
Russia Bans 1.8M Amazon and Google IPs in Attempt to Block Telegram - campuscodi
https://www.bleepingcomputer.com/news/government/russia-bans-18-million-amazon-and-google-ips-in-attempt-to-block-telegram/
======
petercooper
The founder of Telegram has just put this in his public Telegram channel -
[https://t.me/durov](https://t.me/durov):

"For the last 24 hours Telegram has been under a ban by internet providers in
Russia. The reason was our refusal to provide encryption keys to Russian
security agencies. For us, this was an easy decision. We promised our users
100% privacy and would rather cease to exist than violate this promise.

Despite the ban, we haven’t seen a significant drop in user engagement so far,
since Russians tend to bypass the ban with VPNs and proxies. We also have been
relying on third-party cloud services to remain partly available for the rest
of our users.

Thank you for your support and loyalty, Russian users of Telegram. Thank you,
Apple, Google, Amazon, Microsoft – for not taking part in political
censorship.

Russia accounts for ~7% of the Telegram user base, and even if we lose that
entire market, Telegram’s organic growth in other regions will compensate for
this loss within a couple of months. However, it is personally important for
me to make sure we do everything we can for our Russian users.

To support internet freedoms in Russia and elsewhere I started giving out
bitcoin grants to individuals and companies who run socks5 proxies and VPN. I
am happy to donate millions of dollars this year to this cause, and hope that
other people will follow. I called this Digital Resistance – a decentralized
movement standing for digital freedoms and progress globally."

~~~
on_and_off
sadly Telegram seems down right now

------
lgl
A few months ago I read an article about Telegram and their related companies
and individuals. [1] The article read like a mix between a nerdy James Bond
story, a bad Law and Order episode, a Mexican soap opera and a Russian episode
of Cribs. It was written by an ex-employee so I took it with a grain of salt.
Nevertheless, the article brings up a lot of red flags and shady behavior.
Combined with their (alleged) connection with the Russian government, roll-
your-own-crypto and the recent >billion dollar ICO it doesn't really make me
all that willing to use Telegram any time soon.

[1] [https://medium.com/@anton.rozenberg/pavel-durov-sued-
senior-...](https://medium.com/@anton.rozenberg/pavel-durov-sued-senior-tech-
lead-for-1-7-b24961dec503)

~~~
negus
"roll-your-own-crypto" == DH-RSA-AES with GPL implementation?
[https://en.wikipedia.org/wiki/Telegram_(service)#Encryption_...](https://en.wikipedia.org/wiki/Telegram_\(service\)#Encryption_scheme)

~~~
lgl
Sure.

[https://courses.csail.mit.edu/6.857/2017/project/19.pdf](https://courses.csail.mit.edu/6.857/2017/project/19.pdf)

[https://eprint.iacr.org/2015/1177.pdf](https://eprint.iacr.org/2015/1177.pdf)

------
craigds
Why block Telegram and not .. all the others? Whatsapp, Signal, Viber, ... Are
they objecting to the use of encryption? Because everyone uses encryption
almost all the time for everything everywhere. The cat has been well and truly
released from that bag. Are they just going to turn off the internet
altogether?

~~~
foka86
Telegram is not the most popular messenger in Russia. It's not even in top-3
as far as I remember. But it is widely used by people who tend to be opposite
to the current government (young professionals). Also, there are a lot of
anonymous Telegram channels curated by the opposition.

~~~
Beltiras
It's going to take those people a hot 15 seconds to find another provider and
switch.

~~~
konart
Not only Telegram still working here, but it was a great experience yesterday.

Imagine the following: a manager in a supermarket explaining how to setup a
proxy to a customer so that she (a woman in her 60s) could use their bot
again.

Or a woman with a kid who is asking what the are going to do: "It's okay,
we'll ask dad and he's going to do proxy-something".

Cyberpunk is now.

~~~
learningto
Similar things long going on in Crimea for the same reasons established by the
other side (whatsapp and viber are blocked by whatsapp and viber owners
correspondingly). When I was there, everyone seemed to have a vpn on their
phones and getting it installed was none of a problem. Smarter people are
better!

------
ayumukasuga
You can watch how internet is dying here
[https://2018.schors.spb.ru/](https://2018.schors.spb.ru/) Graph represents a
number of blocked IPs.

~~~
mrarjen
That's quite a lot, It be funny to see how far this will go with Telegram
still functional.

------
y_molodtsov
And they also ordered Apple and Google to remove the app from their stores. I
understand there are workarounds, but I'd really like them to respond with
"f*ck yourself". It's a shame they won't do that, though.

~~~
cornholio
And here is another yet problem with walled gardens. It creates a single
failure point because Apple and Google are forced to comply with local law,
regardless of how absurd it is, if they want to continue doing business there.

In an open environment, you would simply change the mirror urls and run apt-
get update.

