Directory of RSS feeds
Statistics

RSS feeds in the directory: 374

Added today: 0

Added yesterday: 0

Mass media / News

Through the fingers: the Telegram as an impetus to the "sinicization" of the Runet

Radio Liberty 19.04.2018 at 15:20

Radio Free Europe/Radio Liberty is a private, non-profit information service funded by the U.S. Congress, broadcasting to the countries of Eastern and South-Eastern Europe, the Caucasus, Central Asia and Middle East and Russia.

Is the third day stupid game of cat-and-mouse game between the Russian Roskomnadzor and Telegram messenger users, even those who are not connected proxy server and too lazy to find out what is VPN, not experience with the app much difficulty. Many have lost access to Telegram in the first hours after the start of the locks on Tuesday, but in the afternoon of the same day the connection came back almost all. As it turned out, the team of Pavel Durov well prepared for the battle and found a way to transfer service for all new ip addresses, causing the Agency Alexander Zharov on the increasingly large-scale actions, which are still only hurt others, while allowed services – from popular science websites and courier services to game servers and online platforms to purchase tickets. For dinner Thursday Roskomnadzor has blocked a total of about 18 million ip addresses, mostly belonging to the cloud Amazon, Google (eve was launched lock another major site – DigitalOcean), but Telegram is available, and the number of innocent victims is growing: for legal assistance has already addressed representatives of more than 100 companies. According to the newspaper "Kommersant", April 18 at the APTLD meeting was held with the participation of the largest Telecom operators, it discussed ways of blocking the Telegram, but no concrete decision was taken. According to the independent expert on Internet technologies Alexey Semenyaka, the technical capabilities of Roskomnadzor to block not unlimited, but the principled position of the Ministry makes the outcome of the struggle unpredictable. Semenyaka told Radio Svoboda how to actually arranged the battle for access to the Telegram, how far it can go, how hard can be the alternative methods of blocking and is possible in Russia the “great Chinese firewall”. – Many now say that trying to block access to Telegram, Roskomnadzor blocks of addresses of the cloud hosting services – primarily Amazon and Google. What kind of address as they relate to the messenger? – Cloud hosting allows you to create virtual servers that don't necessarily correspond to the physical, on a single physical server can have several virtual. For the consumer this is a normal server where you can allocate resources exactly as if he would go to some computer company, will buy the "iron" server, insert it in the rack, connect to the Internet and there will be something to do. But cloud hosting has many advantages. For example, the user receives exactly the power he needs, they can be effectively redeployed, and on the go. To create a new virtual server when needed instantly and without human intervention. And these new servers hosting automatically assigns new ip addresses from a huge pool of those that he initially is. This, in fact, uses Telegram. For the Telegram that every time a new one address or many? – The Telegram a lot of servers, the project is large, accordingly, they may have old servers virtual off, to return resources to create a new virtual server. Every new virtual server gets more or less randomly new ip address, that is dynamically and continuously changing set of addresses. But, of course, not millions, but a lot less. – How Telegram understands that the old addresses are blocked and it's time to move on to a new one? – I think this is done automatically: the system constantly analyzes the load of the servers. For example, if she sees that virtual server load was too low, then it is clear that he "got under the hand", respectively, you can turn it off and make new ones. It is absolutely algorithmically task, and it all happens almost instantly. In turn Roskomnadzor trying these new addresses to calculate – if not exactly, then at least to the precision of the segment that you want to block. How do they do it? Providers they report that their Telegram through them was to go to these new locations? Any network engineer knows how to run a simple program that looks at what addresses goes to the Telegram, but with the computer of this particular architect, for example. This does not mean that ISPs do not help, but it is not necessarily enough to land a few engineers to look at the behavior on their own devices, in principle, part of this is to automate. – But if RCN is able to calculate the particular address, which moves to the Telegram, why not point to block them? Then and there was no scandal, and third-party apps would not be affected. The problem is that a new virtual server is created in a matter of seconds, and this IP, which is necessary to calculate, in General, manually (to fully automate the process though) and block, using fractions of a second may no longer be valid. That is the work's completely unreasonable. The second reason is if the number of records for individual addresses are blocked resource becomes too large, it ceases to handle the equipment, and which performs locking and which lock controls from the LV, the so-called “Inspector”. Some people find it easier to use "carpet bombing," and the equipment easier to operate on a list of a few dozen large blocks than a list of thousands of individual addresses? Yes. All network technologies built on the use of address ranges unnecessarily separate ip addresses never operate. Usually, all address allocation, all transmissions of ip addresses, all operations with these addresses are performed in blocks. – As far as this whole story is painful for Google and Amazon? Recently was a similar story with the app Zello walkie talkie, which is also blocked by Roskomnadzor, it eventually managed to squeeze from Amazon. What the commercial story behind it – we don't know whether Amazon just got tired of all this struggle, whether still something, but squeezed. But the Telegram is a fundamental difference. Telegram a while ago, a few months ago when just beginning to discuss the possibility of blocking, got a very simple user-functions – work through a proxy. Proxy server – a smart host, which takes place somewhere in the Internet, for example, and even often in the same cloud storage Amazon, it is the most popular and well-known. You not join to a locked server the Telegram, and this proxy server, which then connects to the application server, the connection Roskomnadzor to block powerless. All this is set up is quite simple, there are a lot of instructions with which even a person without special qualification may be a virtual proxy server to create itself. And when the proxy is, quite literally just two mouse clicks to use it for the settings to apply, distribute to friends. It is very very simple. So even if Amazon run Telegram as Zello proxy doesn't go anywhere. Amazon at all desire will not be able in your store all these private proxy servers to detect, close, disable. That is, many users still will go to Telegram addresses through Amazon, even against his wishes. Accordingly, if Amazon will drive Telegram., Telegram goes to Skaleway, for example, or Digital Ocean, or to another cloud provider, but the proxy will remain on Amazon, with a high probability of RKN continues to block Amazon. The question is: why in this case the Amazon to bear the loss of reputation? The story is becoming loud already, in fact, was the statement of the representative of the United Nations over a disproportionate lock on the Internet, and why would they be substituted if there is a chance that they still block? And these proxies server on Amazon for free? – There you can create a free virtual machine, but it is quite limited in possibilities, although for many consumers that is enough. A normal functions is $ 3 per month. I think $ 3 can afford there, where there is a high density of computer-literate people. But still, we are talking to you about that, with some effort, the user will likely be able to use Telegram, despite the actions of Roskomnadzor. However, users on the whole are lazy, they not only will not create a proxy server, but even other people's proxy to connect VPN will not and will not put. Is there any chance the team has of a Telegram to defeat Roskomnadzor on their own – this constant change of addresses? Roskomnadzor went on principle, it is a political decision – Yes, because of the laziness of users theoretically, the risk reduction database is, while I have not heard that this is in fact observed. But the Telegram while copes. They have prepared themselves an opportunity to move to a new virtual server, which we talked about above, and update the appropriate settings to users using push notifications.

