Another blocked website

This is a rough outline of Internet censorship in Russia, which is covered better in Wikipedia (though some bits seem to be missing there), but here is my personal log (which evolved from a rant about a few blocked websites, to a timeline of millions of resources getting blocked): major events, the things I've heard of or noticed directly, so not including censorship of actual terrorists (apart from a few distinct occasions on which they've blocked themselves, perhaps), if there were any; mostly technical and general-purpose services. Mass surveillance events are also included, and occasionally some others that hinder access to (or sharing of) information, or encourage leaking of personal information. General human rights issues are not included, though sometimes they seem relevant. Roskomsvoboda looks like a fine (and more complete) source of news on the topic. NetBlocks keeps track of network blocks worldwide.

Probably there's plenty of missing bits, since many of those I'm finding just accidentally.

Chronology

1995

2000

2008

2009

2010

2012

2013

2014

2015

2016

2017

2018

2019

2020

Other notes

Mode of operation

The traffic is mostly blocked by IP addresses (paid for by ISP customers, as well as data storage, while the organisation and monitoring/surveillance systems seem to be mostly paid from taxes), though the blocking looks different and changes. This also affects other services apart from websites, but that's a minor issue, given large subnet blocks. When in doubt whether there's a network issue or a block, the Starlink's checker is handy (while the official checker is not quite usable), and there's more links in the "Massive IP blockings in Russia" message. Though isitblockedinrussia.com works better sometimes.

When sufficiently many people are unhappy about some large and fine website or service getting blocked, RKN consistently blames the service itself (or the related ones, or whatever; never admitting to be imperfect). Though taking into account their multiple self-blocks, it indeed acts like a beast, which is hard to blame for its actions.

Reactions

It's hard to estimate, but apparently in 2020, as in 2012 or before, most people don't care about (or even do support) the things listed above. The news covering those laws and incidents are usually on main pages of local IT news websites (which I mostly check when those happen), but general local news websites only cover those briefly, among buzzfeed-style trashy stories.

Technological remedies

Computing and cryptography enthusiasts worldwide keep talking about organizing reliable mesh networks, using cryptography to achieve privacy and security against potentially malicious actors that include governments, about it being nonsense to ban cryptography (as a part of mathematics) or to keep information from spreading, and discuss various ways to solve these issues using technology. Some of those actually help to mitigate the impact of silly laws, but virtually anything can be outlawed (see "illegal numbers"), government organizations can heavily disrupt workflows for silly reasons, or cut out Internet access altogether. Not that such remedies are useless, but some people seem to be overly optimistic about their efficiency and applicability.

Security issues in "fatherland software"

As mentioned in the log, there's the silly and proprietary CryptoPro thing, compromising machines and just doing awful things with private keys (keeping them on servers, a user may not even get their own key, or somebody else can by exploiting the infrastructure used along with it).

Another example is IT Bastion's СКДПУ, which is supposed to be used to share access to resources such as virtual machines. In practice it means: instead of your SSH public key being uploaded and an address being given to you in order to access a machine, you receive plaintext credentials, which are widely shared, and then access it using password authentication, so that anybody with access to inbox of any of the users has root access to the machine(s) behind СКДПУ. Proper users and keys can't be set easily because you connect to СКДПУ (and not the target system itself), and neither does SCP work. When you try to set users properly, it would attempt to block commands such as "gpasswd" (but of course it's trivial to bypass), apparently as somehow suspicious. Apparently the overall system is more or less rebranded WALLIX, but possibly with some additions. While the company itself brags about having no foreign capital, and about the software being certified by Ministry of Defence (including РД НДВ-2, which seems to be for top secret state secrets). Though I hear that similar kind of junk (likely including original WALLIX) is used in other countries' poorly managed organizations as well, so it's not exactly Russia-specific.

Generally such software is similar to (i.e., at least as bad as) "enterprise software", just with a lot of uncommon abbreviations instead of (or along with) buzzwords, and apparently written by even more clueless and/or less caring people.

The zoo of those silly projects is available at reestr.minsvyaz.ru.