Translated by
2018/05/23 11:31:45

VPN and privacy Anonymity on the Internet Anonymizers



Anonymizers and VPN services

Anonymizers are special websites, programs or expansions of the browser which allow to hide data on the user, his location and the software which is set on its computer, from a remote server.

  • Any traffic passing through the anonymizer (proxy-server) will have its IP address instead of the address of the computer from which the request was executed;
  • Unlike the VPN servers, anonymizers (proxy-servers) do not locate means of enciphering of information passing through them

VPN (Virtual Private Network) is a technology which integrates the entrusted networks, nodes and users through open networks to which there is no trust. So VPN is the protected window of Internet access.

Initially VPN were created to allow the staff of the companies to work far off with the corporate servers regardless of their location. And though a number of the companies still use VPN for this reason, most of users use such services to receive confidentiality on the Internet or to have an opportunity to bypass geographical restrictions for access to the different websites (for example, stream transfer of content)[1].

When the user goes on the Internet without VPN, its history of search, location and information on his Internet service provider is available to advertisers, his employer and governmental bodies. By and large VPN protects online information from access to it interested persons, but there can sometimes be leaks. Leaks can happen in VPN for a number of reasons. The persons interested in receiving personal information can use the code for shutdown of VPN, or just sometimes a system can incorrectly work. When using VPN in your daily Internet activity it is recommended to check it for existence of leaks regularly.

The tunnel between the computer of the user and the server with an installed software for creation of a virtual private network is created.

  • In these programs on the server and the computer the key (password) for enciphering/interpretation of data is generated.
  • On the computer the request is created and ciphered using the key created earlier.
  • The ciphered data are transferred on a tunnel to the VPN server.
  • On the VPN server they are decrypted and there is accomplishment of a request — sending the file, an input for the website, start of service.
  • VPN-cerver prepares the answer, ciphers it and sends back to the user.
  • The computer of the user obtains data and decrypts them a key which was generated earlier.


Risks and inconveniences for the user when using anonymizers and VPN services

  • Lower speed of Internet connection, than at normal connection
  • Possibility of date leak of the user (logins, passwords, bank details, data of cards and payment systems) at the wrong VPN setup and also when passing via the anonymizer.
  • Possibility of infection of the computer with viruses (through an insert of a malicious code when passing anonymizers).
  • The provider who provides to the user of VPN service obtains all information on actions of the user during his connection to the Internet

Whether it is possible to prohibit use of VPN services of a single provider from the technical point of view?

  • It is possible to distinguish traffic of VPN and to block it, but the expensive equipment for this purpose is necessary.
  • In a case with smartphones and tablets it is also possible to limit access to VPN services on "the Chinese model" — if Roskomnadzor agrees about an exception of VPN services of shops of mobile applications

As users will bypass the law on anonymizers and VPN services

  • There is a lot of anonymizers and services VPN that to block all these resources it is unreal. It will be always possible to find not blocked resource which is not performing the requirement of this law.
  • It is possible to create own VPN on the leased foreign website (such service can become popular already in the next few years).
  • If Apple Store and Google Market cease to give an opportunity of downloading of those applications which do not execute the instruction of this law, then users will begin to download them from alternative sources like,,, etc.

Types of VPN leaks

Users usually subscribe for services of VPN providers, thinking that service for which they pay, will protect their online confidentiality. But understanding that through VPN information leak can be performed can be terrible and disturbing. There are three types of VPN leaks which can happen, and therefore the possibility of their identification will help users to be ready to eliminate any leaks which they can detect.

Leakage of IP

The IP address is a line from the numbers separated by points which is appointed by Internet service provider to certain computers or smart devices. When you go on the websites on the Internet, your IP address is tied to your search, cliques and visits.

Now there are two types of the IP addresses. The initial protocol is called IPv4, and newer - IPv6. The new protocol is created to provide even more IP addresses in the world. At the moment many providers of VPN services support only the addresses in IPv4 protocol which can lead to leakages of the IP address.

Leakage of DNS

The domain name system or DNS (Domain Name Systems) converts the IP addresses into URL with more usual names of domains and vice versa. This system works so that we are not required to remember the website IP address every time when we want to visit him.

When you go on the Websites, your operating system sends the DNS query for extraction of the IP address connected with the required domain. Internet service providers can then write each DNS query which proceeds from your operating system that then to receive your detailed history of online visits. Using VPN each DNS query will come from the server of your VPN provider, but not from the server of your Internet service provider that allows to secure your personal information. Leakage of DNS can arise when your requests for converting arrive from your personal DNS server, but not from the DNS server of your VPN provider. At emergence of such leak your history of viewings, as well as your IP address and location of your Internet service provider reveal.

Leakage of WebRTC

Web Real-Time Communication (WebRTC), in essence, allows to transfer instantly video, a voice and messages to the browser.

It is very useful peer-to-peer (peer-to-peer) communication based on the browser, but users found out that WebRTC opens certain vulnerabilities in VPN. Similar leaks arise in such popular browsers as Chrome, Firefox, Brave and Opera. Using only several code lines any website can open your IP address and location.

How to me to learn whether my VPN works?

There is a set of paid services which allow you to find detailed information on potential vulnerabilities in your VPN. If you want to investigate your personal Internet security, you can check it independently and manually.

How to check for existence of leakage of IP

  • Find your personal IP address, having disconnected your VPN and having gathered in the Google search engine or Yandex a request like "learn my IP address". Your IP address connected with your device will be shown at the top of the page. Write this address.
  • Pass into the account of your VPN provider, become authorized, select the required VPN server and be connected to it.
  • Return to the search system and again gather a request like "learn my IP address". Now on the screen your new address will be shown. Verify it with your IP address which was written earlier.
  • If the new address at connection through VPN matches your address without VPN, then, most likely, there is a leakage of your IP address.

How to check for existence of leakage of DNS

  • Be connected to your VPN and select the server from other country.
  • Open the website which is blocked for your country (for example, social network, a forum or service of stream transfer of content).
  • If you could not come on this vveb-website, then it is quite probable that there is a leakage of DNS.

