Hacker News new | comments | show | ask | jobs | submit login
Russia Bans 1.8M Amazon and Google IPs in Attempt to Block Telegram (bleepingcomputer.com)
328 points by campuscodi 5 days ago | hide | past | web | favorite | 215 comments

The founder of Telegram has just put this in his public Telegram channel - https://t.me/durov:

"For the last 24 hours Telegram has been under a ban by internet providers in Russia. The reason was our refusal to provide encryption keys to Russian security agencies. For us, this was an easy decision. We promised our users 100% privacy and would rather cease to exist than violate this promise.

Despite the ban, we haven’t seen a significant drop in user engagement so far, since Russians tend to bypass the ban with VPNs and proxies. We also have been relying on third-party cloud services to remain partly available for the rest of our users.

Thank you for your support and loyalty, Russian users of Telegram. Thank you, Apple, Google, Amazon, Microsoft – for not taking part in political censorship.

Russia accounts for ~7% of the Telegram user base, and even if we lose that entire market, Telegram’s organic growth in other regions will compensate for this loss within a couple of months. However, it is personally important for me to make sure we do everything we can for our Russian users.

To support internet freedoms in Russia and elsewhere I started giving out bitcoin grants to individuals and companies who run socks5 proxies and VPN. I am happy to donate millions of dollars this year to this cause, and hope that other people will follow. I called this Digital Resistance – a decentralized movement standing for digital freedoms and progress globally."

sadly Telegram seems down right now

statement like that is an easy way to get yourself in sights of the CBP PФ i guess

A few months ago I read an article about Telegram and their related companies and individuals. [1] The article read like a mix between a nerdy James Bond story, a bad Law and Order episode, a Mexican soap opera and a Russian episode of Cribs. It was written by an ex-employee so I took it with a grain of salt. Nevertheless, the article brings up a lot of red flags and shady behavior. Combined with their (alleged) connection with the Russian government, roll-your-own-crypto and the recent >billion dollar ICO it doesn't really make me all that willing to use Telegram any time soon.

[1] https://medium.com/@anton.rozenberg/pavel-durov-sued-senior-...

This reads like FUD, there are reasons for and against telegram and I won't get into them here. But truth is often stranger than fiction[0] and there are actors with something to gain from making telegram look poor.

[0]: The story of Karl Koch for example https://en.wikipedia.org/wiki/Karl_Koch_(hacker) who's death was ruled a suicide, and his history is... "colourful".

If you actually care about security/privacy, why not just use Signal?

One argument might be "because Signal

* has (almost) no tests,

* has no CI (at least I could find none),

* lacks some basic features competitors have,

* sometimes doesn't ring when you call, and

* they just closed all 1100 open issues without reading their contents [1]."

Don't get me wrong, I think Signal is a great idea and have contributed some code to it, but these look like some red flags to me.

Obviously hard to compare to Telegram, which is closed source so we can't know whether they have similar problems.

[1]: https://github.com/signalapp/Signal-Android/issues/7598

To your last bullet point, these seem like a good reasons to me. This does not seem to have happened with the iOS version.

>However, the sheer volume of legacy issues, combined with submissions that completely ignore the provided issue template, has created a situation where there are currently more than 1,100 open tickets. Most of these issues have been inactive for several years and they reference versions of Signal that are no longer available. Many open issues are essentially ad-hoc discussion threads or feature requests that are a better fit for the community forum. Perhaps most importantly, many of these issues lack debug logs, descriptions, and the steps that would be necessary to understand and reproduce the reported behavior.

They essentially declared "issue bankruptcy", in the Lessig/Turkle sense.


What do tests and CI have to do with the usability and usefulness of a program? I agree that the other issues could be worrying, but those first two throw me for a loop.

Tests and CI help you make sure that functionality actually works, that buttons you press have the desired effect, and that if I as a contributor ship you a pull request for a UX/feature improvement, both your and me can check that it doesn't break anything before merging.

The grandparent poster also wrote about security/privacy, for which I think tests are pretty important.

Finally, having CI would allow the developers/contributors with limited time to spend more time on usability and usefulness instead of on issues like "master doesn't build, anybody else have this problem?" (when I wanted to PR something to Signal, master did not build).

This is still looking at it from a developer's or contributor's point of view. Developer velocity has no practical impact on the user experience. In a way, the constant addition of features or tweaks to the user experience is a net negative, since the user has to re-learn how to do things in the app.

This also makes the assumption that since there are few automated tests, that there are no tests done on a build at all. I disagree that it is a valid assumption. Most security vulnerabilities are not found by unit or functional tests, but instead by linting and code reviews.

> Developer velocity has no practical impact on the user experience.

