news icon

A document originating from Russia's Ministry of Transport shines more light on the government's plans to crack down on encryption tools that help people to evade monitoring and censorship. The leaked document lists dozens of VPN service targets and, for the first time, open source encryption protocol Shadowsocks, best known for its ability to evade firewalls, one in China especially.

As Russia tightens its grip on encrypted communications and tools with the ability to bypass government censorship, it was recently confirmed that 167 VPN services are actively blocked after failing to comply with state requirements.

With that total expected to grow in the months ahead, a leaked document originating from Russia’s Ministry of Transport reveals details of what telecoms watchdog Roscomnadzor has planned for the near-term.

Threat to the ‚Äústability, security and integrity” of Russian Telecoms

The document, dated November 10, 2023, was sent by the Ministry of Transport to organizations in the transport sector. After an unofficial appearance on the ‘ZaTelecom’ Telegram channel, local news outlet Kommersant sought comment from both the Ministry and Roscomnadzor. Neither responded.

The first page of the letter (original/left and Yandex OCR-translated/right), seeks input from organizations currently using any of the VPN services or protocols listed on the second page.

The text strongly implies that the services and protocols listed are viewed as potential threats to the “stability, security and integrity” of Russian internet/information systems and telecommunications in general.

A more pragmatic reading might conclude that the services and protocols present zero technical threat, but do limit the government’s ability to control the narrative. That narrative includes claims that encrypted communications represent a threat to the stability of the internet, which of course they do not.

Dozens of VPNs, Famous Protocol

The letter’s second page is a 49-item list containing the names of well-known and lesser known VPN services. In the order they appear, some of the most notable inclusions are Private Internet Access (PIA), Ivacy Private VPN, PrivadoVPN, and PureVPN.

When a VPN appears on list like this it usually indicates a refusal to cooperate with Russian authorities, such as granting permission to inspect user data, communications or whatever else is on the government’s mind at any given time.

In that sense an appearance might not be as damaging to a VPN’s image as some might expect, quite the opposite in fact. That being said, item 49 on the list above shows that Russia intends to crack down on Shadowsocks, a protocol that in itself cannot be forced or coerced into compliance.

Shadowsocks

Shadowsocks is an open source encryption protocol created over a decade ago by a Chinese developer known as “clowwindy” and is perhaps best known for its anti-Great Firewall capabilities.

On a basic level, Shadowsocks clients offer a way to connect to SOCKS5 proxies securely using an encrypted tunnel. As standard it isn’t a VPN and more importantly doesn’t look like one to those hoping to shut VPNs down. People behind these projects are more easily identified, however.

Developers like clowwindy can find themselves under extreme pressure to behave in a particular way. The original Shadowsocks repo on GitHub reveals that even the most robust protocols can be ‘Removed according to regulations’.

Fortunately, the Shadowsocks genie is never going back in the bottle; perhaps Russia forgot to ask China about that one, or simply believes it can do better. The theory is that Russia plans to draw up a whitelist of organizations that use the services above in a government approved way, so they don’t find themselves inadvertently blocked. That may suggest the government has something aggressive in mind or perhaps faces limitations when it comes to pinpoint blocking.