Russia's war on encryption and privacy has reached an entirely new level of ridiculous. We've noted for a while how Putin's government has been escalating its war on encrypted services and VPNs in the misguided hope of keeping citizens from dodging government surveillance. But things escalated dramatically when the Russian government demanded that encrypted messaging app Telegram hand over its encryption keys to the FSB. After Telegram refused, a Russian court banned the app entirely last Friday, and the Russian government began trying to actually implement it this week.
It's not going particularly well.
Telegram tried to mitigate the ban by moving some of its essential infrastructure to third-party cloud services. But Russian telecom regulator Roskomnadzor responded by blocking upwards of 16 million IP addresses, many belonging to Amazon Web Services and Google Cloud. Not too surprisingly, the heavy-handed maneuver resulted in connectivity problems across massive swaths of the Russian internet:
Telegram started using Amazon's AWS to bypass Russian censorship. Now, if you were @roscomnadzor (highly unlikely because nobody's as dumb as these doorknobs), what would you do? Certainly not block 655352 IP addresses belonging to Amazon, right? That would be so stupid... oh pic.twitter.com/AxEHfRUGnU— Manual (@CatVsHumanity) April 16, 2018
Some users say the ban has disrupted the functionality of unrelated online games and services:
Our officials are blocking Amazon IPs, hoping to block Telegram.— Omni H. Sable (@OmniSable) April 17, 2018
And they hit other unrelated services as well. There are reports that GuildWars2 and Trello are unavailable, for example
And even credit card terminals:
Telegram is routing traffic through Amazon and Google cloud services, which is forcing Russia's telecom regulator to block hundreds of thousands of IPs. People are reporting that some credit card terminals are not working as a result. https://t.co/7CO2roBJhJ— Yasha Levine (@yashalevine) April 16, 2018
While the Russian government has been portrayed as a technological and hacking mastermind in the wake of its escalating global disinformation and hacking campaign, there's nothing at all competent about this effort. The Russian government is demanding that both Apple and Google pull encrypted messaging apps from their app stores. They've also tried to pressure sideloading websites like APK Mirror into refusing to offer alternative access to the Telegram app. But it's just another game of Whac-a-Mole, with VPN provider NordVPN saying it saw a 150% spike in Russian usage in the wake of the ban.
The Russian government is claiming that its ham-fisted blockade has resulted in a 30% dip in Telegram usage. But Telegram founder Pavel Durov has downplayed the ban's impact on overall "user engagement":
"For the last 24 hours Telegram has been under a ban by internet providers in Russia. The reason is our refusal to provide encryption keys to Russian security agencies. For us, this was an easy decision. We promised our users 100% privacy and would rather cease to exist than violate this promise.
"Despite the ban, we haven’t seen a significant drop in user engagement so far, since Russians tend to bypass the ban with VPNs and proxies. We also have been relying on third-party cloud services to remain partly available for our users there."
Russian state media meanwhile continues to demonize Telegram as a haven for villains, and is directing users to alternatives like TamTam with alleged ties to the Russian government. All told, it's another wonderful illustration of how filtering the internet doesn't work (unless collateral damage and annoyance is your stated goal), and a war on fundamental security and privacy tools only makes everybody less secure. This is not a battle Russia can "win," but it's apparently too far down the rabbit hole of bad ideas to stop now.
Our IP Address: