Almost two years ago, Russian president Vladimir Putin signed a law banning virtual private networks (VPNs) and other tools that could be used to circumvent the country's extensive censorship of the internet.
Featured
However, the Russian authorities haven't done much to enforce the law. Until now.
On Thursday, Russia's online regulator, Roskomnadzor, said it had written to 10 popular VPN services to demand they connect their systems to the watchdog's blacklist of banned websites, so their users are no longer able to view the forbidden content.
They were given 30 days in which to do so, failing which, "Roskomnadzor may decide to restrict access to the VPN service."
The notified services include NordVPN, Hide My Ass, Hola VPN, OpenVPN, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection – the only Russian VPN on the list – and VPN Unlimited. Similar obligations are placed on search-engine operators, including Google, which reportedly started playing ball last month after being hit with a small fine for noncompliance.
SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | Download the PDF version
In response to the request, TorGuard said in a blogpost it had "taken steps to remove all physical server presence in Russia," wiping its Moscow and St Petersburg servers.
"We would like to be clear that this removal of servers was a voluntary decision by TorGuard management and no equipment seizure occurred," it wrote.
"We do not store any logs, so even if servers were compromised it would be impossible for customers' data to be exposed. TorGuard has not disclosed any information to the Russian authorities and our legal team has been notified of this request."
TorGuard apologized for the sudden location removal and said it was rolling out additional servers in neighboring countries to "ensure fast VPN download speeds for everyone in the region."
Because most of the services are not based in Russia, it could make them tricky to ban in an effective way. Roskomnadzor has a spotty record when it comes to blocking services based elsewhere – its haphazard attempt to block the Telegram messaging service springs to mind – though that is perhaps why lawmakers are keen to make the Russian internet (Runet) separable from the wider internet.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Of course, a ban wouldn't be necessary if the VPN providers played ball. But Roskomnadzor may not have much luck on that front – TorGuard isn't the only one that's planning to resist.
"The strong censorship and oppression of the Russian regime was the main reason for us to avoid locating any of our servers inside Russia," said VyprVPN operator Golden Frog in a blogpost.
"Our core mission is to keep the internet open and free, and therefore, we will continue to provide uncensored access to the internet in Russia and around the world. We will not cooperate with the Russian government in their efforts to censor VPN services."
Panama-based NordVPN told a concerned user on Twitter: "Rest assured, compliance is not something that we will consider."
OpenVPN tweeted a link to an article about Roskomnadzor's threat, saying: "OpenVPN is committed to our users and customers by protecting them against cyberthreats and providing secure and private access to their information from anywhere in the world."
More on Russia and the internet
- Russia: No, we don't want to curb online freedoms - we want to protect internet
- Russia to disconnect from the internet as part of a planned test
- Russia: We're suing Facebook, Twitter for snubbing law on storing users' data locally
- Russia: Now everyone who uses a messaging app must be identifiable
- Stop jailing people for likes and memes, says Russia's biggest social network
- Russia: We want volunteers to help us censor the internet
- Russia's 'Big Brother' data law now in force: Kremlin spies are the big winners
- Google, Amazon drawn into Telegram ban as Russia blocks millions of IP addresses
- What chief data officers can learn from Facebook about building better big data security practices TechRepublic
- Wickr may have a workaround for Russia's crackdown on encrypted chat CNET