This may be true in a megacorp. I doubt it's true in a project like Signal where resources are limited and a few developers are the single bottleneck for everything, UX or otherwise.

All those issues were closed, as it is explained in your link, because they lacked debug logs/steps to reproduce the problem/etc. It's not feasible to dedicate enormous amounts of resources to try to address those issues. You're welcome to re-open them, properly this time, if you want.

That is wrong, they closed issues indiscriminately.

Oh, and they will keep doing so: "Legacy issues that are more than one month old will be closed by an automated process as part of this cleanup effort."

That is wrong. If you read the thread, you would immediately see that, as I give examples there of how issues that were in the middle of being tested by users were closed, and that were acknowledged as real issues by the developers days before.

Good points, but I think it's good to mention that Telegram is actually open source: https://telegram.org/apps#source-code

No, it's not. Telegram clients are; telegram, as a service - the server component - is not.

Further, the Android app doesn't have an issue tracker. According to [1] and links in there it was removed without explanation.

[1] https://github.com/telegramdesktop/tdesktop/issues/1137

It's actually dated-source. The source code they occasionally publish is always months beyond the recent release.

Or XMPP+OMEMO which adds things like multi-client support and encrypted group chat:


I'm running this on my own server (using ejabberd [1] as Prosody - which I used previously - still has problems with some of the required XEPs[2]) using several different clients (Conversations [3] on Android, Pidgin on Linux, etc).

The one weak link in OMEMO is the difficulty of verifying the authenticity of the device key signatures used by communication counterparts. These signatures are 64-character hexadecimal strings which the user is supposed to verify being authentic before initiating encrypted communications. Humans as not very good at this task, computer can help but they can also be tampered with. There are ways around this problem - e.g. meeting up in person before initiating communications (viz. PGP key signing parties), sending Q-codes off-line, using algorithms to turn those numbers into things which humans are better at recognising (e.g. the coloured emoji used by Telegram etc.). Encrypted group chat only works if all participants have all other participants in their address lists. Then again, it does work and it is fully standardised with several compatible implementations.

[1] https://github.com/processone/ejabberd

[2] https://xmpp.org/extensions/

[3] https://github.com/siacs/Conversations

we should take a leaf out of the signal/telegram book and convert the hex strings to emoji thumbprints.

It's "good enough" for 90% of cases, but it depends on clients supporting emoji.. :(

That would work for graphical clients but not so much for textual versions. Some type of ASCII-art might serve the purpose but whatever solution is chosen it will be hard to visualise the entropy of a 64-digit hex string in such a way as to distinguish it from the same string with 1 bit flipped.

Signal isn't anonymous. You need a phone number. Why did the all-knowing Moxie require this? No one has ever provided a good reason.

He's written about the why. It's a tradeoff to make it easier for people to switch.


(not just individual people obsessed with privacy, the large numbers of people who can see the advantage of privacy but may not invest a lot of effort to achieve it)

XMPP could utilize your existing email address as XMPP address - that's a solution as well.

To identify a particular user so you can send them messages? IIRC, Signal has never claimed to be anonymous.

True anonymity in a messaging service is hard to achieve, and not even remotely user friendly.

Threema generates random IDs. Users then show each other QR codes and scan them.

If the ID is not unique for each message, then they are still tied to a specific person. At best, the identity is obfuscated.

As a practical example, would you say that bitcoin wallets are anonymous, given that they use random IDs?

Yes, it is obfuscated, the pairing of real person and random id would be much more work, than pairing phone number with real person, and you can throw away and generate as many as you want, whenever you want - unlike your phone number.

Still beats using your phone number for chats, or your SSN in place of bitcoin wallet.

Honestly, I'd say it's much worse than using your phone number or SSN. Sure, an SSN makes it easier to tie an identity to a person, but it doesn't instill a false sense of anonymity in the user.

Again, for the practical example, people bought and sold bitcoins with the broad assumption that it was anonymous. It's a widely understood falsehood, yet new people almost universally believed it was anonymous and safe from law enforcement/the tax man.

Pretending that a random yet static ID adds any level of anonymity is simply dangerous. At best, it keeps honest people honest; like locking your door but not the bay window next to it.

"roll-your-own-crypto" == DH-RSA-AES with GPL implementation? https://en.wikipedia.org/wiki/Telegram_(service)#Encryption_...

Why block Telegram and not .. all the others? Whatsapp, Signal, Viber, ... Are they objecting to the use of encryption? Because everyone uses encryption almost all the time for everything everywhere. The cat has been well and truly released from that bag. Are they just going to turn off the internet altogether?

So much misinformation in the replies here.

