Slashdot Mirror

← Back to Stories (view on slashdot.org)

VPN Provider Removes Russian Presence After Servers Seized (thestack.com)

Posted by BeauHD on from the master-key dept.

An anonymous reader quotes a report from The Stack: VPN provider Private Internet Access has pulled out of Russia in the wake of new internet surveillance legislation in the country. The company claims that some of its Russian servers were seized by the government as punishment for not complying with the rules, which ask providers to log and hold all Russian internet traffic and session data for up to a year. Upon learning of the federal action, the company immediately removed its Russian availability and announced that it would no longer be operating in the region. "We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process," wrote Private Internet Access in a blog post. The company advises users to update their desktop clients. They also noted that its manual configurations now support the "strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096." Putin has given Federal Security Agents two weeks to produce "encryption keys" for the internet.

43 of 89 comments (clear)

  1. Why? by HagbardCeline6909 · · Score: 1

    Why would you need to ever VPN into a server in Russia anyhow?

    1. Re:Why? by Archfeld · · Score: 2

      Your employer requires it. Some semi responsible employers require a gesture towards security even if they won't spend any real money on it.

      --
      errr....umm...*whooosh* *whoosh* Is this thing on ?
    2. Re:Why? by Anonymous Coward · · Score: 1

      VPNs are useful things. Perhaps you are a multinational company and want to coordinate with other parts of your company. There is almost certainly some kind of VPN protecting that traffic.

      Also, perhaps you are in a country where all internet access is monitored for anti government behavior, well a VPN to a country that doesn't have that is a very useful thing. Hell, you could use a VPN just to access your home network and control that web based camera that you just don't want to put directly on the internet.

    3. Re:Why? by Voyager529 · · Score: 4, Informative

      Because Archfield and the Anonymous Coward missed the point, I submit the following rephrasing...

      Why would a person/company who is using a commercial VPN service actually want their internet traffic to originate from Russia?

      An employer requiring a VPN to the home office? Makes perfect sense, and happens every day. An employer requiring their remote-working employees who are probably working from home (e.g. likely within 50 miles and 10 hops of that office) to connect via Sonicwall NetXtender or Cisco VPN to their front-facing router? Absolutely. However, what possible security could be accomplished by having remote employees use a commercial VPN service to encapsulate traffic making a 50(ish) mile trip or less by making it traverse through Russia before getting to the home office?

      A multinational company having a site-to-site VPN also makes plenty of sense. Even if it's to their office in Russia, it still makes sense, but it's not what Hagbard was referring to, because in that context its from their company, to their company. The question implicitly doesn't apply. If you're in China or Iran and VPNing due to government oppression, doesn't it make a lot more sense to send your traffic through the US or UK or Japan or some other country with less draconian oversight of internet traffic? Actually, that proves the point of the article - the company pulled out of Russia because Russia was implementing that very level of oppression for which a VPN would be needed. Finally, latency alone would be reason enough not to VPN through Russia for remote viewing of a security camera.

      Nobody is asking whether VPNs are useful. The question being asked is whether there's any utility for the endpoint to be in a country that is beginning to require a year's retention on connectivity logs.

    4. Re:Why? by Archfeld · · Score: 2

      Citation ? The US is arguing loudly about who can and does snoop and when it is OK, while most other countries are just doing it quietly in the background. Nearly every country in the EU has been implicated in cooperating with the US, UK, Germany, Australia and France amongst the foremost contributors. The reason it is such a newsworthy item in the US is the fact that the ISP's are privately owned and complain about the government wanting records, while in many countries the ISP's are state sponsored or owned and are already directly connected to the government network.

      --
      errr....umm...*whooosh* *whoosh* Is this thing on ?
    5. Re:Why? by Anonymous Coward · · Score: 1

      Nobody is asking whether VPNs are useful. The question being asked is whether there's any utility for the endpoint to be in a country that is beginning to require a year's retention on connectivity logs.

      If the logs just contained the endpoint and traffic past that point, then it wouldn't hurt much, but obviously if they undo the point of the VPN they are less useful. Still, just for fun here is a few valid uses, if obscure ones. (Certainly your correct that ideally you want to avoid Russian VPNs in most cases.)

      1) If all countries required logs, then someone having a valid need for privacy, or simply wanting it, could, in theory hop through several VPNs, thus requiring a lot more work to get at the real source. Of course, it is likely not too hard to identify that kind of thing and ban it. Realistically though, I hope we never reach this point. Certainly there is no need to do so now, afaik.

      2) An outside observer could use the VPN to study the differences between what is available inside the new russian firewall and what is available outside.

      3) Does russia have a netflix?

      4) Various organisations may want some IPs inside russia to make it easier to attack russian organisations. (Okay that is not a good reason, and easily IP banned anyway..)

