At the start of December, the Tor Project’s support email inbox began receiving an unusual number of messages from users saying they were encountering problems accessing the digital anonymity service. “It was not just one or two, but like 10 people asking,” says Gustavo Gus, community team lead of the Tor Project. At the same time, staff at the Open Observatory of Network Interference (OONI), which measures and tracks internet censorship, saw indications that suggested Russian internet service providers (ISPs) were blocking the Tor network.
Tor is used by people worldwide to mask their activity on the internet, sometimes for illicit activity but more often than not to evade censorship in authoritarian or autocratic countries. A 2020 study found 93 percent of Tor users accessed the network for the latter reason, rather than for illegal reasons. And in Russia, whose population are the second-biggest users of Tor after the United States, people use the service to subvert government restrictions.
What happened at the start of December, though those in the Tor Project didn’t know it yet, was significant. Roskomnadzor, the Russian media and telecommunications regulator, had issued a demand to ISPs around Russia to block users’ access to Tor's website. In Russia’s world of decentralized internet infrastructure, ISPs began taking action speedily. And access to parts of the Tor network itself were limited.
On December 1, OONI noticed 16 percent of connections to Tor in Russia recorded some kind of anomaly. A day later, it was one in three. On December 8, it was back to 16 percent. The anomalies seem to vary depending on which ISP and which user is trying to access Tor. Some people are being sent to a blocked page instead of the Tor Project website. Others appear to be subject to a man-in-the-middle attack over their TLS connection, which secures data sent over the internet end-to-end, when trying to connect. More still are finding their connection reset repeatedly when the TLS handshake is initiated, attempting to frustrate their access. That latter method would indicate Roskomnadzor utilized deep packet inspection (DPI) to filter packets headed for Tor, suggesting they’ve been sniffing traffic as it passes through ISPs, say OONI. (Roskomnadzor has been contacted for comment on this story.)
All three of these methods utilize IP blocking of some kind. “In practice what they would do is define a rule in the configuration of their firewall to drop all traffic toward a certain destination,” says Arturo Filastò, an engineer at OONI. “In certain configurations they may choose to implement the block by actively terminating the connection by injecting a reset packet.”
However, the issues—and outright blocking—that OONI recorded weren't spread equally across ISPs in Russia. Since December 2, OONI has tracked 333 unique networks in Russia. Forty-one of them have blocked Tor in some way, though Filastò cautions against saying 12 percent of ISPs are blocked, because there are 4,671 registered autonomous system numbers (ASNs), which are controlled by ISPs, in Russia. All of these serve different numbers of users. The situation was even more complicated on some ISPs, like VEON, where some users experienced blocks on Tor while others didn’t. “This might be due to the fact that the rollout of the block is not being carried out in the same way across all their infrastructure,” says Filastò.
The situation was messy, but it all added up to one conclusion: Something was up. “We realized on December 2 or 3 that Tor was being blocked,” says Gus. The Tor Project began contacting reliable contacts in Russia and those outside the country to understand more. Slowly, the project began putting together the pieces of the puzzle, identifying what was going on. The final piece slotted into place on December 6, when the project received an email purporting to be from Roskomnadzor, saying that the Tor Project domain would be blocked. “At first, some of us thought it was a spam email,” admits Gus. “We didn’t think it was a real communication from the government.”
But it was. Torproject.org had been added to Roskomnadzor’s blocked list. “Tor has been a symbolic target because it’s not just a commercial technology used to bypass or circumvent blocking or filtering,” says Andrei Soldatov, an investigative journalist and author of books on Russia’s internet, “but because this project was developed as a political—or noncommercial—project.” Tor became a target for Russian censors in 2014, when a contract was posted on the Interior Ministry’s website inviting bids from companies capable of developing technology that could crack its layers of encryption. (Anyone successful could earn themselves $110,000, or 10 times the average annual salary in Russia at the time.) It’s seen as a symbol of the battle for supremacy between Russia and the West, says Soldatov—an issue exacerbated by Tor’s genesis at the United States Naval Research Laboratory in the 1990s.
“A lot of people are surprised and lost—including people in Russia—as to why they would do this now,” says Tanya Lokot, associate professor in digital media and society at Dublin City University. Some reports indicated that it was a belated attempt to enact a 2017 court ruling against a number of internet-based platforms that host “prohibited information,” although Tor was not mentioned in that ruling at the time. The ruling also took place in a small district court to establish a national and international precedent—something Lokot says is a typical approach for Russian internet censors. “I think the takeaway here is that it’s not the court decision,” she says. “It’s just a pretext. Something bigger is at play: some bigger strategy, or some bigger approach to block as many different anonymity services as possible.” It’s a battle that’s difficult to win: In 2018, Russian regulators tried and failed to block Telegram, rolling back the ban in 2020.
