After the start of the war with Ukraine, Russia was in second place in the world in terms of the number of VPN service downloads. As early as March, Russians had a particular interest in such services, which is well shown by the statistics of Google search queries. From them you can find out that basically Russians need a VPN to access the blocked Instagram, Canva and Spotify image processing service. At the same time, the most popular are free mobile applications released by unknown providers ( listed by RBC). The Insider previously wrote about why it is not worth using such services and applications.
Already in March, Roskomnadzor began massively blocking access to both free and paid VPN services. The popular and free WARP service from Cloudflare (1.1.1.1) was disabled, Nord VPN stopped working – one of the most popular and reliable paid services in the world. It became impossible, as before, to use the Internet through Tor, the paid services Proton, Lantern and Psiphon worked intermittently (as of November 2022, some of them work again for users located in Russia, depending on the communication provider). Roskomnadzor admitted that they are blocking servers through which services provide Russians with the opportunity to get to "forbidden" sites. In addition, the Russian authorities launched a campaign to intimidate users of VPN services. For example, posters appeared in the Moscow metro, comparing services to a pickpocket.
As the Moscow Now channel wrote , this was not an initiative of the metro – visual propaganda is based on the official poster of the Department of Internal Affairs on the metro, warning about real thieves. And State Duma Deputy Maria Butina, on the air of the Russia-1 TV channel, proposed “imprisoning” parents for using VPNs by their children. So far, however, there are no legal obstacles to the use of VPNs, and the authorities are trying to solve the issue with technical measures – blocking access to them.
How Roskomnadzor monitors your traffic
For almost a decade, Roskomnadzor banned Russians from accessing certain websites using its own registry . Providers receive a list of sites and ip-addresses to which access should be restricted, after which they have a day to stop giving access to these addresses to users located in Russia. Roskomsvoboda conducts open public monitoring of the list of blocked addresses.
This is where a VPN has always helped – for example, to access RuTracker.org (the largest Russian torrent tracker) or Lurkomorye (the Russian-language encyclopedia of Internet culture) – both sites were blocked at the very beginning of the application of the law. You can also bypass such blocking using a proxy server, which, unlike a VPN, does not provide anonymity (the data is not encrypted), but allows you to pretend to the provider that you are not in Russia, which means you can go to the “forbidden” site.
The state carefully monitors user traffic. Since 2018, operators had to install SORM-3 equipment, which controls user traffic, collects and stores the following information for up to three years:
- personal data (name, address, passport copy) of subscribers;
- information about payments (from billing), services rendered (including payment data);
- facts about the connections of subscribers (with whom they communicated, how many times, in what way, etc.);
- the contents of the connections (requirement of federal law No. 374-FZ of 06/06/16 – "Yarovaya package").
If you do not want the contents of your connections (for example, information about which sites you visit and how long you sit there) to be available to special services, you need to use encrypted communication channels – those same VPN services.
However, the first prohibition measures seemed insufficient to the authorities, and in 2021 they began to actively use technical means to counter threats (TSPU). The official position is that such complexes are needed to protect the state from external threats, but experts believe that their function is control and censorship. For example, using such tools, Twitter was slowed down (posts from users in Russia were loaded with difficulty, and photos and videos were not loaded at all), restricting access to Google documents and Smart Voting . This happened without the sites being included in the register of banned sites, simply at the behest of the regulator and without any warnings. The way the regulator uses this equipment is doubtful even from the point of view of the norms of laws that regulate the blocking of sites, experts from Roskomsvoboda say.
For such restrictions, Roskomnadzor uses equipment with Deep Packet Inspection functions (deep traffic filtering, DPI) of the Russian manufacturer RDP.RU LLC (connected with Rostelecom). Since this equipment allows you to set restrictions both on access to a site (for example, Instagram or Facebook) and on data transfer protocols, it makes the use of many VPN services potentially useless: using DPI, you can simply restrict the transfer protocols that they use. This happens because mass services were not sharpened to restrict access to sites of this kind, which Roskomnadzor began to use. However, while blocking occurred, presumably, not according to protocols, but only according to IP addresses and IP ranges of individual services included in the state black list.
If you want to use sites that Roskomnadzor is trying to restrict access to, you need to bypass the DPI restriction – and in addition, the provider's restriction set in accordance with the registry of prohibited sites. Proxy servers or VPN services help with the second, and special applications for bypassing DPI help with the first.
