VPN Provider Removes Russian Presence After Servers Seized (thestack.com) 89
An anonymous reader quotes a report from The Stack: VPN provider Private Internet Access has pulled out of Russia in the wake of new internet surveillance legislation in the country. The company claims that some of its Russian servers were seized by the government as punishment for not complying with the rules, which ask providers to log and hold all Russian internet traffic and session data for up to a year. Upon learning of the federal action, the company immediately removed its Russian availability and announced that it would no longer be operating in the region. "We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process," wrote Private Internet Access in a blog post. The company advises users to update their desktop clients. They also noted that its manual configurations now support the "strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096." Putin has given Federal Security Agents two weeks to produce "encryption keys" for the internet.
Re: When in Rome (Score:2)
Obey every law without question. Civil disobedience is violence. Do not test us.
Re: (Score:2, Funny)
Obey every law without question. Civil disobedience is violence. Do not test us.
You go on and try that in Putin's Russia. Let me know how it works out for you, K?
Re: When in Rome (Score:5, Insightful)
Obey every law without question.
When you are a COMPANY yes. A company doesn't have a right to civil disobedience. A company may challenge the law in courts it cannot and SHOULD NOT choose which laws to follow.
Re: (Score:2)
A company doesn't have a right to civil disobedience.
[citation needed]
Re: When in Rome (Score:1)
A company is a person.
In America.
Thanks to a spelling checker changing the law.
Re: (Score:2)
http://legal-dictionary.thefre... [thefreedictionary.com]
https://en.wikipedia.org/wiki/... [wikipedia.org]
"Civil disobedience is usually defined as pertaining to a citizen's relation to the state and its laws, as distinguished from a constitutional impasse in which two public agencies, especially two equally sovereign branches of government, conflict. For instance, if the head of government of a country were to refuse to enforce
Re: (Score:2)
Of course you are aware that legally a corporation is a person?
Re: (Score:3)
They don't agree with the law so they stopped doing business there. Where is the problem with that? The nature of their business demands not operating there while a theoretical petition is filed.
Re: When in London (Score:1)
The same mass surveillance laws are being rolled out in the UK too. Theresa May's snoopers charter, (our new unelected Prime Minister).
There's zero difference between what Putin is doing spying on everyone, and what Theresa is doing spying on everyone.
Putin has his elite group, protected from it, Theresa has MPs, in an elite group not subject to the surveillance, except they are really. If ever they flagged which IPs are MPs IP, GCHQ and NSA will be watching those addresses particularly closely.
All leaders
Re: (Score:3, Insightful)
Are we honestly going to pretend that an American VPN provider is secure and does not do exactly what they're told by American authorities?
Re: (Score:2)
Re: (Score:1)
Russia is quite capable of destroying itself without any outside help. Any problem, large or small, is always blamed on the US. If the economy tanks in the US how many US citizens blame Russia? It's a good strategy on Russia's part because they know it's gives them a pass on anything they do. Russia invades a sovereign country and all you hear is that the US does it and that's the end of the debate. Russia blows up a few hospitals in Syria and all you hear is that the US does it and that's the end of the de
Re: When in Rome (Score:2, Interesting)
Re: (Score:2, Insightful)
So when you cannot comply, you close.
Re: (Score:2)
"log all traffic" Do you think any site that gets more than a few dozen hits is going to be able to do that?
Why? (Score:1)
Re: (Score:3)
Your employer requires it. Some semi responsible employers require a gesture towards security even if they won't spend any real money on it.
Re: (Score:1)
VPNs are useful things. Perhaps you are a multinational company and want to coordinate with other parts of your company. There is almost certainly some kind of VPN protecting that traffic.
Also, perhaps you are in a country where all internet access is monitored for anti government behavior, well a VPN to a country that doesn't have that is a very useful thing. Hell, you could use a VPN just to access your home network and control that web based camera that you just don't want to put directly on the inter
Re:Why? (Score:5, Informative)
Because Archfield and the Anonymous Coward missed the point, I submit the following rephrasing...
Why would a person/company who is using a commercial VPN service actually want their internet traffic to originate from Russia?
