
Putin signs law that prohibits technology providing access to banned websites - petethomas
http://www.reuters.com/article/us-russia-internet-idUSKBN1AF0QI
======
CommanderData
Waiting for the "can't stop me using VPNs L0Lz" comments..

VPN use for a free and open Internet is abnormal - not a long term solution to
issues like censorship.

They're already out of reach for normal users. Companies will offer better
ways to block or detect usage for lucrative gov contracts. Simply making it
illegal will detour most people.

I don't understand why VPN crackdown is thought to be impossible. ISPs have a
good idea of what normal traffic looks like and a very good map of the
Internet. The Internet may be big. To an ISP, is it really that big? Netflix,
Google, YouTube, Dropbox etc are normal. Your companies VPN IP are normal.

That's unusual! Open connection to a DNS port? sending large amounts of data?
its encrypted? No one has accessed that digital ocean IP before on this
network! Lets throttle, interrupt it periodically or flag that user. Someone
else sending large amounts data to a known VPN IP range? block, throttle,
close connection, police knock on door etc.

policy change, not more VPNs.

~~~
Kenji
Exactly. It baffles me how people think political problems can be solved with
technological workarounds. What's next, being gay is illegal again so "just
hide your relationship lulz"? Sometimes, I feel like a part of the crowd here
is like a bunch of toddlers who try to work around some rules the parents made
and feel clever at the same time.

~~~
iovrthoughtthis
A responce to this by a barrister friend of mine. Re-phrased because I don't
remember it verbatim:

"We've only been trying technological solutions for the past hundred years and
look at what they've achieved. We've been trying political solutions for
thousands of years."

Though, I agree that we need to be aware of the limitations we and our systems
impose on technical solutions. That said, perhaps we should play to our
strengths?

~~~
ernst_klim
>We've only been trying technological solutions for the past hundred years and
look at what they've achieved

Holocaust, Nazi Science, Atomic bombs, Stalin's industrialization, mass
surveillance, cold war? Man, 20-th century was such a mess, technology only
made that mess more messy, and good stuff was achieved by political
discussion, dialog, not because of new technologies (although technologies
makes both dialog and murdering much easier)

------
int_19h
The bigger news, IMO, is that Putin also signed the messenger law. To remind,
this demands that all IM services that operate in Russia must provide
technical means to de-anonymize the users, by linking their accounts to a
phone number, a service contract number where the contract has identifying
information, or other similar scheme. They're also required to be able to
block any materials censored in Russia. If these are not complied with, the
regulatory agency can block the service entirely.

~~~
codedokode
Mesengers are also required to block information that is being spreaded in a
violation of russian laws.

------
iamben
This article is very light on the details, but the fact that someone has
actually gone ahead and done this will mean other leaders / politicians will
now be thinking - "oh right, this is actually something we may be able to do."

Another few feet down that slippery slope.

~~~
dabber
> _the fact that someone has actually gone ahead and done this[...]_

Well it's not exactly a novel idea. China, North Korea, Iran, Iraq, Oman,
Turkey and others have implemented bans or heavy restrictions for quite some
time now.

~~~
Spooky23
I'm sure it's coming to the US to ensure that subscribers aren't avoiding ISP
rate limits.

~~~
strictnein
First, no, this isn't coming to the US.

Second, this doesn't make any sense. How would you avoid rate limits by using
a VPN?

The ISP is still sending and receiving all of that data for you.

~~~
ac29
Step 1) Rate limit high bandwidth use sites to discourage use

Step 2) Block VPNs to prevent circumvention of your rate limts

Step 3) Profit?

I don't see this happening, but I think that's what the comment you were
responding to is suggesting.

~~~
toomanybeersies
Why not just rate limit VPNs?

~~~
toyg
You are not thinking politically enough.

If I rate-limit VPN outright, I'm an ugly dictator bent on destroying privacy.

If I rate-limit popular bandwidth-intensive traffic, I'm just a guy trying to
keep network usage fair for every user. If that involves limiting VPNs as
well, they are simply collateral damage, the end justifies the means, and I'm
still a good guy.

------
woodandsteel
This is hardly surprising. Putin is an autocrat who wants to become a full-
scale, ruler-for-life dictator. And so to achieve that end he has been
steadily chipping away at freedoms and human rights.

~~~
c-smile
For the brevity: "the law, already approved by the Duma, the lower house of
parliament" so it is a collective decision of Russian lawmakers.

~~~
nmbr213
Meh, their collective decision is to follow Putin's orders. Gosduma's sessions
are streamed online but they still don't give a fuck and play games on
smartphones, read newspapers, chat and even don't show up at all so others
have to vote for them[1]. No wonder most those draconian laws are passed with
90%+ approval.

[1]
[https://www.youtube.com/watch?v=Usmji_xRe0U](https://www.youtube.com/watch?v=Usmji_xRe0U)

------
kytwb
Everytime I read posts about VPNs and ban attempts, I can't resist to link to
the Streisand project:
[https://github.com/jlund/streisand](https://github.com/jlund/streisand). Used
that when there were crackdowns on VPNs (Astrill, Express, etc.) while I was
living in China and it never disappointed.

------
Spivak
Duh? If it's forbidden to access certain websites in a country then logically
so is any service that enables such access.

VPN services can't exactly hide behind being an impartial carrier since they
sell themselves as tools precisely for circumventing censorship, tracking,
region locking, and providing anonymity.

