VPN in Russia: From Service Blocking to Protocol Blocking

By Ava McKinneyOnline Safety

VPN in Russia: From Service Blocking to Protocol Blocking

Key Takeaways

  • At least 6 out of 15 VPN services studied experienced connectivity issues when OpenVPN and Wireguard protocols were blocked.
  • The user strategy of switching between VPN services to find a working one is a major vulnerability when popular protocols are blocked.
  • There is a lack of research on the operation of technical means of countering threats (TSPU).
  • The legal framework for blocking VPN services in Russia is expanding.

Internet Censorship in Russia: An Evolving Landscape

Internet censorship in Russia has been intensifying year after year. Since 2011, the country has consistently lost ground in the Internet Freedom Index. This decline is driven by regulatory changes that strengthen the legal basis for censorship, as well as an increasing number and variety of blocked resources.

Chart: Russia’s Internet Freedom Index from 2011 to 2023

Tools for bypassing blocks, such as VPN services, have faced active censorship in Russia since 2017, when a law was enacted prohibiting VPNs from providing access to blocked websites. In 2023, the government went further, allowing Roskomnadzor to block information about bypassing censorship itself. Most recently, the Federation Council requested that Roskomnadzor check and block more than 50 VPN services that provide access to social networks banned in Russia.

At the same time, demand for VPN services and other circumvention tools spiked with the start of the “special military operation,” reaching record highs by mid-March 2022. According to Atlas VPN, the number of VPN downloads in Russia tripled compared to 2021, rising from 12,585,576 in 2021 to 33,540,600 in 2022.

Chart: Daily Proton VPN downloads from February 14, 2022 to April 19, 2022

In 2023, demand dropped sharply, with Russian users downloading VPNs only 3,366,919 times in the first half of the year. Subsequent spikes in downloads coincided with news about the blocking of popular VPN services.

This article presents research on how Russians use circumvention tools, which services are most popular, and how users respond to VPN service blockages.

VPN Services and Protocols: About Half Are Blocked

Based on the most popular services by search queries and our user survey, we compiled the following list of 15 popular VPN services:

  • AdGuard VPN
  • Express VPN
  • Proton VPN
  • Turbo VPN
  • VPN Planet
  • VPN Proxy Master
  • Amnezia VPN
  • Lantern VPN
  • Psiphon VPN
  • Outline VPN
  • Secure VPN
  • Nord VPN
  • RedShield
  • Hola VPN
  • AntiZapret

According to OONI, the domains of 8 out of these 15 most popular services are already blocked in Russia.

The main protocols used by these 15 services are:

  • OpenVPN
  • Wireguard
  • Shadowsocks
  • IKEv2
  • V2Ray

Of the 15 services, 4 use only the OpenVPN protocol or a proprietary protocol based on OpenVPN, and 2 more use Wireguard in addition to OpenVPN.

OpenVPN is considered one of the most vulnerable protocols to blocking. In a 2022 CensoredPlanet study, 85% of traffic using OpenVPN was successfully identified during experiments.

Despite this, Russian banks and commercial companies using VPNs still prefer this protocol. Only 2 out of 15 services use the Shadowsocks protocol: Amnezia VPN and Outline VPN.

Shadowsocks is currently the only major protocol that has not faced mass blocking. It is harder to detect. However, there is no guarantee that services using Shadowsocks will not be blocked in the next wave. Obfuscation (connection masking) services are also not yet blocked, but unfortunately, few users in Russia take advantage of them. Blocking of obfuscated traffic is also possible: research shows that OpenVPN connections can be detected fairly easily even when various obfuscation mechanisms are used.

6 out of 15 services have built-in obfuscation capabilities. Only 5 services offer built-in anonymity tools.

Thus, when OpenVPN and Wireguard protocols began to be blocked in August 2023, at least 6 out of 15 services started experiencing connectivity issues. Depending on the effectiveness of obfuscation in the remaining services and user awareness of such settings, at least three more services (Express VPN, Nord VPN, Proton VPN) could also have been blocked.

Since blocking via TSPU (technical means of countering threats) is not always carried out by court order or by adding a resource to the Roskomnadzor registry, some services have filed lawsuits against Roskomnadzor demanding the lifting of the block. The outcome of these cases is still unknown, but such lawsuits could set important legal precedents.

Leave a Reply