VPN in Russia: from blocking services to blocking protocols

Findings:

• At least 6 out of 15 VPN services experienced problems with access to the Internet when the OpenVPN and Wireguard protocols were blocked;

• The users’ strategy of trying different VPN services in search of a working one is a big vulnerability when popular protocols are getting blocked;

• There is not much research work covering the work of TSPU devices;

• The legislative basis for blocking VPN services is getting wider and wider.

Internet censorship in Russia is actively developing every year. The country has been steadily losing positions in the Internet Freedom Index since 2011 due to both regulatory changes that create a normative basis for strengthening censorship and the growing number and diversity of blocked resources.

Internet Freedom Index of Russia from 2011 to 2023

Circumvention tools have been actively censored in Russia since 2017 when a ban on tools providing access to blocked websites began to take effect. In 2023, the government went further and introduced legislation which will allow Roskomnadzor to independently block information about the circumvention tools. On top of everything, the Federation Council recently asked Roskomnadzor to check and block more than 50 VPN services that provide access to social networks banned in Russia. 

At the same time, the demand for VPN services and other circumvention tools increased dramatically with the start of the "special military operation", reaching peak values by mid-March 2022. According to Atlas VPN, the number of downloads of different VPN services roughly tripled compared to 2021, from 12,585,576 downloads in 2021 to 33,540,600 downloads in 2022.

The number of daily downloads of Proton VPN from February 14, 2022 to April 19, 2022

In 2023, the demand for circumvention tools dropped sharply, with Russian users downloading VPNs only 3,366,919 times in the first half of 2023. In the future, peaks in downloads coincided with the reports of blocking of popular VPN services.

We present a study on how Russian users circumvent censorship, which services they use and how they react to the blocking of these services.

VPN services and VPN protocols: about half of the researched are blocked 

Based on the most popular services by number of search queries and on the results of our user survey, we have compiled the following list of 15 popular services:

1. AdGuard VPN

2. Express VPN

3. Proton VPN

4. Turbo VPN

5. VPN Planet

6. VPN Proxy Master

7. Amnezia VPN

8. Lantern VPN

9. Psiphon VPN

10. Outline VPN

11. Secure VPN

12. Nord VPN

13. RedShield

14. Hola VPN

15. AntiZapret

According to OONI, domains of 8 of the 15 most popular services are already blocked in Russia.

The main protocols used by these 15 services:

• OpenVPN,

• Wireguard,

• Shadowsocks,

• IKEv2,

• V2Ray.

4 out of 15 services use only OpenVPN protocol or their own protocol based on OpenVPN, 2 more services use Wireguard in addition to OpenVPN.

OpenVPN is considered one of the most vulnerable to censorship protocols. In a 2022 study, CensoredPlanet ran an experiment where they were able to identify 85% of the traffic going through OpenVPN.

At the same time, this protocol is favoured by Russian banks and commercial companies using VPN.

Only 2 services out of 15 use Shadowsocks protocol: Amnezia VPN and Outline VPN.

Shadowsocks is the only major protocol that has not yet been subject to mass blocking. It is more difficult to identify among other internet traffic.

However, services using the Shadowsocks protocol may be targeted with the next wave of censorship too. Obfuscation services, which allow to mask the connection and make it look like a normal traffic, are not blocked yet, but, unfortunately, few users in Russia use them. The possibility of obfuscated traffic being blocked cannot be excluded as well: studies show that a connection using the OpenVPN protocol can be detected quite easily even when using different obfuscation tools.

Obfuscation tools which can help users to ‘hide’ their VPN connection are not being blocked yet in Russia, but, unfortunately, few Russian users use them even though 6 out of 15 popular services have a built-in ability to use obfuscators. 

Also, the possibility of blocking obfuscated traffic cannot be ruled out -- studies show that connections using the OpenVPN protocol can be detected quite easily even when different obfuscation mechanisms are in place.