How to check for existence of leakage of WebRTC

  • Turn on your VPN and select any server for work.
  • Gather in your searcher (for example, Google or Yandex) a request like "learn my IP address". In an upper part of the page your IP address tied to your device by your VPN service will be shown.
  • Now copy this IP address and insert it in the field for requests in the searcher, but only before the address gather "IP" (without quotes). If your location is shown, then it can mean existence of leakage of WebRTC.

How can I eliminate VPN leak?

If you detected leak in your VPN, then do not panic. There are several methods to eliminate leak which you faced. If you found out that similar leaks happen often, then think of change of VPN provider and pass to that provider who is capable to protect your online activity better.

How to eliminate leakage of IP

The reliable solution for elimination of leakages of IP is to use VPN service which provides a full support of addresses IPv4 and IPv6. You can also add in your firewall of restriction for use only of IPv6 of the addresses, but this temporary solution of an incident.

How to eliminate leakage of DNS

If you detected leakage of DNS, there are several methods of its elimination which you can try to use. First, disconnect your VPN and switch off your WiFi. In a minute turn on your WiFi and be connected again to your VPN. If it does not help to eliminate an incident, then try to select from your VPN other server for connection. After that carry out the test for leakage of DNS again to check safety of your connection.

How to eliminate leakage of WebRTC

The best method eliminate leakage of WebRTC is to disconnect WebRTC in your browser. It can be done in Firefox and some other browsers. But in Chromium-browsers, such as Chrome or Brave, there is no option for WebRTC shutdown therefore for these browsers use expansions of the browser for protection of your online confidentiality.

Councils for prevention of VPN leak

  • Use the tests offered above periodically to check your VPN.
  • Check that the VPN provider supports addresses IPv6 that there was no leakage of the IP address
  • Address your VPN provider and be convinced that your service does not allow any leakage of DNS
  • Disconnect WebRTC in your browser or add expansion for prevention of leakages of WebRTC
  • Think of transition to other VPN provider who offers security blanket from leaks and other vulnerabilities

Who for us looks?

Also very many monitor us very much, from curious hackers normal immoderately, to bigwigs of a world behind the scenes, and all of them need something from us. Swindlers a rank less need your passwords, the IP addresses, confidential information. Intelligence agencies need to know everything about your preferences whether you were beaten out accidentally from that herd of rams which they obediently manage whether you visit those resources which do not need to be visited. Shadowing in network exists from the moment of its emergence and since the same moment there is a permanent fight between the monitoring systems and those who resists to them. At those who tries to control us opportunities more, but at knowledge and the correct multi-layer system of security, it is possible to solve any problems from normal surfing to an effective underground[3].

Means of tracking can be separated conditionally into three levels, but it is necessary to understand that each higher level uses opportunities subordinate so it is rather similar to a nested doll.

1 level

Providers, Trojan bot of network, polymorphic viruses, rootkits. All these dangers in itself are rather serious, but if they are not involved by the higher systems that special danger do not constitute, in respect of criticality for the person of course, but not for the PC and data on him.

So, what they do:


Have access to all your data, collect all your registration data, the torrent of networks, the encoded traffic cut down traffic. They do all this for own commercial purposes therefore it is not especially dangerous, but what they do within the actions for providing SORM - 2 and SORM - 3 is much more dangerous and it is described below.

Trojan bot of network

Represent a new type of trojans which are united in networks and Trojan networks stand on the most part of the infected PCs around the world. A task of the Trojans who got on your PC are different, there are trojans for fools who require to place money for the SMS and for it they will unlock you, but such minority, Trojans are more modern more cunning, it hide in very hard-to-reach spots and do not prove in any way. Their main task data collection, namely your passwords, your visited pages, your documents. After it transfers these data to the owner of network (and average network from 10,000 PCs) the owner of network or will sell your PC (more precisely your IP) for spam or hackers, or itself uses your IP. As from the majority of the PC you will take nothing, Trojans turn them into a proxy for VPN servers and use for spam or the hacker attacks. But for us the main danger of trojans consists not that they manage our PC or abduct passwords, and that they set up you in dangerous transactions of cracking of someone else's servers and also another illegal matters. But the fact that many holders a bot of networks sell the stolen data in level systems 2 and 3 is even worse, i.e. for kopeks merge all your data to intelligence agencies, and those in reply close eyes to their activity.

Polymorphic viruses

The main danger is that it is difficult to detect them, in our case it also the fact that they can be written specifically under a certain website, or under your network, or under your system protection and not one antivirus such specially ground polymorphs will not calculate (Polymorphism). Polymorphs guard SORM and the Echelon these are "state programs", they are not detected by normal antiviruses and firewalls, put at provider and have an opportunity at any moment to get into your PC. Channels of infection usually home pages of provider, billing, personal account. It is naive to think that it is possible not to pay attention to it, if at you could not break a communication channel, means they will scan your ports and to try to get on your PC. The state polymorphic programs, are not harmful, the only thing that they do - tell that who delivered them all your actions in networks and passwords, they write your activity on the PC. In the SORM system there is a department which develops such polymorphs if you not the hacker of an extra class you are not able to avoid infection with the polymorph which is specially written under you. But to it there is also a counteraction.


Rootkits are actively used by intelligence agencies in sheaves with polymorphs. Represent process which hide from you trojans and a tab, are not detected antiviruses and anti-trojans, have difficult heuristic polymorphic algorithms.

Department To

The department To is engaged in disclosure of different crimes on the Internet, in certain cases uses SORM for QSA (Quickly Search Actions), but as a rule their clients are hackers, crankcases specialists in a grabbing, pirates, etc. But this division it must be kept in mind, consider protection against them in detail too I will not be separately as if you take measures against SORM, then automatically and you take measures against department K. Otdel To it only contractors who come already according to the known data, and all information to them is provided by SORM.

2 level

In Runet there is just huge number of the websites or the organizations having representations in worldwide network, and each of these resources, especially radical - light the regular and time users filling up with them databases of FSB and the Ministry of Internal Affairs. In one resource it is not given good complete recommendations about security, moreover a hosting of many portals are on the servers which are physically in the Russian data centers. As well as why there is a monitoring of these resources we briefly will try to tell here.


In brief the SORM system includes three components:

  • Hardware-software part (is established at the telecom operator);
  • Remote operations control room (is established at law enforcement agencies);
  • The channel(s) of data transmission (it is provided with provider for installation of communication with point of remote control).

