VPN provider claims Russia seized its servers
PIA tells users 'we logged nothing', deletes Russian servers from clients
VPN provider Private Internet Access (PIA) says its servers have been seized by the Russian government, so has quit the country in protest at its privacy laws.
The company has sent an e-mail to users claiming some of its servers have been seized, even though the enforcement regime – in which all Internet traffic has to be logged for a year – doesn't come into effect until September 2016.
A paying user has forwarded the company's e-mail to The Register, which we reproduce at the bottom of this story. The customer also told us the Russian gateways disappeared automatically from “older versions of the PIA client” in the last week.
Russia has been progressively cracking down on Internet services with a particular focus on encryption, and in June laws landed in the Duma that would also outlaw apps like Messenger and WhatsApp.
The crackdown already demands registration of any blog, publisher or social network site with more than 3,000 readers, and requires them to store data on Russian soil.
The e-mail, which is available in 'View as Web Page' mode, says:
“The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year. We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process. We think it’s because we are the most outspoken and only verified no-log VPN provider.
“Luckily, since we do not log any traffic or session data, period, no data has been compromised. Our users are, and will always be, private and secure.
“Upon learning of the above, we immediately discontinued our Russian gateways and will no longer be doing business in the region.
“To make it clear, the privacy and security of our users is our number one priority. For preventative reasons, we are rotating all of our certificates. Furthermore, we’re updating our client applications with improved security measures to mitigate circumstances like this in the future, on top of what is already in place. In addition, our manual configurations now support the strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096.
“All Private Internet Access users must update their desktop clients at https://www.privateinternetaccess.com/pages/client-support/ and our Android App at Google Play. Manual openvpn configurations users must also download the new config files from the client download page.
“We have decided not to do business within the Russian territory. We’re going to be further evaluating other countries and their policies.
“In any event, we are aware that there may be times that notice and due process are forgone. However, we do not log and are default secure against seizure. “If you have any questions, please contact us at firstname.lastname@example.org.
“Thank you for your continued support and helping us fight the good fight.” ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust