In countries where internet access faces restrictions, from general government censorship through to more limited site-blocking programs to protect copyright, citizens have grown comfortable with the use of VPNs.

In Russia, where the government censors certain material and has an anti-piracy site-blocking regime on top, around 20% of the internet population regularly use VPNs.

While accessing blocked websites and communicating in relative privacy is now fairly common, the government would like sites carrying “illegal information” to remain inaccessible. But after endless legal tweaks, advice, orders, and confused messaging that mostly contradicts reality on the ground, Russians may be a little confused by now.

New Law Isn’t a VPN Ban, Illegal VPNs Are Already Banned

Sites blocked by the government, whether they’re pirate sites or those branded extremist by the state, are blocked for good reasons, authorities insist. Facebook and Instagram, for example, are both blocked for being extremist platforms, so when people use VPNs to undermine blocking, they put themselves at risk.

Given that over the years Russians have grown fond of their VPNs, the government hasn’t immediately spoiled things by simply taking them away. Instead, authorities determine the quality and security of a VPN provider based on its operator’s willingness to cooperate with the government. On the other hand, less cooperative overseas VPN providers with a presence in Russia, are known to suddenly experience connectivity issues.

Faced with an untenable situation, some VPNs threw in the towel and never looked back. When new legislation compelled VPNs to register with the government, and leave the ‘back door’ open in case officials needed to call round for a coffee, almost all reputable overseas providers chose privacy over certification and began to leave. Meanwhile, local VPN companies with official approval found themselves declared legal, while those without certification were legally unable to do business.

That line in the sand now allows the government to identify safe, legal services; all are registered with the state, they enjoy coffee, and would never dream of undermining state censorship. Obviously unsafe and most probably dangerous, illegal VPN providers are not registered, enjoy privacy, and want to help users to circumvent site-blocking. As a result, 167 unregistered VPN providers and 200 email providers were blocked according to a report last October.

VPNs Still Available, Time For More Action

Providing a service to unblock blocked internet resources has been illegal in Russia since February 2020, but judging by the volume of VPNs still available for Android and iOS devices, not everyone got the memo.

In the wake of Russia’s invasion of Ukraine, imposition of sanctions prompted the Kremlin to step up imports via the back door while simultaneously winding up the drawbridge on some Western tech platforms. With Google Play and Apple’s App Store less useful than before, Russia launched its own variant, RuStore, which at last count was also offering VPNs to the masses, in large numbers and mostly without hindrance .

VPNs capable of tunneling to the nearest pirate site or accessing the extremists of Instagram, remain popular in Russia. Advertising and recommendations help to quickly spread the news but for Moscow, that’s unacceptable and needs to change.

In the summer of 2023, a new phase of the Kremlin’s plan was made public . With the introduction of yet more new law, posting information online that amounts to promotion or advice on how to use VPNs, Tor, or similar tools, for the purposes of circumventing blocking, was about to become a criminal offense.

Promotion of Unblocking Tools Illegal From Today

From today, publishing information about tools that undermine blocking in Russia, including ads for VPN services with circumvention capability, is a criminal offense punishable by fines of up to four million rubles (US$43,840). Roscomnadzor says the law won’t target the general public, but there are few bright lines to differentiate sellers online.

Other enforcement measures available to the telecoms regulator include blocking any offending materials in the same way blocking is carried out against other content. Roscomnadzor will also attempt to purge search engine results mentioning VPN providers that are blocked already in Russia or otherwise found to be illegal. The latter group could be sizeable since any unblocking-capable provider without a government issued license is automatically considered illegal.

And VPN PSYOPs, obviously

In April 2023, a series of PSAs appeared in Russia hoping to scare the masses away from VPNs by their own free will. The video shorts majored on data leaks, blackmail, threat to personal information, plus a seemingly psychic man who understood everything about his partner on their first date, purely because she used a VPN.

That campaign was put together by ROCIT, the government-funded Center for Internet Technologies. Right on cue, ROCIT conducted some new research on VPNs recently, the results of which are published on its website (Russian, pdf) . They’re a little puzzling, let’s put it that way.

“[RCOIT] conducted a study of VPN services in terms of the content of their data processing policies and applicable processing laws in the country of registration of the owner company,” ROCIT’s conclusions begin.

“Despite restrictions, regular data leaks and risks, a significant proportion of Russians continue to use VPN services,” ROCIT adds, noting that over one-in-five Russians use a VPN while 40% believe they’re unsafe.

The providers studied by ROCIT read as follows: Lantern VPN, Psiphon, Safe Connect VPN, Tunnel Bear VPN, Proton VPN, AdGuard VPN, Express VPN, VPN Proxy Master, Surfshark, Cloudflare’s 1.1.1.1 +Warp Hide.me VPN and VPN – Super Unlimited Proxy.

Other than their names, no further information is provided about the assessment of the providers, with the same going for the study itself. Nevertheless, ROCIT reached the following conclusions:

VPN services, as a rule, operate with a standard set of data for online services: account information, user IP address, payment information, information about the user’s device, and so on.

In addition, VPN services for the most part do not recognize at the policy level the receipt of data about the resources visited by a specific user. Statistical and analytical data, such as the volume of data transferred, may also be collected. However, some services may collect location data.

The study also notes that the jurisdiction that provides the least guarantees for users is the United States, and the most protected from a legal point of view is the personal data of users in Switzerland. The United States has the Foreign Intelligence Surveillance Act (FISA), which allows surveillance of non-US citizens.