If as an example to consider Internet service provider, then system operation looks following in the way. At provider the special device is installed. This device is connected directly to an Internet channel, and the equipment of provider for the organization of Internet access is connected already to the equipment SORM. As a result it turns out that all entering and outbound traffic will pass through the special-device, so, it will be able to be in case of need intercepted by law enforcement agencies.

Main article SORM (System for Operative Investigative Activities)

Aspect of tracking users

Coming the person at once snares under close attention of the monitoring systems. In ours SORM case - 2, your provider who provides you access to network selects to you ip or your temporary or permanent address, Exactly thanks to ip there is an interaction between your browser and the server, thanks to it you obtain information which you see on the monitor.

Feature of network protocols and programs such is that all your ip are written in logs (protocols) of any server which you visited and remain there on HDD a progressive tense if of course from there not to erase them specially.

The provider has the range of ip which to it is selected, and it in turn selects ip to the users. The provider has databases of the IP addresses, each address ip in the database is attached to Full name person who signed the agreement and to a physical address of the apartment where to be access point.

IP can be dynamic (to change constantly, or static, i.e. constants but it does not change the fact, the provider constantly writes your movements. The provider knows on what resource in what time and how many you were.

All resources visited by you, and he writes through periods of time of 15 minutes till 1 o'clock, he writes in the database, upon transition to any new resource he also registers (resource ip). These data are provided in the database in the form of digits and do not take a lot of place. DB of your logs are stored at provider under the law 3 years, and according to the secret arrangement with people from "SORM - 2" 10 years.

It is one of SORM conditions - 2, without it any provider will not obtain the license from FAGCI for rendering services of telecommunication. Thus the archive of all ip issued to you in 10 years to be stored at provider and also archive of all your logs (where when and when you "surfed" in network) SORM by means of the special equipment has direct access to these bases, and in SORM-3 system these data in general are directly integrated into this global system.

If you for example, interested the operator of SORM, he just activates one button in the program and the SORM system begins to write all your traffic, everything that you transferred, downloaded and looked, just involving on the channel of provider the hardware scanner a sniffer. Physically data will be stored at provider from where they are transferred to the analysis to the operator of SORM. I will note that as a rule all traffic at you of NENEZASHIFROVANNY and if desired anyone can intercept it, not only SORM - 2.

SORM - 2 installs on the channel of providers also network analyzers, they browse information on a set of a key word, on the visited resources, on existence of the encoded traffic and in all these cases there is a message to a system which makes the decision in the automatic mode what to do next. What the global level of control I think clearly and draw what conclusions the compromising evidence is available on everyone. If the agreement is issued on your grandmother, then do not think that concerning her operational development will be performed, SORM bases are connected with / d on a registration and the central base FSB and SORM bases on other resources, and associate you if it is necessary, there not fools sit.

SORM - 2 on search systems, is directly integrated into the database and browses VSE your addresses on a key word and also uses VSE your settings on kuka which are collected by the search system. If necessary makes "picture" of this or that user on a key word and specific search queries, remembers passwords and logins.

SORM - 2 on all large social portals collects generally your information which you leave and logs visits of pages, remembers passwords and logins.

SORM - 2 in mail servers perlustrate all your mail, associates your ip with which you registered this mail. Analyzes and gives a signal if the encoded correspondence on PGP is detected.

SORM - 2 in the systems of e-commerce completely scans your PC, registers in the register, becomes attached to the MAC address, serial number of the equipment, to system configuration and ip and of course to data which you left at registration. Of course all this is done by the program of e-commerce, but data which she receives are available to SORM.

SORM 2 in VPN and a proxy servers

Not on all of course, but on many (on legal on all), writes a log. Very big problem is an unreliability of proxies, many proxies in the SORM system - 2, other official legal servers and under the law issue to field investigators of SORM - 2 all interesting a log. So though you will work through 1 or through 100 proxies of servers, you will be very quickly untwisted, it is enough to call the owner of service or to arrive. The exotic countries, will only increase time of search of your ip (but if it is required will make quickly). Through promotion of chains of a proxy catch the most part of hackers. All proxies - servers write LOGI, and it is a live compromising evidence (except specially configured).

SORM - 2 in Data centers

SORM - 2 it is also integrated into all data centers and points of communication of traffic if servers and respectively and a hosting are in Russia, and it means that to receive archive of logs and to deliver a trojan to the database of the registered users it is possible to receive, having only called or having stopped by at data center, thus hardware, the majority of the websites of patriotic orientation and also the VPN server or resources on which SORM - 2 is not set directly in the form of the equipment is traced. Your administrator can re-cipher at least 100 times the database, but if at it on the server in data center the trojan and the channel is listened, then at all desire it will not save a log of users, either their addresses or other confidential information. Own server will only complicate it a task. For security own server and own person in data center is necessary and it is desirable in data centers abroad.

SORM - 2 on servers of registrars of domain names

Traces who and that registers, writes ip, automatically punches reality of the entered data if is defined that the left data - the domain name is put for record, in case of need can easily close domain name. SORM - 2 also uses the whole network TOR of servers (as well as other intelligence agencies) which listen to the traffic passing through them.

3 level


Echelon - much more much more abrupt system than SORM - 2, but with the same tasks and the purposes, uses all subordinate steps 1 and 2 official owner of CIA, is installed on Google is built in Windows in the form of tabs, on all routers, in the largest data centers of the world, on all main optical cables, differs in scale and the fact that if desired the operator involves the satellite and watches you on the monitor in real time of FSB to it direct access has no though can receive on demand though the principles at it same. By and large the Echelon is global universal SORM - 2, this system has much more opportunities and finance worldwide. A system controls bank transactions, has opportunities for opening of the ciphered messages and communication channels, Skype very densely interacts with Microsoft also.

In what a difference between VPN and a proxy?

When you dig in network settings of your computer or smartphone, you often see options with a text of 'VPN' or 'Proxy'. Though partly they also perform similar work, but very different. Our article will help you to understand in what a difference between them and for what they are necessary. Perhaps, you want to use something from them[4].

What is a proxy?

