Home Net Is Thor banned? The founder of Tor spoke about a possible way to block the service. Who and what prohibits

Is Thor banned? The founder of Tor spoke about a possible way to block the service. Who and what prohibits

The Russian became a defendant in a criminal case for reporting terrorist attacks. He says he simply accessed blocked sites via Tor +

In October 2016, the administration of one of the regional centers in Russia received an email about an impending terrorist attack. A message received by the mayor's office on October 17 at 2:20 am spoke of an alleged impending explosion in one of the city's shopping centers. From the ruling of the local district court (the text of the document is available to Meduza) it follows that the bomb threat was qualified as a deliberately false report of a terrorist attack. On October 19, a criminal case was opened in connection with this message.

The investigation is being carried out by the FSB. The resolution states: FSB officers established that the message about the impending explosion was sent from IP 163.172.21.117 (according to the RIPE IP address database, the address is registered in Paris). The intelligence services managed to find out that this IP is in fact an “address hiding and spoofing service,” that is, one of the active exit nodes of the Tor network, which began operating in September 2016.

A resident of a Russian city who used a French Tor exit node on the night of October 17 became a defendant in the criminal case. The FSB established that on October 17, between 1:30 and 3:00, a connection was made to the IP address 163.172.21.117 from the city in which a false report of a terrorist attack was recorded. The user who could do this has been identified; He is a witness in the case. The FSB soon withdrew from the case, according to court documents.

The defendant in the criminal case actually uses Tor.

He himself told Meduza that he has several services installed on his computer to maintain anonymity, including Tor. According to him, he uses them to enter sites blocked in Russia; most often these are torrent trackers and sites about anime. The defendant does not remember whether he used Tor on the night of October 17, but insists that he did not send any messages about the terrorist attacks. He says that thousands of other Tor users could have used the same exit node at the same time as him, one of them could have sent a message about the terrorist attack.

During the search, all equipment was confiscated from the person involved in the case.

He told Meduza that on December 29, 2016, at around 7 p.m., police officers came to search him: “I was given a court order. Let's go rummage through my things in my room. Then they started sealing the equipment. The rest of the rooms were purely visual. As a result, they took away all the equipment: two computers, all phones, all flash drives, even a non-working film camera. They even wanted to take the monitor, but then they changed their minds.” On the same day he was interrogated at the Ministry of Internal Affairs. “They asked whether anonymizers were installed on the computer, for what purposes, what sites you go to,” he says.

They also read a letter to him about the terrorist attack, sent to the city administration, and asked whether he wrote it. According to him, the letter spoke of “complete madness.” The person involved in the case, in a conversation with Meduza, recounted the contents of the message as follows: “I’m on my way to your city. Soon everything here will fly up into the air, there will be only blood and pieces of meat around.”

Eight months after the search, the case remained motionless.

A person involved in the criminal case tells Meduza that since December 29 he has not been summoned for questioning, and has not been informed of any results of investigative actions. At the same time, he suggests that the police may change his status and transfer him from witness to accused. “I am apolitical, I do not campaign for [oppositionist Alexei] Navalny. I'm basically no one at all. I've never even had an administrative job. I’m just a heck, I constantly sit at home and don’t go anywhere. I am the perfect target with no money or connections to pin it on someone. I won’t be able to oppose anything to them,” he emphasizes. The regional Ministry of Internal Affairs refused to talk to Meduza over the phone about the progress of the investigation.

On August 15, the person involved in the criminal case himself came to the Ministry of Internal Affairs to the investigator in the case and inquired about the progress of the investigation. The police told him that the results of the examination were not yet ready, but promised that it would be completed by the beginning of September.

On October 17, 2016, the administrations of several Russian cities received electronic messages about explosions. Among other things, similar messages, as follows from the court ruling, were sent through the websites of the administrations of St. Petersburg, Yekaterinburg, Kaliningrad and Yaroslavl. Police officers found that when sending a message about a terrorist attack through the website of the Yekaterinburg administration, the author used the address [email protected]; the form for sending a message on the administration website did not require any confirmation of the email address - and any user could enter and use any (even someone else's) address. When sending electronic appeals to the administrations of other listed cities (including the city where the hero of this material lives), you can also use any mail without confirmation. The court ruling does not say which email addresses were used in other cities.

After checking email address a second defendant appeared in the case.

