back to article Google, AWS IPs blocked by Russia in Telegram crackdown

Russia's telecoms regulator Roskomnadzor has started blocking IP addresses linked to secure messaging service Telegram. Russia wants Telegram banished from within its borders, supposedly on national security grounds. First on its list, therefore, according to Roem.ru* (translated), are addresses used by, er, Amazon Web …

  1. Voland's right hand Silver badge

    MInor Correction

    Russia wants Telegram banished from within its borders, supposedly on national security grounds.

    Actually, it is for refusing to comply with mandated national level key escrow. Instead of an Amber Rudd "backdoor for me only courtesy of right hashtags" (tm), they simply mandated that keys are escrowed and SPs (not the FSB) runs a data retention regime. Thus, if there is a court order at a later date, the encrypted data is taken from the SP, the keys from escrow are applied and the court order is fulfilled.

    Telegram does not have any keys to put into the escrow as it never kept them - their service is designed that the keys remain with the user.

    What we are observing is the result of this or (even worse) Amber Rudd style system in practice. It is only a matter of time until Mrs "All The Righ Hashtags" bestows a system like this on us. She already deployed the relevant means to enforce it on "anti-porn" and "anti-paedo" and "anti-piracy" grounds.

    Ditto for the VPNs - if you trawl through their raves over the years Josephina Vissarionovna May wanted to ban VPNs for private individuals as far back as becoming a home secretary under Cameron. So, it is only a matter of time until we observe that one too as well as similar screws being put on any service where the keys are with a user.

    1. streaky
      Black Helicopters

      Re: MInor Correction

      blah blah Amber Rudd blah blah

      But as all of us with our heads screwed on stated at the time the stuff AR stated didn't matter because what she was talking about simply isn't a thing. You'll note it hasn't gone anywhere.

      It's not a reflection of what "her" world looks like in any way, it's a reflection of some countries are completely lawless and others aren't. We have the rule of law, for AR to get her way (we can debate how serious she ever was, apparently you think she was more serious than I do) - what she was talking about would never make it through the Commons and if it made it through the Commons it'd never make it through the Lords and if it made it through the Lords then British courts would put a stop to it right pronto.

      Spot the difference?

      1. Voland's right hand Silver badge

        Re: MInor Correction

        Spot the difference?

        Nope. I do not.

        Do not understand me wrong - they are as lawless as it can get.

        The actual lawlessness, however is NOT at the level of laws and not even at the level of courts. It is at the level of enforcement. That is where people get killed, tortured, arbitrarily detained and suffer from a heart stroke which upon independent autopsy happens to be lung embolism from beating in the chest area combined with having a water heater shovelled down your throat and turned on if you are not signing the confessions. This is out of the front page of one of their opposition newspapers from yesterday by the way (CIA may take some notes as replacement for waterboarding).

        Back to the actual law (not the wonders of Russian law enforcement).

        They have the law, it was voted for, it passed legal review (it was challenged by SPs) and a challenge was not accepted by the constitutional court. Do we like it or not, the process has been followed so no point to parrot the Daily Mail please. I suggest following the entire thing from A to Z how it developed and reading the actual law, discussion, challenges, etc.

        They actually have significantly higher protections on privacy of communications than us in their constitution and the law has been found to comply with that. Whoever wrote the cheat sheet for Irina (the law author) knew what they were doing. The escrow is for keys only. The data never officially leaves the SP until there is a court order. The keys are not the communication, hence the constitutional protection does not apply. This is the scary bit and this is what will inevitably be copied one day by us and others.

        Their laws as written are something which is worth reviewing, reading and stealing ideas. In fact some of our politicians do that (and not pay copyright fees). All in all, UK is significantly more "lawless" in this area. There are more backdoors and holes in UK surveillance legislation than in a good piece of Swiss cheese.

        1. bombastic bob Silver badge
          Big Brother

          Re: MInor Correction

          Spot the difference?

          Nope. I do not.

          Nor do I. Regardless of any alleged 'differences', it all has one thing in common: gummints using some kind of 'back door' [key escrow or other means], like a kind of master key or skeleton key, to ensure THEY can break in any time they want to.

          And that's what's at issue here.

        2. strum

          Re: MInor Correction

          >There are more backdoors and holes in UK surveillance legislation than in a good piece of Swiss cheese.

          Indeed - and UK law/constitution has always allowed HMG a great deal more latitude than was strictly necessary or healthy.

          We've always relied on the assumption that all the people involved (MPs, judges, civil servants, spooks) were decent chaps, who wouldn't do 'that sort of thing'. We even hear ministers recoil when the potential consequences of legislation are pointed out; '...but we would never dream of using these powers that way!'.

