Russia Can’t Afford to Block Twitter—Yet
Online censorship is bogged down in technical difficulties.
On March 16, Russia’s internet and media regulator, Roskomnadzor, threatened to block access to Twitter from within Russia in 30 days if the platform failed to comply with government demands to delete content allegedly related to child pornography, suicide, and drug use. But just three weeks later, Roskomnadzor backed away from that threat, citing discussions with Twitter characterized by both sides as productive—although it then reiterated the threat on April 30. At the same time, however, the regulator expressed its intent to continue slowing down Twitter traffic in Russia, as it has done since March, through May 15, an attempt to make the platform less accessible for Russian users.
What explains this seemingly confused and contradictory approach from the Russian government? Given the lack of transparency around Roskomnadzor’s decision-making process, it’s difficult to know for sure—but likely explanations include both the Russian government’s technical capacity (or lack thereof) for digital censorship and its broader strategy regarding the control of online information.
The messaging platform Telegram, widely used by Russian activists, demonstrates the weaknesses of the Russian internet control. The April 2018 ban on Telegram, enacted following the app’s alleged use in a 2017 St. Petersburg terrorist attack, proved challenging to execute for Russian authorities. Telegram initially used “domain fronting” to bundle its app’s traffic with unrelated traffic to domains including amazon.com and google.com.
This strategy allowed Telegram to circumvent Roskomnadzor’s filters by hiding its traffic within Internet Protocol (IP) address blocks managed by Google or Amazon. Roskomnadzor’s only available response was to block broad ranges of IP addresses, leaving Russian internet users unable to access not only Google search and Amazon, but also completely unrelated sites such as popular online video games and the widely used Russian social network Odnoklassniki. These disruptions further contributed to the ban’s broad unpopularity with the Russian public.
In late April 2018, Amazon and Google terminated support for domain fronting, as Roskomnadzor had been demanding. But by that point Telegram had developed new technical tactics to remain accessible to its users in Russia. According to Mikhail Klimarev, executive director of the Russian internet rights organization Internet Defense Society, Telegram created a content delivery network consisting of a large number of proxy servers that allowed the service to send content to users from a constantly changing set of IP addresses.
The Russian government made repeated efforts to block Telegram, including a trial deployment of deep packet inspection (DPI) technology, but those efforts continued to result in significant collateral damage by blocking unrelated third-party websites. For a combination of reasons, most critically the technical failures, the Kremlin undid the legal ban in June 2020.
But while Roskomnadzor has retracted its initial threat to block Twitter, the threat is still on the table. The biggest technical difference with the Twitter case, according to Klimarev, is Russia’s countrywide implementation of DPI technology—a step mandated under the country’s “sovereign internet” law, which came into effect in November 2019. Under the law, all Russian internet service providers are required to install DPI equipment on their networks, which can then be used to implement filtering or blocking through a centralized system run by Roskomnadzor.
Initially, many firms were slow to implement the technology because of having to shoulder the costs themselves. But while the level of overall progress remains unclear, the results of the efforts against Twitter suggest DPI deployment is widespread enough to create a potent infrastructure for new types of digital censorship. Alexander Khinshtein, the chair of the Duma committee overseeing internet policy, confirmed that the DPI equipment installed under the sovereign internet law had been used to filter Twitter traffic in an interview with the state news agency TASS.
One significant new capability available as a result of DPI deployment is the ability to slow down, or “throttle,” traffic as an intermediate step that falls short of a total ban. Roskomnadzor began the current escalation of pressure against Twitter in early March by throttling access to Twitter from within the country. A detailed report by Censored Planet, a digital censorship research program at the University of Michigan, offers considerable insight into the technical measures being used, finding that Roskomnadzor is using DPI to filter internet traffic for Twitter-related domains, including twimg.com, twitter.com, and t.co, located in the Server Name Indication (SNI) of internet packets—looking for internet connection attempts made with those substrings. While Censored Planet’s research found that this approach was effective in substantially throttling traffic to those domains, it also demonstrated significant collateral damage, as many other domains whose names contain “t.co” were throttled along with Twitter (including such major domains as Microsoft.com and Reddit.com).
The configuration of Russia’s DPI implementation will make such collateral damage difficult to avoid. Klimarev points out that in Russia DPI is deployed at the ISP level (in contrast with China, which deploys it at transborder crossing points and thus has greater ability to inspect the contents of online traffic). Sarkis Darbinyan, a co-founder of the Russian internet freedom advocacy organization RosKomSvoboda, points to Moscow pushing companies to implement deep packet inspection on their own networks, but that initial misconfigurations and slow rates of adoption have left Roskomnadzor with a stripped-down version of DPI. Twitter (like all major international social media platforms) sends all of its traffic under encryption, meaning that Roskomnadzor is unable with their current capabilities to use more advanced DPI capabilities to examine the contents of data packets—and instead must filter on the less-precise basis of information found in those packets’ headers (such as the SNIs of destination servers)
The new DPI-based censorship capabilities created under the sovereign internet law can therefore be understood as only a limited upgrade to the Russian government’s preexisting censorship toolkit. While throttling represents an important tool allowing the Russian government to increase pressure on social media platforms without generating the blowback (and broader online traffic disruptions) of a total ban, the new capabilities fail to resolve the collateral damage problem demonstrated by Telegram—or to create truly challenging technical obstacles for a platform with the political will to defy Russian government censorship.