      5) Just because russia wants it all logged, doesn't mean they actually care about all of it. While far from ideal, it may be better than say having the traffic originate in one's native country if one's native country is actively trying to ruthlessly crush everyone wanting a democratic government. Of course, one would want to use a non crippled VPN provider if you could, but doing so might draw a different kind of attention. The VPN traffic may be encrypted, but that your talking to a VPN certainly is not.

    6. Re:Why? by Archfeld · · Score: 2

      I see your point now, and I have to agree. Point to point VPN for work is a requirement but if I was looking for an environment to VPN my private traffic, Russia would not be my choice either.
      Not to be pedantic my nick is archFELD no field involved. Thanks for the correction/information in any case.

      --
      errr....umm...*whooosh* *whoosh* Is this thing on ?
    7. Re:Why? by Anonymous Coward · · Score: 2, Interesting

      I find it a great jump point for many other regions of Europe, my own country (Australia) has insane intrusive internet monitoring laws and I would much prefer a country like Russia sees what I am accessing as they are far less likely to do something about it whereas western world is very much all joined human centipede style.

    8. Re:Why? by bloodhawk · · Score: 4, Informative

      Russia is one of the countries I regularly choose to send my traffic through. Good internet infrastructure and bandwidth with fast connectivity to much of europe. Absolutely ZERO legal agreements between countries like US, UK etc so far less chance of them sharing your browsing habids with others and those that they would share it with would not give a shit about me.

    9. Re:Why? by EzInKy · · Score: 2, Insightful

      You provided the citation. Any body that argues over "Freedom Of Speech" is looking to restrict "Freedom Of Speech".

      --
      Time is what keeps everything from happening all at once.
    10. Re:Why? by SuricouRaven · · Score: 1

      There are lots of people who think The Man is out to get them. Sometimes they are right - political activists and outright criminals. Sometimes they are just paranoids who think Obama is plotting to take their guns so the UN can invade and force their children to be gay. Either way, they don't really care where their traffic seems to come from, so long as it can't be traced back to them.

    11. Re:Why? by ruir · · Score: 3, Informative

      In that point I agree with bloodhawk. Russia and even China products have the inherent advantage of not collaborating with our governments.

    12. Re:Why? by Gumbercules!! · · Score: 2

      Because it's cheaper to buy a game on Steam if Steam thinks you're in Russia (really).

    13. Re:Why? by bloodhawk · · Score: 1

      exactly, the enemy of my enemy is my friend. In this case the enemy is the intrusive privacy invasion our governments wish to impose on us. I have nothing interesting for them to monitor, I am not a criminal, not a terrorist, I don't browse kiddie porn and I really am not concerned with pirating shit. But I completely and totally object to them monitoring me to verify this, if they want to do that then get a court order with a valid reason and I will happy give them access to verify they are wrong, until then they can fuck off and I will happily let places like Russia monitor me as they won't share with my government and at least I can feel that they are doing it with my permission.

    14. Re:Why? by Zontar_Thing_From_Ve · · Score: 2

      Russia is one of the countries I regularly choose to send my traffic through. Good internet infrastructure and bandwidth with fast connectivity to much of europe. Absolutely ZERO legal agreements between countries like US, UK etc so far less chance of them sharing your browsing habids with others and those that they would share it with would not give a shit about me.

      This. A person I know has sometimes used his Bit Torrent client through a VPN going through Russia for the same reasons.

    15. Re:Why? by temcat · · Score: 1

      To listen to Yandex.Music for free.

    16. Re:Why? by AmiMoJo · · Score: 2

      Also, Russia has cheaper games, but they can only be activated from IP addresses in Russia. Some people use a VPN to bypass region lock-outs on cheaper products.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Re: When in Rome by Anonymous Coward · · Score: 2

    Obey every law without question. Civil disobedience is violence. Do not test us.

  3. Re: When in Rome by Anonymous Coward · · Score: 2, Funny

    Obey every law without question. Civil disobedience is violence. Do not test us.

    You go on and try that in Putin's Russia. Let me know how it works out for you, K?

  4. Re:When in Rome by Anonymous Coward · · Score: 3, Insightful

    Are we honestly going to pretend that an American VPN provider is secure and does not do exactly what they're told by American authorities?

  5. Re:When in Rome by Anonymous Coward · · Score: 1

    Russia is quite capable of destroying itself without any outside help. Any problem, large or small, is always blamed on the US. If the economy tanks in the US how many US citizens blame Russia? It's a good strategy on Russia's part because they know it's gives them a pass on anything they do. Russia invades a sovereign country and all you hear is that the US does it and that's the end of the debate. Russia blows up a few hospitals in Syria and all you hear is that the US does it and that's the end of the debate. Russia routinely invades other countries airspace and all you hear is that the US does it and that's the end of the debate. Russia provides anti-aircraft weapons and they get used to blow up a civilian jet and all you hear is that the US does it and that's the end of the debate. Russia passes a law requiring back doors to any encrypted devices and data traffic and all you hear is that the US does it and that's the end of the debate. Except in this case there is no such law in the US but that doesn't matter because after all the other accusations and false equivalencies the slow witted have already been indoctrinated to the Russian party line. There are only two countries in the world that are responsible for every wrong in the world and that is the US and Israel. Everyone else gets a free pass.