          And they never do dream of doing it - until they've done it, and point out that the law is on their side, so they're going to keep on doing it - but only against the really bad guys. Honest.

        3. streaky

          Re: MInor Correction

          The difference is one is a person talking, the other is a country going out of their way to actually make something happen. Also relieving people of opposition via 5th floor windows.

          I don't know at what point torture made it into the discussion.

          Also snoopers charter isn't a counter-argument, it's a case-study.

        4. CrazyOldCatMan Silver badge

          Re: MInor Correction

          They actually have significantly higher protections on privacy of communications

          Yeah - only the FSB, the GRU, Putin and his oligarch friends (oh - and anyone in the Duma or Russian Govenment that knows someone in the aforementioned list) gets to read everything.

          Hardly inspiring. Especially when put against the various laws against 'deviance' (ie - anything other than a traditional Russian lifestyle or being successful in esposing politics that Putin doesn't like).

          If you've got nothing to hide, you've got nothing to fear right?

          Protest and spread your propaganda all you like, but comparing the Russian Government and the UK Government is a joke. A joke akin to trying to create equivalence between a rabid Siberian tiger and a slightly annoyed housecat kitten.

          1. Anonymous Coward
            Anonymous Coward

            Re: MInor Correction

            UK Gov is not, as far as I am aware, under imminent threat of externally funded color revolution, which presumably is one reason that the eternally corrupt Russia is going after telegram.

            However I am slightly contradicted by what Monsignor Ambrogio Damiano Achille Ratti (Pope Pius XI) told Sir Horace Rumbold in 1920, according to Curzio Malaparte’s 1930's book Technique of a Coup d’état

      2. Anonymous Coward
        Anonymous Coward

        Re: MInor Correction

        "if it made it through the Commons and if it made it through the Commons it'd never make it through the Lords and if it made it through the Lords then British courts would put a stop to it right pronto."

        Two Words

        Snoopers Charter.

        Never under estimate the will of people with power to hold onto and abuse it.

      3. Aitor 1

        Re: MInor Correction

        Rule of law? mostly yes.. but the problem is "mostly".

        Several agencies have repeatedly broken the law with retained and obtaining data.. and nobody went to prison. If you were a legal inmigrant, you would notice all the news about legal inmigrants illegally told to leave the country, and nothing happens to the ones that make those illegal decisions knowingly.

        I would not call that "rule of law". Yes, we mostly have it.. but the ones demanding these things are precisely those that have been caught breaking the law repeatedly.. with no ill consequences!

        1. Voland's right hand Silver badge

          Re: MInor Correction

          If you were a legal inmigrant, you would notice all the news about legal inmigrants illegally told to leave the country, and nothing happens to the ones that make those illegal decisions knowingly.

          Not just tell. Enforce. And forcibly remove. Amber Yezhova put quite a performance in Parliament on the windrush questions. I do not think she is sorry at all - they have successfully run the dress rehearsal for dealing with Europeans, watch this space in a year or two.

          In any case. That is OTT.

          On topic. Looks like both Telegram and Roskomnadzor prepared for this (this is from reading a running commentary in the Russian press).

          Telegram is moving micro-services all over Google Cloud and AWS, popping them up for a second, serving a few customers, then moving them elsewhere courtesy of some service redirection method which is not yet clear. When another customer comes around to reuse the IP it is on the banned list. Quite clearly done to ensure maximum collateral damage.

          Roskomnadzor seems to have figured out the game at some point so the blocks now are being expired so the number of IPs has dropped drastically down to 100k or thereabouts which is the norm for Russia nowdays (they block anything and everything to do with drugs and assisted suicide by law). I do not quite understand what role DNS plays in this, but for whatever reason Roskomnadzor are not using a DNS block which is the UK censorship weapon of choice. I would not be surprised if Telegram started using botnet style domain hopping so such blocks will not work, but cannot get any info on it so far.

          So far Telegram is in the clear lead - its service availability according to Russian newspapers is > 95%.

          This is one of the first real dust-ups between a reasonably large country regulator and a highly skilled technical opponent with resources which is willing to commit them to a fight. This is will be worth watching. Popcooooorn... Where is that f***ing BelAz of popcorn I ordered?!?

    2. TheVogon

      Re: MInor Correction

      Presumably those blocks break half the internet. Is someone in third world network central in Russia trying to make a point?

      1. onefang

        Re: MInor Correction

        "Is someone in third world network central in Russia trying to make a point?"

