top of page

Russia Vs Tor

Hello and welcome back yo my blog where we discuss the latest trends in cybersecurity and privacy. In today's video, we will be discussing how TOR is fighting against Russian censorship.

In Russia, the government is cracking down on internet freedom and trying to censor any sources of information that challenge their narrative. But there is one tool that’s fighting back against this oppressive regime – Tor

Since the beginning of Russia's military operation in Ukraine last year, there has been a noticeable increase in internet censorship in Russia. This has included the blocking of several news media websites by ISPs in Russia, as well as the throttling and eventual blocking of access to Twitter and Facebook. Recently, OONI documented these blocks and also reported that a website sharing information about captured and killed Russian soldiers in Ukraine was also blocked.

Tor has been the leading means for maintaining online privacy and avoiding internet censorship for several years. By encrypting web traffic and routing it through a network of computers, Tor has made it extremely difficult for individuals to be tracked online, which has angered governments and law enforcement agencies. In particular, authoritarian governments like China and Russia view Tor as a significant threat to their power, and Russia has recently intensified its efforts to block the service. However, this has not been an easy task, and there has been resistance to these efforts.

Is TOR a threat to authoritarian governments like Russia?

Tor is often associated with illegal activities on the dark web, many mainstream websites like The New York Times, Facebook, and BBC also have onion versions. However, authoritarian governments view Tor as a threat since it hinders their ability to conduct mass surveillance, block access to alternative news sources, and monitor online behavior, all of which are crucial for maintaining control. Therefore, it is not surprising that Russia has been attempting to crack down on the service in recent months.

Following Russia's invasion of Ukraine, the government has intensified its efforts to curtail internet freedoms within its borders. One of the key measures has been disconnecting from the global internet and blocking access to popular social media platforms like Facebook, Instagram, Twitter, and over 5,500 other websites. In addition, the government has cracked down on virtual private networks (VPNs), introduced legislation to prevent critical infrastructure from using foreign software, and is planning to create a Russian app store to reduce the use of Russian data by international platforms.

More recently, the Russian government has targeted Tor, an anonymous communications browser that many Russians have been using to bypass government censorship. However, despite the government's attempts, it has not been able to block access to Tor yet. Nevertheless, it is clear that the government will continue its efforts to control internet usage in the country, and the battle between the government and internet freedom advocates is far from over.

How TOR is fighting with Russian Censorship-Background?

Wired reports that Russia has been attempting to block Tor through both political and technical means. On the political front, Roskomnadzor, Russia's media regulator, passed a law in December 2021 that allowed ISPs to restrict access to Tor services and its website. However, due to the decentralized nature of the internet in Russia, the implementation of the block has been inconsistent. Additionally, a recent court case saw the decision to restrict access to Tor overturned on legal procedural grounds, with the hope of a complete cancellation of the block in the future.

TOR is currently using the following technologies to fight against the Russian Censorship:

Volunteer-run bridges:

These are a type of Tor relay that helps users connect to the Tor network when the standard entry nodes are blocked or censored. They are typically run by volunteers who donate their bandwidth and computing resources to help support the Tor network. Bridges are designed to be difficult to detect, making it harder for censors to block access to the Tor network.

Tor bridges are an essential part of the Tor network, allowing users to access the network even when access to the public Tor network is blocked or censored. Bridges are private relays that are not publicly listed in the Tor directory, which makes them harder to detect and block by governments, corporations, and other entities that seek to control access to the internet.

To promote the use of Tor bridges, the Tor Project has launched various campaigns and initiatives aimed at increasing awareness and adoption of the technology. One such campaign is called "BridgeDB," which is a database of available Tor bridges that can be used to connect to the Tor network when other methods fail. The database is designed to provide users with a reliable and secure way to obtain working Tor bridges, even in countries with strict internet censorship.

Other initiatives by the Tor Project include the use of "Pluggable Transports," which are software modules that enable Tor traffic to bypass censorship filters and appear as regular internet traffic. Additionally, the Tor Project has developed a number of tools and resources to help users stay safe and anonymous while using Tor, such as the Tor Browser Bundle, which is a pre-configured version of the Firefox browser that includes Tor and other privacy-enhancing features.

Tor's Snowflake:

Snowflakes is a type of pluggable transport developed by the Tor Project to help users bypass internet censorship and access the Tor network in countries where Tor traffic is blocked or filtered.

Unlike traditional Tor relays, which rely on volunteers to run them, Snowflakes use a peer-to-peer network to distribute traffic across a network of users' web browsers. This allows users to connect to the Tor network even if all other access methods are blocked, as long as they have an internet connection.

When a user in a censored location attempts to connect to the Tor network using the Snowflake transport, their browser sends a request to the Snowflake proxy, which connects the user's browser to a randomly selected volunteer's browser. This volunteer browser then forwards the user's Tor traffic through the Snowflake network, making it difficult for censors to identify and block Tor traffic.

Snowflakes are designed to be lightweight, easy to use, and difficult to detect, making them an effective tool for bypassing internet censorship and accessing the Tor network. However, they are still relatively new and experimental, and their effectiveness may vary depending on the specific censorship techniques used in a given location.Besides this TOR latest version introduces new features which let the users to automatically bypass censorship based on their location. The nonprofit technology organization is issuing updates to circumvent the way Tor is being blocked and is gathering information from people in Russia to provide more support for Russian users who can report back if they are being blocked. Additionally, Tor is introducing more volunteer-run bridges in Russia to access Tor, and using Telegram to share details of Tor bridges has been effective in fighting blocks. However, Tor is also working to stop potential abuse of bridges and is developing a system called Salmon to assign "reliability" scores around the use of bridges. If someone requests a bridge and it gets blocked, they may be considered less trustworthy, and if they request another bridge that gets blocked, they will receive another bad score.

