Update, April 18th:
Just 4 days after Russia’s telecommunications watchdog banned Telegram, the organization has now blocked around 16 million IP addresses. The decision came as a response to Telegram’s move that transferred a part of its infrastructure to Amazon Web Services and Google Cloud servers.
Around 1.8 million IP addresses that belong to Amazon and Google infrastructure are now blocked.
However, Roskomnadzor’s move has led to secondary unwanted effects since it also blocked other web services including online games, mobile apps or cryptocurrency services.
#funfact Russia banned over 15 million IP’s in an attempt to ban #Telegram, most of them belonging to AWS and Google cloud. According to @CatVsHumanity some of them used by retail chains and banks. Ps. Telegram still works https://t.co/FHowfQx9C7 pic.twitter.com/byv99z1Dsk
— Wojciech Krepa (@wkrepa) April 17, 2018
So, Telegram is officially banned in Russia now. To enforce this ban our government blocked over 2 million ip addresses today, mainly from Amazon AWS and Google subnets.
What a time to be alive.
— Rannor Medved (@rannor_ru) April 16, 2018
The initial story
You can’t keep an independent, destabilizing service from being blocked in authoritarian regimes, you can only delay it. So you need to be thinking about how to continuing protecting people by making the service accessible *even after the block.*
Edward Snowden tweeted this just 4 months ago, as Russian authorities increased pressure against the Telegram messaging app.
Snowden’s prediction turned into reality just a few hours ago, when a Moscow court ruled that Telegram will be banned in Russia.
The ban will be enforced by the Russian media watchdog Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media):
👨⚖️ Процедура ограничения доступа к мессенджеру Telegram будет организована после получения Роскомнадзором соответствующего решения Таганского суда. Ограничение доступа будет осуществляться в рамках действующего законодательства. pic.twitter.com/O6PLYlq2SA
— Роскомнадзор (@roscomnadzor) April 13, 2018
As a result, privacy-aware Russian Internet users are scrambling to find new secure platforms and app to protect their online activities.
Why the Russian government pushed to ban Telegram
Roskomnadzor warned Telegram on March 20, 2018 that it had 15 days to hand over their encryption keys to the FSB. The messaging app’s founder, Pavel Durov, denied complying with the request.
Threats to block Telegram unless it gives up private data of its users won’t bear fruit. Telegram will stand for freedom and privacy.
— Pavel Durov (@durov) March 20, 2018
Additionally, Telegram’s lawyer Pavel Chikov arguing that the court’s demand is unconstitutional.
The FSB’s requirements to provide access to private conversations of users are unconstitutional, baseless, which cannot be fulfilled technically and legally.
As reported by BBC.
Just a few weeks ago, Telegram announced that the app had reached 200 million users. To mark the occasion, they published a blogpost restating their mission:
We operate this way because we don’t regard Telegram as an organization or an app.
For us, Telegram is an idea; it is the idea that everyone on this planet has a right to be free.
Above all, we at Telegram believe in people. We believe that humans are inherently intelligent and benevolent beings that deserve to be trusted; trusted with freedom to share their thoughts, freedom to communicate privately, freedom to create tools. This philosophy defines everything we do.
This was the reason why Telegram became the first messaging app to roll out end-to-end encryption to tens of millions of users in 2013.
As you’d expect, there’s a bigger story at play here.
One reason Telegram came under heavy fire from the Russian government is that Roskomnadzor representative Maria Smelyanskaya argued that:
Information distributed on Telegram may contain extremism and terrorism, and that could threaten Russia and all its citizens, including users of the messenger.
The connection is based on FSB’s claim that the suicide bomber who killed 15 people on a subway in St. Petersburg in April 2017 used the app to communicate with his accomplices.
As a consequence, FSB requested Telegram to pass them evidence. More specifically, they required decoding messages of six phone numbers. Telegram provided no reply and two months later, a Moscow court fined Telegram with 800,000 rubles for not answering the FSB request. Telegram appealed the decision on the grounds that FSB’s order is not legal and valid.
Telegram has previously “agreed to block terrorist-related content in Indonesia after the government threatened to block the service over fears it was enabling terrorist communication”.
