Posted on 03-18-2020.
Roskomnadzor is closely studying anonymous and decentralized networks that enable bypassing the blocks imposed by the department. The ultimate goal of this study is to restrict access to such networks at the legislative level. Tor browser, the Telegram Open Network platform, and a number of other networks based on anonymous secure connections are at risk. The job was entrusted to the Federal Research Center "Informatics and Management" at the Russian Academy of Sciences. The government will allocate 9.2 million rubles ($110,000) to the research. The deadline for submitting the report is June 30, 2020. In this piece, we explain why Tor and Telegram are popular in Russia and figure out how real the threat is.
“This law has not been enforced until today, despite the fact that it entered into force more than two years ago. In March 2019, Roskomnadzor sent a notice to ten major VPN services with a request to observe the list of banned sites. All the services, except for Kaspersky Secure Connection, refused, but Roskomnadzor didn’t do anything to them at the time,” said the expert.The current study, according to Artyom Kozlyuk, is being carried out as part of the implementation of the “sovereign Runet,” Russia’s take on an isolated domestic internet.
“Roskomnadzor wants to study specific technologies that are difficult to block by brute force or crack, as they are cryptographically secure. Based on this analysis they will try to manufacture hardware and software systems for filtering traffic or ‘jamming the signal,’ if it is at all possible,” he added.Such an approach will render the blocking process completely non-transparet, the expert warns:
“If the authorities gain access to some kind of equipment that can detect and limit certain kinds of traffic, there will be no need to keep a separate register of banned sites and upload this data to telecom operators. "Lists may exist in parallel, but at the same time, no one will know why this or that service suddenly stopped working. If Roskomnadzor implements this practice of off-registry blockings, there will be even more confusion.”The leader of Roskomsvoboda also questions the effectiveness of this non-trivial method.
“I’m not sure that we will experience this in the coming months, or even years. Individual elements can be felt quickly. But the ‘switch’ that Roskomnadzor was given under the sovereign Internet law will likely be only used in case of mass unrest, and we will see a large number of regional shutdowns.”Roskomnadzor explains the new tender by the need to develop tools to block prohibited information. The list of technologies being studied, according to the document, will include the Invisible Internet Project (I2P), The Onion Router (TOR), Telegram Open Network, Freenet, Zeronet, anoNet, as well as the mesh networks Yggdrasill, cjDNS, Briar, Signal Offline, and FireChat. VPN technology was not mentioned. According to GlobalWebIndex service, VPN is used by a quarter of Russians.
VPN usage for anonymous browsing by country. Source: GlobalWebIndexThis discrepancy was noted by the ex-Telegram Special Directions Director Anton Rosenberg.
“The terms of reference contain a large list of technologies and protocols that need to be analyzed. Not all of them are popular, not all are used to bypass blocks. Perhaps they were added because the authors of the document did not understand very well how things worked, or to obfuscate, cover up some specific items of real interest to the customer, or even simply to create a facade of large and complex work to justify the allocated amount of funds,” he said in a comment to Kommersant.
“The network cannot “label” the user with the list of blocks since it can not determine his country and jurisdiction. Filtering is relegated to the “output nodes” in accordance with their local legislation,” the expert explains.Another useful feature of Tor is the impossibility of retargeting, a.k.a. re-displaying ads.
“Anonymity in the era of ubiquitous advertising networks is useful when buying gifts for family members. Imagine that you are choosing a gift for your wife/husband, and a few hours later your partner is shown an advertisement for this gift. This can kill the surprise, and Tor can help prevent it,” adds Evdokimov.And although anonymity and privacy are the main features of the Tor browser, they are not absolutely guaranteed, says Stanislav Shakirov, technical director of Roskomsvoboda.
“Even using Tor you can be deanonymized. For example, if you use the browser to log in the social media accounts."
“The reasons for the growth of the Tor audience may be related to the blocking of popular services and the popularity of platforms located in the .onion domain (like Hydra). If the number of people arrested for reposts or publications is growing in the country (and the authors of such posts are often identified by IP address), we can expect that Tor user base will also grow,” she said in a comment to ForkLog.At the same time, high-quality VPN services can easily steal Tor’s audience, whose goal is to bypass blockings or maintain anonymity by changing the IP address.
“Users will still be able to connect to the network through bridges (private nodes). Even if the main Tor Project site is blocked, there are other ways to get bridges. You can also use the Pluggable Transports technology, which masks the traffic, making it indistinguishable from the ‘normal’/allowed traffic,” said Diana Azaryan.According to Diana, there are several types of interchangeable transports that follow a single specification. For example, “meek” transport was created specifically for residents of China. The easiest way to limit access to the Tor browser is to block bootstrap nodes — a special “hard-wired” address in the program from which the initial configuration for the overlay network program is loaded, continues Leonid Evdokimov:
“With some degree of success, Tor, I2P, and DHT torrent clients can be blocked in this way. This tactic will work well until clients for overlay networks begin to actively ‘resist’ blocks."That being said, he reminded about the unfortunate consequences of previous blocks in Russia:
“Any threat can be realized, the only question is the amount of collateral damage. And Roskomnadzor is not very worried about the latter. We already saw this in April 2018, when in an attempt to block Telegram, the department blocked Google and many Amazon networks, breaking the functionality of Slack, Ted.com and millions of other sites,” says Evdokimov.Given the fact that the Russian Academy of Sciences is involved with the study, there may be temporary successes in blocking the Tor browser on the territory of the Russian Federation, but overall the threat is illusory, believes Alexander Isavnin, representative of the Internet Protection Society.
“Overlay networks are evolving significantly faster than they can be blocked. They will overhaul their inner workings and the results of the "research" will become irrelevant. Not to mention that 9 million rubles by Russian standards is a paltry sum. There is no way a strong study can be conducted with such level of financing,” the expert concluded.Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.