from the yikes dept
A few years ago, I got to travel to Moscow to present some of our research at an event. Having heard more than a few stories about internet access issues in Russia, before going I made sure that I had three separate VPNs lined up in case any of them were blocked. I ended up using Private Internet Access -- which was already quite well-known and reliable. That's my regular VPN, but I had been worried that maybe it wouldn't work in Moscow. I was wrong. It worked flawlessly. But apparently that's no longer the case. Just after Russia's new
surveillance bill passed, complete with mandates for encryption backdoors and data retention (along with a demand that all encryption be openly accessible for the government
within two weeks), apparently Russian officials
seized Private Internet Access's servers in Russia, causing the company to send an email to all its subscribers, announcing what happened, what it was doing to fix things... and also that it was no longer doing business in Russia.
To Our Beloved Users,
The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year. We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process. We think it’s because we are the most outspoken and only verified no-log VPN provider.
Luckily, since we do not log any traffic or session data, period, no data has been compromised. Our users are, and will always be, private and secure.
Upon learning of the above, we immediately discontinued our Russian gateways and will no longer be doing business in the region.
To make it clear, the privacy and security of our users is our number one priority. For preventative reasons, we are rotating all of our certificates. Furthermore, we’re updating our client applications with improved security measures to mitigate circumstances like this in the future, on top of what is already in place. In addition, our manual configurations now support the strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096.
All Private Internet Access users must update their desktop clients at https://www.privateinternetaccess.com/pages/client-support/ and our Android App at Google Play. Manual openvpn configurations users must also download the new config files from the client download page.
We have decided not to do business within the Russian territory. We’re going to be further evaluating other countries and their policies.
In any event, we are aware that there may be times that notice and due process are forgone. However, we do not log and are default secure against seizure.
If you have any questions, please contact us at helpdesk@privateinternetaccess.com.
Thank you for your continued support and helping us fight the good fight.
Sincerely,
Private Internet Access Team
Of course, the end result of this is going to make Russian internet users a lot
less safe. The war on encryption is a really dumb idea, and kudos to PIA for taking a stand.
Filed Under: backdoors, encryption, russia, servers, vpn
Companies: private internet access