Lookin'BotReal BGP table Telegram Bot with some network utilities
June 10, 2018
#telegram #goverment #regulations #blocking
Russia is trying to block Telegram. Pavel Durov, the founder of Telegram, refused to hand over the encryption keys for user-defined chats to the federal services. The police cannot get prompt access to the correspondence of users, so the application is bound to be blocked in Russia. How is the situation developing and is it possible to block Telegram after all?
April 13. The Moscow City Court, Russia, rules to block Telegram. The blocking of the messenger is caused by the fact that Pavel Durov, the founder of Telegram, refused to hand over the encryption keys for user chat rooms to the FSB. In other words, he refused to give access to federal services to the correspondence of its users.
In addition, currently the Law is being implemented that all users� personal data (e.g., names, phone numbers, passport numbers, photos, or any other data collected by the company) should be stored on the servers located in the Russian Federation.
However, articles 23 and 24 of the Constitution of the Russian Federation, which guarantee the right of secrecy of correspondence to any Russian citizen, are in force. Because of these articles, firstly, Pavel Durov refused to cooperate with the FSB (because of suspicions of possible unscrupulous use of access), and secondly, Pavel says that it is technically impossible to provide such keys.
On April 13, 2018, the court decided to block the messenger, and do it immediately, BEFORE considering an appeal, if such is filed.
By Decree of the Russian Government dated October 26, 2012 N1101, the Federal Service for Supervision in the Sphere of Communications, Information Technologies and Mass Communications (Roskomnadzor, RKN, https://rkn.gov.ru ) should create, maintain and update a single register of domain names and pointers to websites containing illegal information.
Initially, this list was created to combat child pornography, drug abuse, extremism, calls for suicide and illegal materials prohibited by court. For example, trading forged documents or advertising online casinos (both banned in Russia).
The list contains three types of information: IP-addresses, domain names, and URL-pointers of specific materials on websites. In fact, these three different lists perform the same task.
At least twice a day, every Internet operator working in Russia must download the full list of blocked addresses from the RKN website and introduce it on their equipment. For violation of this rule, there are significant fines that can be imposed once a day only. Therefore, as many as seven fines can be imposed during one week in total. Fines will be effective before the full execution of the claim.
It is worth noting that Federal Law N149 "information, information technology and information protection" and Amendment 139 of 28.07.2012 explicitly state that websites, individual articles on them, or IP-addresses of the servers on which the websites are located are subject to blocking. Messengers in the Laws are not mentioned.
The case of Telegram became a precedent, since it is relatively easy to block a website. However, it is much more complicated when it comes to a messenger.
To connect and send messages, Telegram uses different servers located in different parts of the Internet, in different countries, on different continents. The protocol, which is used for interaction with the server, is closed and encrypted. The user does not have access to the settings of this protocol. New addresses of such servers can be transferred through control technical PUSH-messages, which the user does not see. In other words, the migration to the new server is unnoticed for the messenger user.
In addition, the messenger can work through VPN connections (all traffic of the smartphone passes through the VPN connection to the server outside the territory of the Russian Federation), or it can use a specialized proxy server (only the traffic of the messenger passes through the proxy).
The bottom line is that there are a number of mechanisms that makes it possible for the messenger to work around the RKN blocks, and do not require user intervention.
Immediately following the court's decision, RKN began to create a list of resources for blocking the messenger. Of course, the domain telegram.org and other domains and subdomains belonging to Telegram were immediately blocked. All IP-networks of Telegram were entered in the register at once. Nevertheless, it almost did not affect the work of the messenger, except for the web-version.
Understanding this, Roskomnadzor began to enter sub-networks in the list of blocking, belonging to the largest operators of virtual services such as Google, Amazon, Microsoft and others. All major networks were brought in at once:
18.104.22.168/15 - Amazon.com, Inc. 22.214.171.124/13 - Amazon Technologies Inc. 126.96.36.199/19 - Google LLC 188.8.131.52/17 - DigitalOcean, LLC 184.108.40.206/17 - Digital Ocean, Inc. 220.127.116.11/16 - DigitalOcean, LLC 18.104.22.168/16 - DigitalOcean Cloud 22.214.171.124/16 - DigitalOcean, LLC 126.96.36.199/16 - Amazon Technologies Inc. 188.8.131.52/15 - Amazon.com, Inc. 184.108.40.206/15 - Amazon Data Services Japan 220.127.116.11/15 - Amazon Data Services UK 18.104.22.168/17 - Iliad Entreprises Customers 22.214.171.124/15 - Microsoft Limited UK 126.96.36.199/17 - Digital Ocean, Inc. 188.8.131.52/23 - Clouding.io Virtual Machine Hosting 184.108.40.206/16 - Hetzner Online GmbH 220.127.116.11/16 - ONLINE_NET_DEDICATED_SERVERS_NL 18.104.22.168/14 - Amazon Technologies Inc. 22.214.171.124/16 - OVH SAS
Approximately 30% of users experienced problems.
Morning: Telegram works.
126.96.36.199/21 - Cloud Services DC05 188.8.131.52/15 - Time Warner Cable Internet LLC 184.108.40.206/18 - SOFTLAYER-RIPE-4-9 220.127.116.11/24 - RU-LLCPERFECT-2-20170908
Approximately 20% of users experienced problems.
Morning: Telegram works.
