Tor and Telegram Under Scrutiny: Will Russia Kill Anonymous Internet?

Roskomnadzor is closely studying anonymous and decentralized networks that enable bypassing the blocks imposed by the department. The ultimate goal of this study is to restrict access to such networks at the legislative level.

Tor browser, the Telegram Open Network platform, and a number of other networks based on anonymous secure connections are at risk.

The job was entrusted to the Federal Research Center “Informatics and Management” at the Russian Academy of Sciences. The government will allocate 9.2 million rubles ($110,000) to the research. The deadline for submitting the report is June 30, 2020.

In this piece, we explain why Tor and Telegram are popular in Russia and figure out how real the threat is.

Government blocking Tor and Telegram? We’ve Seen This Before

Since November 2017, a law has been in force in the Russian Federation, requiring the owners of the so-called anonymizers to block access to prohibited sites. Telegram messenger has been blocked in the country by a court decision since April 2018, albeit unsuccessfully.

According to the leader of the public organization Roskomsvoboda Artyom Kozlyuk, the law on anonymizers was meant to force various proxy and VPN services to cooperate with the Russian authorities and to enable the regulator to shut them down in case of refusal.

“This law has not been enforced until today, despite the fact that it entered into force more than two years ago. In March 2019, Roskomnadzor sent a notice to ten major VPN services with a request to observe the list of banned sites. All the services, except for Kaspersky Secure Connection, refused, but Roskomnadzor didn’t do anything to them at the time,” said the expert.

The current study, according to Artyom Kozlyuk, is being carried out as part of the implementation of the “sovereign Runet,” Russia’s take on an isolated domestic internet.

“Roskomnadzor wants to study specific technologies that are difficult to block by brute force or crack, as they are cryptographically secure. Based on this analysis they will try to manufacture hardware and software systems for filtering traffic or ‘jamming the signal,’ if it is at all possible,” he added.

Such an approach will render the blocking process completely non-transparet, the expert warns:

“If the authorities gain access to some kind of equipment that can detect and limit certain kinds of traffic, there will be no need to keep a separate register of banned sites and upload this data to telecom operators.

“Lists may exist in parallel, but at the same time, no one will know why this or that service suddenly stopped working. If Roskomnadzor implements this practice of off-registry blockings, there will be even more confusion.”

The leader of Roskomsvoboda also questions the effectiveness of this non-trivial method.

“I’m not sure that we will experience this in the coming months, or even years. Individual elements can be felt quickly. But the ‘switch’ that Roskomnadzor was given under the sovereign Internet law will likely be only used in case of mass unrest, and we will see a large number of regional shutdowns.”

Roskomnadzor explains the new tender by the need to develop tools to block prohibited information. The list of technologies being studied, according to the document, will include the Invisible Internet Project (I2P), The Onion Router (TOR), Telegram Open Network, Freenet, Zeronet, anoNet, as well as the mesh networks Yggdrasill, cjDNS, Briar, Signal Offline, and FireChat.

VPN technology was not mentioned. According to GlobalWebIndex service, VPN is used by a quarter of Russians.

VPN usage for anonymous browsing by country. Source: GlobalWebIndex

This discrepancy was noted by the ex-Telegram Special Directions Director Anton Rosenberg.

“The terms of reference contain a large list of technologies and protocols that need to be analyzed. Not all of them are popular, not all are used to bypass blocks. Perhaps they were added because the authors of the document did not understand very well how things worked, or to obfuscate, cover up some specific items of real interest to the customer, or even simply to create a facade of large and complex work to justify the allocated amount of funds,” he said in a comment to Kommersant.

How Is Tor Browser Different From Other Browsers?

Tor is an overlay network, an additional layer on top of the existing Internet infrastructure. It provides features that were not originally envisaged by the developers of traditional network protocols (TCP/IP).

Circumventing blocks appears to be Tor’s bonus feature, according to the Roskomsvoboda consultant Leonid Evdokimov. The Tor network is built in such a way as to not be able to distinguish between users and not collect their personal data.

“The network cannot “label” the user with the list of blocks since it can not determine his country and jurisdiction. Filtering is relegated to the “output nodes” in accordance with their local legislation,” the expert explains.

Another useful feature of Tor is the impossibility of retargeting, a.k.a. re-displaying ads.

“Anonymity in the era of ubiquitous advertising networks is useful when buying gifts for family members. Imagine that you are choosing a gift for your wife/husband, and a few hours later your partner is shown an advertisement for this gift. This can kill the surprise, and Tor can help prevent it,” adds Evdokimov.