Mail [email protected] was registered using a private paid server, which, according to investigators, belongs to the Cloudpro company, which rents out servers. Employees of the Ministry of Internal Affairs learned that the server services were paid for from Yandex.Wallet, linked to mobile number Megafon subscriber - Muscovite Dmitry Chechikov. The court ruling states that payment was made specifically for registration mailbox, but most likely they mean services for renting a server that was used as a VPN when registering an email address.

The court ruling, which Meduza has at its disposal, states that back in 2000, Chechikov “made attempts to commit a knowingly false report about an act of terrorism” by sending emails in Vladimir (it is not known whether he was punished). The first person involved in the case tells Meduza that he does not know Chechikov. Chechikov himself refused to talk to Meduza.

On July 30, Vladimir Putin signed a law banning services for bypassing blocking. The President of Russia signed a package of amendments to legislation that prohibit the use of means to bypass blocking. It will come into force in November 2017. Thanks to them, the FSB and the Ministry of Internal Affairs will have the authority to find services (anonymizers, VPNs and other means of bypassing blocking) that help users gain access to sites blocked in Russia. If the owners of such services do not prohibit access to information prohibited in Russia, they will also be blocked.

Quite a confusing story. Can you briefly explain again what happened?

1. In October 2016, someone sent messages to the administrations of several Russian cities about impending explosions, including St. Petersburg, Yekaterinburg, Kaliningrad and Yaroslavl.

2. Apparently, in all cases, the attackers used means to maintain anonymity.

3. We know of one criminal case opened as a result of these events; there are two characters in it. One of them got into trouble because he was using Tor at the moment when the administration of his city received a message about an impending explosion. The second is because of the email address specified when sending a false message about a terrorist attack to the administration of Yekaterinburg.

4. At the same time as the first defendant in the criminal case, the same Tor exit node could be used by thousands of people from all over the world - anyone could send a message. In the case of the second person involved: the websites of city administrations do not check the entered email, users can indicate someone else’s or simply fictitious one.

At the request of the hero, “Medusa” does not indicate his name and the name of the city in which he lives.

Against the backdrop of the introduction of blocking of Russian sites in Ukraine and the intentions of the Russian government to additionally introduce blocking of VPN services and anonymizers, we decided to look at how often this practice is used in the world and in which countries users have already encountered such blocking.

According to the Freedom House report, over the entire past year, the governments of 37 countries introduced blocking of certain sites. And this is only taking into account those countries that took part in the study. In almost all countries where website blocking is introduced, people can access blocked resources through additional means, which include Tor browser, anonymizers and VPN services. Usually they are not blocked and remain available to users. But there are also exceptions.

Recently, a bill was submitted to the Russian State Duma for consideration, which proposes to control the operation of VPN and Tor. The bill states that Tor, anonymizers and VPN services will have to prohibit access to those sites that are prohibited in Russia. Lists with such sites will be sent to the management of the services. If within a month the requirements are not met and the sites remain accessible, then only in this case will Roskomndazor through Internet providers and operators cellular communication will block access to these services. If all requirements are met, then users will continue to be able to use an anonymous browser and VPN to gain access to other sites whose activities do not extend to the territory of the Russian Federation.

The Russians reacted very sharply to the new bill, although it has not even been adopted yet. But there is absolutely no doubt that it will soon be accepted. In the meantime, let's find out how Tor and VPN are blocked in other countries.

Blocking IP Addresses

In some countries neighboring the Russian Federation, laws blocking access to VPN and Tor have already come into force. In particular, the governments of Belarus and Kazakhstan took such measures. In these countries, blocking is carried out with the help of Internet providers, who calculate the necessary IP addresses and simply block them. In Belarus and Kazakhstan there are so-called “black lists”, which include the IP addresses of VPN servers, input Tor nodes and even addresses of sites that describe ways to bypass the blocking. These lists are sent to providers, who in turn block them. To some, this approach may seem pointless. Perhaps this is so, because instead of blocked public nodes new ones appear, but the blocking still has a slight effect on the popularity of these services.

According to download statistics and Tor installations, its popularity has declined. If in 2015 the number of connections to the anonymous network without making any changes to the settings was 9,000 per day, then after blocking they became 3 times less.

But after the decision was made to block access to public IP addresses of Tor, users began to increasingly use so-called bridges that have IP addresses that are not included in the prohibited list. Moreover, the number of such bridges began to constantly increase. Before the adoption of the law on blocking, only a few hundred people connected to the network through bridges; after the law was enacted, the daily number of such connections increased to 2000. But even despite such statistics, even this method of blocking is still useful, because changing nodes and in general, not every user can make any changes to the Tor browser. Most average users are even afraid to install it on their computer new program or an extension to your browser, not to mention using Tor or VPN services.