I've said it before and I'll keep saying it, this is a political problem that
can't be solved through more tunnels.

~~~
lgierth
> VPN services can't exactly hide behind being an impartial carrier since they
> sell themselves as tools precisely for circumventing censorship, tracking,
> region locking, and providing anonymity.

I really wish some VPN providers would try advertising themselves as desirable
technical solutions to the technical shortcomings of many ISPs -- e.g. my ISP
here doesn't give me native IPv6, and has a crappy last mile. OpenVPN-over-UDP
helps with both.

VPNs can also simply protect against attacks on public networks in e.g. cafes,
libraries, airports.

> this is a political problem that can't be solved through more tunnels

Yes, but they help in that they increase people's headroom for informing and
acting.

~~~
lgierth
> VPNs can also simply protect against attacks on public networks in e.g.
> cafes, libraries, airports.

To expand on that, you could argue this for any network, even home and company
networks -- who knows which of the many windows computers and android phones
of my colleagues/family are bots?

~~~
gruez
Not really against remote code execution type exploits, more like
password/session stealing attacks.

------
TazeTSchnitzel
“The strictness of Russian laws is compensated by the optionality of
compliance.”

~~~
nmbr213
Every time Gosduma passes some law restricting citizen's freedom for the sake
of security we have morons bleating "Don't worry, guys, the strictness of
Russian laws is compensated by the optionality of compliance".

Yet in the past few years we had hundreds of people jailed and/or fined for
the content they posted on social media or even for reposts and likes. Yet the
morons do not learn. Can't wait for Yarovaya's law to come in full effect.

------
ilaksh
I do not make political comments because it seems unsafe. So I am not
commenting about Russia here or any other country.

[https://www.reddit.com/r/darknetplan/](https://www.reddit.com/r/darknetplan/)
and
[https://www.reddit.com/r/Rad_Decentralization/](https://www.reddit.com/r/Rad_Decentralization/)
may be interesting from a purely technical perspective.

------
vbezhenar
The important thing is that people are not charged in crime if they try to
circumvent the bans. So it's still race in technology field. They'll ban VPNs,
we will find ways to hide our VPNs. As long as regular user won't be
prosecuted for trying to access prohibited information, those laws doesn't
matter much IMO.

------
usaphp
Link to official document:
[http://publication.pravo.gov.ru/Document/View/00012017073000...](http://publication.pravo.gov.ru/Document/View/0001201707300002?index=0&rangeSize=1)

------
codezero
I'm really curious how this affects HN users in Russia now. Is this a concern
for you all? Or is it just a blip? Do you think it affects your less technical
friends and family in any way?

------
nmbr213
Funny thing: two month ago, when Ukraine blocked access to Mail.ru Group's
(which is owned by Kremlin linked bussinessman Usmanov) websites (Vkontakte,
Odnoklassniki, russian 4chan (sort of)), state-owned TV ran a couple of
infomertials teaching people how to bypass blocks using VPNs and anonymyzers.

------
korkota
The important part of this news has been omitted. FSB will monitor compliance
with the law.

------
shmerl
All the more farcical was his recent claim in Q&A session with school
students, that Russia has no Internet censorship.

------
petre
What if I use a VPN to access my company's network?

~~~
aleksi
That case is explicitly allowed by this law.

~~~
Theodores
So much like China then. Fine for email getting through on
all@internationalcompany.com from the Chinese office, just an added hassle for
the IT department to setup.

------
gist
Wondering if this document essentially states that a Socks 5 proxy is banned
for the same reasons.

~~~
Elhana
If you start advertising it as a way to bypass blacklist and open it to the
world, it will probably get banned.

------
jageen
Is it also means that no tor-browsing, No wikileaks from Russia ?

Did this affect to ransomware collector too?

------
Fjolsvith
Wow, sounds like he doesn't like net neutrality either.

------
bedros
what are they going to ban next https?

------
erikj
I don't think it's possible to reliably enforce this ban.

~~~
lgierth
We need something that tunnels over HTTPS/Websockets, and utilizes domain
fronting [1] with e.g. Google Cloud or Azure. Ideally it'd also work over
WebRTC in unreliable mode, but I'm not sure that works with domain fronting.

[1]
[https://bamsoftware.com/papers/fronting/](https://bamsoftware.com/papers/fronting/)

// edit: why the downvotes?

~~~
jerheinze
> We need something that tunnels over HTTPS/Websockets, and utilizes domain
> fronting [1] with e.g. Google Cloud or Azure. Ideally it'd also work over
> WebRTC in unreliable mode, but I'm not sure that works with domain fronting.

The Tor Browser already comes with the meek transport[1] that uses domain
fronting, one with Amazon and the other with Azure. There's also a recent PT
titled snowflake[2], that uses WebRTC to connect to short lived proxies that
people can make by just running some JS code in their browser, it's currently
available in the alpha builds for Linux and Mac.

Note that meek is expensive, and the Tor Project pays for each byte. It should
only be used when no other PT works.

[1] :
[https://trac.torproject.org/projects/tor/wiki/doc/meek](https://trac.torproject.org/projects/tor/wiki/doc/meek)

[2] :
[https://trac.torproject.org/projects/tor/wiki/doc/Snowflake](https://trac.torproject.org/projects/tor/wiki/doc/Snowflake)

~~~
int_19h
The problem is that any website that allows domain fronting is itself illegal
under this new law, and can be blocked on those grounds.

~~~
lgierth
The idea of domain fronting though is that the fronting website is "expensive"
to block that the censor won't do it.

As with everything else, this isn't a 100% technical solution, it has a
political component of how expensive the fronting website is to block.

~~~
codedokode
Many users in Russia use russian social network (Vkontakte), russian email
services and russian search engine (Yandex). There is also popular dating
service (Badoo). So Google and Facebook can be blocked without causing much
trouble. But there is no good replacement for Youtube and Android Store (yet).