Usually when viewing the websites the Internet your computer is connected directly to this website and begins to download pages which you read. Everything is very simple.

And when you use the proxy server, at first your computer sends all web traffic to it. The proxy redirects your request for the required website, downloads the relevant information, and then returns back it to you.

Why all this is necessary? There are several reasons for this purpose:

  • You want to browse the websites anonymously: all traffic which comes to the website comes from the proxy server, but not from your computer.
  • You need to overcome the filters limiting access to this or that content. For example, as we know, your subscription to Netflix in Rossiin will work in the USA. But if you use the proxy server from Russia, then it will look so as if you watch TV, being in Russia, and everything will work as should be.

Though this scheme works rather well, nevertheless there are several problems with a proxy:

  • All web traffic which passes through a proxy can be browsed by the owner of the proxy server. Do you know owners of the proxy server? They can be trusted?
  • Web traffic between your computer and the proxy server and also the proxy server and the website is not ciphered, and therefore the experienced hacker can intercept the transferred confidential data and steal them.

What is VPN?

VPN is very similar to a proxy. Your computer is configured on connection to other server, and the route of your web traffic passes through this server. But if the proxy server can only redirect web requests, then VPN connection is capable to carry out routing and to provide complete anonymity of all your network traffic.

But there is also one more powerful benefit of VPN – all traffic is ciphered. It means that hackers cannot intercept data between your computer and the VPN server, and therefore your confidential personal information cannot be compromised.

VPN is the safest option

Thanks to enciphering and routing of all your network traffic, VPN has clear advantage in front of the proxy server, offering also additional functions.

Protocols of creation of VPN connection

For data protection and transfer of traffic to VPN a number of technologies/services of tunneling, authentication, access control and enciphering is used. There are several implementations of VPN, among the most popular protocols — PPTP (Point-to-Point tunneling protocol), L2TP (Layer 2 Tunneling Protocol), IPSec (IP Security), SSTP (Secure Socket Tunneling Protocol), OpenVPN.

PPTP: the "point-to-point" protocol allowing to create the protected connection by means of creation of "tunnel" in the unprotected network. Provides safe data transmission between the computer and the server or between two local networks.

L2TP: Tunneling protocol of level 2 (data link layers). Its main advantage — allows to create connection not only in Internet networks, but also in the networks working under the ATM, X.25 and Frame Relay protocols.

IPSec: A set of protocols for data protection by transfer of IP packets. Includes protocols for the protected key exchange. It is optimal for consolidation of branch networks. It is often used together with L2TP.

SSTP: proprietary protocol of Microsoft. Except Windows works at some other operating systems, including Linux and MacOS. Owing to origin steadily works at the majority of computers, however the closeness of the code fills much with misgivings.

OpenVPN: this protocol as appears from the name, extends open source. It is supported

VPN on TAdviser


Global Web Index

According to Global Web Index more than 35% of Internet users use VPN "daily or almost daily". Individuals to it are induced by desire to avoid attention of "Big brothers" (not only the states, but also business companies) or desire to come on resources which the state for any reasons blocked. And such desire is not only at residents of the states of Asia and the Middle East (leaders in mastering of VPN — Thailand, Indonesia, Saudi Arabia), but also at citizens from the countries of the developed democracy. Let's tell, according to the website, the second place on loadings of mobile versions of VPN solutions — at the USA (74.5 million), at the leader, Indonesia, it is only a little more (75.5 million). Russia on this indicator on the 9th place (10.9 million), between Great Britain and Pakistan.

The VPN service which is twice blocked in Russia won

The prosecutor's office of the Russian Federation took back the claim against VPN service in this connection the court in Mari El dismissed the case. The prosecutor's office does not explain causes of failure. belongs to inCloak Network Ltd company which recently successfully protested blocking of service in court. Known earlier as, but afterwards renamed into service enjoys popularity[5] Russia].

The lawyer of "The center of digital rights" Mikhail Bautin representing inCloak Network Ltd company provided to court a written response on the claim. In a response the defendant asked to dismiss the claim. Such data contain in determination of Medvedev's district court of the Republic of Mari El, writes Roskomsvobod. One more representative of inCloak Network Ltd designated as Ivanov V.K. did not object in court to diversion.

As a result the court accepted failure of the assistant prosecutor, stopped proceedings and reported to the parties that trial about the same subject and of the same foundations in the future cannot be resumed.

The Kaspersky Lab VPN service began to block the websites banned in the Russian Federation

At the beginning of July, 2019 it became known that VPN- service Kaspersky Secure Connection began to block prohibited in Russia the websites. The service was connected to the register of the prohibited information for filtering of access for users to being in is mute to resources.

Avast closes VPN service in Russia because of restrictions of Roskomnadzor

On June 13, 2019 it became known of closing of Avast SecureLine VPN service in Russia because of restrictions of Roskomnadzor. Department requires that VPN services and anonymizers blocked access to the websites from "black list" and did not allow users to visit these resources.

Main article Avast SecureLine VPN

Roskomnadzor forced to unlock world famous VPN service

The project, one of the largest VPN services known earlier as, achieved in the Supreme Court of the Republic of Mari El of canceling of the decision on blocking what it announces the portal of department. was added to the register of the prohibited websites which supervises Roskomnadzor, in July, 2018, and for this purpose the decision of district court of Yoshkar-Ola formed the basis. The claim was filed a lawsuit by the local prosecutor, however, that is remarkable, acted as the defendant in case at all not representatives of a resource, but the staff of Roskomnadzor[6].

The decision of the judge on entering of in the list of the websites blocked Russia was influenced by a theoretical possibility of receiving by each user of this service of unlimited access to extremist materials, including to the book by Adolf Hitler "My fight" (Mein Kampf). In addition, representatives of a resource answered, a certain anonymizer which at the time of initiation of proceedings on the website was absent was mentioned in the claim.

The verdict on this case was disputed on May 23, 2019 in republican court of Mari El by through joint efforts of representatives of and also lawyers of Roskomsvoboda and "Center of digital rights". The court completely cancelled earlier made decision, but, nevertheless, sent case for reconsideration.

