If you don’t mind the tinfoil, this could well be a shakedown test to see how Russia might deal with partitioning of the network in a time of relative peace, before being surprised during some other time.
Then again, that’s the sort of idle speculation I’d give back in my HN days.
According to the time line, it may seem related to telegram.
Here’s my tinfoil take :)
Russia banned the telegram app at the beginning of the month[1]. They basically blacklisted their domains.
Telegram started to use the google app engine as a domain front [2].
I guess Russia is trying to prevent domain fronting for future ban cases. I guess it is easier for them to send a takedown notice to a Russian cloud provider than sending that to a American one.
Probably not the intention, because running the blocklist updates in that mode means that an external party can easily force a block of something critical inside Russia at the moment than neither the blocklist operators not ISPs have spare capacity to react sanely. People who are qualified to understand your point also know that Roskomnadzor is not qualified to prevent the risk I describe.
But some note-taking about unexpected dependency chains will be done anyway.
A little under an hour ago OVH popped in to the VPS provider Slack server I’m on and said they were blocked. I haven’t seen any bounces or received any support requests for my network. Is anyone out there having connection trouble?
I would imagine they’re going to block all the popular cloud services that noone in Russia uses for “legitimate” reasons, but which are quite popular outside of Russia. Russia has a pretty big hosting industry and a plethora of VPS providers (in fact, many virtualisation technologies (e.g., Virtuozzo/OpenVZ) and hosting tools (e.g., ISPmanager and ISPBSD fork of FreeBSD) come out of Russia), so, I’d wager that fewer home-run shops/startups are actually affected than most western folks realise.
Well, those serving the external market are annoyed by the need to access their own deployments via tunnels, but this is a solvable problem so far. Those who deployed on Amazon but didn’t depend on the fancy stuff have probably redeployed to local providers at least as a backup for local connections. But quite a few are hit, and then there are branches of international companies…
At some point, though, someone (apparently anyone can deploy a Telegram proxy) might remote-order VMs in some Russian datacenters, and deploy proxies that use some spoofing to hide which remote connections are relevant.
If you don’t mind the tinfoil, this could well be a shakedown test to see how Russia might deal with partitioning of the network in a time of relative peace, before being surprised during some other time.
Then again, that’s the sort of idle speculation I’d give back in my HN days.
Maybe not the intention, but I can’t imagine the data point would go unnoticed.
According to the time line, it may seem related to telegram.
Here’s my tinfoil take :)
Russia banned the telegram app at the beginning of the month
[1]. They basically blacklisted their domains.Telegram started to use the google app engine as a domain front
[2].I guess Russia is trying to prevent domain fronting for future ban cases. I guess it is easier for them to send a takedown notice to a Russian cloud provider than sending that to a American one.
[1]: https://www.nytimes.com/2018/04/13/world/europe/russia-telegram-encryption.html[2]: https://en.wikipedia.org/wiki/Domain_frontingProbably not the intention, because running the blocklist updates in that mode means that an external party can easily force a block of something critical inside Russia at the moment than neither the blocklist operators not ISPs have spare capacity to react sanely. People who are qualified to understand your point also know that Roskomnadzor is not qualified to prevent the risk I describe.
But some note-taking about unexpected dependency chains will be done anyway.
If you were to pile some more tinfoil on, what else might we expect to see from Russian authorities?
A little under an hour ago OVH popped in to the VPS provider Slack server I’m on and said they were blocked. I haven’t seen any bounces or received any support requests for my network. Is anyone out there having connection trouble?
I would imagine they’re going to block all the popular cloud services that noone in Russia uses for “legitimate” reasons, but which are quite popular outside of Russia. Russia has a pretty big hosting industry and a plethora of VPS providers (in fact, many virtualisation technologies (e.g., Virtuozzo/OpenVZ) and hosting tools (e.g., ISPmanager and ISPBSD fork of FreeBSD) come out of Russia), so, I’d wager that fewer home-run shops/startups are actually affected than most western folks realise.
Well, those serving the external market are annoyed by the need to access their own deployments via tunnels, but this is a solvable problem so far. Those who deployed on Amazon but didn’t depend on the fancy stuff have probably redeployed to local providers at least as a backup for local connections. But quite a few are hit, and then there are branches of international companies…
At some point, though, someone (apparently anyone can deploy a Telegram proxy) might remote-order VMs in some Russian datacenters, and deploy proxies that use some spoofing to hide which remote connections are relevant.
The true about this blocking isn’t “counter-terrorist and counter-extremist”, they are scared TOR tokens.
What is a Tor token?