New Russian Legislation to ban VPNs and TOR (enforced Nov 1 2017)

nobody

Does anyone know how the latest Russian legislative bill, recently signed by Big Brother, and set to come into full effect from November 1st 2017, regarding the apparent banning or blocking of all VPNs and TOR in Russian Federation, will actually affect the use of PIA in Russian Federation after that date?
I'm a British ex-pat living in Russia for 15 years and have been using PIA for all internet traffic, and TOR, including running TOR over PIA for a couple of years, as pretty much essential in any Orwellian society.
Thanks

OpenVPN

nobody said:

Does anyone know how the latest Russian legislative bill, recently signed by Big Brother, and set to come into full effect from November 1st 2017, regarding the apparent banning or blocking of all VPNs and TOR in Russian Federation, will actually affect the use of PIA in Russian Federation after that date?
I'm a British ex-pat living in Russia for 15 years and have been using PIA for all internet traffic, and TOR, including running TOR over PIA for a couple of years, as pretty much essential in any Orwellian society.
Thanks

This article should answer your questions.
https://www.privateinternetaccess.com/blog/2017/07/russia-vpn-ban-doesnt-forbid-personal-business-use-vpns/

m32b64

From what I have read, it sounds like your VPN or any proxy technology, such as TOR, will likely not work and if it does work, it is because it is being hacked and scrutinized. BE SAFE!  Use multi-factor authentication.

OpenVPN

m32b64 said:

From what I have read, it sounds like your VPN or any proxy technology, such as TOR, will likely not work and if it does work, it is because it is being hacked and scrutinized. BE SAFE!  Use multi-factor authentication.

When you read the article I posted above it states that the Russian VPN "ban" doesn't prohibit businesses and individuals from using Virtual Private Networks but instead the law forces companies who are based out of Russia or have servers in Russia to censor content.
Private Internet Access has already stated that they have no intention of censoring their servers whatsoever therefore people living in Russia may still access content without fear of being censored or tracked. Private Internet Access and their parent company London Trust Media Inc. are based in the United States which means they do not have to comply with Russian censorship laws.

Private Internet Access decided to no longer do business in the Russian territory as of July 2016 after the company's servers were seized by authorities without due process.
https://www.privateinternetaccess.com/forum/discussion/21779/we-are-removing-our-russian-presence

m32b64

OpenVPN said:

m32b64 said:

From what I have read, it sounds like your VPN or any proxy technology, such as TOR, will likely not work and if it does work, it is because it is being hacked and scrutinized. BE SAFE!  Use multi-factor authentication.

When you read the article I posted above it states that the Russian VPN "ban" doesn't prohibit businesses and individuals from using Virtual Private Networks but instead the law forces companies who are based out of Russia or have servers in Russia to censor content.
Private Internet Access has already stated that they have no intention of censoring their servers whatsoever therefore people living in Russia may still access content without fear of being censored or tracked. Private Internet Access and their parent company London Trust Media Inc. are based in the United States which means they do not have to comply with Russian censorship laws.

Private Internet Access decided to no longer do business in the Russian territory as of July 2016 after the company's servers were seized by authorities without due process.
https://www.privateinternetaccess.com/forum/discussion/21779/we-are-removing-our-russian-presence

Certainly as @OpenVPN points out, PIA and their parent company are based in the United States and that they do not have to comply with Russian censorship laws.

But If you really read the article , the author simply puts, "Russia likely plans to block the domains of VPNs and proxies that don’t comply with Russian authorities to enforce their internet censorship filter. They could accomplish this goal by adding domains such as privateinternetaccess.com to the Unified Register of Prohibited Information – where the domains of over 100 VPN services already sit – and having ISPs, telecoms, and compliant VPN services, block access to the URL." 

nobody

Thanks for all the replies.

Well, what I understood from the article was that Russian authorities will demand that eg. PIA block access to certain sites.  PIA will not comply with any such demand.  Russian authorities will block access to PIA domain.  But if all my internet traffic already runs through PIA before the restrictions come into full effect (kill switch always activated), then can my access  to PIA domain itself still then be blocked?  Can my very use of PIA services already installed and running itself be blocked by Russian authorities?  In worse case scenario, wouldn't I then be able to switch to L2TP connection as recommended for connecting in China?

Whenever I run Tor Browser, it already runs over PIA as I don't connect to the net without PIA already running (don't know how that would affect use of systems like TAILS, Subgraph, though...)