        If I remember my high school politics lessons, Russia is / was a second world country. Ever wondered why there's a first world and a third world, but you never hear about the second world countries? They do exist. It's not just political types having such a hard time counting, they have to take their shoes off to count higher than two.

    3. Doctor Syntax Silver badge

      Re: MInor Correction

      "if you trawl through their raves over the years Josephina Vissarionovna May wanted to ban VPNs for private individuals as far back as becoming a home secretary under Cameron."

      It's standard HO house training. Once a Home Sec always a Home Sec, even in Downing Street.

  2. ratfox

    Silly Russians, that's what happens when you don't have a great firewall.

    1. bombastic bob Silver badge
      Coat

      it's a pun waiting to happen

      Silly Russians

      Their tricks are for kids children.

      (grabbing coat)

  3. streaky

    GLAP

    So smart.

    This is the same Russia that the mainstream press here is scared are going to hack our nuclear power stations to self-immolate?

    Give me a break.

    1. Charlie Clark Silver badge
      Stop

      Re: GLAP

      The article refers to one ISP's hamfisted attempt to implement the court's judgement, not the ability of the FSB via the IRA to hack other computer systems. It's perfectly possible that blocking IPv6 by the ISP is a deliberate attempt to sabotage the ban.

      This is politics, not technology.

      1. Voland's right hand Silver badge

        Re: GLAP

        It's perfectly possible that blocking IPv6 by the ISP is a deliberate attempt to sabotage the ban.

        Quite likely. The SPs are the largest opposition to the law under which this is done as they are obliged to provide 6m+ of retention of all data so that the key escrow can work.

        So implementing the law "to the letter", "work to rule" style is quite possibly on the cards.

        We will see. I am waiting until that Belaz with popcorn which is trying to get past all the b***rds inconsiderately parked on my street comes to unload. In fact - we live in interesting times, the popcorn suppliers are having issues fulfilling the orders.

      2. streaky

        Re: GLAP

        This is politics, not technology.

        It's the technological implementation of a political will. And that implementation is embarrassing to banana republics.

  4. Pascal Monett Silver badge

    National Security Grounds

    Wah, wah, we can't read your mail so we ban you.

    One has to wonder just how much security the nation has if citizens cannot go about their private business without being spied upon. But this is Russia, where the cadaver of the Soviet Union has yet to be buried and it's stinking up the place like usual.

    That stink is contagious, however, and our own, supposedly "democratic" governments have long learned just how interesting that smell is to them. What is frightening is realizing that politicians may change, but the newcomers get infected all the same.

  5. Anonymous Coward
    Anonymous Coward

    Please stop giving AusGov ideas about more ways it can oppress internet freedom Down Under.

  6. Anonymous Coward
    Anonymous Coward

    Solution...

    ...Telegram to put some servers on every public cloud and hosted data centre out there. As well as making it wonderfully resilient, it would require the Russians to block most of the Internet.

    1. Charlie Clark Silver badge

      Re: Solution...

      It's already planning to implement some kind of VPN directly in the app. But it probably needs to make the servers a bit more robust: they went down for a couple of hours the other week. For Russia it probably doesn't need to do much as the Russian internet is deliberately lax. Russia has more than enough spooks for spying on people it doesn't like and doesn't worry too much about due process (Nemtsov) but it does like to maintain at least a veneer of respectability.

      Interestingly Telegram is currently based in Dubai, a country which happily blocks lots of other messengers.

    2. tip pc Silver badge

      Re: Solution...

      Well that’s what they’ve kind of done, next will be cdn’s.

    3. paulf
      Big Brother

      Re: Solution...

      @AC OP "Telegram to put some servers on every public cloud and hosted data centre out there."

      I'm not disagreeing with the potential of your solution but the risk is that public cloud operators start weighing up the loss of revenue from being completely blocked in Russia, resulting in the following conversation, "Do we:

      a) Stand up for what is right, face down a brutal bully and maintain hosting Telegram despite our entire public cloud operation being blocked in Russia with subsequent loss of business.

      b) You want us to get rid of them if we want to be unblocked in Russia? Sure, we're `rm -rf *Telegram*` right now. We'd kindly ask you promise you won't make these kind of requests again as it kinda makes us look like complete pushovers. Can we do anything else to help, Mr Putin? Not at all, we'd be honoured to go and swivel on it.

      1. Charlie Clark Silver badge

        Re: Solution...