An employer requiring a VPN to the home office? Makes perfect sense, and happens every day. An employer requiring their remote-working employees who are probably working from home (e.g. likely within 50 miles and 10 hops of that office) to connect via Sonicwall NetXtender or Cisco VPN to their front-facing router? Absolutely. However, what possible security could be accomplished by having remote employees use a commercial VPN service to encapsulate traffic making a 50(ish) mile trip or less by making it traverse through Russia before getting to the home office?
A multinational company having a site-to-site VPN also makes plenty of sense. Even if it's to their office in Russia, it still makes sense, but it's not what Hagbard was referring to, because in that context its from their company, to their company. The question implicitly doesn't apply. If you're in China or Iran and VPNing due to government oppression, doesn't it make a lot more sense to send your traffic through the US or UK or Japan or some other country with less draconian oversight of internet traffic? Actually, that proves the point of the article - the company pulled out of Russia because Russia was implementing that very level of oppression for which a VPN would be needed. Finally, latency alone would be reason enough not to VPN through Russia for remote viewing of a security camera.
Nobody is asking whether VPNs are useful. The question being asked is whether there's any utility for the endpoint to be in a country that is beginning to require a year's retention on connectivity logs.
Re: (Score:3)
Citation ? The US is arguing loudly about who can and does snoop and when it is OK, while most other countries are just doing it quietly in the background. Nearly every country in the EU has been implicated in cooperating with the US, UK, Germany, Australia and France amongst the foremost contributors. The reason it is such a newsworthy item in the US is the fact that the ISP's are privately owned and complain about the government wanting records, while in many countries the ISP's are state sponsored or own
Re: (Score:2, Insightful)
You provided the citation. Any body that argues over "Freedom Of Speech" is looking to restrict "Freedom Of Speech".
You make no sense (Score:3)
So discussion of an issue is equal to opposition of an issue ? Quit trying to cryptic and cool and deal with reality. Any society that purports to be free MUST have room for argument, debate, and a wide variety of ideas of what is correct and what isn't. But you appear to only see black and white, your way or nothing. All I did was express an opinion, which you declared as wrong and proved yourself as a narrow minded fool.
Re: (Score:1)
Nobody is asking whether VPNs are useful. The question being asked is whether there's any utility for the endpoint to be in a country that is beginning to require a year's retention on connectivity logs.
If the logs just contained the endpoint and traffic past that point, then it wouldn't hurt much, but obviously if they undo the point of the VPN they are less useful. Still, just for fun here is a few valid uses, if obscure ones. (Certainly your correct that ideally you want to avoid Russian VPNs in most cases.)
1) If all countries required logs, then someone having a valid need for privacy, or simply wanting it, could, in theory hop through several VPNs, thus requiring a lot more work to get at the real s
Re: (Score:3)
I see your point now, and I have to agree. Point to point VPN for work is a requirement but if I was looking for an environment to VPN my private traffic, Russia would not be my choice either.
Not to be pedantic my nick is archFELD no field involved. Thanks for the correction/information in any case.
Re:Why? (Score:5, Informative)
Re:Why? (Score:4, Informative)
Re: (Score:2)
Re: (Score:3)
Russia is one of the countries I regularly choose to send my traffic through. Good internet infrastructure and bandwidth with fast connectivity to much of europe. Absolutely ZERO legal agreements between countries like US, UK etc so far less chance of them sharing your browsing habids with others and those that they would share it with would not give a shit about me.
This. A person I know has sometimes used his Bit Torrent client through a VPN going through Russia for the same reasons.
Re: (Score:3)
Also, Russia has cheaper games, but they can only be activated from IP addresses in Russia. Some people use a VPN to bypass region lock-outs on cheaper products.
Re: (Score:2)
There are lots of people who think The Man is out to get them. Sometimes they are right - political activists and outright criminals. Sometimes they are just paranoids who think Obama is plotting to take their guns so the UN can invade and force their children to be gay. Either way, they don't really care where their traffic seems to come from, so long as it can't be traced back to them.
Re: (Score:2, Interesting)
Re: (Score:3)
Re: (Score:2)
putin making demands (Score:1)
the real story here is putin's absurd demand or all of the internet's encryption keys.
That is absurd to twilightzone levels.
Oh darn Putin, I guess you will mad that I didnt give you my exclusive access (only given in person to close friends) 4096bit public key. I mean, it is clearly evil of me to deny plotsylvania access to my correspondence concerning internet cat pics and jokes. A real loss to your nation's intelligence agency, i am sure.
no, I wont give you a copy. Not even if you ask nicely.
