Another blocked website

This is a rough outline of Internet censorship in Russia and a few related topics. It is covered better in Wikipedia (though some bits seem to be missing there), but here is my personal log (which evolved from a rant about a few blocked websites, to a timeline of millions of resources getting blocked): major events, the things I've heard of or noticed directly, so not including censorship of actual terrorists (apart from a few distinct occasions on which they've blocked themselves, perhaps), if there were any; mostly technical and general-purpose services. Events related to mass surveillance are also included, and occasionally some others that hinder access to (or sharing of) information, or encourage leaking of personal information. General human rights issues are not included, though sometimes they seem relevant (see, for instance, Amnesty International's Russian Federation country profile for those). Roskomsvoboda looks like a fine (and more complete) source of news on the topic. NetBlocks keeps track of network blocks worldwide.

Probably there's plenty of missing bits, since many of those I'm finding just accidentally, and not even reading local or non-technological news regularly.

















Other notes

Mode of operation

The traffic is mostly blocked by IP addresses (paid for by ISP customers, as well as data storage, while the organisation and monitoring/surveillance systems seem to be mostly paid from taxes), though the blocking looks different and changes. This also affects other services apart from websites, but that's a minor issue, compared to large subnet blocks. When in doubt whether there's a network issue or a block, the Starlink's checker is handy (while the official checker is not quite usable), and there's more links in the "Massive IP blockings in Russia" message. Though works better sometimes.

When sufficiently many people are unhappy about some large and fine website or service being blocked, RKN consistently blames others (usually the service itself, or its hoster, or any other involved party), never admitting mistakes.

Reactions and opinions

It's hard to estimate, but apparently in 2020, as in 2012 or before, most people don't care about (or even do support) the things listed above. The news covering those laws and incidents are usually on main pages of local IT news websites (which I mostly check when those happen), but general local news websites only cover those briefly, among buzzfeed-style trashy stories.

Opinions on reality (that is, not metaphysical nature of it, but the contemporary events and state of things nearby) differ quite a bit as well. Sometimes I find it surprising that people manage to cooperate while seeing the reality so differently, as well as to interact with their surroundings with approximately equal success.

Technological remedies

Computing and cryptography enthusiasts worldwide keep talking about organizing reliable mesh networks, using cryptography to achieve privacy and security against potentially malicious actors that include governments, about it being nonsense to ban cryptography (as a part of mathematics) or to keep information from spreading, and discuss various ways to solve these issues using technology. Some of those actually help to mitigate the impact of harmful laws, but virtually anything can be outlawed (see "illegal numbers"), government organizations can heavily disrupt workflows for silly reasons, or cut out Internet access altogether. Not that such remedies are useless, but some people seem to be overly optimistic about their usefulness and applicability.

Security issues in "fatherland software"

As mentioned in the log, there's the proprietary CryptoPro thing, compromising machines and just doing awful things with private keys (keeping them on servers, a user may not even get their own key, or somebody else can by exploiting the infrastructure used along with it).

Another example is IT Bastion's СКДПУ, which is supposed to be used to share access to resources such as virtual machines. In practice it means: instead of your SSH public key being uploaded and an address being given to you in order to access a machine, you receive plaintext credentials, which are widely shared, and then access it using password authentication, so that anybody with access to inbox of any of the users has root access to the machine(s) behind СКДПУ. Proper users and keys can't be set easily because you connect to СКДПУ (and not the target system itself), and neither does SCP work. When you try to set users properly, it would attempt to block commands such as "gpasswd" (but of course it's trivial to bypass), apparently as somehow suspicious. Apparently the overall system is more or less rebranded WALLIX, but possibly with some additions. While the company itself brags about having no foreign capital, and about the software being certified by Ministry of Defence (including РД НДВ-2, which seems to be for top secret state secrets). Though I hear that similar kind of junk (likely including original WALLIX) is used in other countries' poorly managed organizations as well, so it's not exactly Russia-specific.

Generally such software is similar to (i.e., at least as bad as) "enterprise software", just with a lot of uncommon abbreviations instead of (or along with) buzzwords, and apparently written by even more clueless and/or less caring people.

The zoo of those projects of dubious usefulness is available at