VPN services refuse to join a FSIS

The international companies providing services to VPN are not ready to fulfill the requirements of Roskomnadzor for connection to the Russian register of the prohibited websites for traffic filtering, reports at the end of March, 2019 Roskomsvobod. It is specified that only the Russian VPN service from Kaspersky Lab which stated that it will perform the law became an exception.

Roskomsvoboda conducts monitoring of a situation and maintains current status of the list of already answered services. Now this list looks as follows:

  • TorGuard - in the RKN list, failure + removes servers from the Russian Federation;
  • VyprVPN - in the RKN list, failure;
  • OpenVPN - in the RKN list, failure;
  • ProtonVPN - not in the RKN list, failure;
  • NordVPN - in the RKN list, failure + removes servers from the Russian Federation;
  • Private Internet Access - not in the RKN list, failure;
  • Trust.Zone - not in the RKN list, failure + removes servers from the Russian Federation;
  • VPN Unlimited - in the RKN list, failure;
  • Kaspersky Secure Connection - in the RKN list, consent;
  • Hide My Ass! - ignore list;
  • Hola VPN is the ignore list;
  • ExpressVPN is the ignore list;
  • Windscribe - not in the RKN list, failure;
  • Ivacy VPN - not in the RKN list, failure;
  • TgVPN - not in the RKN list, failure, essentially has no servers in the Russian Federation.

So from twelve answers - eleven failures, in three cases are sounded intention to remove servers from the Russian Federation

Requirements about connection were sent to 10 services: NordVPN, Hide My Ass!, Hola VPN, Openvpn, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection and VPN Unlimited. From them only Kaspersky Secure Connection agreed to requirements of Roskomnadzor;

Roskomnadzor requires from VPN services to begin to block the prohibited websites

Roskomnadzor for the first time demanded from owners of VPN services (Virtual Private Network) to connect these services to the Federal State Information System (FSIS) which contains information on the prohibited websites, RBC with reference to the notifications directed ten VPN reports in March, 2019: NordVPN, Hide My Ass!, Hola VPN, Openvpn, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection and VPN Unlimited.

In the materials posted on the website of Roskomnadzor it utochnitsya that appeals are sent at the initiative of power services: "Requirements about connection to a FSIS to VPN services and "anonymizers" are sent on the basis of the appeal to Roskomnadzor of the federal executive authority performing operational search activity or security of the Russian Federation".

It is reported also that before the requirement such to VPN services and anonymizers did not go. RBC specifies that on regulations of the current legislation Roskomnadzor cannot direct such requirements on own initiative - only on the basis of the appeal of FSB or other body performing investigation and search operations.

After obtaining requirements VPN services and anonymizers are obliged to be connected to a FSIS and to begin to block the websites prohibited in the territory of Russia according to relevant lists. On fulfillment of requirements 30 days are allotted. If after this term the requirements are not fulfilled, services can be blocked.

According to RBC, readiness to be connected to a FSIS to the direction of the address was announced by owners of anonymizers with the Russian roots, such as 2ip and Chameleon, most foreign services expressed the intention to ignore such requirement.

Every fifth VPN-application in Google Play — a potential source of the malware

On January 22, 2019 it became known that the most popular free VPN-applications contain problems which can threaten safety of users in Google Play Store. According to results of the research conducted by the specialist of Metric Labs Simon Migliano, every fifth application is a potential source of the malware, and a quarter of the analyzed programs contain the vulnerabilities connected with leakages of DNS queries of users. Read more here.


Trend Micro warned about danger of use of Hola VPN

One of the most popular free VPN services, the loaded millions of times, poses a confidentiality threat as properly does not hide digital fingerprints of users, researchers[7] warn][8].

It is about the Hola VPN service numbering about 175 million users worldwide. According to the new report of specialists of Trend Micro company, Hola VPN has a number of serious problems with security, and one of main is the lack of enciphering.

In particular, during the active session connection with a supernode is not ciphered, and the malefactor can intercept the transferred traffic using man-in-the-middle attack. Besides, the lack of enciphering can lead to leakage of the IP addresses, than the authorities for tracking of citizens in the countries with totalitarian regime can use.

When in usage time of Hola VPN the user opens a new tab in the browser or enters domain name in an address bar, access to a resource is provided directly from its this IP address. Unlike other VPN services directing traffic through the ciphered tunnel, Hola VPN is not protected VPN solution, and it is rather, not ciphered web proxy.

Trend Micro detects Hola VPN as potentially unwanted software now and recommends to users to delete it from the systems. In turn the producer called the report of the company "irresponsible".

Apple prohibited individuals to write the VPN applications for iPhone and iPad

The Apple company notified in June, 2018 all application developers by e-mail on serious change in rules of the publication in its app store of App Store. First of all, in the letter prohibition on use of program interfaces (API) for virtual private networks (VPN) in the supplements published by individuals is emphasized. From now on, according to point 5.4 of the updated rules, use of this option is available to exclusively legal[9].

The global regulations of rules of the publication of applications toughening in more detail describing the provisions relating to protection of privacy of users also underwent serious updating. In particular, point 5.1.1 of rules of publications on collecting and storage of user data (5.1.1 Data Collection and Storage) increased from four to seven subparagraphs.

Innovations were entered to the code App Store Review Guidelines according to the results of work of censors of App Store for the last several months during which applications with providing to users anonymous access to Internet resources were exposed to the most careful check.

From now on hosters are obliged to report to the authorities on owners of a proxy and VPN

The State Duma adopted in the third reading the law on penalties for hosters and searchers, concerning circumventors of blocking on the Internet. The law which will become effective in 90 days from the moment of official publication represents a set of amendments in the Code of administrative offenses of Russia[10].

Penalties will be levied from providers of a hosting who provide placement on the Internet of circumventors of blocking, and do not report at the same time in Roskomnadzor who is the owner of these means.

As option instead of giving the proxies given about the owner or VPN to Roskomnadzor, the provider of a hosting can report the regulator that it notified this owner on need to provide the information about itself(himself). If such message from a hoster did not arrive, it is also threatened by a penalty.

In both of these cases the penalty for citizens will make from 10 thousand to 30 thousand rubles, and for legal entities — from 50 thousand to 300 thousand rubles.

