Russia's internet regulator, Roskomnadzor (RKN), has issued a directive requiring Internet Service Providers (ISPs) to supply information that could identify users accessing blocked content via VPNs.
The controversial move, part of a broader effort to control digital traffic and combat unauthorized access to restricted sites, has sparked debates over privacy and operational feasibility.
The draft order, published on regulation.gov.ru and reported by Vedomosti, mandates ISPs to provide network-level data, such as IP addresses and device identifiers. While RKN insists this information will not include personal details about users' devices, privacy advocates and experts remain skeptical. The order aligns with amendments to Russia's 2019 information technology laws, particularly those targeting content deemed harmful or offensive under federal legislation 216-FZ.
ISPs will also need to ensure compliance through technical filtering mechanisms, known as TSPU (Technical Means of Countering Threats), which have been mandatory since 2019. RKN expects the system to monitor user traffic continuously and provide data automatically. Operators must begin compliance within three months of the order's enforcement and report user activity in real-time.
Compliance comes at a steep cost. According to the draft, 1,981 ISPs, including 493 already integrated with TSPU, will incur significant operational expenses—estimated at 389 billion rubles annually ($4.1 billion USD). Over six years, these costs could reach a staggering 2.3 trillion rubles ($24 billion USD). Smaller ISPs have voiced concerns over the economic and logistical burden, with some experts predicting market disruptions.
Russia strangles VPN use
The directive follows legislative changes in March 2024, which outlawed the promotion of tools for circumventing government internet restrictions, such as VPNs. Although VPN usage is not explicitly illegal, hundreds of services have been blocked in recent years. According to RBC, RKN clarified that the data collected under this new initiative would primarily target network-level identifiers rather than personal device data. However, critics argue that such data could still facilitate deeper user profiling.
Legal experts, like Ksenia Kasyanenko, suggest that data from ISPs could potentially aid law enforcement in conducting surveillance and investigations. Although VPN users currently face no direct penalties for accessing blocked content, the new directive could change that swiftly.
While the Kremlin emphasizes cybersecurity and moral grounds for its initiatives, these measures deepen concerns about online surveillance in Russia. For VPN providers, the pressure mounts as their services face technical and regulatory constraints.
Recommendations
Internet users in Russia who want to freely access any online portal have an ever-decreasing number of options left. Their best bet would be reliable VPN providers who follow advanced traffic masking mechanisms, consider multi-hop VPNs that will obscure the source IP, and explore Tor or other peer-to-peer networks that provide higher levels of anonymity.
Microsoft Says Auto HDR in Windows 11 24H2 Causes Game Freezes
Leave a Reply