On Thursday 28 March, the Russian government’s internet censors contacted 10 leading VPN providers to demand they comply with local censorship laws or risk being blocked. They were given 30 days to comply before any action would be taken.
Roskomnadzor, Russia’s online watchdog, contacted the VPN services via letter to inform them of the changes that needed to be made. This requires them to sign up to a dedicated government system allowing them to share VPN user information with Russian security services.
They would also have to disclose various pieces of information about their organizations to Russian authorities, including their full entity names, tax numbers, postal and email address details, among other things.
The VPN providers contacted were ExpressVPN, NordVPN, IPVanish, VPN Unlimited, VyprVPN, HideMyAss!, TorGuard, Hola VPN, OpenVPN, and Kaspersky Secure Connection. The deadline has now passed and the only VPN company that has agreed to comply with the new requirements is the Russia-based Kaspersky Secure Connection.
Most other providers on the list have removed their VPN servers from Russia altogether, not taking any risks when it comes to protecting user information. TorGuard was the first to do so, stating that it had wiped all its servers clean and “will no longer be doing business with data centers in the region” of Saint Petersburg and Moscow.
Kaspersky Secure Connection is yet to release any sort of official statement confirming the new information it’s going to be sharing with Russian authorities, but the fact the company itself is based in Russia means that its cooperation hasn’t come as too much of a surprise.
Now not only will Kaspersky Secure Connection be required to provide certain pieces of user information to the Russian government, it also has to restrict access to websites and apps that are on the country’s blacklist. This includes the popular encrypted messaging app Telegram, which is currently blocked in Russia.
This involves Kaspersky Secure Connection being added to a state IT system that contains a complete registry of banned websites, which is another major privacy concern for its VPN users as it means their personal details would be readily available to Russian authorities.
Kaspersky is yet to issue a statement on the issue.