Bypass traffic filters (DPI)
There are several applications that prevent Roskomnadzor from filtering your traffic. Some of them were developed by foreign censorship resistance activists, some of them taking into account the Russian reality. The advantage of this workaround is that it is completely offline: there are no external servers that can block anything, everything happens on your computer.
One such program for Windows is GoodbyeDPI. You can download the latest version from thelink . A similar package for Linux is called zapret , but it can be quite difficult to set up for an untrained user. A similar application for Windows, MacOS, Debian is called GreenTunnel .
In addition, you can install the Censor Tracker browser plugin developed by Roskomsvoboda. It is available for Chrome and Firefox.
It is important to remember that using this bypass method simply gives you the opportunity to fight traffic filtering by Roskomnadzor. At the same time, for the provider, you look like the same user (whose passport data he has), who somehow accesses prohibited sites. Traffic is not encrypted, so it is still possible to find out which sites you went to, when and how much time you spent there, and the provider stores all this information according to the Yarovaya law. This distinguishes the use of such services from a VPN, with which the provider only sees that you have contacted a certain server abroad.
Therefore, for maximum anonymity (if you care), you will have to use a VPN. You can use ready-made solutions or deploy your own server.
VPN against censorship
Most commercial VPN services, of course, were not designed to circumvent the kind of restrictions that Roskomnadzor is trying to impose. But there are a few apps that were originally created to bypass censorship. One of them is Psiphon , which has a large audience in China and Iran. The service is able to bypass the "great firewall of China" – the most sophisticated blocking system among those used by governments.
Psiphon is free to use, but then there will be ads in the application, and the connection speed will be limited to 2 MB / s. This speed is suitable for searching information, social networks and even some mobile online games, but it is no longer enough for streaming video. You can remove restrictions and disable ads for a subscription or a subscription, they are paid for in the internal currency in the application itself. The cost will vary depending on which country your app store is set to. For the USA it is about $6-10, in European countries and the countries of the South Caucasus the cost is slightly less. At the same time, the application has both a censorship bypass mode and a full-fledged VPN with traffic encryption.
There are several problems with Psiphon for Russians:
- Payment (if there is a desire to unlock a higher speed) – for mobile applications it will be associated with Google Play and the App Store or possible through PayPal, but all these services are blocked for Russians, and Russian cards are not accepted in them.
- Low connection speed.
- Attempts by Roskomnadzor to block Psiphon servers – at some point, despite all the efforts of the developers, they may be successful.
Applications similar to Psiphon with the same blocking bypass functionality are Lantern and Tachyon . Although Lantern allows you to bypass all kinds of blocking, it is not a VPN in the full sense of the word. One problem with this app is that it doesn't let you choose which server to connect through, and what's more, it doesn't even tell users which countries it has servers in. In addition, developers do not disclose details about access protocols and many other important data for assessing the security of the service. Free access is limited to 500 MB per month. Roskomnadzor has made successful attempts to restrict access through Lantern , but as of November 2022, the service is working again for most users.
Own VPN from Russian open source developers
In 2020, a team of developers from Russia created the Amnezia app, which greatly simplifies setting up your own VPN service. Although it may seem too complicated for someone who has never had to rent their own service before, the Amnezia team has tried to simplify the process as much as possible and make it clear to everyone. The app is available for Windows computers, Macs, and Android phones. The beta version was also released for iPhones in July, but so far it is in the testing stage (you can download the file here ).
The Amnezia team uses OpenVPN technology through the ShadowSocks protocol – both parts of the solution are open source, so users can be sure that data passing through the service is not stolen or stored anywhere. In September 2022, the project passed a security audit and has already taken steps to correct the identified issues.
To launch your own VPN, which Roskomnadzor will not be able to block, you will need to rent your own server, and the Amnezia team has selected options for foreign servers that can be paid using Mir cards, UnionPay or in cryptocurrency. This is useful for people in Russia whose MasterCard and Visa cards cannot be accepted by foreign providers.
In addition, you can use the site to select the server " Search VPS " – there you can choose the appropriate tariff plan. The service allows you to select providers by country of location. Please note that you should not host your server in countries that may give out information to Russian law enforcement agencies (for example, in Russia or Belarus) or in other countries where there is a risk of political crises. In addition, you should not choose a hosting that is located too far geographically (for example, in Australia), so that the signal does not have to make an extra detour. It is best to choose a server in one of the EU countries or Switzerland, although they are more expensive than in some other countries.