Sorry, I'm about as useful in a tech-savvie environment as a chocolate fireman.

Laws in Russia can tend to seem deliberately vague in order to be open to arbitrary interpretation on the part of the authorities, but one thing that's clear is that half the country are currently at different stages of panic........

Cheers

OpenVPN

nobody said:

Thanks for all the replies.

Well, what I understood from the article was that Russian authorities will demand that eg. PIA block access to certain sites.  PIA will not comply with any such demand.  Russian authorities will block access to PIA domain.  But if all my internet traffic already runs through PIA before the restrictions come into full effect (kill switch always activated), then can my access  to PIA domain itself still then be blocked?  Can my very use of PIA services already installed and running itself be blocked by Russian authorities?  In worse case scenario, wouldn't I then be able to switch to L2TP connection as recommended for connecting in China?

Whenever I run Tor Browser, it already runs over PIA as I don't connect to the net without PIA already running (don't know how that would affect use of systems like TAILS, Subgraph, though...)

Sorry, I'm about as useful in a tech-savvie environment as a chocolate fireman.

Laws in Russia can tend to seem deliberately vague in order to be open to arbitrary interpretation on the part of the authorities, but one thing that's clear is that half the country are currently at different stages of panic........

Cheers

A very effective way of bypassing censorship in an oppressive regime like Russia or even China is to use both a VPN and TOR together. Your connection is going to be slower because you're essentially double hopping your Internet connection.
https://helpdesk.privateinternetaccess.com/hc/en-us/articles/115003785266-Can-I-use-TOR-with-the-Private-Internet-Access-service-

I would recommend using the TOR Network or the Private Internet Access Chrome Proxy extension in conjunction with the VPN desktop application.
The Chrome Proxy extension can be found here: https://www.privateinternetaccess.com/pages/client-support/

Connecting to a Virtual Private Network in China is very difficult at times however there are ways of connecting to a VPN in China some of which less secure than others. China blocks most if not all OpenVPN connections, if this becomes the case you have the option to use L2TP or PPTP (Please keep in mind these are insecure protocols and they should only be used in the event that OpenVPN and IPSec aren't available.)  https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219331768-Is-your-service-usable-in-China-

IOS uses IPSec instead of OpenVPN by default. IPSec is very effective at bypassing firewalls and other forms of censorship on the Internet replace by Governmental agencies but in the event this is no longer the case both IOS and Android devices offer L2TP and PPTP protocols.
https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219332228-Why-does-your-iOS-application-use-IPsec-instead-of-OpenVPN-

If you use Chrome OS instructions are available here: https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219014778-How-can-I-set-up-the-VPN-on-Chromebook-ChromeOS-

m32b64

@nobody, Sorry for delayed response.

As to your question:

"...if all my internet traffic already runs through PIA before the restrictions come into full effect (kill switch always activated), then can my access  to PIA domain itself still then be blocked?"

Sorry to say the answer is Yes. If Your Internet Service Provider can provide, they can also taketh away. That is, if they want to continue to do business, uncensored, in Russia.

Who is your ISP? Are they located in Russia? are they compliant with the authorities blacklist request? 

nobody

m32b64 said:

@nobody, Sorry for delayed response.

As to your question:

"...if all my internet traffic already runs through PIA before the restrictions come into full effect (kill switch always activated), then can my access  to PIA domain itself still then be blocked?"

Sorry to say the answer is Yes. If Your Internet Service Provider can provide, they can also taketh away. That is, if they want to continue to do business, uncensored, in Russia.

Who is your ISP? Are they located in Russia? are they compliant with the authorities blacklist request? 

Thanks.  My ISP is Beeline, so yes, they will be more than happy to comply with the authorities. 

It may then be assumed that if the block is on VPN providers, not users, but the user is dependent on the provider, and the provider can only provide by complying with directives set to the ISP from the authorities (FSB), but the VPN efuse to comply, then the end result is surely the same....the user gets blocked?

If it was only the PIA domain that was being blocked, then I assumed it wouldn't matter as long as the VPN was already up and running, I could continue to use PIA, and even run Tor Browser over it, but if my ISP (Beeline) can actually block the use of my PIA app, then I would have to take less secure options if I still wanted to even have a chance of using the VPN services.