And although anonymity and privacy are the main features of the Tor browser, they are not absolutely guaranteed, says Stanislav Shakirov, technical director of Roskomsvoboda.

“Even using Tor you can be deanonymized. For example, if you use the browser to log in the social media accounts.”

Why Is Tor’s Audience Growing in Russia?

Russia holds second place in terms of Tor users, after Iran. Over the past year, a little more than 330 thousand Russians used the browser daily, which is 17.39% of the total number of users.

Directly connecting users from Russia. Source: The Tor Project

However, this is still ten times less than the number of Russian Telegram users. According to the research company Mediascope, in August 2019, the daily Russian audience of the Telegram mobile application approached 4.4 million people.

Most of the Tor traffic in Russia is Hydra darknet marketplace traffic, says Ksenia Yermoshina, Center for Internet and Society CNRS and Citizen Lab research fellow.

“The reasons for the growth of the Tor audience may be related to the blocking of popular services and the popularity of platforms located in the .onion domain (like Hydra). If the number of people arrested for reposts or publications is growing in the country (and the authors of such posts are often identified by IP address), we can expect that Tor user base will also grow,” she said in a comment to ForkLog.

At the same time, high-quality VPN services can easily steal Tor’s audience, whose goal is to bypass blockings or maintain anonymity by changing the IP address.

“VPNs are usually more convenient, faster, and less clunky when viewing videos and other multimedia content. Once people find out about good VPN services, many would rather switch to them than use Tor. Journalists are a good example to illustrate this, as their work is crippled without fast connection and the ability to open video and photos. They need javascript, which is turned off by default in Tor. If there is an option for the editorial office to provide licenses for a VPN or a good free/cheap VPN (for example, Psiphon, PIA), then they will prefer a VPN,” concluded Ksenia Ermoshina.

Are Roskomnadzor’s Threats to Block Tor Real?

According to Tor employee Diana Azaryan, blocking Tor is feasible, which was already proven in several countries. In September 2009, Chinese authorities blocked the public list of Tor relays using simple IP blocking. About 80% of public network nodes were censored.

In 2012, Iran and China began to use DPI (deep packet inspection) to block the Tor Project network. There have also been blocks in Kazakhstan and Ethiopia.

Yet even in the event of a blocking campaign, the Tor network will continue to operate.

“Users will still be able to connect to the network through bridges (private nodes). Even if the main Tor Project site is blocked, there are other ways to get bridges. You can also use the Pluggable Transports technology, which masks the traffic, making it indistinguishable from the ‘normal’/allowed traffic,” said Diana Azaryan.

According to Diana, there are several types of interchangeable transports that follow a single specification. For example, “meek” transport was created specifically for residents of China.

The easiest way to limit access to the Tor browser is to block bootstrap nodes — a special “hard-wired” address in the program from which the initial configuration for the overlay network program is loaded, continues Leonid Evdokimov:

“With some degree of success, Tor, I2P, and DHT torrent clients can be blocked in this way. This tactic will work well until clients for overlay networks begin to actively ‘resist’ blocks.”

That being said, he reminded about the unfortunate consequences of previous blocks in Russia:

“Any threat can be realized, the only question is the amount of collateral damage. And Roskomnadzor is not very worried about the latter. We already saw this in April 2018, when in an attempt to block Telegram, the department blocked Google and many Amazon networks, breaking the functionality of Slack, Ted.com and millions of other sites,” says Evdokimov.

Given the fact that the Russian Academy of Sciences is involved with the study, there may be temporary successes in blocking the Tor browser on the territory of the Russian Federation, but overall the threat is illusory, believes Alexander Isavnin, representative of the Internet Protection Society.

“Overlay networks are evolving significantly faster than they can be blocked. They will overhaul their inner workings and the results of the “research” will become irrelevant. Not to mention that 9 million rubles by Russian standards is a paltry sum. There is no way a strong study can be conducted with such level of financing,” the expert concluded.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Subscribe to our Newsletter

Related posts

• Data Brokers: How Law Enforcement Rely on Inaccurate Data to Supplement Investigations
• Messenger App Steals User Data and Hacks Their Devices, ESET Research 
• What Prompted Sudden Truce Between Telegram and Russian Watchdogs: Main Theories
• Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
• Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
• Secure Identity Expert Explains How Cryptography Gives Us Power Over Personal Data
• Telegram User Data From Earlier Leaks Found on Dark Web, Contact Import Feature Is to Blame
• How to Defend Yourself Against Scammers, Corporations, and Government: Hacker’s Perspective