~~~
jstanley
The Telegram client is available on F-Droid, so you can still use it even if
you opt-out of the walled garden.

~~~
BubuIIC
Unfortunately Telegram-FOSS from F-Droid doens't have GCM support so won't be
notified about DC updates via push messages.

I this particular case the centralization around the push service of google
actually helps.

~~~
madez
> I this particular case the centralization around the push service of google
> actually helps.

No, it does not, and you even argued why. This centralization makes it harder
to make the system more resilient.

We need an alternative to GCM.

~~~
BubuIIC
I'd argue that in this case the centralization helps because blocking GCM
would kill all notifications for all apps. As long as they (Russia) are not
willing to do that Telegram can use this as a side-channel to update their IPs
for all clients.

The other option would be for google to turn push notifications off
selectively for Telegram and only in russia. Not sure if they can/will do
that.

~~~
Canada
If Google will comply with an order to remove apps from the store in certain
regions then they can certainly comply with orders to filter push messages
destined for specific apps as well.

~~~
Eridrus
These are very different actions though, I doubt they would be seen as
equivalent to any of the parties involved.

------
pandasun
There's a pull request with 127.0.0.1 in it.

[https://github.com/zapret-
info/z-i/pull/10/commits/8394b2026...](https://github.com/zapret-
info/z-i/pull/10/commits/8394b2026cf9e81bb9392e6cef549848a161369f)

Wonder if they'll merge it.

~~~
slezyr
It a repo of "leaked" blacklist. Roskomnadzor don't publish it to public and
share it only with ISPs.

~~~
rzhikharevich
They do publish it, but here: [http://eais.rkn.gov.ru](http://eais.rkn.gov.ru)

~~~
slezyr
Where? It's just a way to check single domain/ip/page if it's blacklisted or
not. They don't give access to entire blacklist.

------
tici_88
Maybe the goal of the Russian government was to block the Amazon and Google
APIs in the first place, and they used Telegram as a convenient excuse. Just a
thought.

~~~
Keloo
Usually Russia don't play that smart. Wondering how would they replace those
services.

~~~
adventured
It would actually seem like an ideal way to force the adoption of native cloud
service replacements (regardless of quality or competitiveness of the
offering). Russia has tended to go that way with most things, whether Mail.ru,
VK or Yandex. Russia has a very long history of being insular like that and
the powers that have dominated Russia the last century have a vested interest
in keeping it that way.

~~~
chupasaurus
The only reason why local hosters are making money is local personal data law
which restricts that PD of russian citizen should be stored inside Russia,
because their prices and level of service is non-competitive to i.e. DO or
OVH.

------
banana_giraffe
Interesting to see which regions they're blocking, and how much they're
blocking in each region. For IPv4 addresses only:

    
    
        Region          Desc                        IPs       Blocked   % Blocked
        ap-northeast-1  Asia Pacific (Tokyo)         1984800    786451     39.62%
        ap-northeast-2  Asia Pacific (Seoul)          459024    131073     28.55%
        ap-northeast-3  Asia Pacific (Osaka-Local)     65808         0      0.00%
        ap-south-1      Asia Pacific (Mumbai)         524560     65542     12.49%
        ap-southeast-1  Asia Pacific (Singapore)     1067552    425990     39.90%
        ap-southeast-2  Asia Pacific (Sydney)        1147168    163852     14.28%
        ca-central-1    Canada (Central)              196880         3      0.00%
        cn-north-1      China (Beijing)               231456         0      0.00%
        cn-northwest-1  China (Ningxia)               100368         0      0.00%
        eu-central-1    EU (Frankfurt)               1049888    787013     74.96%
        eu-north-1      EU (North tba)                 65808         0      0.00%
        eu-west-1       EU (Ireland)                 3757344   1966319     52.33%
        eu-west-2       EU (London)                   393488    131087     33.31%
        eu-west-3       EU (Paris)                    131344         1      0.00%
        sa-east-1       South America (Sao Paulo)     491808     65536     13.33%
        us-east-1       US East (N. Virginia)       10317600   4260203     41.29%
        us-east-2       US East (Ohio)               1179920    131079     11.11%
        us-gov-east-1   AWS GovCloud (US, East)        65552         0      0.00%
        us-gov-west-1   AWS GovCloud (US)             131088     32768     25.00%
        us-west-1       US West (N. California)      1311536    196642     14.99%
        us-west-2       US West (Oregon)             4917552   1769549     35.98%
                        Total                       29590544  10913108     36.88%

------
SXX
Just in case previously when same thing happened with service called Zello and
back then Amazon cease to provide them service (forbid to change IPs) before
actual subnets were banned. Soon we'll see how Amazon / Google will react on
Kremlin bullying this time.

