Russia’s Internet Censorship Machine Is Going After Tor

Russia’s Internet Censorship Machine Is Going After Tor 1

At the start of December, the Tor Project’s support email inbox began receiving an unusual number of messages from users saying they were encountering problems accessing the digital anonymity service. “It was not just one or two, but like 10 people asking,” says Gustavo Gus, community team lead of the Tor Project. At the same time, staff at the Open Observatory of Network Interference (OONI), which measures and tracks internet censorship, saw indications that suggested Russian internet service providers (ISPs) were blocking the Tor network.

Tor is used by people worldwide to mask their activity on the internet, sometimes for illicit activity but more often than not to evade censorship in authoritarian or autocratic countries. A 2020 study found 93 percent of Tor users accessed the network for the latter reason, rather than for illegal reasons. And in Russia, whose population are the second-biggest users of Tor after the United States, people use the service to subvert government restrictions.

What happened at the start of December, though those in the Tor Project didn’t know it yet, was significant. Roskomnadzor, the Russian media and telecommunications regulator, had issued a demand to ISPs around Russia to block users’ access to Tor’s website. In Russia’s world of decentralized internet infrastructure, ISPs began taking action speedily. And access to parts of the Tor network itself were limited.

On December 1, OONI noticed 16 percent of connections to Tor in Russia recorded some kind of anomaly. A day later, it was one in three. On December 8, it was back to 16 percent. The anomalies seem to vary depending on which ISP and which user is trying to access Tor. Some people are being sent to a blocked page instead of the Tor Project website. Others appear to be subject to a man-in-the-middle attack over their TLS connection, which secures data sent over the internet end-to-end, when trying to connect. More still are finding their connection reset repeatedly when the TLS handshake is initiated, attempting to frustrate their access. That latter method would indicate Roskomnadzor utilized deep packet inspection (DPI) to filter packets headed for Tor, suggesting they’ve been sniffing traffic as it passes through ISPs, say OONI. (Roskomnadzor has been contacted for comment on this story.)

All three of these methods utilize IP blocking of some kind. “In practice what they would do is define a rule in the configuration of their firewall to drop all traffic toward a certain destination,” says Arturo Filastò, an engineer at OONI. “In certain configurations they may choose to implement the block by actively terminating the connection by injecting a reset packet.”

However, the issues—and outright blocking—that OONI recorded weren’t spread equally across ISPs in Russia. Since December 2, OONI has tracked 333 unique networks in Russia. Forty-one of them have blocked Tor in some way, though Filastò cautions against saying 12 percent of ISPs are blocked, because there are 4,671 registered autonomous system numbers (ASNs), which are controlled by ISPs, in Russia. All of these serve different numbers of users. The situation was even more complicated on some ISPs, like VEON, where some users experienced blocks on Tor while others didn’t. “This might be due to the fact that the rollout of the block is not being carried out in the same way across all their infrastructure,” says Filastò.