I will likely only know how this will take effect on Nov.1st.  Perhaps ultimately there will be no noticeable effects, or perhaps there will, but as my yearly PIA subscription ends just after that, I'm already wondering if it will be safer to change my payment methods as currently they are via Promsvayzbank (Russian), and I'm concerned that may make payments problematic?

At least being non-native I can ultimately walk away from this madhouse......no offense intended to any good Russians, of which there are still a great many.

m32b64

  @nobody, Wish you well. Please revisit this discussion to keep us updated.

JohnSmith75

iron wall incoming

m32b64

 Don't use the word "Wall". Trump may get ideas.

nobody

There seems to be a bit of doubt that they are even competent enough to pull this off.  It's typical here for those with not much of clue to order those with a bit more of a clue to do what neither group either can, or can even be bothered doing, then everyone just forgets it ever happened.  Once the next Presidential 'election' passes with Der Fuhrer winning 275.6% of the vote from the fifteen-and-a-half people who voted half a dozen times each, it might just disappear.
I'm gonna try to find an 'I'm a Tor User' t-shirt with a great big onion the size of Putin's big, botoxed head emblazoned on the front.

m32b64

nobody said:

There seems to be a bit of doubt that they are even competent enough to pull this off.  It's typical here for those with not much of clue to order those with a bit more of a clue to do what neither group either can, or can even be bothered doing, then everyone just forgets it ever happened.  Once the next Presidential 'election' passes with Der Fuhrer winning 275.6% of the vote from the fifteen-and-a-half people who voted half a dozen times each, it might just disappear.
I'm gonna try to find an 'I'm a Tor User' t-shirt with a great big onion the size of Putin's big, botoxed head emblazoned on the front.

It's one thing to compose a blocklist, it's another thing to design and build the system to implement it.  But, keep in mind that there are programers who were able to hack the U.S.Democratic National Committee's servers. Thanks for the update. Don't give up the fight. I was reading some thing about using two ISPs as a means of avoiding blocks. RESIST comrade !!!

Masashevich

nobody said:

Does anyone know how the latest Russian legislative bill, recently signed by Big Brother, and set to come into full effect from November 1st 2017, regarding the apparent banning or blocking of all VPNs and TOR in Russian Federation, will actually affect the use of PIA in Russian Federation after that date?

Just don't care and relax, it is usual Russian public political crap. No one cares about your personal use of VPN or TOR in Russia, unless you are some sort of political activist and police may just easily raid your home or work place. But that is completely different situation.

Even if PIA website is/was banned in Russia, use some free services from PIA competitors to access website and buy yourself another subscription(if you do not auto renew it). Nothing to worry here, really.

OpenVPN

I don't think that the Russian Government could get away with completely banning the use and operation of Virtual Private Networks from within their country. Employees that work for multinational corporations and even small mom and pop operations use Virtual Private Networks to access the Internet securely when they're doing business both at home and at the office. Privacy is not negotiable it's a basic human right.

m32b64

@OpenVPN,  Quoting the PIA Blog Article that you referred to in a comment above: "The law does not prohibit personal VPN use ..." What I got from the article is that the authorities will be asking owners of VPN services, both commercial (vpns,anonymizers, proxies, etc.) and private (small businesses and corporations) to implement Russia’s internet censorship blacklists for their users. If they don't comply, Russian authorities will likely block their domains by adding them to the blacklists. According to the article it has been reported that some Russian based VPN services have already acquiesced to censoring the same content that ISPs do. The url blacklist is called the Unified Register of Prohibited Information and is already added to the firewalls of each ISP and telecom in Russia as a blocklist.

Privacy may be a "basic human right" but rights can be legislated away, not only in oppressive regimes.  Have you forgotten the recent Internet Privacy Biill passed by the U.S. Senate, allowing ISPs to sell our info

tomeworm

OpenVPN said:

Privacy is not negotiable it's a basic human right.

That's right! Privacy is a basic human right, not a government-regulated privilege! Who are these tyrants to say otherwise?

Oh, wait, wasn't the OP talking about Russia? LOL and never mind.

m32b64

tomeworm said:

OpenVPN said:

Privacy is not negotiable it's a basic human right.

 LOL and never mind.

No laughing matter. Keep this in mind as you enjoy unblocked entertainment websites using PIA, As of July 2017 the Russian government's list of blacklisted websites includes over 70,000 entries

nobody

The Russian authorities are capable of forcing many things if they really feel the desire, though scarier is the fact that they still really do ultimately retain majority support however repressive their actions.  I would also be little surprised if many such things weren't the wet dreams of many an armchair authoritarian politician in many a country.