Penalties for searchers

The law provides also penalties for search systems which facilitate to users access to the Internet resources blocked in Russia. In particular, if the operator of the searcher was not connected to a federal state information system which contains data what resources are blocked, then such operator will be fined. For citizens in this case the penalty will make from 3 thousand to 5 thousand rubles, for officials — from 30 thousand to 50 thousand rubles, and for legal entities — from 500 thousand to 700 thousand rubles.

The State Duma approved in the II reading toughening of responsibility for anonymizers

The State Duma adopted in May, 2018 in the second reading the bill providing introduction of administrative penalties for violation of the law about anonymizers. In particular, if the provider of a hosting and the anonymizer does not provide in Roskomnadzor data on owners of access facilities to the blocked websites, it will entail imposing of a penalty - from 10 thousand to 30 thousand rubles for citizens and 50 thousand - 300 thousand rubles for legal persons, Interfax writes.

Besides, issue of links to the prohibited websites in searchers will turn back a penalty. For it it is offered to levy 3 thousand - 5 thousand rubles from citizens, 30 thousand - 50 thousand rubles from officials and 500 thousand - 700 thousand from legal entities.

Rating of VPN services

The agency Tagline published in April, 2018 rating VPN- services which after blocking messenger Telegram will help to use it (and other blocked resources) without restrictions and also to solve problems of safe information transfer.

The leader of the rating — service with the twelve-year history HideMyName (ex: HideMe) which is used by 20% of respondents, on the second place from 17% of voices — the German ZenMate, and the third place separated the business focused PureVPN and Hide My Ass, at them on 14% of voices.

VPN services, in addition to problems of corporate information security, protection against interception of traffic and a possibility of use of the foreign resources unavailable to the Russian users solve a crucial problem of access to services which are subject to blocking in Russia by a court decision — such as Telegram (not to mention LinkedIn, Slideshare and Zello).

23% of VPN services open the real IP addresses of users

The Italian researcher Paolo Stagno tested[11] 70 VPN- services also found out that 16 of them (23%) the real IP addresses of users open. The problem is connected with use of WebRTC technology (Web Real Time Communication) which allows to perform audio-and video calls directly from the browser. This technology is supported by a number of browsers, including Mozilla Firefox, Google Chrome, Google Chrome for Android, Samsung Internet, Opera and Vivaldi[12].

WebRTC is the open standard of a multimedia communication in real time working directly in the web browser. The project is intended for the organization of stream data transmission between browsers or other applications supporting it on technology a point-to-point.

As the researcher explained, the technology allows to use STUN mechanisms (Session Traversal Utilities for NAT, utilities of passing of sessions for NAT) and ICE for the organization of connections in different types of networks. The STUN server sends the messages containing the IP addresses and port numbers of a source and the receiver.

STUN servers are used by VPN services for replacement of the local IP address by the external (public) IP address and vice versa. WebRTC allows sending packets for the STUN server which returns the "hidden" house IP address and also the addresses of a local network of the user. The IP addresses are displayed by means of JavaScript, but as requests are made out of normal by procedure XML/HTTP, they are not visible from the console of the developer.

According to Stanyo, the real IP addresses of users reveal 16 VPN services: BolehVPN, ChillGlobal (a plug-in for Chrome and Firefox), Glype (depending on a configuration),, Hola! VPN, Hola! VPN (expansion for Chrome), HTTP PROXY (in browsers with Web RTC support), IBVPN, PHP Proxy,, psiphon3, PureVPN, SOCKS Proxy (in browsers with Web RTC support), SumRando Web Proxy, TOR (working as PROXY in browsers with Web RTC), Windscribe. It is possible to study the complete list of the tested services here.


A number of VPN services refused to cooperate with Roskomnadzor

According to Roskomsvoboda public organization[13], not all VPN services intend to follow the become effective law. Seven services already accurately designated the position concerning new requirements. The first is the ExpressVPN company which even in the summer said that it "certainly, will never agree with any regulations which will threaten capability of a product to protect digital rights of users".

The ZenMate service was prepared for possible blocking in advance on a case of failure to limit access to the websites banned in the Russian Federation. The company announced the "elegant solution" allowing service to switch automatically in "the steady mode" without causing serious inconveniences to users. "In this mode connection will be redirected through the largest trunk Internet services. These services play a key role for Network, and therefore their blocking will paralyze the Internet", - the company in the blog reported.

Tunnelbear and PrivateVPN services do not intend to perform the Russian law as are not the Russian companies. The Tunnelbear servers are located outside the Russian Federation, and PrivateVPN is ready to transfer in case of need the server from the territory of Russia.

Also declared failure to cooperate with Roskomnadzor to Golden Frog (the company possesses VyprVPN service), TorGuard and TgVPN. "We will not execute this law and we will make everything to remain available to users of Russia. Among other measures, we prepare applications with the built-in methods of a bypass of blocking of VPN", - the TgVPN command in the chat in Telegram reported.

In Russia became effective the law on anonymizers

On November 1, 2017 in Russia became effective the law on blocking of anonymizers and VPN which was signed the president Vladimir Putin at the end of July.

It is about amendments in the federal law "About Information, Information Technologies and on Data Protection" which determine obligations for owners of VPN services, anonymizers and operators of search systems by access restriction to the prohibited information.

The law permits to block services which will refuse to close access to the prohibited websites.  Anonymizers have three days on the fact that to fulfill the requirements of the authorities.

In Russia became effective the law on blocking of anonymizers and VPN

Also innovations require from search systems to delete from search issue of data on information resources, access to which is blocked in Russia. Operators of searchers will obtain the relevant data from Roskomnadzor.

For performance of the law the federal state information system (FSIS) is started.  Roskomnadzor  will determine the provider providing technologies for a bypass of blocking by the appeal of law enforcement agencies.

The law will need to be executed according to appeals to Roskomnadzor of the federal executive authority performing operational search activity or security of the Russian Federation (the Ministry of Internal Affairs and FSB).

  As reported on the page of Roskomnadzor in VKontakte, department and market participants — Kaspersky Lab, Opera, and "Yandex" — already complete testing of "the new system of interaction". Besides, the and anonymizers already agreed to cooperate with Roskomnadzor.[14]

The bill  was introduced  by deputies Maxim Kudryavtsev (United Russia), Nikolay Ryzhak (Just Russia) and Alexander Yushchenko (CPRF).

