countries to protect fast download speeds for customers in the region.

IPVanish says it has faced similar demands from Russia before and responded similarly. In 2016, a new Russian law required online service providers to store customers’ private data for a year. “In response, we removed all physical server presence in Russia, while still offering Russians encrypted connections via servers outside of Russian borders,” the company says. “That decision was made in accordance with our strict zero-logs policy.”

To continue reading this article register now

Now read: Getting grounded in IoT