In a post on his Telegram channel on December 31, 2017, Pavel Durov emphasized that:
We are proud that Telegram is used by thousands of massive opposition channels all over the world. We consider freedom of speech an undeniable human right, and would rather get blocked in a country by its authorities than limit peaceful expression of alternative opinions.
When it comes to freedom of speech, Telegram is as unrestricted as a mobile app can get. In 2015, after Apple and Google reached out to us in the aftermath of the Paris attacks, we added the simplest Terms of Service theoretically possible in an app: no calls for violence, no porn and no copyright infringement on public broadcast channels.
Since then, Telegram has been blocking hundreds of violent public channels daily (including those reported in @isiswatch), making sure our rules are applied equally and fairly to all players, regardless of their size and political affiliation.
To his point, here’s how other actors are using Telegram’s encrypted chats to keep their conversations private as well.
Partly because of Telegram’s strong message encryption, the app has also become a widely used unofficial government communication system within the Kremlin. The service, which boasts 200 million users, now features “channels,” which are used in Russia as unofficial anonymous political blogs to circulate talking points and boost voter turnout.
When governments ban apps, websites, social media platforms or request tech companies for responsible (aka breakable) encryption, they always invoke security measures. Often, these so-called security measures are nothing but a common attempt to create a backdoor that legally allows them to monitor people.
Most companies don’t agree to provide governments with backdoors into their products and services and for good reason. Building a backdoor into a piece of software, for instance, diminishes the product’s/service’s security. They risk becoming more vulnerable to digital threats and even attacks. Most importantly, it betrays their users’ trust.
In Russia, online privacy is becoming a luxury
In November 2017, the Russian government passed a law to regulate the services that provide anonymity on the Internet and the technology behind them.
“Despite widespread speculation, the law does not directly ban the operation of VPNs and anonymizers. However, it does restrict access to banned websites with the help of these tools.”, mentioned a BBC article.
However, the legislation wasn’t as benign as it seems. A Russian source quoted by BBC talks about what it implies to have servers in Russia:
VPN providers will get access to Roskomnadzor’s blacklist of banned websites and will be entitled to provide the use of their servers “within the legal framework”.
That is why being transparent about server usage is a key factor to look for when choosing your VPN provider. You don’t want to end up like Guccifer 2.0.
If you want to know more about this, check out this short video we made:
Russia’s growing list of banned services, apps and websites
End-to-end encryption is a pain in the you-know-what for many governments around the world. I’m sure you’ve noticed how visible this issue has become in the past few years.
What is really happening here is that the Russian state is striving for ever more complete domination over mass media and the Internet. This step is simply the latest in a series of moves clamping down on any communication channels that cannot be intercepted and monitored. […]
In the post-modern world, whoever controls the keys and the certificates that secure communications holds all the cards.
In Russia, Telegram got in the way of FSB’s SORM, aka the country’s System of Operative-Search Measures.
SORM is Russia’s first response network for cyber-crime. It allows the Federal Security Service (FSB) to eavesdrop on communications via a direct line from ISPs to the FSB offices.
Some websites, such as YouTube and Instagram, have policed versions as they comply with requests from the Russian government to censor and remove some of their content.
What you can do about it
At CyberGhost, we don’t approve or encourage using apps or tech services as a means to hide terrorist planning or any kind of malicious activity. Our mission is to help protect your data, block indiscriminate surveillance and help those who need a safe channel to express their opinions freely.
Governments often blame advanced, encrypted tech services for all the terror and warfare that goes on in the world. But this is just like saying that knives should be forbidden because some people use them as weapons.
We truly believe everyone should equally enjoy online privacy and freedom. The internet-connected world was created as a free and borderless territory. This is at the core of so much of the progress we’ve made, as humans, over the past decades. However, some have forgotten or want to radically alter this model to suit their interests.
It’s up to you to choose who you trust with your data online. That’s why we advocate to keep yourself educated and always on the lookout for how things are changing in your community and country.
As Internet users, we have a lot of work to do to help keep the Internet a safe and trustworthy place.
So take action to protect your data:
- Use a trusted VPN to encrypt all your Internet traffic.
- Install a reliable antivirus or antimalware product to keep your devices from being used in attacks (against yourself or others).
- Use strong passwords so your confidential details don’t end up on the Dark Web.
You don’t need tech knowledge to do this but they will go a long way for your online safety and privacy.