To access the main blocked sites and social networks, you can also use the configuration issued by the Amnezia Free bot.
To set up a VPN, you will also need the following settings:
- installed Ubuntu operating system;
- one processor core (CPU) – you can, of course, more, but this will be enough;
- 2 gigabytes of memory (RAM) – you can do more, but it will cost more;
- traffic – you can choose unlimited (unlimited), although even one terabyte will be enough, even if you use the service with a group of friends and constantly watch TV shows online;
- payment method that suits you.
For servers with such parameters, the price of monthly use starts at about $3 (about 190 rubles at the exchange rate as of August 15, 2022). On average, the tariffs that the Amnezia team recommends cost about $5–6, and if you pay for a server at once for a year or two, you can save 5–10%.
After you rent your server, launch the Amnezia app installed on your device. It will ask you to enter the IP, login and password of the server. The Amnezia website provides examples to help you understand where to get this information. After entering the data, your application will work. You can watch the video instruction on setting up on the Greenhouses of Social Technologies channel.
Such access to the Internet will be anonymous, encrypted, and Roskomnadzor will not be able to block it – at least until it starts blocking all VPN services using all possible connection protocols. But even in this case, the programs for bypassing DPI locks, which were mentioned above, should help you. If you have problems with installation or additional settings, you can ask a question in the chat of the project developers .
Google's own VPN
Outline VPN is another open source project that allows you to make a VPN (more like a proxy, actually) on your own server. It was developed by the Google team to help people bypass censorship. Unlike Amnesia, it is easier to put it on iPhone and iPad. Outline uses the Shadowsocks encryption protocol, developed by Chinese activists to bypass the "Great Firewall of China". This allows him to bypass the restrictions set by Roskomnadzor.
You need to choose a server for Outline in the same way as for Amnezia, and setup instructions are on the service website . You can also watch the video instruction on the Greenhouses of Social Technologies channel.
Outline is not a typical VPN, it does not provide complete anonymity of network activity. The Shadowsocks protocol combines the benefits of a proxy with traffic encryption. This means that your communication provider will not know where you went, and in general will not understand that you are using a tool to bypass blocking. But you need to understand that all this information will be with the one who gets access to your server (if this happens suddenly). However, for most Russians, this factor is not too critical in their threat model, so it is quite possible to use Outline.
The biggest privacy risk potentially comes from the hosting provider you buy server access from. You tell him your name, email address and bank card details. The relevant services can ask the provider for information about which users pay for the server and get the necessary data – but the risk of this is low, and when buying hosting from foreign companies, the likelihood of giving out your information if you are not doing something that is illegal abroad , tends to zero.
Classic commercial VPN
Of the services that are currently available in Russia, we continue to recommend several applications. They are not free per se (in accordance with the monetization model), but in some cases they have a fairly large amount of free traffic and are still available in Russia – although they sometimes work intermittently with some providers. As a rule, they do not contain tricky ways to bypass traffic blocking, but in some settings you can find something similar to the one described above (for example, configure Shadowsocks).
1. Windscribe
VPN with no-logs policy, 10 GB of data for free for web browsing and downloading small torrents, but no access to Netflix and Hulu (the paid version of Netflix has it). There is a built-in ad blocker. There are applications for all popular operating systems.
Free 45 day period, optimized servers for videos, torrents and games. A global network of over 7200 servers in 91 countries for fast connection. What distinguishes it from many competitors is the presence of a browser extension that allows you to use CyberGhost VPN in one of four locations for free, without registration and without traffic restrictions. A huge plus for those who have gone abroad is that CyberGhost has servers in Russia if you need to access Russian government sites, bank applications, and public services (many of these sites and applications have stopped letting users from abroad).
3. Mullvad
Exclusively commercial, very stable service with a user-friendly interface and many servers around the world. The cost per month is € 5, there is no point in paying in advance – there will be no discount. Until recently, Mullvad was rather obscure and, apparently, therefore, was not subject to blocking. Now the service has not yet been blocked, but this can happen if Roskomnadzor so desires, at any time.
A good paid VPN with a big discount when paying for two years (a month will cost $3). I got into this selection because it has stable servers for accessing Russian government sites, and so far these servers have not been blocked by the authorities.