Twitter’s own calculations on the issue remain largely opaque, and its response to a potential Russian ban is an open question. In some places where the platform has been banned (China, Iran, and North Korea), Twitter is accessible only with user-side censorship circumvention technology (such as virtual private networks), if at all. In other countries, Twitter complies with government takedown orders in order to remain accessible (such as in India, where Twitter has recently admitted to censoring tweets criticizing the government’s handling of the coronavirus crisis).
With the exception of the Telegram case described above, there are no publicly reported cases of major Western online platforms resorting to technological countermeasures to remain accessible to users in a country where the service is banned. The unique political circumstances of the Telegram saga make it an unlikely model for Twitter’s decision-making process. A much more likely course for Twitter should Roskomnadzor escalate and impose a full ban would be to follow the example of LinkedIn and attempt to negotiate a political agreement with the Russian government. (These negotiations show little signs of success almost five years after the initial LinkedIn ban.)
Should Twitter decide to make an effort to remain accessible in the face of a ban, the necessary technical steps would be clear. Twitter, like many companies with a global online presence, relies on content delivery networks (CDNs)—servers that locally cache copies of websites to speed up content delivery—to make its website more quickly available to users around the world. While Twitter’s existing CDNs exist for the sake of efficiency rather than as an anti-censorship strategy (as in the case of the CDN deployed by Telegram), they nevertheless offer significant censorship circumvention benefits. According to Meduza, Twitter uses Akamai’s CDN servers, which means that different citizens in Russia may be accessing the same Twitter content from different individual servers. As a result, Roskomnadzor may have a more difficult task in identifying all of the servers within Akamai’s large CDN architecture that might be housing Twitter content.
Should Roskomnadzor attempt to use its existing tools to block Twitter, the platform could reconfigure its CDN infrastructure to increase collateral damage costs (by purposefully sending content via servers where Twitter traffic would share Server Name Indications with unrelated traffic), or use CDN technology specifically designed to circumvent digital censorship. (Disclosure: One of the authors of this piece, Dylan Myles-Primakoff, works for a developer of censorship circumvention technology.) And as Klimarev points out, there is nothing preventing Twitter from replicating the mobile traffic delivery strategy used by Telegram to effectively drain Roskomnadzor’s political will to continue keeping its ineffective ban in force. However, as noted above, such moves would be unprecedented; the true obstacles for Twitter’s resistance to Russian censorship are not technical but political.
What happens next will depend on the political calculations of Twitter and the Russian government. For the time being, Roskomnadzor has given Twitter (and itself) an easy off-ramp: Twitter can agree to bring its moderation of content that both the platform and Roskomnadzor find illegitimate (e.g., child pornography or the promotion of suicide) into better compliance with Russian regulations (for example, by speeding up its review of flagged content), allowing both sides to declare a win.
This seems like the most likely outcome for the time being, as the Russian government is clearly aware of political limits. In his TASS interview, Duma member Khinshtein is candid about Twitter having been selected for this enforcement action in part due to its limited user base; he likewise suggests that Russian society “would not accept” a similar action against YouTube. The technical results of this move against Twitter would also seem to recommend caution for the Russian government, proving as they do that while the deployment of DPI technology gives Roskomnadzor a significant new tool, it currently remains too imprecise to wield without causing collateral damage.
The fundamental technological calculation is unchanged from the Telegram case: Russia cannot block Twitter without causing significant collateral damage, and Twitter could easily circumvent Russia’s censorship should it choose to do so. Russia remains reluctant to block a major Western platform, and Twitter is reluctant to directly challenge digital sovereignty. Future technological developments giving digital censorship tools a firm edge over circumvention technology (such as the ability to block specific pieces of content without any collateral damage) are one way this apparent stalemate might be resolved. More likely, however, the stalemate will be broken by the changing political calculations of the Russian state as it grows ever less concerned with the repercussions of repression of all kinds.
Dylan Myles-Primakoff is the director of business development for the NewNode project at Clostra and a nonresident senior fellow at the Atlantic Council’s Eurasia Center.
Justin Sherman is a nonresident fellow with the Atlantic Council’s Cyber Statecraft Initiative and a research fellow with the tech, law, and security program at American University’s Washington College of Law. Twitter: @jshermcyber