Russians do make up a huge list of telegrams overall userbase. But most importantly, whatsapp and viber are end to end encrypted. Whatsapp uses signal. Viber uses a signal inspired encryption format. The common ground between both is that every single message is encrypted using a different secret key that is deleted after the message is received and decrypted on the device. Whatsapp and Viber have no way to give chat details even if they wanted to. Provided that they follow the protocol, and all accounts seem to point to the fact they do, then there is no backdoor or secret key they can give to any government.

Telegram in contrast uses a set of master keys to encrypt the conversations using RSA and aes256 as they travel through the servers. The keys are split across multiple servers residing in multiple jurisdictions so that legally, a government would have to seek permission to obtain each part of the key from a separate state.

Basically, this means that at the end of the day, if telegram ever forgoes its integrity (based off its public statements), every message will suddenly become decryptable.

That last point is what seems to really make telegram worth targeting.

Just wanted to note that Telegram still supports E2EE in their secret chats. It's just less convenient.

For unknown reason user verification (for secret chats) is awful and almost useless in practice. Telegram itself reimplemented this specific bit much much better - for video chats

Telegram is not the most popular messenger in Russia. It's not even in top-3 as far as I remember. But it is widely used by people who tend to be opposite to the current government (young professionals). Also, there are a lot of anonymous Telegram channels curated by the opposition.

Telegram was reported by one of three russian cellular network companies as 2nd after Viber by number of clients (both each day and simultanious peak) nearly a week prior to blocking.

It's going to take those people a hot 15 seconds to find another provider and switch.

Not only Telegram still working here, but it was a great experience yesterday.

Imagine the following: a manager in a supermarket explaining how to setup a proxy to a customer so that she (a woman in her 60s) could use their bot again.

Or a woman with a kid who is asking what the are going to do: "It's okay, we'll ask dad and he's going to do proxy-something".

Cyberpunk is now.

Similar things long going on in Crimea for the same reasons established by the other side (whatsapp and viber are blocked by whatsapp and viber owners correspondingly). When I was there, everyone seemed to have a vpn on their phones and getting it installed was none of a problem. Smarter people are better!

Are there any other convenient apps that support public channels?

WhatsApp is owned by Facebook. They probably have a data-sharing agreement with Russia.

Not yet. Moreover, the head of russian regulatory says this year Facebook probably might be blocked as well if they will not receive all data they need.

That's what's going to happen. Various localities will shut off encrypted passageways altogether because they control the pipes. They will create a corporate-like intranet where they monitor everything.

they know how bad an open internet can hurt them because they do it themselves to other countries. can't blame them that they don't want to be on the receiving end of the weapon they created.

So basically like China?

It's just that Telegram is the most used one in Russia so they proceed by targeting this one first but don't worry they will target the other ones after.

>Telegram is the most used one in Russia

Not even close. Whatsapp and Viber are much more popular. Telegram was barely 3rd before the ban. [1]

Viber moved their data to Russia, they won't get a ban.

Not sure about Whatsapp.

[1]: https://leonardo.osnova.io/bf345b20-423b-c508-cbc2-15963a7af...

WhatsApp is probably backdoored though, so your end to end encryption will only keep your internet café from spying on you, not the governments Facebook is friendly with: https://appleinsider.com/articles/17/01/13/whatsapp-backdoor...

You mean the the one reported by theGuardian? The one where they could not find a second security researcher to agree about? The one this public letter was about? https://techcrunch.com/2017/01/20/security-researchers-call-...

Oh, never saw that retraction even before when I Googled it.

Good catch!

Is Viber even End to End encrypted at all?

Just one remark: Viber/WhatsApp client's code is closed, where is the guarantee that they do not have some "backdoor" to the client's chat right in the application?

Ah apologies, I thought Telegram was more used than that there.

The rumor is the director of the agency that initiated Telegram ban is the puppet of Facebook lobbyists. Typical Russian shit.

Well, due to a huge ban of Amazon addresses Viber is currently experiencing some connectivity issues in Russia too.

The FSB wants encryption keys. Telegram won't share, so is blocked. Therefore, Whatsapp and Viber gave up their keys, I suppose. Or provided backdoors.

We know from Snowden leaks that Microsoft (Skype) & Facebook (WhatsApp) are already freely handing info to any government that asks. Search Wikipedia for: PRISM (surveillance program) Other programs have probably superseded it (and include Japanese ecom giant Rakuten who owns Viber), but you can be sure the user info still flows.

Telegram's independence is what separates them from other services, what allowed them to deny the demand for crypto keys, and why they were targeted.

Signal is non-federated. I'm not sure it would be possible to easily block Signal.

Wait. non-federated is simpler to block, no?

Because the Russian government can read all non-E2EE conversations (so 99% of them) on Telegram and is hoping to drive adoption overseas with this PR stunt.

