What’s Happening with Surveillance in Russia?
Debates about online anonymity have been ongoing worldwide for years, and Russian lawmakers continue their efforts to regulate the internet. It’s easy to become paranoid if you think about it too much. At the request of GQ, journalist Andrey Kagansky investigated how the Russian government actually monitors citizens, which messaging apps officials prefer (and which you might want to use), and why Russia is still far from an Orwellian reality (spoiler: corruption gets in the way).
How Surveillance Works
The most well-known method of surveillance in Russia is the System for Operative Investigative Activities (SORM). The principle is simple: operators and “organizers” of communication services, from major telecoms to university Wi-Fi admins, are required to install equipment that copies internet traffic and phone conversations for later analysis by the FSB. While this sounds intimidating, there’s little reason to panic. According to journalist Andrei Soldatov, who co-authored a book on SORM, the system is too cumbersome to be truly effective. Security agencies prefer targeted surveillance, and urban legends about keyword-based mass monitoring remain just that—legends.
As for targeted wiretapping, Russian law enforcement can only conduct it with a court order. In 2015, courts issued 845,631 such permissions. Whether you’re included in that number is anyone’s guess, as these warrants rarely become public knowledge.
Which Messengers Do Officials Prefer?
The easiest way to bypass government surveillance—and the biggest headache for would-be eavesdroppers—is to use encrypted messengers like WhatsApp, Viber, and Telegram. Russian officials use them too. Due to infighting among security agencies and fear of Western surveillance, some government employees have become quite skilled at secret communication. There are even rituals and traditions around this, and you might learn a thing or two from them.
The choice of messenger often depends on where an official works. Most government agencies use Telegram, but there are exceptions. According to a source close to the FSB, some in the Moscow office prefer FaceTime for its encrypted video calls and the fact that compromising video chats aren’t stored anywhere. In the State Duma, police leaders reportedly favor Signal, while most parliamentarians still prefer in-person meetings in bathhouses or offices over secret chats.
The Presidential Administration is stricter about information security. Internal requirements include written reports on social media activity (including anonymous accounts) and VPN usage. VPN technology allows for encrypted internet connections, including secure phone lines, but after the Yarovaya law, not all VPNs are safe—SORM is being implemented on many of them as well.
“Interestingly, microphones are mechanically removed from office equipment to prevent eavesdropping,” says a Kremlin staffer. As smart devices like fridges and TVs become more common, they can be used for surveillance or even DDoS attacks, as seen in 2016. WikiLeaks has revealed that “smart” Samsung TVs can be turned into expensive bugs. Edward Snowden once declared a phone safe only after removing its microphones and cameras, so Russian officials’ precautions aren’t as paranoid as they might seem.
Still, many government employees are far from tech-savvy. “Honestly, most officials are clueless about security. In Roskomnadzor, for example, they use mail.ru addresses and rely on vague language for protection,” complains one insider.
Surprisingly, the General Prosecutor’s Office is considered the most advanced in information security. Prosecutors reportedly refuse to accept documents via flash drives and never discuss secrets over email or popular messengers. They also use TOR to encrypt traffic and even experiment with devices that change their IMEI numbers to make anonymous calls.
For ordinary Russians, the days of easy phone encryption may be numbered. In 2016, a SORM supplier sought contractors to hack encrypted messengers, but apparently failed. In early 2017, new amendments to the “On Communications” law aimed to bring messengers under control, requiring companies to provide law enforcement with user identification tools. Non-compliance could lead to app store bans, as happened with LinkedIn. Authorities argue that encrypted chats are used not just by gossipers and political bloggers, but also by terrorists. Telegram, in particular, is seen as a “Wild West” where illegal services are easily found.
Russian security services can already hack Telegram, albeit crudely—for example, by intercepting SMS authentication codes. Western agencies are more advanced: WikiLeaks documents show the CIA can read secret chats using special viruses, though they haven’t cracked Telegram itself, instead exploiting vulnerabilities in mobile operating systems.
How You’re Tracked in the Darknet
For now, Russians can still browse the internet relatively freely. While VPN providers are mostly under control, the TOR network remains a reliable option—unless the government follows the example of Ethiopia or Turkey and blocks it. The darknet is still largely protected from law enforcement, but users can be caught if they make mistakes, like disabling antivirus or not turning off browser scripts. This is how Australian police caught many users of a child pornography site.
The catch with TOR is that providers know you’re using it, but not what you’re doing. In 2013, Harvard student Eldo Kim used TOR and Guerrilla Mail to send a bomb threat, hoping to avoid an exam. He was caught within two days—not by breaking encryption, but by correlating TOR usage logs with university network records. This is called a correlation attack, and SORM’s data retention makes it easier for Russian authorities.
“If they want to, they can find anyone. All TOR exit nodes are monitored. Imagine you’re being watched, you turn on TOR, use torrents, and log into VKontakte from your TOR browser,” says a young IT analyst in government. He notes that unique browser window sizes and other digital fingerprints can help identify users. However, he adds, “No one will go to such lengths for a small-time drug user.” These digital fingerprints are also used for targeted advertising, and in special cases, leaked ad data can help deanonymize darknet users.
Why Total Surveillance Is a Myth
Russia’s dreams of Orwellian technocracy are thwarted by officials’ desires for villas in Tuscany and basic technical incompetence. Often, police don’t even need to find the real criminal—just the owner of a TOR exit node whose IP address was used for suspicious activity. This is likely what happened to Moscow math teacher Dmitry Bogatov, arrested for inciting unrest. While he was in custody, the user “Ayrat Bashirov” continued posting from the same site.
More ambitious surveillance projects often fail due to everyday corruption. In 2013, a company contracted to supply Moscow’s police with “Spartan 300” surveillance systems actually delivered Microsoft Kinect controllers with new logos. The system was supposed to use neural networks to detect intentions from facial expressions, but in reality, it barely worked as a motion controller. The story would be funny if not for the TV coverage and subsequent complaints from Microsoft.
Other projects, like installing microphones in public transport to help drivers respond to emergencies, are likely to just transmit background noise. Moscow’s metro is supposed to get “smart” cameras with facial recognition, but technical details and effectiveness remain unclear. Current procurement data doesn’t clarify how many cameras will be installed or their capabilities, though systems for tracking queues and forgotten bags are already being tested.
What Does the Future Hold?
Arthur Khachuyan, whose company Fubutech supplies facial recognition software to officials, believes the future lies in anti-terrorist drones scanning faces over Moscow. Fubutech’s algorithms constantly scour the internet for publicly available photos, then match faces to a database—useful for finding terrorists or identifying students at protests. It’s similar to FindFace, but with different technology.
To fool such algorithms, Khachuyan suggests simple tricks: sunglasses covering half the face, a scarf, or even special face paint that reflects infrared light. Artist Adam Harvey’s 2013 project CV Dazzle proposed bold hairstyles and makeup to make faces invisible to recognition software. Harvey is now working on fashionable urban camouflage that could one day become mainstream—even among officials attending meetings in camo suits and dramatic makeup.