Instead, Lokot believes it’s more useful to view the current situation in light of a broader crackdown on anonymity tools by the Russian government. “It seems like their rationale for blocking Tor is quite similar to the rationale they use for blocking certain VPN services,” she says. They fear it’s being used to access illegal content. That’s supported by a statement made by a member of the state Duma, or Russian parliament, on December 6, that called Tor an “absolute evil” that enabled people to conduct illicit activity.
In reality, it’s yet another shift by the Russian state toward a more sovereign internet that the government can control and censor, should it choose. In July 2021, Russia introduced a law requiring any platform with more than half a million users to have a base and employees in Russia. Four months earlier, Roskomnadzor throttled traffic to and from Twitter to a near-unusable level in what the regulatory authority said was a decision to highlight inaction by the social media platform in taking down inappropriate content. (It’s more likely linked to the way Twitter was used to organize antigovernment protests in favor of opposition politician Alexei Navalny.)
That all comes on top of a number of popular VPNs being blocked in Russia, Opera removing support for its browser-based VPN, and Apple complying with a government request to remove Private Relay from its Russian devices. “In 2021 the Kremlin got really serious about circumvention tools,” says Soldatov. “Given how successful Russian censors were this year, I’d say now they feel very encouraged by and inspired by what they achieved with the system of sovereign internet.”
Russia’s Twitter slowdown happened through deep packet inspection (DPI) that filtered packets specifically related to Twitter, making them pass through ISPs at a reduced speed. Over the past decade, Russia has introduced a number of different policies, instruments, and infrastructural changes to ensure the government has as much control as they can over the Russian segment of the internet, says Lokot. It’s all part of its plan for the “RuNet,” where the rules they dictate are in play.
The latest move is a hammer blow to Tor’s 300,000 daily users in Russia—who account for 15 percent of the service’s total user base. In response, Tor asked its other users to set up bridges, which are undetected, private points that allow access to the Tor network. The number of users accessing Tor through bridges has nearly doubled from its average over the past three months, according to data compiled by the project.
Yet the spotty and incomplete nature of the Tor outage across different ISPs shows that Russia doesn’t yet have total control over its RuNet as a fully formed network. “The internet infrastructure in Russia is fairly decentralized, and as such it’s not currently feasible to implement a uniform country-wide internet censorship policy,” says Filastò. Instead, each individual ISP receives and implements blocking orders from the central government. That could change in more sweeping plans for RuNet, reckons Lokot.
Roskomnadzor has taken a more central approach to the regulation of the Russian internet, where providers of key services and internet infrastructure are required to install black boxes with links to the regulator in their offices. “Their data flows through it, and it’s operated centrally by Russian authorities,” says Lokot. The plan has what Lokot calls “a typically Soviet name”: The Technical Means of Countering Threats. It’s an internet monitoring tool previously only publicly given to the intelligence services in Russia, and makes extrajudicial censorship more likely—removing the need to justify decisions through court orders, such as the 2017 one cited as a possible explanation for the Tor outage.
It all makes for sobering reading—and a worrying future for rank-and-file Russians wanting to freely express themselves online. But besides the bridges, ordinary Russians can still circumvent their state’s attempt to crack down on their freedoms. “Russian users need to send us an email or contact our Telegram bot to get a bridge to connect to the Tor network,” says Gus. “We have activists and dissidents in Russia using Tor to protect their activities,” says Gus. “Blocking Tor means a student in Russia will not be able to communicate or do their activism work.” And it’s a worry that isn’t limited to Russia alone. “I think we should be very concerned for the future in other countries,” says Gus. “They could pass national laws to block Tor and the free, open internet.”
- 📩 The latest on tech, science, and more: Get our newsletters!
- Amazon's dark secret: It has failed to protect your data
- Humans have broken a fundamental law of the ocean
- What The Matrix got wrong about cities of the future
- The father of Web3 wants you to trust less
- Which streaming services are actually worth it?
- 👁️ Explore AI like never before with our new database
- 💻 Upgrade your work game with our Gear team’s favorite laptops, keyboards, typing alternatives, and noise-canceling headphones