None of the other messengers you mentioned are designed to work like this (not 100% sure about Viber), the ability of operators to read most of the conversations on the platform is very much unique to Telegram.

It's really not a coincidence that the Russian government is choosing to ban the worst "encrypted messenger" on the market.

Do you have any proof?

What would you like me to prove?

That Telegram has handed their keys to the Russian government? Difficult, but unnecessary.

That Telegram was deliberately designed in a manner which enables its owners to easily hand over the keys to the government? Easy to prove, Signal and Whatsapp do not share the same surveillance features.

Since you seem to like WhatsApp:

Who pays for it now that it is free?

I for one refuse to think that Facebook bought it for a number of billion USD and keep operating and improving it for no good reason.

We also know, based on what they had to tell EU and based on their new EULA - that they tried to introduce by default - that they wanted to harvest metadata from it.

Attacking Telegram while simultaneously praising WhatsApp seems really strange to me.

As for Signal, that's another story. They have their own issues but I personally believe it is better than both Telegram and WhatsApp.

>Attacking Telegram while simultaneously praising WhatsApp seems really strange to me.

Look at them both from a purely technical perspective.

WhatsApp has made an effort to ensure that they're limited to only monetizing the metadata of the chats, Telegram by design does not share this limitation.

Even if you don't trust Whatsapp, you know that they'd have to push a backdoored app to everyone in order to intercept your chats. Telegram is backdoored by default.

You can watch how internet is dying here https://2018.schors.spb.ru/ Graph represents a number of blocked IPs.

That's quite a lot, It be funny to see how far this will go with Telegram still functional.

I see the number of blocked IPs has reached 16 million. How wonderful!

And they also ordered Apple and Google to remove the app from their stores. I understand there are workarounds, but I'd really like them to respond with "f*ck yourself". It's a shame they won't do that, though.

And here is another yet problem with walled gardens. It creates a single failure point because Apple and Google are forced to comply with local law, regardless of how absurd it is, if they want to continue doing business there.

In an open environment, you would simply change the mirror urls and run apt-get update.

The Telegram client is available on F-Droid, so you can still use it even if you opt-out of the walled garden.

Unfortunately Telegram-FOSS from F-Droid doens't have GCM support so won't be notified about DC updates via push messages.

I this particular case the centralization around the push service of google actually helps.

> I this particular case the centralization around the push service of google actually helps.

No, it does not, and you even argued why. This centralization makes it harder to make the system more resilient.

We need an alternative to GCM.

I'd argue that in this case the centralization helps because blocking GCM would kill all notifications for all apps. As long as they (Russia) are not willing to do that Telegram can use this as a side-channel to update their IPs for all clients.

The other option would be for google to turn push notifications off selectively for Telegram and only in russia. Not sure if they can/will do that.

If Google will comply with an order to remove apps from the store in certain regions then they can certainly comply with orders to filter push messages destined for specific apps as well.

These are very different actions though, I doubt they would be seen as equivalent to any of the parties involved.

BTW, microG GmsCore does GCM (although I'm not sure if it also implements FCM APIs), while being pure FLOSS.

My problem with GCM is not the implementation on the client, but the fact that Google sees traffic. I don't want Google to see my data nor my metadata.

> We need an alternative to GCM.

It's called SMS.

What are DC updates?

I always get notifications about Telegram messages on my phone at around the same time (within a second or so) as I get the notification on the web client.

> What are DC updates?

Currently Telegram keep working because it's get new backend IPs constantly via Google Play / AppStore services. Since push notifications are centralized they'll stop working as soon as application removed from stores so app wouldn't be able to get lists of unbanned IPs.

Telegram datacenter IPs.

DC updates via push messages? Isn't this what's DNS is for in the first place?

I remember trading floppy disks with friends. Too bad mobile has switched off sneakernet.

Whether they respond with process and patience or not, I’m hard pressed to think of powerful states that abide “f*ck yourself” once they’ve started to think national interest/security.

> they’ve started to think national interest/security

More like Putin's interest/security.

Finally! As a Russian who immigrated recently I’m endlessly tired of Russia this, Russia that. There is no Russia. There is Putin and Putin only.

Putin is just a face of FSB. You or they can remove him any time - nothing will change simply because of this.

It definitely change, although I can't say to which direction. He makes the system legitimate, so any successor would have either to be more open and earn some political trust in a normal process or just close the country even more (deploy martial laws, etc.)

There's a pull request with in it.


Wonder if they'll merge it.

They already blocked it once. As they normally block domain and IP, they ran into issue when owner of blocked domain set the A record to

The same "hack" was used to block Google and other huge sites. Once they found out this "hole", they introduced a white list of resources which shouldn't be blocked.

