In July 2017, Vladimir Putin signed a law to effectively ban all VPNs from Russia, which came into effect on November 1st of that year. Up until now, it didn’t seem that Russian authorities put a lot of effort into enforcing this decision. But this may well have changed last week when Roskomnadzor declared that it sent notices to 10 major VPN providers to connect their services to a state content-filtering system or face the consequences.
To those of us who aren’t Russophones, Roskomnadzor may sound like the unfortunate name of a super villain in some ’80s flick, or perhaps the brother of 6th century BCE Babylonian king Nebuchadnezzar II. The reality is somewhat grimmer — Roskomnadzor is the Federal Service for Supervision of Communications, Information Technology and Mass Media. In short, this is the department in charge of censorship within Vladimir Putin’s State administration. So it seems like we have our super villain, but where is Flash Gordon?
Russia’s fight against freedom of speech
In all seriousness though, this is only the latest of a series of developments that occurred within the latter years in Russia. President Putin — maybe somewhat shaken by reports of his popularity slightly diminishing — started to come down hard on online freedom of speech a few years back. In 2014, the government passed the so-called Blogger’s law, which was aimed at regulating what bloggers in the country could and could not write. During the summer of 2016, Russia passed a data-retention law that forced communications providers to help the state decrypt people’s messages.
Closer to us, in the spring of 2018, Russia banned the Russia-born and popular encrypted messaging app Telegram. That effort, though, was maybe one step too far and it seems to have slightly backfired as the government still struggles to find a way to enforce that ban, causing the tech world to mock the giant state. But who knows how long the Telegram app really has left to live in its country of birth?
Who’s afraid of the Big, Bad Bear?
Roskomnadzor stated that it has sent notices to the following 10 providers: NordVPN, ExpressVPN, TorGuard, VyprVPN, IPVanish, Hide My Ass!, OpenVPN, VPN Unlimited, Hola VPN and Kaspersky Secure Connection, the only Russian provider on this list.
Seeing these providers confronted with what seems to be an ontological dilemma for a VPN — collaborate with a state or be banned from its territory — many experts wondered what their answer would be. Will they break as Google did recently, agreeing to censor search results in order to comply with Russian law? Or will they stand true to their original mission, which is to help fight censorship and defend freedom of speech around the world?
We’ve collected the official positions of the 10 providers facing the wrath of Roskomnadzor. Let’s see how they fare now that the moment of truth has arrived.
They refuse to comply:
The VPN with the biggest market share according to our recent research has a very clear position towards Roskomnazdor’s demand to provide the Russian government with access to any server located in Russia: “We got the letter and have 30 days to respond. Regardless, rest assured, compliance is not something that we will consider.”
“Unfortunately, NordVPN is unable to comply with this request, as we would have to violate the service agreement we’ve made with our customers,” the Panama based VPN stated in a blog post. “It would be impossible for us to comply with Roskomnadzor’s request and to continue operating our product, which is why we will be unable to comply.”
Reacting to Russia’s watchdog notice to collaborate, NordVPN has decided to shut down all of its servers in Russia as of April 1st, 12:00 GMT, 2019. The same blog post indicates that, as a result, some users may have to change their VPN configurations, but “that in all other respects, NordVPN’s service will remain unchanged.”
The bear has not moved the mountain.
While there is as yet no official declaration or post on their website, it appears quite clear that ExpressVPN will not comply with Russia’s censorship demands. ExpressVPN’s vice president, Harold Li, is reported to have declared that the company would never cooperate with efforts to censor the internet anywhere in the world. Adding that they would work for their users to still be able to access the sites and services they want.
IPVanish was among the first providers to answer, and their answer is nothing if not clear: “IPVanish refuses to comply.” Explaining that their very strict no-logging policy would forbid them to comply with any sort of blacklisting requests. Adding as well in a blog post that they refuse to “be pressured into enforcing unjust restrictions by any governing body.”
IPVanish had already removed all of its servers from Russia after a Russian law required OSPs to store their users’ data back in 2016. And they have again renewed their commitment to offering their service to users in Russia via servers located elsewhere in the region.
Golden Frog, the operator of VyprVPN, has been quite vocal in the past that it will avoid having servers inside Russia in reaction to state censorship. Last week, Golden Frog unequivocally refused to comply with Roskomnazdor’s injunction.
They seized the occasion to reiterate that VypVPN is “committed to providing internet users around the world with the tools needed to access the news and information without censorship. (And they) will continue to honor (their) commitment to fight for a free internet, this time in Russia.”
OpenVPN openly speaks about their CEO Francis Dinha’s upbringing under an oppressive regime, which infused him with the will to fight for freedom of speech and an open internet. It is, therefore, no surprise that OpenVPN’s answer to Russia’s injunction has been negative.
In a Facebook post, Francis Dinha has declared that “OpenVPN will continue to provide access to our software and services to people no matter where they live or travel to. OpenVPN can’t compromise and must protect the security and privacy of those we serve.”
However, OpenVPN has been less vocal than some of the other providers on this list and did not seize the opportunity to criticize Russia’s censorship.
TorGuard has reiterated its commitment to user privacy and announced its withdrawal from Russia and the removal of all Russian servers. This means the server locations it once offered in St Petersburg and Moscow are no longer available to its users.
TorGuard has indicated in a blog post that it will not be doing business with data centers in the region and has reassured its users that Russian authorities have not seized any of its equipment, nor has TorGuard disclosed any information to the Russian government.
Choosing humor to respond, VPN Unlimited posted a meme on Twitter, clearly declaring that they will not cooperate with Russian authorities nor will they join the registry of blocked resources in the country.
On Facebook, KeepSolid, the operator of VPN Unlimited, added they would “never agree to compromise (their) users’ privacy and (their) rights to online freedom.” In a blog post, the company adds that their “KeepSolid protocol is specially designed for use in countries where the use of VPNs is blocked.”
Hide My Ass!
HMA! took their time answering Roskomnazdor’s demands, making their decision official only after the ultimatum issued by Russia met its deadline. A spokesperson for the Avast VPN product informed us that “HMA! unconditionally believes in the right for everyone to choose the websites they want to view. This is why we have made the decision for our HMA! users that we will not compromise on any censorship requests.”
A blog post has since then been published on their website, detailing how the donkey will escape the bear and not only pull out all of its servers from Russia, but also will stop selling their services there. Russian users who have a HMA! subscription will be able to use the VPN until the end of their subscription.
They have not yet answered:
We could not find any comment from Hola VPN or its operating company Luminati at this stage. But that does not really matter. In any case, you should not be using Hola VPN.
They will comply:
The VPN based in Russia — although in the midst of a move to Switzerland — chose to obey the law. It has reportedly declared that they felt it is their responsibility as a company to “obey the law wherever they operate.”
Sadly, they chose to ignore the big issue at stake, by declaring that this injunction does not affect the purpose of their software which is to protect user privacy and confidentiality as well as protection against data interception on opened WiFi networks…
Talk about ignoring the elephant and the bear in the room.