Russia demands access to VPN providers’ servers

The Russian censorship agency Roskomnadzor has ordered 10 VPN service providers to link their servers in Russia to its network in order to stop users from reaching banned sites.

If they fail to comply, their services will be blocked, according to a machine translation of the order.

The 10 VPN  providers are ExpressVPN, HideMyAss!, Hola VPN, IPVanish, Kaspersky Secure Connection NordVPN, OpenVPN, VPN Unlimited and VyprVPN.

In response at least three of the 10 – IPVanish, NordVPN and TorGuardsay – say they are tearing down their servers in Russia but continuing to offer their services to Russian customers if they can reach the providers’ servers located outside of Russia. And at least one provider, Kaspersky, which is based in Moscow, says it will comply with the order. The others could not be reached for this article.

IPVanish characterized the order as another phase of “Russia’s censorship agenda” dating back to 2017 when the government enacted a law forbidding the use of VPNs to access blocked Web sites.

“Up until recently, however, they had done little to enforce such rules,” IPVanish says in its blog.  “These new demands mark a significant escalation.”

The reactions of those not complying are similar. Tor Guard says it has taken steps to remove all its physical servers in Russia, and has wiped clean its servers in St. Petersburg and Moscow. It is also cutting off business with data centers in the region

“We would like to be clear that this removal of servers was a voluntary decision by TorGuard management and no equipment seizure occurred,” TorGuard says in its blog. “We do not store any logs so even if servers were compromised it would be impossible for customer’s data to be exposed.”

TorGuard says it is deploying more servers in adjacent countries to protect fast download speeds for customers in the region.

IPVanish says it has faced similar demands from Russia before and responded similarly. In 2016, a new Russian law required online service providers to store customers’ private data for a year. “In response, we removed all physical server presence in Russia, while still offering Russians encrypted connections via servers outside of Russian borders,” the company says. “That decision was made in accordance with our strict zero-logs policy.”

NordVPN says it’s shutting  down all its Russian servers and all of them will be shredded as of April 1. The company says in a blog that some of its customers who connected to its Russian servers without use of its application will have to reconfigure their devices to insure their security. Those customers using the app won’t have to do anything differently because the option to connect to Russia has been removed.

Kaspersky Labs says it will comply with the Russian order and responded to emailed questions about its reaction with this written response:

“Kaspersky Lab is aware of the new requirements from Russian regulators for VPN providers operating in the country. These requirements oblige VPN providers to restrict access to a number of websites that were listed and prohibited by the Russian Government in the country’s territory. As a responsible company, Kaspersky Lab complies with the laws of all the countries where it operates, including Russia. At the same time, the new requirements don’t affect the main purpose of Kaspersky Secure Connection which protects user privacy and ensures confidentiality and protection against data interception, for example, when using open Wi-Fi networks, making online payments at cafes, airports or hotels. Additionally, the new requirements are relevant to VPN use only in Russian territory and do not concern users in other countries.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.