Slashdot Mirror
VPN Provider Removes Russian Presence After Servers Seized (thestack.com)
An anonymous reader quotes a report from The Stack: VPN provider Private Internet Access has pulled out of Russia in the wake of new internet surveillance legislation in the country. The company claims that some of its Russian servers were seized by the government as punishment for not complying with the rules, which ask providers to log and hold all Russian internet traffic and session data for up to a year. Upon learning of the federal action, the company immediately removed its Russian availability and announced that it would no longer be operating in the region. "We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process," wrote Private Internet Access in a blog post. The company advises users to update their desktop clients. They also noted that its manual configurations now support the "strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096." Putin has given Federal Security Agents two weeks to produce "encryption keys" for the internet.
Because Archfield and the Anonymous Coward missed the point, I submit the following rephrasing...
Why would a person/company who is using a commercial VPN service actually want their internet traffic to originate from Russia?
An employer requiring a VPN to the home office? Makes perfect sense, and happens every day. An employer requiring their remote-working employees who are probably working from home (e.g. likely within 50 miles and 10 hops of that office) to connect via Sonicwall NetXtender or Cisco VPN to their front-facing router? Absolutely. However, what possible security could be accomplished by having remote employees use a commercial VPN service to encapsulate traffic making a 50(ish) mile trip or less by making it traverse through Russia before getting to the home office?
A multinational company having a site-to-site VPN also makes plenty of sense. Even if it's to their office in Russia, it still makes sense, but it's not what Hagbard was referring to, because in that context its from their company, to their company. The question implicitly doesn't apply. If you're in China or Iran and VPNing due to government oppression, doesn't it make a lot more sense to send your traffic through the US or UK or Japan or some other country with less draconian oversight of internet traffic? Actually, that proves the point of the article - the company pulled out of Russia because Russia was implementing that very level of oppression for which a VPN would be needed. Finally, latency alone would be reason enough not to VPN through Russia for remote viewing of a security camera.
Nobody is asking whether VPNs are useful. The question being asked is whether there's any utility for the endpoint to be in a country that is beginning to require a year's retention on connectivity logs.
Russia is one of the countries I regularly choose to send my traffic through. Good internet infrastructure and bandwidth with fast connectivity to much of europe. Absolutely ZERO legal agreements between countries like US, UK etc so far less chance of them sharing your browsing habids with others and those that they would share it with would not give a shit about me.
But couldn't they still offer a VPN client that connects to a server outside the country with a "dynamic" IP of sorts to keep it from from being blocked by the ISP? [snip] We need some good news, and we just aren't getting any yet.
They do. That is the good news. Here's the summary...
Private Internet Access owns about 3,000 servers in 34 countries. You pay $7/month, and you set up a PPTP/IPSEC/OpenVPN client with the credentials they specify. When you log into your account on their website, you can pick which country you want your data to be originating from, and that is your endpoint. If they have a server in France, then your traffic is VPN'd from your computer to their servers in France. If you connect to their VPN and then head over to IPChicken, you'll see a French IP address from the block of IPs they own from that region. If tomorrow you want your traffic to come from Kansas, you pick your server there, and your IPChicken will reflect that IP instead. Meanwhile, those IPs are used by dozens of other users, so it's neigh impossible to tell exactly which user was responsible for a given piece of traffic...unless you explicitly configure those server to log which users were logged in and sent what traffic where, which is what Russia is looking for.
In that point I agree with bloodhawk. Russia and even China products have the inherent advantage of not collaborating with our governments.