Russia’s censorship agency, Roskomnadzor, has demanded 10 VPN service providers to link their Russian servers to the network of the agency.
This action aligns with Russia’s efforts to stop citizens from visiting banned websites.
The order said the VPN service providers should link their servers located in Russia by April 26, 2019.
Russian Government’s Demands
The 10 VPN providers mentioned in the recent order are HideMyAss!, IPVanish, ExpressVPN, Kaspersky Secure Connection, Hola VPN, NordVPN, KeepSolid, VyprVPN, OpenVPN and TorGuard.
All of these service providers were ordered to link their servers in Russia to the network of Roskomnadzor, the executive body that heads Russia’s censorship, control and supervision of media and telecommunications.
The reactions and the responses of the service providers who responded to the order were very similar.
Most of the companies have publicly declared their opposition to Russia’s demands, while Moscow-based Kaspersky Lab stated it would comply.
At least half of the providers said they will shut down the servers they have located in Russia.
However, Russian citizens will still have the ability to use the services of these providers, if they can reach the servers placed outside of Russia.
Providers’ Reactions to the Order
VyprVPN’s parent company, Golden Frog, posted its stance in a blog post, which also includes a screenshot of the email it received from Roskomnadzor.
The company stated it doesn’t keep physical servers in Russia because it opposes the strong censorship imposed by the Russian government. As such, they will not agree to the order.
Today, Russia is demanding VPN companies to be complicit with censorship, and we refuse. Read more on our blog, and learn why we don’t keep physical servers in Russia. https://t.co/s9g7J0fJwz
— VyprVPN (@VyprVPN) March 28, 2019
TorGuard also explained they are cutting off business with Russian data centers and they have taken all the necessary steps to remove the physical servers out of the country.
In a blog post, TorGuard stated that the management team made a voluntary decision to remove the servers.
They also added that none of their equipment had been seized, and even if their servers were compromised, it would be impossible to expose customers’ data since they don’t keep usage logs.
IPVanish has also been vocal about their characterization of this order as a phase of “Russia’s censorship-agenda,” referring to the Russian government’s law that forbids the use of VPN services to reach blocked sites. This dates back to 2017.
Similarly, in 2016, IPVanish said they were demanded to store customers’ private data for a year.
Their response was very similar to the latest order; in July 2016 they removed all physical servers from Moscow.
IPVanish still offered encrypted connections and remained a service available for Russian users.
Also read: Google Launches Backstory — A New Cyber Security Tool for Businesses
KeepSolid VPN Unlimited commented that it does not have any servers located in Russia, but it still will not comply with the order.
The company also says it has developed a specific protocol, KeepSolid Wise, which allows use in countries that block VPN services.
Another blow is struck against online freedom. Russia demanded that VPN “hook up” to the Roskomnadzor’s list of banned sites & start complying with said blocks. @vpnunlimited is not going to cooperate with Roscomnadzor & won’t join the Register of blocked resources in Russia. pic.twitter.com/bXoqSmrGMF
— VPN Unlimited (@vpnunlimited) March 29, 2019
ExpressVPN also did not agree to comply with the order. In an email to media, the company’s vice president stated ExpressVPN would never collaborate with the censorship efforts in any country, as a matter of principle.
On NordVPN’s blog, the company stated that it would be shutting down servers located in Russia.
Users who have connected their devices to NordVPN’s Russian servers will have to reconfigure the devices to be secure.
Users of Nord’s app will not have to do anything different as the app’s option to connect to Russia has been removed.
OpenVPN said in a Facebook post that it would not comply with the demand.
Further, the company’s CEO, Francis Dinha, also tweeted a statement opposing the order, noting his personal experience living in a regime under heavy censorship.
I know how it feels to live in #censorship. We cannot and will not comply to this demand. That violates our privacy policy and user agreement; more importantly, it violates our fundamental values of privacy, integrity, and security. @VPNpro https://t.co/g5EozmFTFS #VPN
— Francis Dinha (@FrancisDinha) April 4, 2019
Hola VPN hasn’t yet publicized its position on the order, as there doesn’t appear to be a statement made on its website or social media handles.
HideMyAss! did not give a definitive answer to reporters’ questions about the Russian order, though they did state on Twitter that they’re working to figure out next steps.
It is worth noting here that HideMyAss!’s parent company, Avast, states in its privacy policy that it does process personal data from users in the Russian Federation territory in compliance with the country’s laws.
We confirm we received a request from Roskomnadzor and we are reviewing our next steps. https://t.co/ENGgItPal4
— HideMyAss! (@hidemyass) March 29, 2019
Kaspersky Lab, which is headquartered in Moscow, was the only VPN service provider from the list that said it will comply with the order.
In a written response to media, Kaspersky said the company complies with the laws of the countries where it operates.
Also read: IIS Vulnerability Triggers a Denial-of-Service
Thus, Russia is not an exception. Additionally, it was mentioned that this Russian order does not affect the main purpose and functions of Kaspersky Secure Connection.
Kaspersky added that the Russian government’s requirements do not concern users of other countries, as they are only relevant to VPN users within the Russian territory.