Penalties for violation of the law about prohibition of anonymizers

The State Duma Committee on information policy suggested to adopt in September, 2017 in the first reading the bill introducing penalties for operators of search systems for non-execution of provisions of the law on prohibition of anonymizers and VPN services RIA Novosti reports.

The State Duma is going to fix legislatively penalties for operators of search systems if they do not fulfill the duties assigned to them on gaining access to the register of Roskomnadzor and blocking of links to the information resources included in the list.

The document provides a penalty for individuals - 5 thousand rubles, for officials – 50 thousand, for legal entities from 500 thousand to 700 thousand rubles.

The founder of Tor explained how Roskomnadzor will be able to block Tor

How exactly Roskomnadzor will be able to block it one of creators of onions routing David Goldschlag told - you watch Tor - The Onion Router.

Requirements Roskomnadzor for anonymizers

Roskomnadzor made requirements to the system of access of anonymizers and VPN services to registers of the prohibited websites. According to the document submitted on the portal creation of a federal state information system of information (FSIS) resources, information and telecommunications networks, access to which is limited, is planned. The corresponding draft of requirements to the organization of work of such system is developed by Roskomnadzor.

Creation of a FSIS is provided by the Federal law of July 29, 2017 No. 276 which prohibits anonymizers and VPN services to provide access to the web resources entered to the list of the prohibited websites of Roskomnadzor. If services do not fulfill this requirement, then their blocking in the territory of the Russian Federation will follow.

Besides, Roskomnadzor will control creation and operation of a system. In the order it is mentioned that department "should ensure it smooth operation and availability in a continuous duty, round the clock". In the explanatory note to the document it is also reported: "The draft of the order provides, including, need of interaction of a FSIS with other information systems, readiness for increase in the processed amount of data, convenience of access to information which is contained in a FSIS, availability of the intuitive interface, ensuring the round-the-clock daily access".

The law on prohibition of programs for a bypass of blocking for access to the prohibited websites signed by the president on July 29 will begin to work since November 1, 2017. According to it, Roskomnadzor will also trace and close access to web resources on which information on how to bypass blocking contains.

Putin prohibited anonymizers and VPN services

The president Vladimir Putin signed the law on introduction of amendments to the Federal law "About Information, Information Technologies and Data Protection". The document is published[15]on the portal of legal information.

Amendments prohibit access to technologies of a bypass of blocking of the websites (anonymizers) and VPN services which help to bypass the websites blocked on the territory of Russia. Roskomnadzor from now on will be able to block the websites where information on a bypass of blocking is placed. The law orders to operators of search systems to block links to the information resources included in the list of department[16].

The State Duma prohibited anonymizers in Russia

On July 21 the State Duma adopted in the third reading the bill of use prohibition in Russia of the services intended for gaining access to the blocked websites.[17] on control of compliance with law is assigned to Roskomnadzor which will keep the black list of the prohibited resources. Powers reveal similar services the Ministry of Internal Affairs and Federal Security Service of the Russian Federation received.

The law prohibits operators of search systems to show links to the blocked resources in the territory of the Russian Federation. Similar prohibition is provided for owners of anonymizers and VPN services.[18] the Websites announcing methods of a bypass of blocking, in turn, will be blocked by Roskomnadzor. Besides, on the basis of appeals of the Ministry of Internal Affairs and FSB department will define the provider allowing use of the anonymizer and to request from it data for identification of the owner of service. On providing necessary data to provider three days will be allotted.

As it is specified, requirements of the law do not extend to operators state InformSystem, state agencies and local government authorities and also on those cases of use of anonymizers when the circle of their users is predeterminated by owners and their application occurs in "the technology purposes of ensuring activity of the person performing use".

If the bill will approve the Federation Council of Federal Assembly of the Russian Federation and the President of Russia will sign, the majority of provisions of the document will become effective on November 1, 2017.

The Ministry of Internal Affairs and FSB of Russia can be engaged in identification of methods of a bypass of blocking on the Internet

The Ministry of Internal Affairs and Federal Security Service of the Russian Federation can receive powers on identification of methods of a bypass of blocking on the Internet, RNS with reference to the list of amendments to the bill of anonymizers reports.

According to the document, departments will have to perform "investigation and search operations or security of the Russian Federation for the purpose of obtaining information on software and hardware tools of access to information resources, access to which is limited". Control performance of the bill as it is planned, there will be Roskomnadzor. On the basis of appeals of the Ministry of Internal Affairs and FSB the supervising service will identify the providers of a hosting and other persons who are posting online circumventors of blocking.[19]

In case of acceptance the law will become effective on November 1, 2017. In the same day will begin to work an order of identification of anonymizers and the requirement to access restriction methods to them.

As it is specified, the bill does not affect operators state InformSystem, state agencies and local government authorities and also does not extend to non-public circumventors of blocking if they are used "in the technology purposes of ensuring activity" the organizations, and the circle of their users is defined in advance.

FTS will be able to block anonymizers

The Ministry of Justice of the Russian Federation registered in July, 2017 the joint order of Roskomnadzor, the Ministry of Internal Affairs, FTS and Rospotrebnadzor which approves criteria for evaluation of information for its inclusion in the list prohibited. According to the right of FTS to block Internet casino and circumventors of blocking also means Izvestia, one of the paragraphs of the document – such as anonymizers[20].

In particular, "Existence on the page of the website on the Internet of information and (or) programs for the electronic computers allowing to get access to the website to the Internet, pages of the website to the Internet on which the prohibited information is placed" will become one of criteria for blocking.

As emphasizes the edition, it is about blocking of FTS of the websites with casino, however anonymizers have broader application. Besides, now in the State Duma the bill of prohibition of anonymizers, VPN and to them similar services for a bypass of blocking is considered. Meanwhile the document passed only the first reading. So lawyers interlocutors of the edition call the new order illegal – as it grants the right of FTS to block not only online casino, but also an opportunity to come into online casino.