  6. Re:putin making demands by bloodhawk · · Score: 2, Interesting

    you mean the same demands that US/UK/AU governments etc are making? They aren't the first to push for this, nor will they be the last.

  7. Re: When in Rome by bloodhawk · · Score: 4, Insightful

    Obey every law without question.

    When you are a COMPANY yes. A company doesn't have a right to civil disobedience. A company may challenge the law in courts it cannot and SHOULD NOT choose which laws to follow.

  8. This makes it official by mnemotronic · · Score: 2

    IOT now stands for Internet Of Thugs.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  9. Re: When in Rome by mnemotronic · · Score: 1, Interesting

    Russia is a gas station. Want to see them implode? Stop buying their product.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  10. Vlad, the Internet Impaler by roman_mir · · Score: 1

    Vlad, the Internet Impaler - this was my original comment on the Putin Gives Federal Security Agents Two Weeks To Produce 'Encryption Keys' For The Internet story. I got 'flamebait' moderation on that one :)

    I want to see how deep does the rabbit hole go...

    Putin and his very small hands... He wants 'the Internet encryption keys' in his small hands.

    OK, so that is funny. But consider that in the last year Putin increased the police force by a large number in Russia and he signed a law that would require the country to build him his own 'national guard', everybody sees it the same way: he is scared of a coup and he wants his own army around him at all times. Him and his small hands, he is scared to be overthrown and as a KGB operative he knows that he can be overthrown and he decides he needs a couple hundred thousand body guards.

    This move against encryption of all sorts is based on the same fear. He is scared of everything, scared he will not find out about a gathering of people somewhere and won't jail them in time before they make it to any news that still exists (and journalism is the most dangerous activity in that country, journalists murdered and beaten by the government). He is afraid to end up in the same way Quadaffi and Hussein ended up in. He should be scared, people are very tired of him. The majority of people in Russia wouldn't move a finger to get ridbof him, but it doesn't take a majority, only a few determined people and that is what he is afraid of most.

    Needless to say there are other business interests that are government owned and that would love to have access to all communications that would prevent any competition against them.

    Also FSB has their google like search servers installed at every ISP and every communications company in Russia, searching for stuff and recording what matches specific parameters, but the new law also imposes an obligation to all communications companoes to record all traffic and all communications for a minimum of 6 months.

    The companies are saying this will cost them billions and will cause rate hikes, the government officials are replying that is nonsense, it will cost nothing and any rate hike because of it would be a money grab. Right, because it costs nothing to record 6 months of internet traffic.

    As to this requirement to the FSB to get all of the encryption keys, I wonder who Putin wants to fire 2 weeks from now, because it sounds like an old Russian fairy tale of a tsar telling his servant to go some place that cannot ne found and to get him something that does not exist and if he fails to deliver his head is coming off...

    --
    You can't handle the truth.
  11. Re:putin making demands by wierd_w · · Score: 1

    dandy donald wont get his fat fingers on my key either. even if he asks really nice.

  12. Re: When in Rome by Tough+Love · · Score: 1

    A company doesn't have a right to civil disobedience.

    [citation needed]

    --
    When all you have is a hammer, every problem starts to look like a thumb.
  13. Re: When in Rome by Aereus · · Score: 2

    They don't agree with the law so they stopped doing business there. Where is the problem with that? The nature of their business demands not operating there while a theoretical petition is filed.

  14. Re: When in London by Anonymous Coward · · Score: 1

    The same mass surveillance laws are being rolled out in the UK too. Theresa May's snoopers charter, (our new unelected Prime Minister).

    There's zero difference between what Putin is doing spying on everyone, and what Theresa is doing spying on everyone.

    Putin has his elite group, protected from it, Theresa has MPs, in an elite group not subject to the surveillance, except they are really. If ever they flagged which IPs are MPs IP, GCHQ and NSA will be watching those addresses particularly closely.

    All leaders 'elected' in fake or dubious circumstances are doing exactly the same thing.

  15. You make no sense by Archfeld · · Score: 2

    So discussion of an issue is equal to opposition of an issue ? Quit trying to cryptic and cool and deal with reality. Any society that purports to be free MUST have room for argument, debate, and a wide variety of ideas of what is correct and what isn't. But you appear to only see black and white, your way or nothing. All I did was express an opinion, which you declared as wrong and proved yourself as a narrow minded fool.