What Putin is doing to block TOR?

In response to the ongoing conflict between Russia and Ukraine, Putin has implemented various new laws to control internet access and cracked down on civil society groups. According to Natalia Krapiva, a legal counsel specializing in technology at the non-governmental organization Access Now, the blocking of Tor in Russia is just one example of the larger effort to limit access to truthful information. This includes the Kremlin's recent clampdown on VPN services. Krapiva argues that these measures are designed to eliminate any possible sources of alternative information about the war and internal affairs in Russia. This creates a chilling effect, leading people to change their behavior or self-censor due to fear of retaliation or consequences later on.

Despite its importance for activists and citizens seeking to access uncensored information, Tor's anti-censorship tool, Snowflake, has been targeted by Russian authorities. Gus, a developer for the Tor Project, reports that there have been two significant incidents involving Snowflake, both of which were fixed within a short time. These attacks often involve fingerprinting, a technique that uses small details about browsers and internet connections to identify the technology that someone is using. For instance, the frequency of browser connections with external sources may make it stand out from other browsers. Once Snowflake is identified, it is easier to block.

Censorship Context:

In the past year, Russian authorities have been increasingly blocking access to social media platforms, both Russian and foreign media outlets, VPN services, and certain types of content such as anime, lyrics from banned songs, and articles containing information that is deemed critical of government officials. The number of blocks reached a new record in 2022, with over 247,492 URLs added to the Roskomnadzor registry of banned websites. Many of the orders to block independent media and human rights organizations appear to be motivated by an effort to censor coverage of events in Ukraine in 2022.

In November 2022, Roskomsvoboda reported that some entries in the Roskomnadzor registry of banned websites no longer showed the authority responsible for requesting the website to be blocked. In other words, the information about who requested the block had been removed. Interestingly, many of the resources that were added anonymously contained information that was critical of the actions of the Russian army and were potentially discrediting or fake. This approach to restricting access to information appears to be consistent with the tactics of the Prosecutor General's Office.

According to a press release from the Tor Project shared with BleepingComputer, Russia is the second-largest country in terms of daily users of the Tor network, with more than 300,000 people using the service. However, following the decision by the Saratov court, the Tor Project has observed a significant decrease in the number of Russian users accessing the network, as indicated by a noticeable drop in usage as shown in the graph below.

Source”Bleeping computers

Russia Offered $100k to crack TOR:

In 2014, the Russian government offered a bounty of almost 4 million rubles, equivalent to $100,000 at the time, to anyone who could successfully hack the Tor anonymity network. The bounty was available to both Russian citizens and companies who could demonstrate the ability to breach Tor's security and reveal the identities of its users. The announcement was made amidst increased government scrutiny of online activity in Russia and efforts to control access to certain websites and online content.

Why Russia is still fail to block TOR?

The Internet infrastructure in Russia is relatively decentralized, with individual ISPs being responsible for implementing blocking orders from Roskomnadzor. This differs from China, which has more centralized Internet control and was able to effectively block Tor. While Russia has been using deep packet inspection to monitor and block online services, the effectiveness of these blocks varies. Tor's community team lead, Gustavo Gus, notes that the censorship in Russia is not constant and uniform, and Tor may be blocked for some people but not others due to different ISPs. Despite a drop in the number of people directly connecting to Tor since the end of 2021, people in Russia are still able to connect to its services using volunteer-run bridges and Tor's anti-censorship tool Snowflake. In fact, data from the Internet monitoring group Open Observatory of Network Interference shows a significant increase in the number of people in Russia accessing Tor using Snowflake.

How TOR is being sabotaged by Cybercriminals?

With its popularity increase across Russia and other nations, the browser is now being disguised as a malware and is emptying the cryptocurrency wallets of the users. Kaspersky researchers have identified an ongoing cryptocurrency theft campaign affecting over 15,000 users across 52 countries. Here's how the attack works:

Step 1: Cybercriminals disguise malware as the Tor Browser and distribute it through third-party websites.

Step 2: Once the user run the file it creates one exe file and a password protected WinRAR file in the local directory of Windows OS.

Step 3: Once downloaded, the malware operates by replacing a part of the clipboard contents with the cybercriminal's wallet address whenever it detects a cryptocurrency wallet address in the clipboard.

Step 4: This means that when a victim tries to transfer cryptocurrency, the malware replaces the intended recipient's wallet address with the attacker's address, resulting in the funds being sent to the attacker.


The attackers are actively targeting cryptocurrency owners and traders, using Trojans to replace bank account numbers, with Tor Browser being a recent development. Kaspersky detected over 15,000 attacks using clipboard injector malware targeting popular cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin, and Monero.The majority of detections were in Russia due to users downloading the infected Tor Browser from third-party websites, as the browser is officially blocked in the country. The actual number of infections may be higher than reported, and the estimated loss for users is at least US$400,000, but the actual amount stolen could be much greater.


TOR is an essential tool for those who wish to exercise their freedom of speech and access information without being censored or monitored. The Russian government's attempts to block TOR have been largely unsuccessful due to TOR's anti-censorship tools such as Snowflake and Pluggable Transports. TOR's ongoing efforts to combat government censorship have been successful so far, but it's essential to remain vigilant against future attempts to restrict online freedoms.

Although Russia has made efforts to block Tor, the service is still accessible within the country at present. In a global landscape where authoritarian governments are prevalent, Tor remains an invaluable tool for citizens and activists seeking to access information or organize protests without the threat of being monitored or censored. The current cyber-attack on TOR highlights the importance of being cautious when downloading software and using cryptocurrencies, especially in countries with high levels of cybercrime. Users should only download software from official sources, regularly update their anti-virus software, and monitor their cryptocurrency transactions closely to ensure their funds are not being stolen.


bottom of page