Deputies prohibited anonymizers and searchers to give access to the prohibited websites

The State Duma approved at the end of June, 2017 in the first reading the bill about regulation of activity of the services intended for gaining access to the websites bypassing official blocking and also about an exception of issue of search systems of links to the blocked resources. Deputies Alexander Yushchenko (CPRF faction), Nikolay Ryzhak (Just Russia) and Maxim Kudryavtsev (United Russia) acted as authors of the bill [21].

The document represents amendments to the law "About Information, IT and Data Protection". The bill enters obligations for "owners of information and telecommunications networks, information networks and the computer programs and also owners of information resources, including the websites on the Internet intended for gaining access from the territory of Russia" to networks and programs.

Under this determination the services giving an opportunity of indirect access to Internet resources should get: to anonymizers, proxy servers, VPN, tunnels, browsers with access function "around" (Tor, Opera, "Yandex.Browser"), etc. Such services initially intended for Internet connection with concealment of the IP address, but after introduction in Russia in 2012. The register of the prohibited websites found mass popularity for a bypass of such restrictions.

What will be when Roskomnadzor finds the anonymizer

The bill assumes that Roskomnadzor is department which maintains a Register of the prohibited websites — will perform monitoring of such services and to include them in the separate register. Registry access of the prohibited websites will be provided to owners of appropriate resources, and they will have to block an exit to such websites for the Russian users.

When Roskomnadzor detects the anonymizer or other resource of this sort, it will send an inquiry to his hosting provider for receiving a contact information of its owner. The hosting provider will have to answer information within three days. Further Roskomnadzor will send a request to the owner of this resource for inclusion it to the above-mentioned register. If the owner within 30 days does not answer Roskomnadzor and will not take a measure for blocking of access for the Russian users to the prohibited websites, department will block to it access from the territory of Russia.

New duties for search systems

Besides, the bill enters the obligation of owners of search systems to exclude from issue of the link to the resources which were included in the Register of the prohibited websites. Also will provide to owners of searchers registry access of the prohibited websites.

At the same time in the Code of Administrative Offences penalties for violators are introduced. For owners of search systems for non receipt of registry access of the prohibited websites and for failure to implement of filtering of links to the prohibited resources penalties will make one thousand p5 for individuals, one thousand p50 for officials and from one thousand p500 to one thousand p700 for legal entities. For owners of anonymizers and other services of this sort penalties for failure to provide to Roskomnadzor of information on themselves penalties will make from p10 one thousand to p30 of one thousand for individuals and from one thousand p50 to one thousand p300 for legal entities.

CSIRO: VPN are not always as private as it is considered

The Australian organization CSIRO (Commonwealth Scientific and Industrial Research Organisation) warned users of virtual private networks (VPN) that their security often does not correspond to the name of this technology.

CSIRO checked 283 Android applications using VPN powers of this OS, having investigated a wide range of their safety features and privacy, and published the report of "An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps"[22][23].

Researchers of this organization found out that 18% of the browsed applications in reality do not cipher the user traffic, 38% implement directly on the user device malware or persuasive advertizing and more than 80% request access to confidential data, such as the given the user accounts and text messages.

16% of the analyzed VPN-applications involve opaque proxies which modify the user HTTP traffic, inserting and deleting headings or using such methods as recoding of images.

Besides, it is revealed that two VPN-applications actively implement in the user traffic the JavaScript code for distribution of advertizing and tracking actions of the user, and one of them redirects the traffic connected with Internet trade, to external advertizing partners.

"A basic reason of installation in tens of millions by users of these applications — protection of the data, but just this function these applications are not run" — the report says.

Though the majority of the studied applications offer "a certain form" of on-line anonymity, CSIRO reports that some application developers consciously set as the purpose collecting of personal information of users which could be sold to external partners. However only less than 1% of users show some concern of relativity of security and privacy of use of these applications.

18% investigated VPN-applications use technologies of tunneling without enciphering and 84 and 66% of applications perform leakage of the IPv6th and DNS traffic respectively. As a result, the report says, these applications do not protect the user traffic from the agents set on the way of its movement performing on-line observation or shadowing users.

If to look at official descriptions of applications in Google Play, then for 94% of applications with leakage of the IPv6th and DNS data, it is said that they provide protection of personal information.

Before the publication of the report CSIRO contacted developers in whose applications defects of security were found, and as a result part of them took measures for elimination of vulnerabilities, and some applications were deleted from Google Play.

"Despite the fact that VPN-applications of Android are established by millions of mobile users of the whole world their operational transparency and potential impact on privacy and safety of users remain a Terra incognito even for technically advanced users" — concludes the report.

See Also

  1. whether my VPN Works? Councils for testing of leakages of VPN
  2. From the presentation "Anonymizers and providers of VPN services: threat of state security or effective method of data protection of the user? Yushkova E.E., project manager, State corporation, "Development bank and foreign economic activity (Vnesheconombank)", Akayev S.A., project manager, "Development Bank and Foreign Economic Activity (Vnesheconombank)" State corporation, CNews FORUM 2017
  3. Scales of global shadowing. What is SORM: types and opportunities. How to save itself? Part 1
  4. In what a difference between VPN and a proxy?
  5. [ the VPN service which is Twice blocked in Russia won
  6. Roskomnadzor forced to unlock world famous VPN service
  7. [ of Shining a Light on the Risks of HolaVPN and Luminati
  8. Researchers warned about danger of use of Hola VPN
  9. entities Apple prohibited individuals to write the VPN applications for iPhone and iPad
  10. From now on hosters are obliged to report to the authorities on owners of a proxy and VPN
  11. TL: DR: VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)
  12. 23% of VPN services open the real IP addresses of users
  13. Already seven VPN services declared unwillingness to cooperate with Russian authorities
  14. Roskomnadzor
  15. the Federal law of 7/29/2017 No. 276-FZ "About introduction of amendments to the Federal law "About Information, Information Technologies and on Data Protection"
  16. Putin prohibited anonymizers and VPN services
  17. The State Duma prohibited the Function anonymizers
  18. The State Duma prohibited anonymizers in Russia
  19. FSB And the Ministry of Internal Affairs can involve in identification of methods of a bypass of blocking in Network
  20. FTS acquired the right to block anonymizers
  21. Deputies prohibited anonymizers and searchers to give access to the prohibited websites
  22. [1] of An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps CSIRO
  23. : VPN are not always as private as it is considered