If you read total number users of an anonymous web browser in Belarus before and after blocking, then even with an increase in the number of users working through bridges, the difference is about 4000. So, as we see, the method is still effective. Some people don't know how to bypass the blocking, while others don't want to bother with the settings. But there are also those who are simply afraid that they will be tracked and punished for visiting prohibited sites.

There are at least 4 more methods in the world that are used in different countries to completely or partially block access to Tor or VPN. Read more about them in our next article.

With such an initiative - free internet It’s getting smaller before our eyes. At the same time, most users are sure that Tor and VPN cannot be limited in any way. We asked advice on this from Mikhail Lisnyak, the creator of the meditative service for tracking currency quotes and oil prices Zenrus and a teacher at Moscow Coding School, whose course registration started today.

VPN - in a nutshell - is a creation virtual network over another network, such as our Internet. That is, an encrypted channel is created between the user and the VPN server, through which the user connects to another network, and it turns out that a person from Moscow accesses the Internet as if he were from, for example, Amsterdam. We are now considering one of the VPN options, which relates to the news feed, in general various types and there are many more applications, but their operating principles are absolutely the same.

Tor is a routing system based on encryption and a distributed network of intermediary nodes (they can also be ordinary Tor users). When connecting to Tor, the client collects a list of available intermediary nodes, selects several of them, and in turn encrypts each sent packet with the keys of the selected nodes. Next, this packet, encrypted with several keys, is sent to the first (input) intermediary node. The latter decrypts its key and sends the packet further, the second node decrypts its own, and so on. At the end, the last node decrypts the last “layer” and sends the packet out to the Internet. You can think of it as an onion, with each subsequent node peeling off a layer. Actually, this is what Tor stands for - The Onion Routing, that is, “onion routing”. Since almost the entire path of the packet is encrypted and no one except the input node knows the sender of the packet, the system ensures anonymity and security of traffic.

But you can block Tor. First, the Tor client must somehow obtain a list of entry nodes. To do this, the client connects to the root registry of these nodes. If you block access to this root server, the client will not be able to obtain a list of input nodes on the network and, of course, will not be able to connect to the network. Eat manual method receiving nodes (for example, via mail), but this, firstly, is not very convenient, and secondly, if the supervisory authorities discover the addresses of these nodes, they can still be immediately blocked.

In addition, there is such a system as DPI - a packet analysis and filtering system. Now this system is gradually being implemented in Russia by providers. It is quite expensive, so not all providers use it. But that's it for now. I think that in the near future all backbone providers will install it. This system can analyze traffic at a low level, determine the type of traffic (even encrypted, but without receiving the content itself), filter it and, if necessary, send it for blocking. Now these systems are already able to identify Tor traffic based on certain characteristics. Tor responded by coming up with a traffic masking system (obfsproxy), but gradually they are learning to detect it too. And using all this is becoming more and more difficult for the average user.

If the authorities want, they will block everything for the vast majority of users. Particularly stubborn geeks will be able to find loopholes, but for the average user this is not an option

That is, Tor can be banned in an entire country using the same DPI. When they introduce criminal liability for the use of such software, several show trials will quickly be held, and that will be the end of it for the most part. There are no sane replacements for Tor yet. The same i2p is banned in exactly the same way. Now blocking Tor is not easy, it is expensive, but it is quite feasible if the state really wants it.

In general, everything has already been invented and is used, for example, in glorious China. Known nodes are blocked, traffic is analyzed by DPI, and identified packets are blocked (and information about the sender is conveyed to where it should be). Plus, there is a “forward connection” system, when a suspicious packet to some server on the Great Firewall is “suspended”, and the firewall itself makes the same request to this server and analyzes the response. And then, based on various criteria, it is determined whether it is possible or not.

If the authorities want, they will block everything for the vast majority of users. Of course, particularly stubborn geeks will be able to find loopholes, they will be covered, new loopholes will be found - this is an eternal process, as happens with viruses and antiviruses. But for the average user this is not an option. In addition, there is always the opportunity to introduce white lists or simply close the entire external Internet completely. But I hope it doesn't come to that.

It is quite logical that many Russian users of the anonymous Internet browser Tor are concerned about the issue of its legality. After all, at one time a law constantly flashed in the news, stating that it was officially banned, along with all kinds of anonymizers, as well as VPN services. So let's figure it out Is Thor banned in Russia?, or is this not true at all?