Re: (Score:3, Interesting)
Re: (Score:2)
dandy donald wont get his fat fingers on my key either. even if he asks really nice.
Re: (Score:3)
Really? Show me one article about, or even better yet -- an official letter sent to a company executive, from the US government asking for encryption keys that will allow decryption of any data the company handles.
I won't hold my breath while I wait, but I certainly hope you do while you're looking.
Re: (Score:2)
Reality is they had no choice but to pull out. Basically what will happen is selected foreign companies, suspect companies (suspected of passing info to the North American Territorial Occupation farce) will be targeted for the most onerous requirements and they will be forced to operate at a loss or shut down and pull out from Russia (also not to forget, foreign companies competing against insider Russian companies). So the laws are purposefully tough and have been purposefully written so as to be legally
Re: (Score:2)
God. Just hand him some random key string, and when he complains that it doesn't work say "you're doing it wrong."
This makes it official (Score:3)
Vlad, the Internet Impaler (Score:1)
Vlad, the Internet Impaler [slashdot.org] - this was my original comment on the Putin Gives Federal Security Agents Two Weeks To Produce 'Encryption Keys' For The Internet [slashdot.org] story. I got 'flamebait' moderation on that one :)
I want to see how deep does the rabbit hole go...
Putin and his very small hands... He wants 'the Internet encryption keys' in his small hands.
OK, so that is funny. But consider that in the last year Putin increased the police force by a large number in Russia and he signed a law that would require the country to build him his own 'national guard', everybody sees it the same way: he is scared of a coup and he wants his own army around him at all times. Him and his small hands, he is scared to be overthrown and as a KGB operative he knows that he can be overthrown and he decides he needs a couple hundred thousand body guards.
This move against encryption of all sorts is based on the same fear. He is scared of everything, scared he will not find out about a gathering of people somewhere and won't jail them in time before they make it to any news that still exists (and journalism is the most dangerous activity in that country, journalists murdered and beaten by the government). He is afraid to end up in the same way Quadaffi and Hussein ended up in. He should be scared, people are very tired of him. The majority of people in Russia wouldn't move a finger to get ridbof him, but it doesn't take a majority, only a few determined people and that is what he is afraid of most.
Needless to say there are other business interests that are government owned and that would love to have access to all communications that would prevent any competition against them.
Also FSB has their google like search servers installed at every ISP and every communications company in Russia, searching for stuff and recording what matches specific parameters, but the new law also imposes an obligation to all communications companoes to record all traffic and all communications for a minimum of 6 months.
The companies are saying this will cost them billions and will cause rate hikes, the government officials are replying that is nonsense, it will cost nothing and any rate hike because of it would be a money grab. Right, because it costs nothing to record 6 months of internet traffic.
As to this requirement to the FSB to get all of the encryption keys, I wonder who Putin wants to fire 2 weeks from now, because it sounds like an old Russian fairy tale of a tsar telling his servant to go some place that cannot ne found and to get him something that does not exist and if he fails to deliver his head is coming off...
Re:I can understand removing the servers. (Score:4, Informative)
But couldn't they still offer a VPN client that connects to a server outside the country with a "dynamic" IP of sorts to keep it from from being blocked by the ISP? [snip] We need some good news, and we just aren't getting any yet.
They do. That is the good news. Here's the summary...
Private Internet Access owns about 3,000 servers in 34 countries. You pay $7/month, and you set up a PPTP/IPSEC/OpenVPN client with the credentials they specify. When you log into your account on their website, you can pick which country you want your data to be originating from, and that is your endpoint. If they have a server in France, then your traffic is VPN'd from your computer to their servers in France. If you connect to their VPN and then head over to IPChicken, you'll see a French IP address from the block of IPs they own from that region. If tomorrow you want your traffic to come from Kansas, you pick your server there, and your IPChicken will reflect that IP instead. Meanwhile, those IPs are used by dozens of other users, so it's neigh impossible to tell exactly which user was responsible for a given piece of traffic...unless you explicitly configure those server to log which users were logged in and sent what traffic where, which is what Russia is looking for.
Certificates (Score:4, Interesting)
They also yanked all certificates (or will soon). Customers will have to download the new ones if they use OpenVPN or something of the like.
So... (Score:1)