These guys are really "smart" )

It a repo of "leaked" blacklist. Roskomnadzor don't publish it to public and share it only with ISPs.

They do publish it, but here: http://eais.rkn.gov.ru

Where? It's just a way to check single domain/ip/page if it's blacklisted or not. They don't give access to entire blacklist.

That repository is obviously just a copy and is not (and in fact can't be) used by ISPs.

Maybe the goal of the Russian government was to block the Amazon and Google APIs in the first place, and they used Telegram as a convenient excuse. Just a thought.

Usually Russia don't play that smart. Wondering how would they replace those services.

It would actually seem like an ideal way to force the adoption of native cloud service replacements (regardless of quality or competitiveness of the offering). Russia has tended to go that way with most things, whether Mail.ru, VK or Yandex. Russia has a very long history of being insular like that and the powers that have dominated Russia the last century have a vested interest in keeping it that way.

The only reason why local hosters are making money is local personal data law which restricts that PD of russian citizen should be stored inside Russia, because their prices and level of service is non-competitive to i.e. DO or OVH.

I wouldn't say the Russian government cares a lot about its main players, like Chinese do. Actually, they've spent millions building Sputnik — a government owned search engine that nobody used.

If they were just being protectionist, I'd be able to understand them in some way. But it's deeper.

Your thought is out of the box.

so basically what china's doing

Interesting to see which regions they're blocking, and how much they're blocking in each region. For IPv4 addresses only:

    Region          Desc                        IPs       Blocked   % Blocked
    ap-northeast-1  Asia Pacific (Tokyo)         1984800    786451     39.62%
    ap-northeast-2  Asia Pacific (Seoul)          459024    131073     28.55%
    ap-northeast-3  Asia Pacific (Osaka-Local)     65808         0      0.00%
    ap-south-1      Asia Pacific (Mumbai)         524560     65542     12.49%
    ap-southeast-1  Asia Pacific (Singapore)     1067552    425990     39.90%
    ap-southeast-2  Asia Pacific (Sydney)        1147168    163852     14.28%
    ca-central-1    Canada (Central)              196880         3      0.00%
    cn-north-1      China (Beijing)               231456         0      0.00%
    cn-northwest-1  China (Ningxia)               100368         0      0.00%
    eu-central-1    EU (Frankfurt)               1049888    787013     74.96%
    eu-north-1      EU (North tba)                 65808         0      0.00%
    eu-west-1       EU (Ireland)                 3757344   1966319     52.33%
    eu-west-2       EU (London)                   393488    131087     33.31%
    eu-west-3       EU (Paris)                    131344         1      0.00%
    sa-east-1       South America (Sao Paulo)     491808     65536     13.33%
    us-east-1       US East (N. Virginia)       10317600   4260203     41.29%
    us-east-2       US East (Ohio)               1179920    131079     11.11%
    us-gov-east-1   AWS GovCloud (US, East)        65552         0      0.00%
    us-gov-west-1   AWS GovCloud (US)             131088     32768     25.00%
    us-west-1       US West (N. California)      1311536    196642     14.99%
    us-west-2       US West (Oregon)             4917552   1769549     35.98%
                    Total                       29590544  10913108     36.88%

Just in case previously when same thing happened with service called Zello and back then Amazon cease to provide them service (forbid to change IPs) before actual subnets were banned. Soon we'll see how Amazon / Google will react on Kremlin bullying this time.

If they don't cancel Telegram's service, their other customers who are also being affected by the ban will flee to other services. I don't think they can sit and watch that happen.

> will flee to other services

That's not something you can do very fast, especially not from google's compute engine or AWS.

Yes, eventually, they will, but that's a massive task for most companies.

So, Telegram is blocked. But Facebook Messenger and WhatsApp are still online. Hence, this is pushing users of a (relatively) country-neutral service, towards more American services.

Seems like a weird move for Russia.

This may also mean that Facebook is complying with the Russian government demands for at-will access to WhatsApp and Messenger content.

I think a much simpler and more elegant answer is "they didn't think of that, they just want to block Telegram."

As someone in Russia, the block pretty much only hinders use of the legitimate services, not of Telegram. Numerous services exist to allow it to continue, and the block is a hack-job to try to prove a point.

> WhatsApp and Messenger content. (emphasis mine)

Isn't WhatsApp supposed to be end-to-end encrypted making it next to impossible even for developers (Facebook Inc. in this case) to access the transmitted messages' content?

Wasn't it WhatsApp that sent a key back to Facebook servers? Technically it's end-to-end encrypted, but Facebook could decrypt it if they really wanted to.

Do you have a source for this claim?

It does not sound correct.

