Ten major VPN providers have been ordered by Russian authorities to begin blocking sites present in the country's national blacklist. NordVPN, ExpressVPN, IPVanish and HideMyAss are among those affected. TorGuard also received a notification and has pulled its services out of Russia with immediate effect.
For the past several years, Russia has continued with its mission to restrict access to content the state finds objectionable.
Many kinds of sites, from alleged pirate platforms to sites hosting extremist content, have all been affected.
Local ISPs are required by law to block their domains, rendering them inaccessible. However, plenty of circumvention options are available, something the government is trying to address.
During July 2017, President Vladimir Putin
signed a bill into law aiming to close this loophole. The plan was to prevent citizens from accessing banned sites using VPNs, proxies, Tor, and other anonymizing services.
The threat was simple: if such services were found to be facilitating access to banned platforms, they too could find themselves on Russia’s ‘Internet blacklist’, known locally as FGIS.
While some VPN providers pulled out of Russia well before the new legislation (Private Internet Access
exited in 2016 for unconnected reasons), others have continued. Now, however, authorities are attempting to tighten the noose.
During the past few days, telecoms watch Roscomnadzor says it sent compliance notifications to 10 major VPN services with servers inside Russia – NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN.
The government agency is demanding that the affected services begin interfacing with the FGIS database, blocking the sites listed within. Several other local companies – search giant Yandex, Sputnik, Mail.ru, and Rambler – are already connected to the database and filtering as required.
“In accordance with paragraph 5 of Article 15.8 of the Federal Law No. 149-FZ of 27.07.2006 ‘On Information, Information Technology and on Protection of Information’ hereby we are informing you about the necessity to get connected to the Federal state informational system of the blocked information sources and networks [FGIS] within thirty working days from the receipt [of this notice],” the
notice reads.
A notice received by TorGuard reveals that the provider was indeed given just under a month to comply. The notice also details the consequences for not doing so, i.e being placed on the blacklist with the rest of the banned sites so it cannot operate in Russia.
TorGuard, however, is clear – it won’t operate under those terms so has already left of its own accord.
“At the time of this writing TorGuard has taken steps to remove all physical server presence in Russia. We have wiped clean all servers in our Saint Petersburg and Moscow locations and will no longer be doing business with data centers in the region,” the company said in a statement.
“We would like to be clear that this removal of servers was a voluntary decision by TorGuard management and no equipment seizure occurred.”
The demand from Roscomnadzor sent to TorGuard and the other companies also requires that they hand over information to the authorities, including details of their operators and places of business.
The notice itself states that for foreign entities, Russian authorities require the full entity name, country of residence, tax number and/or trade register number, postal and email address details, plus other information.
The Roscomnadzor notification provided by TorGuard doesn’t make any demands to access VPN customer data. However, given TorGuard’s privacy policies, that should already be a moot point.
“
We do not store any logs so even if servers were compromised it would be impossible for customer’s data to be exposed,” the provider added.
The same situation should also be true at several of the other VPN providers contacted by Russian authorities. NordVPN, ExpressVPN, TorGuard and VyprVPN, for example, all declared in
TorrentFreak’s 2019 annual roundup that they carry zero logs.
As the companies in question consult with their legal teams, only time will tell which of the others will choose to comply with Russian law and begin blocking – or leave the region completely.