Apple is taking down VPN apps following the Russian censorship agency demands
le-vpn.comI've been arguing here that Apple should not decide what apps a user can run on an owned device, yet, scores of commenters right here, on Hacker News, were telling me, "do research prior to buying the device". No, you shouldn't.
Apple should be stripped off this power. EU's DMA is a first step, but we need such policies applied everywhere. So far, the only ones who benefit from AppStore monopoly are Apple themselves and various authoritarians around the world.
>Apple should be stripped off this power.
The article is about the app store, which apple obviously should have control over. A company can not operate outside the laws of the country it is operating in.
This issue is separate from Apple having a monopoly on app distribution (outside of the EU).
> A company can not operate outside the laws of the country it is operating in.
In case of Russia, Apple is not or should not be operating in the country, so the condition isn't met.
>Apple should be stripped off this power. EU's DMA is a first step, but we need such policies applied everywhere.
What do you suppose happens when those same authoritarians make a reverse DMA and require that all phones sold be locked down only to a single centralized market place? If one thinks Apple should be complying (and bear in mind the amount of consternation there has already been around "malicious compliance) with EU laws and policies, I'm not sure how one can be consistent in thinking they should be ignoring Russian law and policies.
Don't get me wrong, in my personal opinion, Apple should not be doing business either in Russia or in China. At the same time, I understand that if they did that, it wouldn't be materially improving things for the citizens of those countries. The only win would be for Apple / Apple employees in not having to comply with laws that violate "American ideals." However, that same ethical stance would be just as applicable to the idea of pulling out of EU markets too if Apple felt that the DMA was against "American ideals." To my mind there are only two possible consistent stances:
1) Comply with all laws and policies of each host country, regardless of personal beliefs / attitudes, and apply why pressure and objections you can to change those same laws and policies. 2) Do not do business in any country where the laws and policies violate your personal beliefs and attitudes, and loudly refuse to do that business until such time as those laws and policies are changed.
The third option of picking and choosing which laws you will or won't be complying is of course an option, but it is not consistent, nor am I sure if you could trust Apple to do that if you already don't feel you can trust them to manage app access on their platform.
Somehow, Android devices currently sold into both China and Russia both support sideloading apps, including VPNs. Apple has set up a situation where they are able to be used like this, and if you think that a country is going to put in laws to require phones work like this, the only reason that could even make sense is because Apple is willing to do so and has set the stage for it being normalized.
As it stands, Apple fights tooth and nail against EU regulation of their business model and yet simultaneously goes far above and beyond what any other company is doing to comply with requests from totalitarian regimes? Apple--the company, sure, but also, concretely: the people who work there--are traitors to democracy.
We simply shouldn't be willing to create technology where anyone could even come to us with such a request, even if it is the basis of a lucrative business model, as we KNOW totalitarian regimes will then take advantage of us as patsies for the subjugation of their people; and, if the resulting profit is just too lucrative for investors, businesspeople, and engineers to leave on the table, we should make it illegal.
Back in 2017, I gave a long talk at Mozilla Privacy Lab focusing on this very topic, using numerous examples that are all copiously cited. It will never not be shocking to me that, given how clear and constant it is that centralized control WILL lead to corruption--if not on purpose then accidentally, and if not from the inside then from outside actors using coercive actions, legal or otherwise--that people continue to defend the construction of centralized empires :/.
right now it just led to Russian users changing their App Store regions. I guess everyone will do that at some point of time in Russia. That's what they did with Sony PS accounts en masse.
As of now, we've confirmed that seven VPN apps have been removed from the Russian App Store:
Hidemy.Name VPN IVPN Le VPN NordVPN Private Internet Access VPN Proton VPN Red Shield VPN
Some of these providers, including Le VPN and Red Shield VPN, were actively involved in resisting Roskomnadzor's efforts to block Telegram in Russia back in 2018. This action by Apple, in compliance with Roskomnadzor's demands, appears to be more extensive than initially thought. It may indicate a broader crackdown on VPN services in Russia and potentially occupied territories, rather than just a preliminary step. The situation continues to develop, and we'll monitor for any further removals or policy changes affecting VPN accessibility in the region.
How many of these VPN services can be used without the app by configuring them in iOS settings? I know "private internet access" can be used that way.
those protocols that can be configured from iOS are already blocked in Russia. You'll need an obfuscated Wireguard or other stealth protocols to make it work there. You can't configure them from the settings, but you can download the app and just add the configs there. That's what Le VPN does with Le VPN Give - they just give away the coupons to generate a VPN config, which you then just copy into the open source VPN app, which is still available in App Store.
