Roskomnadzor to Block Shadowsocks Protocol and Almost 50 VPN Services

According to media reports, Roskomnadzor (RKN) has, for the first time, added the Shadowsocks protocol to its list of VPN services subject to blocking. The agency plans to use technical threat countermeasures (TSPU) on cross-border connections to block this protocol.

The publication Kommersant notes that Shadowsocks, originally developed in China to bypass censorship, is most often used by ordinary citizens for private VPNs and by information security specialists. Since it disguises its traffic as other resources, blocking it could disrupt the operation of many legitimate services.

Earlier, a letter from the Ministry of Transport, dated November 10, 2023, addressed to 381 organizations in the transportation sector, appeared online. The Telegram channel “ZaTelekom” drew attention to this letter.

The document indicates that Roskomnadzor may block 49 different VPN services and protocols through centralized management of the public network (using TSPU devices installed on telecom operators’ networks under the “sovereign Runet” law). To ensure the operation of information systems that may use VPNs for secure connections and remote access, organizations were required to provide information about the services and protocols they use by November 15, 2023.

Roskomnadzor declined to comment on this document, and the Ministry of Transport did not respond to journalists’ inquiries.

Experts told the publication that, to avoid problems with blocking corporate networks using VPNs, RKN requests information from various industries about the services they use, and then “so-called white lists are created.”

As shown in the table above, the agency’s list includes not only the Shadowsocks protocol but also the ItHelper service from the Russian developer “Soft Program,” designed to speed up devices with built-in VPN. Journalists note that subscriptions to this service are freely sold at “M.Video-Eldorado.”

Widespread issues with VPN services in Russia began as early as the summer of 2022. At that time, Roskomnadzor started experimenting with blocking specific protocols (there were issues with L2TP, IKEv2, and IPsec), and in August of this year, users began reporting problems with OpenVPN and WireGuard.

As a source from Kommersant explained, Roskomnadzor initially blocked VPNs by IP address, but since these can change, the registry must be updated regularly. However, according to the source, OpenVPN and WireGuard are fairly common protocols often used by companies to establish secure connections, and unlike Shadowsocks, they do not disguise traffic during connection, “since they were not originally created to bypass censorship and blocking.” Therefore, unlike Shadowsocks, they are easier to block using TSPU tools.

Another source clarified that blocking Shadowsocks “through traffic analysis will be very difficult due to obfuscation—there is a high risk of affecting other entirely legal services.”

According to Dmitry Galushko, head of the Association of Small Telecom Operators (which unites 100 providers), mass blocking of VPNs that use obfuscation “inevitably carries the risk of making some legal services unavailable and may also create additional load on operators’ networks.”