~~~
jeremyjh
If they don't cancel Telegram's service, their other customers who are also
being affected by the ban will flee to other services. I don't think they can
sit and watch that happen.

~~~
pmlnr
> will flee to other services

That's not something you can do very fast, especially not from google's
compute engine or AWS.

Yes, eventually, they will, but that's a massive task for most companies.

------
kokx
So, Telegram is blocked. But Facebook Messenger and WhatsApp are still online.
Hence, this is pushing users of a (relatively) country-neutral service,
towards more American services.

Seems like a weird move for Russia.

~~~
huhtenberg
This may also mean that Facebook is complying with the Russian government
demands for at-will access to WhatsApp and Messenger content.

~~~
abhiminator
> _WhatsApp_ and Messenger content. (emphasis mine)

Isn't WhatsApp supposed to be end-to-end encrypted making it next to
impossible even for developers (Facebook Inc. in this case) to access the
transmitted messages' content?

~~~
netzone
Wasn't it WhatsApp that sent a key back to Facebook servers? Technically it's
end-to-end encrypted, but Facebook could decrypt it if they really wanted to.

~~~
willstrafach
Do you have a source for this claim?

It does not sound correct.

------
dunkelheit
The first round of the fight is clearly won by telegram - roscomnadzor is
perceived as a lumbering and inept gorilla whose actions harm innocent
bystanders while telegram continues to work almost perfectly.

Next we will see how effective the deletion of the telegram app from the
Russian app stores will be. Because of the centralized nature of the stores
telegram can’t do much with it (they can try publishing clones of the client
under unaffiliated entities, but apple and google can easily ban those too).
Also it is rumored that the client uses push notifications to deliver proxy
settings to devices and these also can be easily blocked by the store owners.

Interesting times.

~~~
BubuIIC
Not much rumor there, it's right in the spec:
[https://core.telegram.org/api/push-updates#service-
notificat...](https://core.telegram.org/api/push-updates#service-
notifications)

It's also actually pretty clever.

~~~
dunkelheit
Thanks, good to know. And to open _that_ page I had to use a vpn!

------
linjus
Soon enough, every country will have their own internet. Until the new new
internet appears

~~~
cncrnd
Are you referring to Richard's new internet or Jian Yang's new new internet?
Jian Yang's internet is based in China...

------
sAbakumoff
Here is the blocked IP counter
[https://2018.schors.spb.ru](https://2018.schors.spb.ru) The page is in
Russian, but the graph should be clear. It's now 16M IP's!!! It causes
multiple problems in various services in Russia, but Telegram is still working
as is :-0)

------
konart
[https://2018.schors.spb.ru/](https://2018.schors.spb.ru/)

16M already.

------
xhruso00
Does this mean that Google/Amazon customers on mentioned IP addresses are
inaccessible? If so, I think Google/Amazon will choose to cease the contract
with Telegram.

~~~
nabc45
Yes.

------
gonesilent
Russia is taking a page out of the China internet playbook. Next it will build
out it's own great firewall and slowly unblock services after it gain's
control.

~~~
hux_
There the govt builds the controls. Here Twitter, YouTube and Facebook do. No
big difference in my book. In terms of outcomes, only clowns get propped up
either way.

~~~
dannyw
Oh, there's a huge difference. You have alternatives.

~~~
nukeop
There is no alternative to Google, Amazon, Youtube, etc. You have tiny,
inferior competitors that don't even come close to 10% of the monopolist's
market share. Google works very hard to trap you in their ecosystem. Once
you're there, escape is almost impossible.

~~~
mjburgess
Yes, in large part because their service is good.

You're conflating legal restriction on individual behavior with
market/individual-preference constraints.

"Life" in general is constrained. We are not trying to get rid of limited
options (every choise is between limited options), we're trying to limit
totalitarian control over individuals.

That is, behaviour which is artificially constrained by imprisonment,
punishment and death for the sake of preserving tyrannical power structures.

~~~
nukeop
And the end result are tyrannical power structures that de facto exert
totalitarian control. There is very little difference between government-
enforced restrictions and those created by global capitalism and its
monopolies.