18.104.22.168/24 - UK2 Infrastructure 22.214.171.124/20 - Hosting Services, Inc. 126.96.36.199/24 � CloudWebManage
Approximately 20% of users experienced problems.
As you can see, at this moment, it is impossible to block Telegram. Roskomnadzor believes that blocking the entire networks of these giants will force them to refuse to provide their resources to VPN administrators, Proxy servers and entities associated with Telegram. Roskomnadzor tries to contact the administration of these websites in order to get help from them. One after another, the websites refused to provide such assistance.
At the same time, serious problems begin to appear. Many other services located on these websites cease to work. Including the online versions of major newspapers, travel industry services, Viber messenger, taxi order services, ResearchGate network of scientific contacts, a central repository of Java libraries, air tickets booking and registration systems, as well as websites of the largest universities in Russia. The situation reached its climax when there were problems with the confirmation of online payments from visa and MasterCard systems. Users, as well as ministries and officials heavily criticized the Ministry of Communications itself in those days.
At around this time, RKN ceases to block entire sub-networks, beginning to enter particular websites in the register. If before that the information entered the register only on business days, now new addresses are placed in the register almost on a 24-hour basis on both business days and days off.
However, the situation with massive blocking of sub-networks brought many problems to the engineers of the blocked services. And even the Prime Minister and the Press Secretary of the President of the Russian Federation said "hmmm ... it's still working ...".
RKN attempts to solve problems on mass appeals. The following names are unblocked: 79 IPs of Google LLC - docs.google.com| Google LLC - drive.google.com| Google LLC - fonts.googleapis.com| Google LLC - google.com| Google LLC - google.ru| Google LLC - googletagmanager.com
Selective blocking continues, with a total of 18 million addresses blocked.
RKN promises no longer to block entire sub-networks, recognizes that this practice does not bring any positive results, yet brings many problems. RKN promises to block selectively, some particular addresses only.
RKN tries to change something in its own systems or techniques. For several hours, new addresses did not appear in the list, and then, apparently, by chance, Yahoo, Yandex, VK.com were blocked. A few hours later, they were unblocked.
Selective blocking continues.
At about 15:00 (Moscow time), RKN suddenly unblocks the following networks:
188.8.131.52/11 - Amazon 184.108.40.206/12 - Amazon 220.127.116.11/16 - OVH SAS
The number of addresses on the list decreased from 18 to 14.5 million.
Later it became known that these sub-networks were blocked because of this list of addresses (they were included in the selective list):
18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11
Not bad, right?
On the night of April 29, a serious failure occurred in Telegram. The messenger did not work for more than eight hours. The Russian users were upset that RNK managed to block the messenger. However, Pavel Durov twitted that the data centre, where Telegram was located, experienced some problems. It is not known what those problems were about, but Pavel wrote that there were some problems with electricity.
The funny thing is that Roskomnadzor was forced to make excuses that it was not they who blocked the messenger and Telegram's problems were on the inside. Think about it, the agency that blocks the messenger is forced to say that it's not them!
By the evening of the same day, the internal problems of Telegram had been completely eliminated.
Afterwards, on a daily basis, the register was entered from ten to hundreds of individual IP-addresses.
The following names are unblocked:
18.104.22.168/12 - Google LLC 22.214.171.124/12 - Google LLC 126.96.36.199/12 - Google LLC 188.8.131.52/13 - Google LLC 184.108.40.206/16 - DigitalOcean, LLC 220.127.116.11/19 - Google LLC
The number of addresses in the register decreased from 14 to 10 million.
Currently (May 14), the list contains 10,933,150 IP-addresses.
Telegrams is working practically without failures, even without the use of proxy-VPN.
Now the situation has stabilized. The excitement have subsided; the administrators of online resources who survived around 2-3 changes of websites in April-May are relaxed now. Telegrams keeps working in full swing. Sometimes, pictures are difficult to load, but everyone is already used to the fact that this is a temporary situation - the server is overloaded, but soon everything will turn out well. An invisible PUSH will come with a new list of servers and again the pictures will start to load instantly.
Seriously speaking, it becomes obvious that the Telegram's development team has powerful means of circumventing blocking, of which the most primitive ones are being used currently. Chasing individual IP-addresses cannot bring any success. Since the deployment of such a server takes hours, if not minutes, and the time of finding its address in the overall traffic transmitted is substantially higher. Nonetheless, it is impossible to block everything.
Officials from federal services are many times inferior to the professionalism of the engineers working for Telegram. This is obvious even on the basis that RKN is able to block ipv4 addresses only. However, there is no information about IPv6 in the register at all! Not to mention the P2P technology of the Telegram Open Network project. The technology is still under development, but has already been announced by the messenger�s developers. With its implementation, virtually every user of the messenger can become a proxy server for sending messages. You do not need an external server to get authorization and share information. What will happen if this technology is implemented? RKN will have to block IP addresses of all users of the Russian segment of the Internet. And what's the point then?
Currently, there is no effective way to block the messenger in Russia. Perhaps, the solution could be blocking all traffic and skipping based on white lists. However, the Russian government claims that it has no plans to build the Great Russian firewall as the one in China or elsewhere.
In the end, here are useful some statistics. During April-May, 2018 as a result, the audience of Telegram:
Whatever the goal may be pursued by such blocking, it is unlikely that it has been achieved, apart from the popularisation of the messenger.
We will be closely following the drama unfolding.