        I'm not disagreeing with the potential of your solution but the risk is that public cloud operators start weighing up the loss of revenue from being completely blocked in Russia

        Negligible loss of revenue but potential significant disruption to business using those servers. Anyway it's whack-a-mole against a nimble, motivated and competent opponent. Telegram requires tiny amounts of CPU for this kind of rerouting and could probably do it in JS running on CDNs.

    4. Voland's right hand Silver badge

      Re: Solution...

      Telegram to put some servers on every public cloud

      They are already doing it and much better than you think - weapon grade. See my other post so I do not repeat it here: https://forums.theregister.co.uk/forum/containing/3487689

    5. CrazyOldCatMan Silver badge

      Re: Solution...

      it would require the Russians to block most of the Internet

      Well - they are already blocked (along with China and a few Esatern European countries) from my very tiny segment. And, once I did that, the hacking attempts against my servers went down by about 70%..

  7. LisaJK

    Iron fire curtain!

    Sounds like an iron fire curtain is being erected!

    1. bombastic bob Silver badge
      Big Brother

      Re: Iron fire curtain!

      I just thought Pootie had his panties in a wad, after that little business in Syria recently. Looking for someone weaker than him to pound on, he picks a messaging service. BAN time! [now he feels better]

      icon, because, Putin.

      1. Charlie Clark Silver badge

        Re: Iron fire curtain!

        I just thought Pootie had his panties in a wad, after that little business in Syria recently.

        What, the one where the US telegraphed an attack eatly enough for all the Russian "advisers" to get out of the target area? Presumably they told the Syrians as well. The whole thing was yet another made for television demonstration of strength that was in reality just another expensive (those missiles aren't cheap) waste of time.

  8. Joe Harrison

    Binary weapon

    Part 1: You can have crypto so long as the keys are escrowed at the ISP. Reasonable right? After all it's not like the government can just grab the keys on a whim, they need a proper court order first.

    Part 2: Eh, for your safety all ISPs have a secret room where the government sits on the in and out pipes

    1. Voland's right hand Silver badge

      Re: Binary weapon

      The other way around.

      The keys are escrowed with the state, hardware is rumored to be supplied by one well known supplier of calculators for Nazi concentration camps.

      The data is with the SP which is mandated to have full data retention for at least 6 months.

      The state is supposed to not to have access to the data until it applies for a court order. Then it takes the key it already has and successfully decrypts. The procedure is applicable to any disclosure and legal intercept request.

      Do you see a problem? I do. I am old enough to remember that Putin put "probe boxes" into SPs 5 years before Bush and Blair. In 1999. In fact, we were all howling how undemocratic it is at the time (instead of paying attention how our own democracy stalwarts copy the Russian boy's homework).

      By the way, I can see them copying the Russian boy's homework on this too.

  9. Anonymous South African Coward Bronze badge

    пусть они страдают

  10. Anonymous Coward
    Anonymous Coward

    Think of the poor FSB hackers...

    How is Putin's Chef Troll Team and the FSB Hacker Squadron supposed to do their trolling and hacking things if they can't reach a chunk of the Internuts?

    1. Danny 14

      Re: Think of the poor FSB hackers...

      they have a different vpn.

  11. T. F. M. Reader

    Prediction

    Pretty soon all sort of things will break in Russia because AWS/GC (or large chunks thereof) will be blocked. Ironically, Telegram won't be one of those things.

    1. Voland's right hand Silver badge

      Re: Prediction

      They should not.

      You have forgotten the other law - the one which mandates all data to be stored locally. So if something breaks and it is of "importance" it is with the SP fault. If something breaks and is of "national infrastructure" it is criminal offense for the C-suite in that company.

      I have to admit, they have thought this one through - it is like observing a good chess player. Classic multiple move combination.

      My worry is that the ones over here which WILL be copying it will not do anything like that level of planning.

  12. tip pc Silver badge

    The FBI will be watching this closely.

    FBI will want to see how to effectively apply constraints on theses services so they can apply in the US. The UK will copy whatever the US apply followed by the rest of the 5 eyes.

  13. paulf
    Joke

    Well, I'm surprised

    FTA: "Kremlin officials have had to switch to the Mail.ru-owned ICQ service “for communications with Russian and international media”."

    I had no idea ICQ was still a thing. Have Mail.ru considered acquiring Friends Reunited?

    1. DropBear
      Joke

      Re: Well, I'm surprised

      No. They're busy conducting talks for taking over Geocities.com

  14. Anonymous South African Coward Bronze badge

    Most probably why the suspected scammer I'm talking to on hangouts are not responding at all.

    Bah and humbug. Just when I was havening a bit of fun...

    Pah.

  15. ashton

    When russia didn't have enough embargos and decided to embargo itself.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like