However, their bark can, at times, be worse than their bite.  I'm hoping this is one of those times.  Even if not, there will be a workaround.

m32b64

@nobody, If, by chance, you are using the Chrome browser or you were to install it, there is an extension Runet Censorship Bypass in the Chrome Web Store that may be your "workaround" ,more about it on the GitHub - Wiki. Also on GitHub, there is a PAC script for Firefox.

GitHub has been the target of censorship from governments using methods ranging from local Internet service provider blocks, intermediary blocking using methods such as DNS hijacking and man-in-the-middle attacks, and denial-of-service attacks on GitHub's servers from countries including China, India, Russia, and Turkey. In all of these cases, GitHub has been eventually unblocked after backlash from users and technology businesses or compliance from GitHub.

If you need help acquiring installation files, I can probably attach them to a private message. 

nobody

m32b64 said:

@nobody, If, by chance, you are using the Chrome browser or you were to install it, there is an extension Runet Censorship Bypass in the Chrome Web Store that may be your "workaround" ,more about it on the GitHub - Wiki. Also on GitHub, there is a PAC script for Firefox.

GitHub has been the target of censorship from governments using methods ranging from local Internet service provider blocks, intermediary blocking using methods such as DNS hijacking and man-in-the-middle attacks, and denial-of-service attacks on GitHub's servers from countries including China, India, Russia, and Turkey. In all of these cases, GitHub has been eventually unblocked after backlash from users and technology businesses or compliance from GitHub.

If you need help acquiring installation files, I can probably attach them to a private message. 

Cheers bud.  I generally only used Firefox, or Tor browser, but installed Chrome on Windows, and Chromium on a couple of linux-installed usb's (Mint & Ubuntu) last week to get the additional use of the PIA app.  Installed the Runet extension on the chrom(ium) browsers as you recommended, cheers for that, and will check out the firefox script you mentioned.  Still primarily hoping my PIA use will ultimately remain unaffected, but would be upset if Tor somehow ended up inoperable as I use it for Tails, Whonix, Qubes, Kodachi and Subgraph OS.
Russian hackers seem to be on the ball...if only they can keep that talent directed towards legitimate targets.
thanks again

m32b64

@nobody,  Glad to help. Let us know how they work for you.

nobody

Nov 1. No change. Time will tell.

tomeworm

nobody said:

Nov 1. No change. Time will tell.

Oppressive regimes tend to move rather slowly, but they seldom just make idle threats. I wouldn't wait around for them to block you entirely. By then it may be too late to take action. Be proactive about it. Hope for the best but plan for the worst.

Given PIA's size, and being as high profile as they are (an inevitable consequence of all their marketing hype) they'll be one of the first vpns to be blacklisted.

Even that aside, PIA simply doesn't have a viable solution for you. Given their lack of technical sophistication they'll be relatively easy for the Russian gov't to block. You'll need something far more robust from a vpn that's developed solutions specifically for folks having to function in oppressive regimes, such as OpenVPN over SSL and OpenVPN over SSH. If it works in China (and it does) then it's likely to work for you in Russia.

It would be bad form to mention a competitor's name here, but if you'd like a recommendation PM me.

OpenVPN

nobody said:

Does anyone know how the latest Russian legislative bill, recently signed by Big Brother, and set to come into full effect from November 1st 2017, regarding the apparent banning or blocking of all VPNs and TOR in Russian Federation, will actually affect the use of PIA in Russian Federation after that date?
I'm a British ex-pat living in Russia for 15 years and have been using PIA for all internet traffic, and TOR, including running TOR over PIA for a couple of years, as pretty much essential in any Orwellian society.
Thanks

nobody said:

Nov 1. No change. Time will tell.

tomeworm said:

nobody said:

Nov 1. No change. Time will tell.

Oppressive regimes tend to move rather slowly, but they seldom just make idle threats. I wouldn't wait around for them to block you entirely. By then it may be too late to take action. Be proactive about it. Hope for the best but plan for the worst.

Given PIA's size, and being as high profile as they are (an inevitable consequence of all their marketing hype) they'll be one of the first vpns to be blacklisted.