Moreover, the notifications do not come from the Telegram, and from that platform, which is used by man – the Apple, Google or Windows, that is, they do not block. But to create a new server for a very long time, not only Amazon and Google, there are other large hosters. Yesterday the registry was added 130 thousand addresses cloud storage Digital Ocean, perhaps it is also because of the Telegram. In short, the war is on several fronts. Telegram, as it turned out, does not rely on one mechanism, but uses a few, this custom proxy, and its mechanisms. It is not excluded that in addition to these, he will come up and add new methods to bypass locks. – Wrote that, fascinated by the struggle with the Telegram, the RCN ceased to block some previously banned websites. Is that even technically possible? – From Roskomnadzor – no, they're just forming a list of forbidden addresses. And implement locking at the mercy of the operators. And that level of providers already something may not work. A month ago there was an interesting story with one major provider. In the register of banned sites was included some online casino domains (and not the address, this is important) with asterisks, i.e., all subdomains is also by default included in the registry. The owners have ceased to pay for them, after a while they moved freely available and they are being registered by someone else. And the new owner brought in each of the domains of thousands of subdomains and for each subdomain hung something like a thousand ip addresses. And this whole story was automatically downloaded to the equipment of the provider, and at some point, the equipment said “enough”, and the operator, the accident occurred across the country. So now it is possible that some operators should protect from such stories, and when the number of locked addresses becomes too large, others are discarded as not fit. I don't know for sure that these safety nets are, but theoretically easily can afford to provide them. – So what will the battle between Roskomnadzor and the Telegram? Roskomnadzor will lose? Is completely unclear, because Roskomnadzor went to the principle, is a political decision. They have already spit on all equipment and feasibility, smash everything. RKN making demonstrative statements, all very emotional. But what they can do in theory? Completely block all of the cloud platforms on which a Telegram can deploy servers? In any case, they can try to do it. But it will affect many other services that Zharov promised not to touch. Now more than a hundred, I think sites and applications have experienced problems with access because of the war against the ILV Telegram. About the unnecessary locks they wrote the Bylaw – Yes, and in this sense, the statement of RKN in the "news" that “in 99.9% of cases is nothing, technically speaking, is not formed, in addition, as the time Telegram”, sounded very interesting. The blocking of nearly 20 million addresses, and one address can have multiple services, because on a single IP address can be many services on different ports and all these ports for all IP addresses needed to actually test hands that there's not hanging anything normal. It's just physically impossible. And they claim that 99.9% are not affected. It is clear that this is just a demonstrative position of Roskomnadzor, they will not retreat even a step, to admit that I was wrong. I'm not talking about that unnecessary locks they wrote the Bylaw. How are they going to get out of this conflict, I don't know. – But state services will not be affected, and the rest of them do not mind. – Not the fact that will not be affected. Because cloud platforms are sometimes located all the spare things, like a script, and without uploading something on the page will not work – As, quite possibly, turned out at the Kremlin museums, which couldn't sell online tickets for a few hours. – Yes, for example. The infrastructure part of the site, including the state, can live on Amazon – not because someone specifically wanted to use it, but because, for example, use some open source product. This is a fairly typical story, really. – There is a danger that Roskomnadzor now namuchaetes with the Telegram and realize that blocking ip addresses not working properly. But it can be the touchstone, the head of this Department Zharov said that this year the RCN will be to check on the reliability of Facebook. If they for example just wish more people would realize that blocking does not work, will have to find some more effective and crude way. What could it be? – In fact, some time ago they have already discussed this method is the requirement for operators to implement the so-called platform DPI (Deep Packet Inspection) is intended for in-depth study of traffic. DPI allows for web traffic to identify, for example, access to a specific page of the website, and to block it. And it is important that the possibility of equipment DPI large, but not infinite – for example, to decipher all that part of the traffic which is encrypted, it can't, it's too expensive from a computational point of view, the task. In the presence of some secret information (for Telegram is the proverbial "keys") a partial decoding is possible, but 1) this secret information for each encrypted stream, it is necessary to have, 2) this even more increases the cost of the platform traffic analysis. The problem is that the DPI platform is very expensive. For operators on a national scale there is a complete, rather than partial analysis of traffic – hundreds of millions of dollars, not very uplifting story in the current economic climate. – A Chinese version? To circumvent the blocking is possible, but the absolute majority do not need it, because everything is so comfortable, and even squeal can – Eat Chinese option. But you know, there's a good technical rule, it is not necessary to solve the organizational problems of a purely technical methods. If you have an organizational problem, you need a combination of olmetto and techniques, it won't work, otherwise it will be very expensive. For example, if the organization wants its employees went on Facebook, she can buy a lot of equipment that will use different methods of traffic analysis for identifying any VPN, proxy, go to Facebook through the search page of Google, using the Google translator. Is it possible to introduce the simplest techniques, but to introduce a rule that an employee who is caught sitting on Facebook for a year forfeits the prize. And it will be more reliable! Always the most effective is a complex of technical and organizational measures. In China, in fact, is done. There is not just banned something, there is established a quality domestic alternative. China has its own very powerful social network, they have your messenger, WeChat, Telegram which yet was not around, because he's only recording to the clinic for any money transfer... Beggars on the street taking handouts via WeChat. Was established alternatives that are not worse than Western, and some significantly better. The technical measures blocking there any advanced Chinese know how to circumvent. People come to China, complains that Facebook is not working, it local say – do so-and-so, and you have everything working, and really works. So to circumvent the blocking is possible, but the absolute majority do not need it, because everything is so comfortable, and even squeal can. Although the filtration system is powerful, it was created many years, the “great Chinese firewall” – it's not a myth, it's a serious development, but in addition to carrot is a great carrot. But for Russia it is hardly possible in the near future, the next step is work on the "white" list, that is, when each address on the Internet where allowed to go, checked state and has the stamp of reliability. But it's very complicated and cumbersome system that needs to deploy and maintain, I don't really know how they will do it. – It is clear that while the state monitors the connection to the global Internet, that is, at any moment can put the “great firewall”, it will be possible to limit the dissemination of information. But the company promises to launch many small satellites that will distribute the Internet over the entire surface of the Earth – this will give full freedom of information? I would not hope that now comes the Musk, or Facebook, or someone else with this satellite project, and we will have a completely unfiltered Internet – to be honest, I don't really understand how this will work, although I have to say that I'm not an expert in these technologies. There is the issue of regulation of radio frequencies, the distribution of the spectra is happening globally, is engaged in the organization of the United Nations, and there without the participation of government agencies is not complete.

