ProtonMail is "back to running normally in Russia now" after the country blocked access to the encrypted email service, claiming that students at a sports competition were using it to spread anti-regime propaganda.
The Russian-language Habr news aggregator reported yesterday that Russian telcos MTS and Rostelecom were sinkholing locals' inbound requests to ProtonMail's SMTP servers, discovering the issue after users started asking why the service's email newsletters weren't arriving. Habr uses ProtonMail to send its bulletins.
Habr author Pas posted in Russian: "We began to rake out the mail logs and found that the connections of our servers to ProtonMail MX servers (220.127.116.11, 18.104.22.168) end with network timeouts. It looked strange for a number of reasons and was similar to the use of the blocking mechanism practiced in Russia."
Pas was also able to obtain and publish a letter from Russia's FSB spy agency dated 25 February 2019 ordering one of the ISPs to block ProtonMail. As part of a reasonably organised police state, it is plausible the FSB knew about the protests in advance. The FSB letter said, in part:
We have seen more frequent cases of false reports of terrorist activity aimed at objects of social and critical infrastructure. In January 2019, Russian cities saw mass evacuations of schools, administrative buildings and shopping centers. According to the Prosecutor General's Office of the Russian Federation, there were 1,300 court cases started in 2018 related to the Criminal Code chapter 207 – false notification about an upcoming act of terrorism. According to experts at the Interior Ministry, material damages from mass evacuations in January 2019 alone totaled around 500 million roubles.
In its work, the Center [of Information Security, an FSB unit] detected internet resources used for mass dissemination of intentionally false information about terrorist acts.
It then went on to list internet resources that must be blocked by 20 February 2020, in order to "ensure security during the XXIX World University Winter Games" (the Universiade) in Krasnoyarsk.
"Allegedly, the reason for the block is because of criminals using ProtonMail to send threats," chief exec Andy Yen told The Register, "but the method of the block (preventing messages from being sent to ProtonMail, as opposed to blocking delivery of messages from ProtonMail) seems inconsistent with that claim."
Yen said his firm had restored Russian users' access ("We don't want to share the technical details for reasons that you can probably understand"), adding: "Users in Russia suspect (and the timing seems to confirm) that it might have more to do with the massive protests which took place yesterday.”
The Russian authorities recently stepped up their plans to seize control of the World Wide Web within their borders, which they refer to as Runet (Russian internet).
This is not the first time ProtonMail has fallen foul of authoritarian governments. A year ago the Turkish regime of Recep Tayyip Erdoğan ordered ProtonMail to be blocked – which was easily worked around with a VPN. ®
Reg reporter Max Smolaks carried out some of the translations for this article.
Sponsored: Ransomware has gone nuclear