For years, the anonymity service Tor has been the best way to stay private online and dodge web censorship. Much to the ire of governments and law enforcement agencies, Tor encrypts your web traffic and sends it through a chain of computers, making it very hard for people to track you online. Authoritarian governments see it as a particular threat to their longevity, and in recent months, Russia has stepped up its long-term ambition to block Tor—although not without a fight.
In December 2021, Russia’s media regulator, Roskomnadzor, enacted a 4-year-old court order that allows it to order Internet service providers (ISPs) to block the Tor Project website, where the Tor Browser can be downloaded, and restrict access to its services. Since then, censors have been locked in a battle with Tor’s technical team and users in Russia, who are pushing to keep the Tor network online and allow people to access the uncensored web, which is otherwise heavily restricted in the country.
Russia’s efforts to block Tor come in two flavors: the technical and the political. So far, Tor has had some success on both fronts. It has found ways to avoid Russian blocking efforts, and this month, it was removed from Russia’s list of blocked websites following a legal challenge. (Although this doesn’t mean blocking efforts will instantly end.)
“We are being attacked by the Russian government, they are trying to block Tor,” says Gustavo Gus, community team lead of the Tor Project. The past few months have seen Russian officials adapt their tactics, Gus says, while the Tor Project’s anti-censorship engineers have successfully launched updates to stop its services from being blocked. “The fight is not over,” Gus says. “People can connect to Tor. People can easily bypass censorship.”
In Russia, the Internet infrastructure is relatively decentralized: ISPs can receive blocking orders from Roskomnadzor, but it’s up to individual companies to implement them. (China is the only country to have effectively blocked Tor, which was possible due to more centralized Internet control). While Russian authorities have been installing new equipment that uses deep packet inspection to monitor and block online services, the effectiveness of these blocks is mixed.
“The censorship that’s happening in Russia is not constant and uniform,” Gus says. Gus explains that because of different ISPs, Tor may be blocked for some people but not others, even those in the same city. Both Tor’s metrics and external analysis appear to show the dwindling effectiveness of Russian censorship.
Tor’s data shows that since the end of 2021 there has been a big drop in the number of people directly connecting to Tor in Russia. However, people are able to connect to its services using volunteer-run bridges—entry points to the network that can’t easily be blocked, as their details aren’t public—and Tor’s anti-censorship tool Snowflake. External data from the Internet monitoring group Open Observatory of Network Interference shows a big rise in people in Russia accessing Tor using Snowflake.
Since the start of Russia’s war with Ukraine in February, Russian officials have introduced a slurry of new laws to control the Internet and have clamped down on civil society groups. Natalia Krapiva, tech legal counsel at NGO Access Now, says Russia blocking Tor is part of larger efforts to control people’s access to information, such as the Kremlin’s VPN clampdown. “Russia is trying to eliminate any possible sources of truthful alternative information about the war and about what is going on in Russia internally,” Krapiva says. This feeds into a “chilling effect,” where people change their behavior or self-censor. “Certain measures, even if they don’t directly block or censor, create this fear of retaliation and fear of consequences coming later on.”
There have been two major incidents against Tor’s Snowflake, Gus says. The first, in December, was fixed within 10 days. The second, in May of this year, was also patched shortly after it was discovered. “They were blocking Snowflake in different ways,” Gus says. These attacks against Snowflake often involve fingerprinting, which uses small details about browsers and Internet connections to try to uniquely identify the technology that someone is using. For instance, the number of times a browser connects with an external source may make it stand out from other browsers. If Snowflake can be identified, it is easier to block.