1. Forum
  2. Fidonet
  3. CONSPRCY

  • Russia's MAX app may know

    From Mike Powell@1:2320/107 to All on Fri Mar 13 10:07:43 2026
    Russia's state-backed MAX app may know if you are using a VPN to bypass censorship here is everything we know

    Date:
    Thu, 12 Mar 2026 15:05:17 +0000

    Description:
    Russia's digital rights group, RKS Global, urges removing the MAX app from
    any device where a VPN is used, warning that other VK-developed apps are
    likely to include such functionality.

    FULL STORY
    Security researchers found Russia's MAX app can monitor VPN users
    MAX rejects allegations, saying data is used to ensure high-quality service Experts urge removing the app from any device where a VPN is used

    A user on Russian security forum Habr has claimed that Russia's state-backed messaging service, MAX, can monitor VPN users, claiming it turns "the national messenger into a state spyware tool."

    The user published details that they say show the app "contains a spy
    module." After being contacted by TechRadar, technical experts at RKS Global
    a digital rights organization focused on Russia said they were able to
    "fully confirm" the findings following an independent analysis of the app's latest version. RKS Global told TechRadar: "MAX can determine that the user
    is using a VPN, identify the IP address of the VPN server, see the users ISP, and detect which restrictions or blocks the user is bypassing."

    The app is developed by VK the Russian provider behind Mail.ru email and VKontakte social media services and is integrated with government services.
    It was first launched in March 2025 and, since September, must be
    pre-installed on every new smartphone and tablet sold in Russia.

    The press team at MAX was quick to reject tracking allegations , claiming the "technical solutions used are aimed at ensuring high-quality service
    operation primarily calls and notifications." The company added that "they have no bearing on personal data or the use of other services, including
    VPN."

    Russian VPN provider, Paper VPN , offered a more cautious perspective. In a post on X , the team points out that while MAX indeed connects to foreign servers, there are "no indications that this data is being collected specifically for analytics on bypassing blocks."

    TechRadar has approached MAX for comment.

    How MAX reportedly tracks VPN users and the potential risks -- According to
    the technical analysis confirmed by RKS Global, every time a user opens the MAX app, a hidden module named HOST_REACHABILITY collects and sends details about their network environment to VK servers in Russia.

    Under Russian law, VK must store and share this information with law enforcement upon request.

    The transmitted data reportedly includes whether the user is connected to a VPN, which websites are accessible or blocked on their network, their real IP address, and their ISP. Crucially, users cannot disable this monitoring.

    The analysis also found evidence that the module can be controlled remotely. This, RKS Global explains, indicates that targeted activation is possible. Additionally, the app's traffic appears to be deliberately obscured to make these checks more difficult to detect.

    RKS Global warned that this level of tracking could lead to the de-anonymization of VPN connections a particularly severe risk for users in Russia.

    While VPNs themselves aren't strictly illegal in Russia, their usage is being increasingly criminalized. In July 2025, the Russian Parliament approved a
    law to punish online searches for so-called 'extremist' content and
    established the use of a VPN to access banned materials as an aggravating
    legal factor.

    Paper VPN, however, noted that the Kremlin already has the ability to monitor VPN usage through other services. Still, the provider echoed concerns about
    the broader privacy risks of using the app, stating simply that "MAX is not a secure and confidential messenger."

    These latest findings follow a separate technical study from last August , which concluded that MAX possesses "enormous surveillance potential. How to stay safe Security researchers at RKS Global are urging anyone using MAX on a device with an active VPN connection to remove the application entirely.

    If deleting the app is out of the question, they suggest configuring a VPN at the router level rather than directly on the device. If that is not an
    option, users should consistently disable their VPN before opening MAX.

    There are also some workarounds suitable for more advanced users, including blocking the app's network traffic via a custom DNS or firewall. On Android, users have the option to install MAX within a separate, isolated workspace to restrict its access to the device's broader network state.

    RKS Global says that ultimately, removing the software is "the only reliable mitigation" and warned that other VK-developed apps may include similar tracking functionality.

    Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/russias-state-backed-max-ap p-may-know-if-you-are-using-a-vpn-to-bypass-censorship-here-is-everything-we-k now

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/107)

Novedades:

Servidor de Quake 3 Arena Online! - Conectate a ferchobbs.ddns.net, puerto 27960 y vence con tu equipo!