Over the weekend, Russian president Vladimir Putin formally approved a new law limiting Russians’ access to VPNs, services that mask a user’s browsing habits and that are often used to skirt geographic restrictions or avoid surveillance. At the same time, Apple capitulated to the Chinese government’s similar crackdown by delisting VPN apps from the Chinese App Store, exercising significant control over how customers use their devices.
These recent developments are just the latest in a burgeoning international tug-of-war over whether VPNs, or virtual private networks, can or should be regulated. The way these service work is by “tunneling” a computer user’s internet traffic through a proxy. For instance, if you connected to a VPN server in France, your computer would send a request to that server, and then that server would connect to your final online destination. From your internet service provider’s point of view, it would look like you were just connecting to an IP address in France.
VPN usage has also grown in the past few months in the United States, particularly after Congress undid FCC rules set to take effect which would have prevented ISPs from collecting customer browsing histories and selling that data to third parties. Using a VPN offloads that possible record of a browsing history to a third-party VPN service, most of which make a sales pitch based on confidentiality and customer privacy. VPNs do not automatically make users safer, they just change who knows where you’re going online.
The Chinese crackdown on VPNs is not particularly shocking, given the country’s well-known isolation from the broader internet. Censors monitor traffic into and out of the country, and some of the largest websites, including Facebook, are blocked from operating within the country. The services that are allowed are heavily regulated, as demonstrated by Apple’s removal of VPN apps and Google’s censorship of search results.
The Russian ban is the latest of a few moves to consolidate internet traffic within the country’s physical borders. While the Russian internet is fairly open, especially compared to China’s, the country does also include regulations that afford it a lot of power and oversight. For one thing, the law requires any company operating in Russia to store user data on servers physically located within the country (LinkedIn was blocked last year for not complying, although the regulations are not enforced uniformly). Requiring digital-storage assets to be within Russian territory can allow officials to seize that data and possibly comb through it without having to go through the host itself.