What use is it being end-to-end encrypted if, for all you know, they store the keys, or even decrypt and store all contents on their servers...

It's decrypted on my phone in their app. Theoretically, what stops them from connecting to my phone and reading the decrypted content from there?

As other have said, maybe the others are easier to compromise.

I would also adventure that it might have been seen as an easy target by the Russian intelligence agencies and they anticipated Telegram to secretly comply.

Any reasonable person would deduce that Facebook/American services are simply compliant.

Perhaps those American services are easier to compromise...

The first round of the fight is clearly won by telegram - roscomnadzor is perceived as a lumbering and inept gorilla whose actions harm innocent bystanders while telegram continues to work almost perfectly.

Next we will see how effective the deletion of the telegram app from the Russian app stores will be. Because of the centralized nature of the stores telegram can’t do much with it (they can try publishing clones of the client under unaffiliated entities, but apple and google can easily ban those too). Also it is rumored that the client uses push notifications to deliver proxy settings to devices and these also can be easily blocked by the store owners.

Interesting times.

Not much rumor there, it's right in the spec: https://core.telegram.org/api/push-updates#service-notificat...

It's also actually pretty clever.

Thanks, good to know. And to open that page I had to use a vpn!

We used Telegram as the main tool for our team's communication. We all applied proxy settings but it's almost impossible to work without a VPN enabled :(.

Soon enough, every country will have their own internet. Until the new new internet appears

Are you referring to Richard's new internet or Jian Yang's new new internet? Jian Yang's internet is based in China...

Here is the blocked IP counter https://2018.schors.spb.ru The page is in Russian, but the graph should be clear. It's now 16M IP's!!! It causes multiple problems in various services in Russia, but Telegram is still working as is :-0)

Does this mean that Google/Amazon customers on mentioned IP addresses are inaccessible? If so, I think Google/Amazon will choose to cease the contract with Telegram.


No, but third-parties experience some problems.

Russia is taking a page out of the China internet playbook. Next it will build out it's own great firewall and slowly unblock services after it gain's control.

There the govt builds the controls. Here Twitter, YouTube and Facebook do. No big difference in my book. In terms of outcomes, only clowns get propped up either way.

Oh, there's a huge difference. You have alternatives.

There is no alternative to Google, Amazon, Youtube, etc. You have tiny, inferior competitors that don't even come close to 10% of the monopolist's market share. Google works very hard to trap you in their ecosystem. Once you're there, escape is almost impossible.

Yes, in large part because their service is good.

You're conflating legal restriction on individual behavior with market/individual-preference constraints.

"Life" in general is constrained. We are not trying to get rid of limited options (every choise is between limited options), we're trying to limit totalitarian control over individuals.

That is, behaviour which is artificially constrained by imprisonment, punishment and death for the sake of preserving tyrannical power structures.

And the end result are tyrannical power structures that de facto exert totalitarian control. There is very little difference between government-enforced restrictions and those created by global capitalism and its monopolies.

It doesn't matter to me if my rights are restricted by legal means or by corporate hegemonies, in fact the mechanisms in play are so complex nobody can really be sure anymore.

No no, people can be very very very sure. The 20th C. tried both of those experiments and in the totalitarian system 10s of millions -- at least -- died.

Having your choices restricted by social cooperation and negotiation (in a market places) is NOT the same as having them restricted by a bully with a military.

This false equivalence is a defense of genocide whether you are willing to own up to that or not.

This sums up this stance accurately:


Oh no, I'm both British and leftwing.

My sympathy with state action ends however, when the leaders are murders, dictators and rutheless pilliagers of the public's wealth.

Russia's oligarchy stole Russia's wealth after the dissolution of the SU, and here you are equivocating objecting to regimes of murder and abuse with "muh food idle dont be having no choices fur me1112"£""11¬11223

The entitlement and ignorance is overwhelming. You arent owed two major search engines. "Bing" not being bigger is not the same as having to use apps which in encrypt your commnunication because you fear the police will imprison or murder you.

You are owed your political freedom. Which is de jure removed from you in Russia, and the suppression of telegram is state action to supress it further.

Wasting no time with the whatabboutism I see.

I sincerely ask the question: Is it possible to evaluate whether freedom has expanded since 1995? It seems like they controlled much, much more when not everyone had their Youtube channel. Now it’s possible to do your own research on, for example, real M/F wage difference, or get informed about Trump news despite MSM. Not ideal, but better than the 90’s.

This used to be a big problem for colo and decidated service providers. You get 2-3 napster/bittorrent/kazaa/... or worse, some website some law enforcement agency finds objectionable ... with users renting/paying for servers and poef entire countries and large isps block all your ranges. Happened all the time.

Insane! Telegram is blocked in my country too but they didn't block millions of IPs I think to achieve that!