Open frequencies with satellites, I don't think will work, and where required the frequency matching, the Russian authorities never will. The next question is this satellite Internet, the user will have to pay somewhere abroad, through the normal Internet, which is under the control of the state. Another problem is the outbound traffic, it will still go through some ground-based emitters, these emitters since the Soviet times we are well able to look. In short, I would not hope that now comes Elon Musk, or Facebook, or someone else with this satellite project, and we will have a completely unfiltered Internet. At the same time, even in case of strongly satelitarnego the Internet, for example, the introduction of "white" lists, some loopholes remain. To predict the development of events is very difficult, obviously, now there is a war of ambition, the role of more emotions, not logic, and it all happens against the background of impending government reshuffle. – With the widespread introduction of the ipv6 Protocol block will be even more difficult – because the number of addresses will increase disproportionately? – Yes, addresses will be disproportionately. Remember the legend about a man who asked the Sultan for learning to play chess “a modest award” – one grain on square one, two on the second, four for third and so on? And it turned out that so much grain in the whole world. So as much possible addresses will be only in one segment of the ipv6, and there will be many more in the 64-th degree. In this Protocol will require a completely new practice of filtering the traffic, all you will have to rebuild. But in Russia there's quite a few sites that use ipv6. The mass adoption of this Protocol, in any case, the us is still quite far away.