In addition, US Executive Order No. 12333 applies, which allows the interception of data transmitted through the States. And the Stored Communications Act allows law enforcement agencies to obtain data stored by operators based on court orders

It’s hard to say whether users of VPN – Super Unlimited Proxy factored in the above when developing their threat model, but they’re on notice now and there are millions of them.

For its part, Roscomnadzor seemed a little short on ideas, eventually concluding that criminals can use VPNs to carry out crimes .

From: TF , for the latest news on copyright battles, piracy and more.

Now this is interesting:

Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia’s foreign intelligence organisation.

Lots more at the link.

The documents are in Russian, so it will be a while before we get translations.

Genshin Impact publisher Cognosphere PTE Ltd is developing an aggressive stance towards people who leak images of unreleased content online.

In December 2022, Cognosphere targeted Ubatcha , one of Genshin Impact’s most prolific and popular leakers. Last month, Cognosphere kept up the legal pressure by targeting users of the popular ‘House of Daena’ Discord channel, among others

In both cases, Cognosphere’s attorneys filed DMCA subpoena applications at district courts in California. DMCA subpoenas compel service providers, such as Discord, Twitter or Reddit, to hand over information they hold on users identified by rightsholders as copyright infringers.

In the event that useful personal information is disclosed to Cognosphere’s legal team, a number of options become available. A full-blown copyright infringement lawsuit is one possibility, but the company may use the information to end or mitigate future infringement instead. If an alleged infringer has useful information about leaks but wouldn’t normally disclose it, a legal letter with their name and address on the front may help them to change their mind.

New DMCA Subpoena Targets @merlin_impact on Twitter

Filed on February 8 at the United States District Court for the Northern District of California, Cognosphere requests cooperation from Twitter so that it can obtain the identity of one of its users.

“It has come to our attention that numerous images infringing Cognosphere’s copyrighted Game are being made available by user Mero@merlin_impact at his Twitter account available at Uniform Resource Locator: https://twitter.com/merlin_impact,” the application reads.

“We request that Twitter take expeditious action to remove or disable access to all copyrighted materials concerning the Game in the Infringing Account, including those posts identified in the attached Exhibit A [shown below]. Alternatively, we request that Twitter remove or disable the entire Infringing Account.”

As proof of infringement, Cognosphere provides links to two tweets published by its official Genshin Impact Twitter account. Each of those tweets contains one piece of original content for reference.

The Original and Allegedly Infringing Images

Published on Twitter by the official @GenshinImpact account on January 16, 2023 , the first image depicts a new Genshin Impact character named ‘Deyha’.

According to the DMCA subpoena application, @merlin_impact published copies of this image on their Twitter account in two individual tweets, one on January 17 and the second on January 18.

As shown in the image below, the image at the top right is the original tweet from the official @GenshinImpact account ( 1 ), and the two images at the bottom are the alleged copies ( 1 , 2 ) published by @merlin_impact.

It’s immediately obvious that while they relate to the same subject matter (a new character), the images posted by @merlin_impact are not copies of the original image featured in the Genshin Impact tweet.

Also published on Twitter by the official @GenshinImpact account on January 16, 2023 , the second allegedly infringed image depicts another new Genshin Impact character named ‘Mika’.

According to the DMCA subpoena application, @merlin_impact published copies of this image on their Twitter account in two individual tweets, contrary to copyright law, on January 18 – two days after they first appeared on the official Genshin Impact account.

The image at the top left is the original posted by the official @GenshinImpact account, and the two images at the bottom are the alleged pirate copies posted by @merlin_impact.

Again, it is clear that the images posted by @merlin_impact are not identical copies of the original image featured in the Genshin Impact tweet, as referenced in the DMCA subpoena.

The ‘copies’ clearly feature the same character, but so do hundreds of images and countless videos available online (including on YouTube) that predate @merlin_impact’s tweets.

For example, the article published here reproduces both pieces of artwork in full but isn’t targeted in a subpoena. Another article featuring the new characters dates back to December 2022 , and that appears fine too.

Twitter Hasn’t Taken The Tweets Down

Despite having been sent DMCA notices on Tuesday this week, at the time of writing, Twitter hasn’t taken down @merlin_impact’s allegedly infringing tweets. Of course, that could still happen, but that raises questions about the hundreds of images shared by fans online that actually match the original images mentioned in the subpoena but don’t appear to have attracted interest from Cognosphere’s legal team.

So moving forward, what are the rules for Genshin Impact fans posting online? Post images and hope the lawyers don’t mind, or stop posting images altogether to remove all doubt? Every single piece of Genshin Impact artwork is protected under copyright law, meaning that at least in theory, $150,000 in damages per image if it all goes wrong.

That kind of worry could discourage fans from promoting the game altogether but perhaps something else is going on here.

It’s possible that @merlin_impact is of interest for other reasons, and that’s why they’ve been handpicked for personal attention from a pool of thousands. While that does seem more likely, the chances of the details being made public are very limited indeed.

The DMCA subpoena documents can be found here ( 1 , 2 , pdf)

From: TF , for the latest news on copyright battles, piracy and more.

Read 13 remaining paragraphs | Comments

Long article about Joshua Schulte, the accused leaker of the WikiLeaks Vault 7 and Vault 8 CIA data.

Well worth reading.