From TFA, Telegram moved to the Amazon and Google clouds to work around the ban, so they needed to block those addresses.

Thanks for the information

How long until all countries firewall off and whole reason for creating the internet is completely lost.

The sad part is that it's not just authoritarian countries that are doing this, but also the democratic ones, in a foolish effort to stop "fake news" or "terrorism propaganda".

And the "better" AI is going to get, the easier it will be for them to call for such censorship, especially when people like Zuckerberg say they can already "stop 99% of the terrorist posts automatically".

Because that's most definitely misleading and wrong, unless we can actually review what that content was. Like I bet a large portion of those posts were not posts by terrorists, but posts about terrorists. I don't think the AIs we have today can distinguish between them very well. And at least a small portion probably had very little to do with terrorism, but maybe were posts from people in the same area as some terrorists, or stuff like that.

The AI will automatically block content that nobody will ever see. And we'll only depend on people who can somehow raise awareness that their content was blocked, produce a scandal, and then get the companies to unblock it (assuming the censorship will mostly be done by private companies in democratic countries). But this is not going to be a pretty future.

> The sad part is that it's not just authoritarian countries that are doing this, but also the democratic ones

Which democratic country has blocked a major messaging app because it is used by political dissenters?

> Which democratic country has blocked a major messaging app because it is used by political dissenters?

While it hasn't yet blocked it, the UK Government is certainly constantly after WhatsApp to remove the encryption (or build a backdoor) because a couple of terrorist jackoffs used it that one time (and I think they count as "political dissenters".)

Not messaging apps, but the government in Switzerland of all places recently introduced a law to block online casinos that don't operate under a Swiss license. The only reason that it hasn't gone into effect yet is because enough signatures have been collected to force a referendum.


Not much. We need mesh networks across every device - routers, smartphones, long distance repeaters, etc - ASAP to avoid it.

Sorry, it will not work.

If your government can pass laws to allow themselves to block any Internet services, it may as well go ahead pass laws to prevent people from circumventing that block.

So, the only defense you have, is to prevent your government from issuing the first law.

Probably something like Fidonet model could be sustainable in this case.

Until you create a true point to point channel between households without any corporate or government equipment, this is just a dream. Many people are mistaken about the internet, they think it cannot be easily filtered but this is not true at all. Every country has few major telcos that own the equipment where 100% of the internet traffic flows through. This is why banning IP ranges is super easy for them.

Until SpaceX launches its low-orbital fleet of internet satellites... That would be fun to watch.

It won't. The antennas will be pretty big and visible, and also they will inevitably leak some RF sideways. It's easy to ban them and catch people who get them illegally.


quote from https://github.com/aspnet/Docs/issues/5832 : "That's not about the Azure's sites only. Almost each of Microsoft's sites is absolutely unusable in Russia now, like: Docs, MSDN, Visual Studio, Office, Windows, Xbox, all of them and many others are almost dead now."

15M IPs blocked. Are they going to block the whole internet??

At Telegram their are pulling a troll move of epic proportions, much bigger than the troll move of the Russian government. Let's see what happens.

Hm, does that mean other IMs gave their encryption keys to Russian government?

Also could someone from Russia confirm telegram/AWS are blocked?

Depends on the other IMs, but as far as I know, at least Signal and WhatsApp have no keys they can give the government. WhatsApp could potentially sneak a backdoor in their closed-source code, but I don't think that's something they'd have incentive enough to do.

Hello I’m from Russia. And yes, local authorities started blocking telegram IPs. It doesn’t work without proxy/vpn.

Their DPI is so dumb that it can be easily bypassed just by editing `Host` to `HOst` in http header. BTW ipv6 adresses are not blocked.

What does that even mean? Every ISP has it's own filtering system, some (or maybe even most of them) are custom built ones. There is no such thing as single government approved DPI.

Wait, assuming they're using TLS and certificate-pinning, the DPI shouldn't be able to read the HTTP headers at all. How does that work?

That’s right, but basically dpi sends tcp reset in case of https or 302 redirect in case of http before target server response, since it’s located nearer. There’s a tool to bypass this, so you can read more there. https://github.com/ValdikSS/GoodbyeDPI

If I'm not mistaken use of SNI reveals the target in plain text, big discussion these days with DNS over TLS etc.

Not all ISPs even have DPI, small ones just block IPs

It's not possible to comply with RKN's requirements by banning IPs for quite a long time already.

In my case, proxy alone doesn't help. It only works with VPN now :(.

Maybe they just don't have enough balls to go after the biggest ones (WhatsApp and Viber). Plus, other IMs don't have public channels anyone can subscribe to. IIRC that was the original problem, "extremist" channels. Why did they ask for encryption keys instead of blocking channels? Who knows lol.