Thus, when the ISPs (Internet Service Providers) started blocking OpenVPN and Wireguard protocols in August 2023, at least 6 out of 15 services started experiencing network access problems.

Depending on the efficiency of obfuscation of the other services and users' awareness of the existence of such an option, at least three more services (Express VPN, Nord VPN, Proton VPN) could have been blocked.

Since the blockings implemented via TSPU are not always carried out by court decisions or through the Roskomnadzor registry, some services were able to file a lawsuit against Roskomnadzor demanding to cancel the blocking. It is not yet known how this litigation process will end, but this case may become a good precedent in Russian legal practice.

Read about the research methodology here.

👉 Roskomsvoboda maintains its own VPN Love rating compiled by information security experts and digital human rights activists.

From restricting access to information to censoring information about circumvention

VPN services in Russia have been blocked on various scales since 2017 when the law banning the use of VPN services and anonymizers to access information, access to which should be restricted, came into force.

In 2019, Roskomnadzor established a requirement for VPN services operating in Russia to connect to the Federal State Information System (FGIS).

In 2021, the first protocol-level blockings were reported.

We received the reports on the access problem of different VPN services in 2022 and we continue to receive them in 2023. Also in 2023, the government gave Roskomnadzor the right to block the information about circumventing tools.

Since March 2024, applications marketplaces will have to remove VPN services apps at the request of Roskomnadzor. Next year, Roskomnadzor may start blocking all VPN services that provide access to the websites and services which are blocked in Russia. First of all, this type of blocking will affect the services in app stores.

Internet censorship in Russia took unprecedented proportions in 2023. Thus, in the middle of 2023, Roskomnadzor reported an 85% increase in the number of blocked resources compared to 2022. At the same time, in 2022, the majority of independent media websites had already been blocked, mirrors of independent resources, websites of human rights projects and political organizations were actively blocked. According to OONI, censorship in Russia has affected almost all types of content – from commercial businesses to environmental and educational projects.

Read more about censorship in Russia here.

Conclusions: lack of data on TSPU, limited skills among users

As part of this research, we have identified several gaps, to which we would like to draw the attention of the human rights, technology and research communities.

Research of TSPU. To date, only a few academic studies have been published on how many Russian TSPU's are currently installed and how they filter Russian users' traffic. Since TSPU's are a key element of Russian censorship that allows it to be strengthened through centralization, we believe that the technology and research communities need to prioritize this topic for research and actively collaborate in this regard.

User awareness of how VPN services and obfuscation mechanisms work. The current user strategy of trying multiple VPN services in search of a working application can be a major vulnerability if the major popular protocols get blocked.

Censorship in Russia strengthens every year. Both the number and diversity of blocked services are increasing. While earlier blockings were often inconsistent and the same resources could be blocked in different ways and to different degrees by different providers on different networks, in 2021, for the first time in Russia used TSPU for blocking.

In October 2023, Amnesia VPN announced its AmneziaWG protocol, designed for countries with strict censorship.

In 2022, researchers have demonstrated that DPI can be used to relatively easily detect connections made through the OpenVPN protocol even if it is obfuscated. 

In 2023, we see how TSPU is used in Russia to block individual VPN protocols and how these blockings can occur in a coordinated manner at the same time across different ISPs in different regions.

Even though most Russian users are aware of the existence of Internet censorship and blockings, and are actively using VPN services, many of them are not sufficiently aware of how exactly circumvention tools work.

Such ignorance, on the one hand, leads people to download unreliable or even fishy services, preferring cheaper or free applications. On the other hand, in the case of protocol-level blockings, these users do not have enough knowledge to customize the service they use and bypass the censorship.

Censorship in Russia happens not only at the network level but also within individual services, including social networks and search platforms. Such censorship is much more difficult to track, but even from the transparency reports published by different services, it is evident that Russian censorship escalates yearly. 

Read the full report here. 

In Russian: 
News
Report