Even that aside, PIA simply doesn't have a viable solution for you. Given their lack of technical sophistication they'll be relatively easy for the Russian gov't to block. You'll need something far more robust from a vpn that's developed solutions specifically for folks having to function in oppressive regimes, such as OpenVPN over SSL and OpenVPN over SSH. If it works in China (and it does) then it's likely to work for you in Russia.

It would be bad form to mention a competitor's name here, but if you'd like a recommendation PM me.

 I don’t believe that Russia’s “ban” on Virtual Private Networks will be as aggressive as the Great firewall of China. How this new Internet censorship protocol will be implemented remains to be seen,  it took many years for the Great Firewall of China to be implemented successfully and even now there are still flaws in this firewall which can be exported. The Great Firewall isn’t impenetrable. 
https://www.privateinternetaccess.com/blog/2017/07/russia-vpn-ban-doesnt-forbid-personal-business-use-vpns/

 However, on the very slim chance you experience connection issues you should try connecting with protocol TCP through port 443.  I’ve heard news that this also works in China.  The Encrypted Chrome proxy extension works in China as well.

Max-P

OpenVPN said:

 However, on the very slim chance you experience connection issues you should try connecting with protocol TCP through port 443.  I’ve heard news that this also works in China.  The Encrypted Chrome proxy extension works in China as well.

It's pretty hit or miss unfortunately. OpenVPN is fairly trivial to fingerprint/recognize compared to a normal HTTPS connection: OpenVPN still ultimately operates on individual packets instead of entire streams so it can be fingerprinted relatively easily on packet length alone, while a standard HTTPS request would typically be a burst of data from the client followed by a big stream of full-size packets until the download is finished.

The most reliable solution with PIA in China right now is to use L2TP servers directly by IP. People loves to rave about how preshared keys are bad but they're actually pretty useful for that specific case as the data is encrypted from the first packet: the GFW can't as easily probe it (although it still can, but crypto is always about increasing the difficulty)

OpenVPN

Max-P said:

OpenVPN said:

 However, on the very slim chance you experience connection issues you should try connecting with protocol TCP through port 443.  I’ve heard news that this also works in China.  The Encrypted Chrome proxy extension works in China as well.

It's pretty hit or miss unfortunately. OpenVPN is fairly trivial to fingerprint/recognize compared to a normal HTTPS connection: OpenVPN still ultimately operates on individual packets instead of entire streams so it can be fingerprinted relatively easily on packet length alone, while a standard HTTPS request would typically be a burst of data from the client followed by a big stream of full-size packets until the download is finished.

The most reliable solution with PIA in China right now is to use L2TP servers directly by IP. People loves to rave about how preshared keys are bad but they're actually pretty useful for that specific case as the data is encrypted from the first packet: the GFW can't as easily probe it (although it still can, but crypto is always about increasing the difficulty)

 Thank you for the clarification!   I don’t understand why Apple is assisting the Chinese Government  with their censorship practices by banning VPN applications from the iOS App Store. I don’t know if Google has complied with such an order yet but I don’t think private companies should be helping oppressive regimes censor the Internet.  I figured since HTTPS traffic is much more difficult to block, Connecting to the service with either the desktop software using TCP through 443  or encrypted Chrome proxy extension would be sufficient enough for individuals who are attempting to use the Internet inside oppressive regimes.

[Deleted User]

@OpenVPN

I don’t understand why Apple is assisting the Chinese Government  with [...]

https://www.nytimes.com/2016/12/29/technology/apple-iphone-china-foxconn.html

Follow the money my friend. Follow the money.

Max-P

sn0wmonster said:

Follow the money my friend. Follow the money.

Especially when talking about Apple. They may look like good privacy advocates, but that's mostly because it's good for business.

[Deleted User]

@Max-P I'll keep my conspiracy theories of security and legal theater to a minimum on the forums, but I will say from my experiences companies such as Google, AT&T, Apple, IBM, eBay, Paypal, Microsoft, CISCO, Cloudflare or any other tech service giant don't get to be as big as they are without scratching a few government backs, typically in intelligence communities.

Those relationships are only fruitful if they remain private, so it'd be in their best interests to publicly present the case of an inability to comply with courts. I'm not saying they are all part of a conspiracy, but history has proven that power corrupts and absolute power corrupts absolutely. If PIA ever became as big as AT&T, I'd stop supporting them on those grounds alone.

Whenever I see a tech giant that makes money off of user data talking to the government about their passion for privacy, or politicians talking to the public about how they champion for privacy, this meme comes to mind.