Telegram still works without (manually adding) proxies :D

EC2 Ireland (at least the subnets where my servers are) also works.

> other IMs don't have public channels anyone can subscribe to


Is http://zapret-info.gov.ru being DDoS-ed?

Can't wait for Durov comments on this. Really interested in the tech details. Any telegram developer here??

Russian here. Good job Roskomnadzor. You just taught quite a few people to use VPN -- including me. And, as a side benefit, you created another image problem for Putin's regime (as if he needed any more of that).

I already had Bitlocker on all my PCs, 2FA everywhere, moved from Gmail to Fastmail, and VPN was one of the last privacy-related things I procrastinated on. Now I have VPN on all my desktops and on my phone, turned on by default. And I also switched to for DNS.

Thank you government, I guess?

Here's the thing: there should be rioting. But there isn't.

VPN doesn't give you privacy; it only allows you to bypass blocks (and introduce yourself to blocks in other countries or services though). VPN providers can still log your every move.

The difference is, VPN providers, unlike ISPs normally don't have your home address and passport info[1]. Some don't have your name at all, unless your traffic leaks your identity - e.g. when you're paying for VPN service with Bitcoin. Even more, they're generally out of your jurisdiction, which acts as some barrier against frivolous requests.


[1] In Russia every ISP is legally required to perform this sort of KYC and keep those records for a while.

Consider using VeraCrypt instead of Microsoft's closed source BitLocker. Basically for the same reason's you'd use Telegram over Facebook's WhatsApp.

Here's what the article should be: Russia bans lots of AWS and GCP IPs to see no riot.

It's rather "Russia bans lots of AWS and GCP IPs just because they can." There is no chance of riot happening.

A power play - sure. It's not the first (and surely not the last, unless something unthinkable happens) time our Tsar and his boyars introduce "countermeasures" against "foreign agents" that barely affect anyone abroad, but are essentially showing the world what kind of enforced restrictions Russian serfdom can tolerate for "national security" reasons - if any reasons at all.

When the Soviets had dissolved, Russia had its internal power struggles and was late to this game - but as we've entered this era of stabilnost' (cf. Harmonious Society) we're catching up fast.

"The internet needs to have a better way to block parts of it without taking down the rest of the internet."

- Internal communication of the Russian Security agency

And yet, Telegram is still working without a proxy or vpn.

not everywhere, unfortunately. In my location it's almost impossible to use it without VPN. It also became difficult to send files through it.

You can see here how russia has started to "burn": http://downdetector.com/status/telegram/map/

(However this might apply: https://www.xkcd.com/1138/ )

Big outages in Kyiv and Milan too?


(These look like outliers even considering xkcd population density.)

So what can telegram do if google and amazon bans them in Russia?

Use azure?

If this is indeed a blanket banning of AWS and GCP, then I assume that Amazon and Google will soon remove Telegram.

It might be immoral, but it's the fastest solution to the harm this causes to all other affected customers I can think of.

So do you think it's good idea for Amazon / Google reputation to cease their service to any SaaS if kremlin dont like it? Unlike many smaller players Telegram might actually afford to pay for even millions of new IPs in thousands of subnets.

> So do you think it's good idea for Amazon / Google reputation to cease their service to any SaaS if kremlin dont like it?

No, but I don't think that's how it would be spun -- I would exect it to be framed as a ToS violation.

I not sure how it's can be against ToS because unlike other case Telegram is actually large enough to actually pay for tens of thousands end point IPs easily even on monthly basis.

And Kremlin minions certainly not going to stop ban subnets now even if will be 1:1000 ratio of Telegram's one and other services.

Well, they've done it with others before, so it's kinda expected.

And it also shows why relying on AWS or GCP is a horrible business decision.

18 millions now, things go crazy and out of control

18 millions now Things go crazy

16 millions already.

5M as of now.

4.5M already.

Correct, they updated it 40 minutes ago.

Sounds like a good reason to advocate for IPv6

If IPv6 was used Russia would ban address ranges instead.

I think he meant that only Telegram would be be blocked instead of possibly affecting half of the Internet on the way there. For Telegram it wouldn't be any better.

They would still be blocking the IPv6 netblocks assigned to Amazon and Google, only it would be easier because the blocks would be more contiguous.

I'm assuming it would be easier having one IPv6 address used only by a single application, that's why. Amazon/Google services would be less affected then. There's a whole different question if government would bother to be that precise, still.

The whole point of moving to the cloud was to make themselves harder to block. I don't think they would self-defeat by limiting themselves to a single /64 or something.

how would that help?

18M already

Love it!

nearly 6 million now


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact