On Friday the state Duma adopted in final reading a bill prohibiting Russia’s decision to bypass the lock, under the action of which fall including anonymizers, VPNs and Tor. In case of refusal of such services to block access to banned content they will be blocked by Roskomnadzor. If approved by the Federation Council and President Vladimir Putin, the law will come into force on 1 November 2017.
That will block
The new law imposes a ban on the use of information systems and software to gain access to Internet resources blocked by Russia, writes The Village. Under the law does not only proxy and VPN services, but and anonymous networks like Tor and I2P. In addition, the document prohibits search engines like Google and “Yandex” to divulge the blocked resources.
However, this list available to resource limitation does not end because sites that host information about the means of bypassing of locks is non-uniform. These include any resources with lists of VPN services and even the app stores including App Store and Google Play. Under the ban can get and software platforms like operating systems and their technical portals, such as portal Microsoft support describing setup of VPN with different versions of Windows.
Perhaps the limitation of all popular browsers that offer built-in ways to bypass locks. Similar options are in different options available in Opera, Chrome or Safari. A list of VPN services and instructions for configuring them are also distributed on social networks and instant messengers.
While the law provides an exception for private VPN companies, if the funds are available only to employees. According to experts, the inability to separate the VPN used for commercial purposes, a VPN used to bypass locks.
How to block
Anonymizers and VPN services you can block in two ways — by IP address or traffic type. In the case of using the first technology, already tested in Russia, Roskomnadzor will make in the register all domain names and IP addresses of the official websites of the VPN services where you can purchase the product. Also the IP you can block public Tor servers to which users connect.
To use a second technology must be installed on all network operators, of DPI equipment for deep traffic analysis, which is able to identify VPN traffic and to distinguish it from otherwise encrypted HTTPS traffic. DPI equipment is quite expensive, so given the large number of operators in Russia to use this technology will have to spend a lot of time and money. This method has already been tested in China, where there is a constant arms race between the authorities and developers.
What do the users
The experience of Asian countries like China, where since 2003 a system of filtering content of “Golden shield”, shows that the restricting means to bypass the Internet lock does not allow to restrict user access to the VPN services, the output nodes of the Tor and other means of proxying traffic.
Customers of VPN services before the introduction of DPI equipment will not notice any changes for yourself. Unlike websites software distributions, he VPN to block is extremely difficult, which will require deep insight into the principles of each of the individual services and the structure of the network. In addition, a VPN service can quickly restructure the network and all will need to do it again. The restructuring procedure can be automated — in this case, the VPN provider can create new IP addresses at least every minute. For users it will appear as an automatic update of extensions.
Now in the world many VPN services, and there are always new. Competition in the VPN market is quite high, and block all means to bypass in a short time is impossible. Besides all of the installation files of VPN apps users will be able to get on the forums, via email or messengers. According to the head “Roskomsnab” Artem Kozluca, 80-90% of services remain affordable for the Russians.
In addition, will remain and will probably develop the possibility of using a double VPN when a user connects to the server in one country (e.g. Canada), and from there to the server in another (e.g. in Norway). Then, the ultimate, the Norwegian service treats the user as a Russian canadian, and will not apply a lock from the list of Roskomnadzor, even if both the VPN service will be fulfilled by Russian law.
Another option is to set up your own VPN on a rented place in the foreign hosting. And some mobile devices such as smartphones on Android, there is built-in VPN function, and in the case of pre-installed software to block any VPN resource is simply impossible. In addition, as previously noted, the lockout will officially be allowed to bypass the corporate VPN, used by employees of companies.
As for Tor, the network, in addition to the public key list, is a continually updated list of servers, through which you can gain access to the desired sites. In the case of blocking of public Tor nodes to connect to the network and access forbidden sites, you can use bridges, which are specially invented to bypass the lock with the help of hidden relays. Users can use the browser’s native options of bridges or get a new address.