It doesn't matter to me if my rights are restricted by legal means or by
corporate hegemonies, in fact the mechanisms in play are so complex nobody can
really be sure anymore.

~~~
mjburgess
No no, people can be _very very very_ sure. The 20th C. tried both of those
experiments and in the totalitarian system 10s of millions -- at least --
died.

Having your choices restricted by social cooperation and negotiation (in a
market places) is _NOT_ the same as having them restricted by a bully with a
military.

This false equivalence is a defense of genocide whether you are willing to own
up to that or not.

~~~
nukeop
This sums up this stance accurately:

[https://i.imgur.com/Rgvqkln.jpg](https://i.imgur.com/Rgvqkln.jpg)

~~~
mjburgess
Oh no, I'm both British and leftwing.

My sympathy with state action ends however, when the leaders are murders,
dictators and rutheless pilliagers of the public's wealth.

Russia's oligarchy stole Russia's wealth after the dissolution of the SU, and
here you are equivocating objecting to regimes of murder and abuse with "muh
food idle dont be having no choices fur me1112"£""11¬11223

The entitlement and ignorance is overwhelming. You arent owed _two_ major
search engines. "Bing" not being bigger is not the same as having to use apps
which in encrypt your commnunication because you fear the police will imprison
or murder you.

You _are_ owed your political freedom. Which is de jure removed from you in
Russia, and the suppression of telegram is _state action_ to supress it
further.

------
candiodari
This used to be a big problem for colo and decidated service providers. You
get 2-3 napster/bittorrent/kazaa/... or worse, some website some law
enforcement agency finds objectionable ... with users renting/paying for
servers and _poef_ entire countries and large isps block all your ranges.
Happened all the time.

------
u04f061
Insane! Telegram is blocked in my country too but they didn't block millions
of IPs I think to achieve that!

~~~
nabc45
From TFA, Telegram moved to the Amazon and Google clouds to work around the
ban, so they needed to block those addresses.

~~~
u04f061
Thanks for the information

------
2close4comfort
How long until all countries firewall off and whole reason for creating the
internet is completely lost.

~~~
pmlnr
Not much. We need mesh networks across every device - routers, smartphones,
long distance repeaters, etc - ASAP to avoid it.

~~~
rqs
Sorry, it will not work.

If your government can pass laws to allow themselves to block any Internet
services, it may as well go ahead pass laws to prevent people from
circumventing that block.

So, the only defense you have, is to prevent your government from issuing the
first law.

~~~
p2t2p
Probably something like Fidonet model could be sustainable in this case.

------
n0mer
quote from
[https://github.com/aspnet/Docs/issues/5832](https://github.com/aspnet/Docs/issues/5832)
: "That's not about the Azure's sites only. Almost each of Microsoft's sites
is absolutely unusable in Russia now, like: Docs, MSDN, Visual Studio, Office,
Windows, Xbox, all of them and many others are almost dead now."

------
Keloo
15M IPs blocked. Are they going to block the whole internet??

------
kome
At Telegram their are pulling a troll move of epic proportions, much bigger
than the troll move of the Russian government. Let's see what happens.

------
jankotek
Hm, does that mean other IMs gave their encryption keys to Russian government?

Also could someone from Russia confirm telegram/AWS are blocked?

~~~
leo250
Hello I’m from Russia. And yes, local authorities started blocking telegram
IPs. It doesn’t work without proxy/vpn.

~~~
fehyjn
Their DPI is so dumb that it can be easily bypassed just by editing `Host` to
`HOst` in http header. BTW ipv6 adresses are not blocked.

~~~
icebraining
Wait, assuming they're using TLS and certificate-pinning, the DPI shouldn't be
able to read the HTTP headers at all. How does that work?

~~~
fehyjn
That’s right, but basically dpi sends tcp reset in case of https or 302
redirect in case of http before target server response, since it’s located
nearer. There’s a tool to bypass this, so you can read more there.
[https://github.com/ValdikSS/GoodbyeDPI](https://github.com/ValdikSS/GoodbyeDPI)

------
pandasun
Is [http://zapret-info.gov.ru](http://zapret-info.gov.ru) being DDoS-ed?

------
Keloo
Can't wait for Durov comments on this. Really interested in the tech details.
Any telegram developer here??

------
MrDisposable
Russian here. Good job Roskomnadzor. You just taught quite a few people to use
VPN -- including me. And, as a side benefit, you created another image problem
for Putin's regime (as if he needed any more of that).

I already had Bitlocker on all my PCs, 2FA everywhere, moved from Gmail to
Fastmail, and VPN was one of the last privacy-related things I procrastinated
on. Now I have VPN on all my desktops and on my phone, turned on by default.
And I also switched to 1.1.1.1 for DNS.