And we will begin, perhaps, with legal information, because this is what we should start from first of all. The news was pushing " Federal law dated July 29, 2017 No. 276-FZ" (you can read its electronic version). If we simplify everything greatly, then it says about the ban distribution any means to hide the identity of people online.

Accordingly, it concerns various sites where anonymizers, VPNs and programs or utilities with similar functions are published, and search engines, which show resources with prohibited content in the results.

But the direct private use of this kind of funds at the moment (this text was written on 03/08/2019) is not yet prohibited, but only difficult.

Conclusions

Strictly speaking, the question “Is Thor allowed in Russia?” so far the answer is positive. Users can not be afraid to maintain their anonymity on the Internet using this web browser. Moreover, there were no judicial precedents on this matter.

But we would like to draw your attention to the fact that all of the above applies only to persons who use it for “respectable” purposes, that is, do not violate the law. But legal sanctions may well be applied to violators (if they are identified).

Short summary: You won't get anything for using Thor as long as you don't break the law. But this rule is valid until the relevant legislative acts are applied at the state level. For example, there is often news in the news that the Russian Internet will be localized within the country and cut off from the world, and access to it will be provided only with documents that prove a person’s identity.

In any case, you and I can only wait for changes. We really hope that they will be favorable and will benefit law-abiding residents of the country, but to the detriment of violators.

As of May 5, 2019, all instant messaging services operating in Russia must verify phone numbers upon registration.

In theory, they should send a request to the telecom operator. There they check whether such a number is in the database, and only if the answer is positive, you can register and send messages. And if there is no number or the user cannot confirm that it is his phone, registration should be prohibited, and messages will not be received.

Government Decree No. 1279 dated October 27, 2018

This procedure was approved last fall, but it will only come into force now. It is unclear whether all this will work in practice and how it will affect the use of instant messengers.

Instant messaging services that operate in Russia are required to check the user's phone number against a database of telecom operators. If there is no number or the user cannot confirm that it is his phone, they will refuse registration and prohibit communication.

Comment: It's unclear whether this will work. It may turn out like the ban on buying a SIM card without a passport: it seems impossible, but they are still being handed out at crossings. But the verification procedure has been approved and can be applied.

About VPN

The law potentially covers all proxy and VPN services, as well as anonymous networks Tor, I2P and Freenet. Their owners are asked to restrict access to sites included in the Roskomnadzor register of prohibited sites.

Employees of the FSB and the Ministry of Internal Affairs will monitor anonymizers, Tor and VPN services that provide access to sites blocked in Russia.

The document also prohibits search engine operators provide links to resources blocked in Russia. (It’s not clear how Yandex should deal with this. And will Google be banned too?)

There have been changes to the information protection law. They were adopted to limit access to prohibited sites. The provisions regarding bypassing blocking will come into force on November 1, 2017.

The order states that only sites that allow access to gambling will be included in the register, and not any VPN service. If I don't break the law, won't I be prohibited from doing anything?

They will even prohibit it. There are no such criteria to be able to segment the purpose of a VPN. Traffic encryption channels are used for different purposes. Someone to work on the marketplace or to sit on social networks without violating anything. And someone connects via VPN to play in a casino - this is a violation.

The Federal Tax Service may decide to block a site with such services, even if it simply contains information about options for bypassing blocking of online casinos and lotteries. And even more so if you can download some program there or connect to a service to access a prohibited site.

This means that any site about VPN access is at risk, even if you do not intend to violate anything. If it works now, in a week it may no longer work.

I need a VPN for work, not gaming. What to do to avoid being blocked?

Nobody knows which specific sites are at risk of being blocked in the near future. If we take the wording of the order literally, then even information sites can be included in the register.

If you use a VPN for work or protection from hackers and do not gamble online, look for different legal options to access anonymizers just in case. Or think about how to work without a VPN.

Don’t expect it to blow through like with Telegram. This order was signed by the heads of four departments, and now they will be obliged to implement it.

I'm a regular user. Sometimes I use a VPN, but I don’t visit prohibited sites. Am I in danger?

You are in no danger. You can use anonymizers as much as you like for work, dating sites or computer games and visit any sites that are in the public domain.

If your usual VPN service suddenly stops working, it means that it did not want to comply with the law and was helping to bypass blocking. Find another one - there are many of them.

If it suddenly turns out that the site is blocked by decision of Roskomnadzor or work has stopped due to the fact that the messenger or VPN is not working, you can lose money or even your entire business.