VPN providers pull Russian servers as Putin's ban threatens to bite

VPN services told to connect their systems to a Russian blacklist of banned websites or face the consequences.

Russia opens case against Facebook and Twitter over data-localization law Facebook and Twitter are in breach of laws requiring personal data to be kept on Russian soil, say the authorities.

Almost two years ago, Russian president Vladimir Putin signed a law banning virtual private networks (VPNs) and other tools that could be used to circumvent the country's extensive censorship of the internet. 

However, the Russian authorities haven't done much to enforce the law. Until now.

On Thursday, Russia's online regulator, Roskomnadzor, said it had written to 10 popular VPN services to demand they connect their systems to the watchdog's blacklist of banned websites, so their users are no longer able to view the forbidden content. 

They were given 30 days in which to do so, failing which, "Roskomnadzor may decide to restrict access to the VPN service."

The notified services include NordVPN, Hide My Ass, Hola VPN, OpenVPN, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection – the only Russian VPN on the list – and VPN Unlimited. Similar obligations are placed on search-engine operators, including Google, which reportedly started playing ball last month after being hit with a small fine for noncompliance.

SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | Download the PDF version

In response to the request, TorGuard said in a blogpost it had "taken steps to remove all physical server presence in Russia," wiping its Moscow and St Petersburg servers. 

"We would like to be clear that this removal of servers was a voluntary decision by TorGuard management and no equipment seizure occurred," it wrote. 

"We do not store any logs, so even if servers were compromised it would be impossible for customers' data to be exposed. TorGuard has not disclosed any information to the Russian authorities and our legal team has been notified of this request."

TorGuard apologized for the sudden location removal and said it was rolling out additional servers in neighboring countries to "ensure fast VPN download speeds for everyone in the region."

Because most of the services are not based in Russia, it could make them tricky to ban in an effective way. Roskomnadzor has a spotty record when it comes to blocking services based elsewhere – its haphazard attempt to block the Telegram messaging service springs to mind – though that is perhaps why lawmakers are keen to make the Russian internet (Runet) separable from the wider internet.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Of course, a ban wouldn't be necessary if the VPN providers played ball. But Roskomnadzor may not have much luck on that front – TorGuard isn't the only one that's planning to resist.

"The strong censorship and oppression of the Russian regime was the main reason for us to avoid locating any of our servers inside Russia," said VyprVPN operator Golden Frog in a blogpost

"Our core mission is to keep the internet open and free, and therefore, we will continue to provide uncensored access to the internet in Russia and around the world. We will not cooperate with the Russian government in their efforts to censor VPN services."

Panama-based NordVPN told a concerned user on Twitter: "Rest assured, compliance is not something that we will consider." 

OpenVPN tweeted a link to an article about Roskomnadzor's threat, saying: "OpenVPN is committed to our users and customers by protecting them against cyberthreats and providing secure and private access to their information from anywhere in the world."

More on Russia and the internet