Why You Should Not Use A VPN Based In Russia?

What's In A Node?

First, let's talk about how a typical VPN works, and why clean entry and exit nodes are so vital.

A VPN is a hardware or software tunnel that allows you to send specially encrypted traffic over a normal Internet connection. It's like agreeing on a predetermined code that you plan to use for all of your communications. The code itself is never transferred in the clear, so even someone sitting in between you and your target would be clueless as to what kind of traffic is being sent over the line. For example, Your ISP would just see a stream of gibberish flowing through their network to some distant device on the Internet.

So far, so good.

The target device that accepts all of your encrypted traffic is called an 'entry node'. In order to make sure that their ISP can't spy on the source and the destination of your traffic simultaneously, all of your traffic is routed to another device on the VPN network: The chosen 'exit node'.

Requests coming from the exit node will look like they're coming from the specific network and country that the device is in… not your original country, not even your original IP address. So not only is your traffic encrypted, but you can evade local censorship and content bans because everyone thinks that the request is coming from somewhere like France or Sweden.

So all bases are covered, right? Not exactly.

Because if either the entry or the exit node is compromised, you're still screwed. A compromised entry node means that the IP address of the requester is up for grabs, as well as the exact exit node they're trying to use. A compromised exit node means that the destination of the traffic can be determined, and the extra encryption offered by the VPN has been stripped away, opening the traffic up to analysis.

Every single entry and exit node in Russia or hosted in a country that is a Russian ally should be considered compromised. And of course, every single Russian VPN company has already been compromised.

The reason is simple: SORM.

What's SORM And How Does Russia Compromise VPNs?

The Russian government has an Internet monitoring specification that they call SORM, roughly translated as 'System for Operative Investigative Activities'. Collectively, SORM monitors and records all Internet traffic flowing into, through, and out of Russia.

This is made clear by the laws they've passed, allowing them to use SORM on anything 'of government interest'. This provides the FSB and law enforcement with a warrantless decryption method that can be used on the fly.

As of 2022, Russia is on its third iteration of the mass surveillance network, also known as the SORM-3 specification. This allows government and police powers to make deep packet inspections on any data transmitted across any media. Every carrier, every ISP, and every VPN company must provide them with the decrypted version of any message. The targets users by their IP address, their ISP or telecom user ID, their E-mail address, mobile phone number, MAC address, and various browser and system fingerprinting methods.

Any company that doesn't comply is under threat of a shutdown in Russia and in their ally states. Anyone running encryption on is risking arrest, as this is completely forbidden by law. And of course, information on circumventing Russian content bans, or otherwise keeping data away from government examination, is punishable by fines and imprisonment.

We won't even get into the amount of logging required by the Russian government, rendering any anonymity useless. Just assume that if it's hosted in Russia, there are full access logs.

In short: Every Russian VPN that is still operational needs to be considered a government asset. Every Russian entry and exit node should be considered fully backdoored.

This isn't exactly news. We've seen evidence on the global stage: We've known for years that the Kaspersky corporation was compromised. The fact that they're running a VPN service now is both laughable and terrifying.

And retribution against VPN services that refuse to allow backdoors for SORM is also old news. They either seize their servers or simply shut off all access to any VPN that won't comply. Hey, look…Kaspersky was the only major VPN company to comply with FSIS censorship and monitoring standards. Shocker.

What's The Alternative?

Security and privacy software that goes beyond the (relatively weak) standards of typical VPNs is what's required when facing monitoring like SORM.

Software like Hoody provides entry and exit nodes running on secure, private networks throughout the world. The encrypted traffic is completely unlogged. Every single browser tab is run through its own virtual machine, with the resulting pages streamed back to the user rather than sent back in static form. In this way, using a web page actually happens remotely and at lightning-fast speeds. You are not the source of any given browser request… Hoody is. It also automatically detects the fastest mirror or source of the target that you're looking for and provides the uncensored, unaltered version of the information that you seek.

Finally, the government has better ways to track people down than using their IP addresses these days. They use browser fingerprinting to narrow down who is requesting data from a website, despite any encryption efforts. To see what kind of information they can use, check out AmIUnique and undergo their browser fingerprinting test.

If you're in Russia and you absolutely must use a VPN, use one with entry and exit nodes outside of the country, and outside of allied countries. Use one that is heavily audited by independent security companies and one that keeps no logs.