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
  16. Re:I can understand removing the servers. by Voyager529 · · Score: 3, Informative

    But couldn't they still offer a VPN client that connects to a server outside the country with a "dynamic" IP of sorts to keep it from from being blocked by the ISP? [snip] We need some good news, and we just aren't getting any yet.

    They do. That is the good news. Here's the summary...

    Private Internet Access owns about 3,000 servers in 34 countries. You pay $7/month, and you set up a PPTP/IPSEC/OpenVPN client with the credentials they specify. When you log into your account on their website, you can pick which country you want your data to be originating from, and that is your endpoint. If they have a server in France, then your traffic is VPN'd from your computer to their servers in France. If you connect to their VPN and then head over to IPChicken, you'll see a French IP address from the block of IPs they own from that region. If tomorrow you want your traffic to come from Kansas, you pick your server there, and your IPChicken will reflect that IP instead. Meanwhile, those IPs are used by dozens of other users, so it's neigh impossible to tell exactly which user was responsible for a given piece of traffic...unless you explicitly configure those server to log which users were logged in and sent what traffic where, which is what Russia is looking for.

  17. Certificates by Chewbacon · · Score: 3, Interesting

    They also yanked all certificates (or will soon). Customers will have to download the new ones if they use OpenVPN or something of the like.

    --
    Chewbacon
    The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
  18. Re: When in Rome by Anonymous Coward · · Score: 1

    A company is a person.

    In America.

    Thanks to a spelling checker changing the law.

  19. Re:putin making demands by Dog-Cow · · Score: 2

    Really? Show me one article about, or even better yet -- an official letter sent to a company executive, from the US government asking for encryption keys that will allow decryption of any data the company handles.

    I won't hold my breath while I wait, but I certainly hope you do while you're looking.

  20. Re: When in Rome by bloodhawk · · Score: 1

    various definitions, but they all revolve around the right of an individual or group of individuals or a citizen.
    http://legal-dictionary.thefre...
    https://en.wikipedia.org/wiki/...

    "Civil disobedience is usually defined as pertaining to a citizen's relation to the state and its laws, as distinguished from a constitutional impasse in which two public agencies, especially two equally sovereign branches of government, conflict. For instance, if the head of government of a country were to refuse to enforce a decision of that country's highest court, it would not be civil disobedience, since the head of government would be acting in her or his capacity as public official rather than private citizen"

  21. Re:When in Rome by Anonymous Coward · · Score: 2, Insightful

    Generally, you are right. For a very extended meaning of "laws". In Russia, it means bribing administrative clerks, doing favor to "politicians" and always being ready to surrender your business to someone with power. Doing business in Russia means being forced to break both Russian written laws and your domestic laws (if you are foreigner and your domestic laws apply, and for US or EU citizens a lot of them DO apply).

    So when you cannot comply, you close.

  22. Re:When in Rome by nitehawk214 · · Score: 1

    "log all traffic" Do you think any site that gets more than a few dozen hits is going to be able to do that?

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
  23. Re:putin making demands by rtb61 · · Score: 1

    Reality is they had no choice but to pull out. Basically what will happen is selected foreign companies, suspect companies (suspected of passing info to the North American Territorial Occupation farce) will be targeted for the most onerous requirements and they will be forced to operate at a loss or shut down and pull out from Russia (also not to forget, foreign companies competing against insider Russian companies). So the laws are purposefully tough and have been purposefully written so as to be legally selectively applied, not all companies have to adhere with the laws, unless they have been instructed by Russian regulatory authorities to do so. If they refuse once they have been directed to do so, wham, bye, bye servers, and then of course bye, bye, Russia as they are forced to leave or go bankrupt trying to stay or operate at a lost funded by a foreign government and be extremely suspect. Want to blame anyone blame the NSA because that is who they are kicking out and any suspect foreign corporations they can be in the slightest way, associated with them. Much like patent trolls, they will start with small companies and with precedence set, work their way up to larger companies. In light of the NSA's criminal foreign activities, a sound response. More countries will follow suit, seeking similar selective laws, to shut down foreign internet companies. The US government was really dumb waffling on about fighting a cyberwar on the internet. This is the direct result of that stupidity and it will get worse.

    --
    Chaos - everything, everywhere, everywhen
  24. Re: When in Rome by Tough+Love · · Score: 1

    Of course you are aware that legally a corporation is a person?

    --
    When all you have is a hammer, every problem starts to look like a thumb.
  25. Re:When in Rome by unencode200x · · Score: 1

    I believe they're London-based. Same concern applies, perhaps more so in the UK.

    --

    Chance favors the prepared mind.
    Perfect is the enemy of good.
  26. Re:putin making demands by kaatochacha · · Score: 1

    God. Just hand him some random key string, and when he complains that it doesn't work say "you're doing it wrong."

  27. So... by armand.winter · · Score: 1

    What does Edward Snowden have to say about this?