Article Hero
Blog4 minutes read
August 17, 2022
  • telegram
  • facebook
  • twitter
  • github

Why You Should Not Use A VPN Based In Russia?

With the country's violent invasion of Ukraine in February of 2022, demand for VPNs skyrocketed in Russia. Whether it's to avoid government propaganda, or to stay in touch with friends and loved ones in Ukraine, people want to avoid observation by the Putin regime.

Sadly, some of the people who think that these VPNs are offering privacy or anonymity have no idea what they're up against. As we're about to detail, Russia is a complete surveillance state due to laws that have been passed over the past thirty years. Anything with ties to the government, or any company that caves to the government's demands for hardware and software backdoors, cannot be trusted.

That means the citizens of Russia are in dire straits: Using the wrong VPN companies and software, a lack of awareness about how to exit nodes work, and ignorance about browser fingerprinting methods currently in use by Russian intelligence forces have combined to put some people in even more danger than they were before.

In this article, we'll cover the dangers that using the wrong VPN or the wrong nodes of a VPN can pose to an unsuspecting user. And we'll cover the most important point: Why you should not use a VPN based in Russia.


What's In A Node?

First, let's talk about how a typical VPN works, and why clean entry and exit nodes are so vital.

A VPN is a hardware or software tunnel that allows you to send specially encrypted traffic over a normal Internet connection. It's like agreeing on a predetermined code that you plan to use for all of your communications. The code itself is never transferred in the clear, so even someone sitting in between you and your target would be clueless as to what kind of traffic is being sent over the line. For example, Your ISP would just see a stream of gibberish flowing through their network to some distant device on the Internet.

So far, so good.

The target device that accepts all of your encrypted traffic is called an 'entry node'. In order to make sure that their ISP can't spy on the source and the destination of your traffic simultaneously, all of your traffic is routed to another device on the VPN network: The chosen 'exit node'.

Requests coming from the exit node will look like they're coming from the specific network and country that the device is in… not your original country, not even your original IP address. So not only is your traffic encrypted, but you can evade local censorship and content bans because everyone thinks that the request is coming from somewhere like France or Sweden.

So all bases are covered, right? Not exactly.

Because if either the entry or the exit node is compromised, you're still screwed. A compromised entry node means that the IP address of the requester is up for grabs, as well as the exact exit node they're trying to use. A compromised exit node means that the destination of the traffic can be determined, and the extra encryption offered by the VPN has been stripped away, opening the traffic up to analysis.

Every single entry and exit node in Russia or hosted in a country that is a Russian ally should be considered compromised. And of course, every single Russian VPN company has already been compromised.

The reason is simple: SORM.

What's SORM And How Does Russia Compromise VPNs?

The Russian government has an Internet monitoring specification that they call SORM, roughly translated as 'System for Operative Investigative Activities'. Collectively, SORM monitors and records all Internet traffic flowing into, through, and out of Russia.

This is made clear by the laws they've passed, allowing them to use SORM on anything 'of government interest'. This provides the FSB and law enforcement with a warrantless decryption method that can be used on the fly.

As of 2022, Russia is on its third iteration of the mass surveillance network, also known as the SORM-3 specification. This allows government and police powers to make deep packet inspections on any data transmitted across any media. Every carrier, every ISP, and every VPN company must provide them with the decrypted version of any message. The targets users by their IP address, their ISP or telecom user ID, their E-mail address, mobile phone number, MAC address, and various browser and system fingerprinting methods.

Any company that doesn't comply is under threat of a shutdown in Russia and in their ally states. Anyone running encryption on is risking arrest, as this is completely forbidden by law. And of course, information on circumventing Russian content bans, or otherwise keeping data away from government examination, is punishable by fines and imprisonment.

We won't even get into the amount of logging required by the Russian government, rendering any anonymity useless. Just assume that if it's hosted in Russia, there are full access logs.

In short: Every Russian VPN that is still operational needs to be considered a government asset. Every Russian entry and exit node should be considered fully backdoored.

This isn't exactly news. We've seen evidence on the global stage: We've known for years that the Kaspersky corporation was compromised. The fact that they're running a VPN service now is both laughable and terrifying.

And retribution against VPN services that refuse to allow backdoors for SORM is also old news. They either seize their servers or simply shut off all access to any VPN that won't comply. Hey, look…Kaspersky was the only major VPN company to comply with FSIS censorship and monitoring standards. Shocker.

What's The Alternative?

Security and privacy software that goes beyond the (relatively weak) standards of typical VPNs is what's required when facing monitoring like SORM.

Software like Hoody provides entry and exit nodes running on secure, private networks throughout the world. The encrypted traffic is completely unlogged. Every single browser tab is run through its own virtual machine, with the resulting pages streamed back to the user rather than sent back in static form. In this way, using a web page actually happens remotely and at lightning-fast speeds. You are not the source of any given browser request… Hoody is. It also automatically detects the fastest mirror or source of the target that you're looking for and provides the uncensored, unaltered version of the information that you seek.

Finally, the government has better ways to track people down than using their IP addresses these days. They use browser fingerprinting to narrow down who is requesting data from a website, despite any encryption efforts. To see what kind of information they can use, check out AmIUnique and undergo their browser fingerprinting test.

If you're in Russia and you absolutely must use a VPN, use one with entry and exit nodes outside of the country, and outside of allied countries. Use one that is heavily audited by independent security companies and one that keeps no logs.

Will R
Hoody Editorial Team

Will is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.

Latest


Blog
Timer7 minutes read

How the Government Hacks You, Final Chapter: IoT Hacks

Chapter 14: IoT Hacks

Will R
6 months ago
Blog
Timer9 minutes read

How the Government Hacks You, Chapter 13: GPS Tracking

Dive into the unsettling world of government-controlled GPS tracking!

Will R
6 months ago
Blog
Timer7 minutes read

How the Government Hacks You, Chapter 12: Garbage Day

Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies

Will R
7 months ago
Blog
Timer8 minutes read

How the Government Hacks You, Chapter 11: Resonance Attacks

It’s time to uncover how government surveillance gets personal.

Will R
7 months ago

Bulletproof privacy in one click

Discover the world's #1 privacy solution

  • Chrome Icon
  • Brave Icon
  • Edge Icon
  • Chromium Icon
  • Coming soon

    Firefox Icon
  • Coming soon

    Safari Icon
  • Coming soon

    Opera Icon

No name, no email, no credit card required

Create Key