I've not tested protocols that are available on iOS "out of the box" (guessing L2TP, IPSec?), but here's my two cents:
1. It differs from ISP to ISP. Right now I'm using a major ISP and I have no problems connecting to a Hetzner IP via:
- plain WG
- OpenVPN
- Shadowsocks
My mobile operator blocks OpenVPN, other methods work.
2. Time could also play a role - there seem to be "tests" about how the government could block some protocols without affecting business etc. - these happen bi-monthly and last ~2-5 days. My friend uses a different major ISP and he reported broken Shadowsocks this week, though it started working again.
3. The endpoint also matters (obvious in hindsight). "Internal" endpoint seem to "break" very rarely, if at all. Obvious, if you consider that a lot of people need to remote into their corp nets.
The main difference there is right now is that mobile operators have much better hardware because it's newer. That makes it easier for them to implement government-requested blocks including using DPI. The landscape is changing right now, that's true as each provider got it's own issues and tech abilities.
They can block services by IPs, but that the game they failed miserably while trying to block telegram. Also most modern VPNs(well at least Le VPN does it) rotate their IPs to avoid blocks. It's a lot of work, but that's a lot of work for those who try to block them too..
They can also block ports, but that's easy to change.
I saw them blocking the domain names, to kill the API communication of VPN apps, but that's a pathetic move too - you just buy another domain, push the update and that's it.
I'd recommend using Wireguard with Amnezia modification. It obfuscate the WG handshake as well as transport channel.
Selling its customers to authoritarian regimes is par for the course for Apple. Anyone living in such countries and worried about privacy are better off buying Pixel and installing GrapheneOS.
Just a bit more context on the whole RKN situation in Russia:
RKN tried to block Telegram in Russia in 2018 but they couldn't block it after a few years of struggle.
In 2024 RKN already pushed away big VPN players who were too big and slow to adapt and obfuscate their protocols.
They do this in waves:
1) first just notices 2) then website domain block 3) then they sent abuse requests to hosting companies, like this:
"It is notice of making an entry into the "Unified register of domain names, Internet web-site page links and network addresses enabling to identify the Internet web-sites containing the information prohibited for public distribution in the Russian Federation” the Internet web-site page (s) link (s): https://xxx.xxx/ .
In case the hosting provider and (or) the Internet web-site owner fail to take these measures, the network address enabling to identify Internet web-sites containing the information prohibited for distribution in the Russian Federation will be decided to be entered into the Register and access will be limited.
The information about entering the domain names, Internet web-site page links and network addresses into the Register shall be available on a 24-hour basis at the following Internet address: http://eais.rkn.gov.ru/en/ .
Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (ROSKOMNADZOR)."
They did send takedown requests in 2018 too, but somehow every hosting provider at that point of time knew that this was bs and they mostly ignored that.
4) Block internal API domains to disrupt VPN apps
5) And finally request app removal from App Store.
My guess is it's their final chance to win this situation.
In 2018 RKN pressured Apple to remove the Telegram app too.
Apple even suspended Telegram app updates for some time.
Apple loves 1984 theme, 4 decades ago they even made a commercial with reference to it
Apple is bowing down to fascists.
Being just a little facetious here, but Apple is fascist.
Dictatorial... check
Centralized Autocracy... check
Martial virtues celebrated... check
Liberal and democratic values disparaged... check
Forcible suppression of opposition... check
Subordination of individual will to the state's authority... check
Sounds good to me.
There's more to this: https://www.le-vpn.com/le-vpn-responds-to-removal-from-russi...
Apple doing business in Russia at all is pathetic
They don't officially sell any hardware here since 2022. Every iPhone and Mac sold in Russia since then is grey import and costs accordingly, around 1.5x the Apple price.
That makes concessions on software sales even more embarrassing imo
Otherwise Apple risks their online properties getting blocked and iOS devices becoming useless because of how iOS assumes it can always access Apple servers.
In Russia, yes.
So it's okay for you for all Russians to end up with devices we can't use without a non-trivial setup with a router that wraps all traffic into a VPN, all so that Apple could prove a point?
Yes it is.
They obviously can't just bail and this whole moody exclusivity is what's truly pathetic.
They obviously can