[Russia] Blocking Tor resources (2025 edition)

New year - new topic!

Let's continue discussing censorship in Russia, discussion in 2024 can be found here

Bridges

Obfs4 bridges do not work when users connect to internet using a mobile ISP. #40046 (comment 3125365)

I've got two reports from the users from Russia that obfs4 bridges did not work when they trying to connect to tor using their residential ISP.

Webtunnel bridges worked for them.

I wonder if that was after using circumvention settings that being related to the hetzner block #40054. Or if they are starting to block fully encrypted protocols also on land connections.

I haven't got more reports about this issue. But it seems not only obfs4 suffers from mobile ISPs in Russia, Shadowsocks and Wireguard also blocked on mobile ISPs and were blocked on residential ISP in January for the short period of time

marked this issue as related to #40046 (closed)

mentioned in issue #40046 (closed)

added Ongoing censorship event labels

A user reports:

Hello, as earlier reported on the Tor Project gitlab page in the 2024 censorship page, a user reported of obfs4 bridges being blocked on 4G, and working on 3G. I conducted a test, and obfs4 bridges seem to get stuck at some point, on both 4G and 3G, so either the whole ip is blocked, or the protocol. I also wanted to add that ping tests/small packets of data pass through, in my tests, from Russia. So even blocked IP's return a ms ping result. In my experience with obfs4 bridges, they usually get blocked first/more obfs4 bridges are blocked on mobile networks than a regular cable home connection. #40058 (closed)

I guess 3G, at least for some ISPs, is not anymore extempt from blocking FEPs.

marked this issue as related to #40058 (closed)

mentioned in issue #40058 (closed)

RosComNadzor started blocking Cloudflare (some ISPs are affected, and some are not)

possible list of blocked ips

• 173.245.48.0/20
• 103.21.244.0/22
• 103.22.200.0/22
• 103.31.4.0/22
• 141.101.64.0/18
• 108.162.192.0/18
• 190.93.240.0/20
• 188.114.96.0/20
• 197.234.240.0/22
• 198.41.128.0/17
• 162.158.0.0/15
• 104.16.0.0/13
• 104.24.0.0/14
• 172.64.0.0/13
• 131.0.72.0/22

Siberia is the most affected region, European past of Russia and Far East as less affected. Some data by ISP/Region https://ntc.party/t/cloudflare-%D0%B7%D0%B0%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BB%D0%B8/15202/85

The CMU SSOP (Centre for Monitoring and Management of the Public Communications Network of GRFC, Roskomnadzor) will conduct scheduled technical checks of the use of foreign server infrastructure by Russian services and telecom operators in the coming month, - Roskomnadzor said.

This week started from the massive disruption in Runet. Affected - messengers, Steam, banks, mobile operators and ISPs. There are multiple reports about failing VPN services and issues with foreign hosters.

Roskomnadzor explained the disruptions by the use of foreign servers by services.

I was looking through the topic about blocking various resources in Russian on ntc.party so it seems that among blocked/unreachable on some ISPs (quite randomly): cloudflare domains .io and many in .com amazon discord

Blocks can appear and then disappear

Updates:

1. Roskomnadzor recommended refraining from using Cloudflare's solution that violates Russian laws.

Roskomnadzor (RKN) has advised owners of Russian internet resources to refrain from using the TLS ECH (Encrypted Client Hello) extension of the American company Cloudflare's CDN service. According to Interfax, this extension allows users to bypass restrictions on access to information prohibited in Russia.

2. The decree was registered with the Ministry of Justice of the Russian Federation on March 31 and will come into force on April 12. From that moment, internet providers and telecom operators will be required to transmit data to Roskomnadzor for identifying devices with internet access, such as routers, smartphones, modems, and others.

Telecom operators are required to transmit:

• IP addresses assigned to users.
• Geolocation (region, district, administrative division, etc.) of IP usage.
• Identifiers of the equipment through which traffic passes.
• If both IPv4 and IPv6 are used simultaneously, both addresses must be specified, a specific format for transmission, including a timestamp and TTL.

(so it seems they want to know users activity better)

Roskomnadzor may restrict the work of foreign hosting providers taking into account the risks for Russian resources. This was reported to TASS by the press service of Roskomnadzor, so it is an official information.

every day brings something new!

Today the interesting report Russian Government Escalates War on VPNs and Censorship Circumvention Tools was published by AppCensorship (a GreatFire Project):

GreatFire uncovered that between March 12 and April 1, 2025, Roskomnadzor issued an extraordinary 214 App Takedown Requests targeting 212 VPN and similar apps, representing over 90% of all takedown requests sent to Google during this period. Additional requests targeted content related to the Ukraine war, LGBTQ+ topics, poetry, and songs.

Hosting providers that RosKomNadzor may restrict (as per https://tass.ru/obschestvo/22603643)

1. GoDaddy LLC,
2. Kamatera Inc.,
3. Network Solutions LLC,
4. Ionos Inc.,
5. HostGator LLC,
6. DigitalOcean LLC ,
7. Amazon Web Services Inc
8. Hetzner Online GmbH

the updates are now daily =(

Russian companies using VPNs are advised (by Roskomnadzor) to restrict from using foreign encryption protocols.

Roskomnadzor also wants companies that still want to continue using these protocols to "whitelist" them by sending a request to Roskomnadzor, which contains

• organization name and tax number
• used connection protocol,
• IP of connection source (if technically possible),
• IP of connection destination,
• purpose of connection use,
• contacts of the responsible person from the organisation's side for interaction,
• additional comments (if necessary).

users from some regions report tls 1.3 being blocked.