Thank you government, I guess?

~~~
pmlnr
VPN doesn't give you privacy; it only allows you to bypass blocks (and
introduce yourself to blocks in other countries or services though). VPN
providers can still log your every move.

~~~
drdaeman
The difference is, VPN providers, unlike ISPs normally don't have your home
address and passport info[1]. Some don't have your name at all, unless your
traffic leaks your identity - e.g. when you're paying for VPN service with
Bitcoin. Even more, they're generally out of your jurisdiction, which acts as
some barrier against frivolous requests.

_____

[1] In Russia every ISP is legally required to perform this sort of KYC and
keep those records for a while.

------
lostmsu
Here's what the article should be: Russia bans lots of AWS and GCP IPs to see
no riot.

~~~
drdaeman
It's rather "Russia bans lots of AWS and GCP IPs just because they can." There
is no chance of riot happening.

A power play - sure. It's not the first (and surely not the last, unless
something unthinkable happens) time our Tsar and his boyars introduce
"countermeasures" against "foreign agents" that barely affect anyone abroad,
but are essentially showing the world what kind of enforced restrictions
Russian serfdom can tolerate for "national security" reasons - if any reasons
at all.

When the Soviets had dissolved, Russia had its internal power struggles and
was late to this game - but as we've entered this era of _stabilnost '_ (cf.
Harmonious Society) we're catching up fast.

------
formatCvt
Video about this situation
[https://www.youtube.com/watch?v=lVFdFoj83a8](https://www.youtube.com/watch?v=lVFdFoj83a8)

------
nashashmi
"The internet needs to have a better way to block parts of it without taking
down the rest of the internet."

\- Internal communication of the Russian Security agency

------
golergka
And yet, Telegram is still working without a proxy or vpn.

~~~
foka86
not everywhere, unfortunately. In my location it's almost impossible to use it
without VPN. It also became difficult to send files through it.

~~~
Double_a_92
You can see here how russia has started to "burn":
[http://downdetector.com/status/telegram/map/](http://downdetector.com/status/telegram/map/)

(However this might apply:
[https://www.xkcd.com/1138/](https://www.xkcd.com/1138/) )

~~~
panarky
Big outages in Kyiv and Milan too?

[https://imgur.com/a/3biqq](https://imgur.com/a/3biqq)

(These look like outliers even considering xkcd population density.)

------
PunchTornado
So what can telegram do if google and amazon bans them in Russia?

~~~
shawabawa3
Use azure?

------
ckastner
If this is indeed a blanket banning of AWS and GCP, then I assume that Amazon
and Google will soon remove Telegram.

It might be immoral, but it's the fastest solution to the harm this causes to
all other affected customers I can think of.

~~~
SXX
So do you think it's good idea for Amazon / Google reputation to cease their
service to any SaaS if kremlin dont like it? Unlike many smaller players
Telegram might actually afford to pay for even millions of new IPs in
thousands of subnets.

~~~
ckastner
> So do you think it's good idea for Amazon / Google reputation to cease their
> service to any SaaS if kremlin dont like it?

No, but I don't think that's how it would be spun -- I would exect it to be
framed as a ToS violation.

~~~
SXX
I not sure how it's can be against ToS because unlike other case Telegram is
actually large enough to actually pay for tens of thousands end point IPs
easily even on monthly basis.

And Kremlin minions certainly not going to stop ban subnets now even if will
be 1:1000 ratio of Telegram's one and other services.

------
viktorpw
18 millions now, things go crazy and out of control

------
viktorpw
18 millions now Things go crazy

------
Fremis
16 millions already.

------
konart
5M as of now.

------
levleontiev
4.5M already.

~~~
iaml
Correct, they updated it 40 minutes ago.

------
raverbashing
Sounds like a good reason to advocate for IPv6

~~~
keketi
If IPv6 was used Russia would ban address ranges instead.

~~~
passwd
I think he meant that only Telegram would be be blocked instead of possibly
affecting half of the Internet on the way there. For Telegram it wouldn't be
any better.

~~~
jandrese
They would still be blocking the IPv6 netblocks assigned to Amazon and Google,
only it would be easier because the blocks would be more contiguous.

~~~
passwd
I'm assuming it would be easier having one IPv6 address used only by a single
application, that's why. Amazon/Google services would be less affected then.
There's a whole different question if government would bother to be that
precise, still.

~~~
jandrese
The whole point of moving to the cloud was to make themselves harder to block.
I don't think they would self-defeat by limiting themselves to a single /64 or
something.

------
miovoid
18M already

------
shokunin
Love it!

------
fehyjn
nearly 6 million now

------
DIN0777
ПОШЛИ НА ХУЙ ПИДАРАСЫ!