It is important to install several applications – in case some of them are blocked or do not work for other reasons. Подобрать сервисы можно из списка блогера That One Privacy Guy. Тогда у вас будет возможность подключиться к другому приложению и оставить ваш доступ к интернет-ресурсам свободным, а трафик — шифрованным. Но бесплатные VPN с подозрительными названиями лучше всё же не устанавливать — они могут не только воровать ваши данные, но и иметь вмонтированный вирус-шпион, как произошло недавно в Иране.
Если интернет в России закроют
Если Роскомнадзор продолжит вводить ограничения и отключать Россию от мирового интернета, стоит присмотреться к сервису SoftEther . Это проект, подобный по настройке описанным выше Amnezia и Outline, и, как и Psiphon, некоммерческий. Он поддерживает множество протоколов, в том числе передачу данных через ICMP и маскировку под DNS-запросы. Когда в 2020 году в Туркменистане «отключали интернет» во время наводнения, только SoftEther удалось «пробиться в мир» через маскировку под DNS-запросы — так как провайдеры, предположительно, будут отключать прохождение DNS в самую последнюю очередь.
Прямо сейчас мы не рекомендуем пользоваться SoftEther, потому что его интерфейс довольно неудобный и настроить его не так просто, как рекомендованные сервисы. Кроме того, идущий через него трафик может быть очень медленным (и особенно медленным он будет, если интернет всё же отключат). Но можно ознакомиться с ним на досуге. Почитать обсуждения настроек для обхода блокировок можно на форуме NTC , посвященном борьбе с цензурой во всём мире.
Для обмена сообщениями в ситуации экстренного отключения интернета можно использовать мессенджер Briar . Он работает на основе защищенных сетей Tor, а также Wi-Fi и Bluetooth. Приложение использует одноранговую систему без центральных серверов для передачи данных, в связи с чем сервис нельзя заблокировать путем изъятия серверов. При этом он абсолютно анонимен, полностью шифрует ваши сообщения и не хранит никакие ваши данные. Проблема с Briar — он работает только на телефонах с операционной системой Android.
Еще одно приложение, которое позволяет оставаться на связи группе людей, находящихся рядом, когда интернет не работает, — Bridgefy . Оно использует запатентованное программное обеспечение для связи смартфонов в радиусе 100 метров с помощью Bluetooth. Как и в других приложениях с ячеистой сетью, — чем больше пользователей подключено, тем дальше можно пересылать сообщения. Например, если Bridgefy использует пять человек, то диапазон может увеличиться до 400 метров. Его плюс — кросс-платформенность: приложение есть и на iPhone, и на Android. Минус — нет такого серьезного шифрования, как у Briar.
Установить такие приложения и мотивировать друзей сделать то же самое не будет лишним, даже если вы пока что не будете ими пользоваться. Про другие подобные мессенджеры рассказывает инициатива eQualitie (ссылка на архивную копию).
Кроме того, полезно заранее установить браузер CENO (расшифровывается как «нет цензуре») и научиться им пользоваться. Если какой-то сайт или часть доступа в интернет заблокируют, через пиринговый протокол браузер найдет этот сайт у тех, кто уже обошел блокировку, и даст вам доступ к нему. Еще один плюс этого браузера: если ваш телефон окажется в руках силовиков, удалить всю информацию из кэша браузера можно одной кнопкой.
Если вы не в России
Если вы читаете эту статью, уехав из России, вы наверняка столкнулись с тем, что некоторые российские сайты — информационные, государственные, банковские и другие — не открываются с зарубежных IP-адресов. Получить к ним доступ вам помогут те же VPN и прокси — например, указанные выше RedShield и CyberGhost, а также PrivateVPN или VyprVPN. Кроме того, с помощью Amnezia или Outline вы можете развернуть свой VPN через сервер, на этот раз уже находящийся в России (подобрать его можно через тот же « Поиск VPS »), и раздать ваш доступ близким и друзьям, кому тоже может пригодиться доступ к сайтам через российские IP-адреса.
Кроме того, вы можете позаботиться о людях в России: предложить им оплатить или разделить с ними оплаченные VPN-сервисы, а также стать «мостом информации» для пользователей CENO-браузера: это будет бесценно, если интернет в России всё же отрежут от внешнего мира.