“In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021,” the Roskomnadzor noted in an official statement. The agency cited regulations recently introduced by the Russian government as the basis for its actions. Decree No. 127 went into effect on February 12. Immediately following news of the ban, Opera VPN suspended support for VPN services in Russia. Senior Public Relations Manager, Yulia Sindzelorts told the Russian news agency TASS, “Opera endeavors to provide its Russian users with the excellent experience in using browsers. We decided to suspend support for VPN services in our browsers on the Russian territory in the form it was provided earlier.”
Not Everyone in Russia Impacted by the Ban
Despite the ban, select Russian companies were given a window of opportunity to avoid losing access to the VPN services. Shortly after Decree No. 127 went into effect, the Russian government took steps to carve out exceptions to the ban by creating a “whitelist” of companies permitted to bypass the ban on the two VPN providers. The need for such a list, according to the agency in its May 14 statement, was to “ensure the operation of technological processes of enterprises and organizations.” At the time, companies were invited to apply for inclusion on the whitelist. To date, 130 Russian companies have been added.
Russia’s History of Enforcement Efforts Against VPNs
Russia’s crackdown on the free flow of information within the country began when President Vladimir Putin signed a bill banning VPNs, proxies, and Tor into law in July 2017. The law made Russia the first country to issue an outright ban on all such services. Despite making the services illegal, Russia showed little appetite for enforcing the law until 2019. On March 28, 2019, the owners of ten VPN services, including NordVPN, Hide My Ass !, Hola VPN, Openvpn, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection, and VPN Unlimted, received demands from the Russian government to connect to the Federal State Information System (FSIS) and automatically prevent their users’ access to blocked sites. The FSIS houses the government’s regularly-updated list of banned sites. Of the ten, only Kaspersky complied with the order. Avast, another cybersecurity provider, elected to exit the Russian VPN market. VyprVPN immediately stated it would not cooperate with the Russian government’s attempts to censor VPN services.
Other VPN Service Providers Blocked
It took another nine months for the Russian government to take action again. In January 2020, Roskomnadzor blocked the ProtonVPN service and end-to-end encryption ProtonMail email service. The move was widely seen as a response to Proton’s failure to register their services with FSIS and their refusal to provide mailbox owner information upon demand of the Russian government. Russia claimed Proton’s email service was used by cybercriminals to send fake bomb threats. At the time, ProtonMail condemned the move. The latest developments mark renewed efforts by Russia to limit the free flow of information to Russian citizens and others living within the country’s borders.