I’m not tech savvy and have noticed that many streaming sites are .ru, and as someone located in Finland, I want to make sure if they are dangerous to use.
It’s just a domain name, it has nothing to do with sites being safe. Just as any other site, they may be malicious, may be not, depends on who runs the site.
While that is true, the missing part is the following. As I understand registration process in zone .ru / .рф is done by a russian legal entity (Coordination Center for TLD RU) and under the jurisdiction of russian courts. As a citizen of Russia I can say that russian courts are far away from the Rule of Law and under the strong pressure of russian government. So, even if the actual website may be hosted anywhere, russian court may make a decision to take back a registration and, theoretically, the row in DNS may be replaced (the link will be the same but may tend to a different, potentially unsafe hosting). That is the risk that I see.
As a citizen of Russia I can say that russian courts are far away from the Rule of Law and under the strong pressure of russian government.
As a citizen of Russia I agree and want to point out that Finnish goverment is unlikely to listen to Russian court, especially when it comes to citizen of Finland that never was in Russia.
.ru is the domain for Russia, but anyone can use it. It says nothing about the safety of the site.
They’re probably just as dangerous as .com sites.
I mean statistically .ru sites are more often malicious than .com sites.
Ok maybe not, couldnt find any evidence, altho I heard that years ago. So that might have changed, maybe because of all those new non-country-domains.
I have no data on that. Cheaper and easier to get tlds like .world might be the most dangerous of all.
Every website is safe or not safe on its own merits. Their location makes little difference as far as you’re concerned despite the people here replying that Russia can redirect you (news flash: every government on the planet can; it’s how DNS works). Russia is far easier of a country to pirate from. And that’s the most important part to you: how a government treats piracy. The US is a far less safe place because they favour corporate greed above all else. Russia, not so much.
I’m sure there are some here who could debate this endlessly but you need to treat every website as its own sovereign space. Failing that, you also need to take the area it’s in into consideration should you have any legal disputes. For example, let’s say a website is hosted in a country that has a lax view of cyber law enforcement and this site is selling images you took as photographer. You send endless DMCA notices but because they don’t really have a governing body to handle this crime, your photos are never taken down. Contrast this to the US, which actually does enforce such laws and will actively penalize and even shutdown hosting providers, your DMCA notices are taken much more seriously.
None of this impacts piracy. And if you give out your CC number to any pirate site, US, RU, CA, you run the risk of it being compromised. The rest really doesn’t concern you.
Some have claimed that Russia redirects websites, etc. but again, that has nothing to do with piracy. And they certainly don’t steal every website and send you to their own versions via DNS redirects. That’s insane. Now if you want to say that disproportionately, Russia has more scam websites, I can believe that. Or that their country doesn’t really use the advanced encryption and security measures to protect your private details (CC, name, phone number etc.), I can believe that too. But to claim that Russia itself is doing a ton of shady shit to trap you seeding a torrent and then sending the KGB to assassinate your family… that’s some real tinfoil hat stuff.
Just use the standard protective measures you would use anywhere else (VPN, never give out CC or real name, etc.) and you’ll be fine.
I prefer yandex for piracy. If you search “Furiosa x265 torrent download” you get pages and pages of hits. Run the same search on DDG (Bing) or Google and there won’t be a single torrent hit because their search engines have long removed any pirate related content and monitor for it to protect their investors.
Something which has not been mentioned yet - Russia controls DNS resolution for any .ru site, and here’s how that works:
When you browse, say, www.yandex[.]ru, your computer needs to know the IP address of a server that hosts that site. Let’s say you are not using an ISP or public DNS server to get your name resolution from DNS hostname to IP address. (All of the following is essentially still what happens, just with a less complicated explanation.)
First, your computer contains a list of root DNS servers. Every DNS query starts with a root server, and those root servers are associated with the often-excluded ‘.’ at the end, like “www.yandex[.]ru**.**” - that trailing dot at the end always exists, we just don’t type it.
The root server says, “Here’s a DNS server which is authoritative for the .ru top-level domain, go ask them.”
Then your computer asks the .ru DNS server where to find www.yandex[.]ru, and the .ru DNS server says “Here’s the server that is authoritative for the “yandex” subdomain under .ru, go ask them where their “www” host is.”
Then your computer asks the yandex[.]ru DNS server where to find www.yandex[.]ru, then that DNS server says “Here’s the IP address that goes with that hostname,” and your computer asks the server at that IP for the website.
Again, Russia controls DNS resolution for anything at .ru. All they would need to do for any subdomain beneath .ru is provide their own authoritative DNS server for yandex[.]ru - or for any other whatever[.]ru DNS name. They could then redirect all browsing traffic to anything under .ru to anything they wanted.
Those FBI takedown pages? This is exactly how that is done. The FBI doesn’t reconfigure a server at the “correct” IP; they redirect DNS for the subdomain to their own IP and own web server in order to display the takedown page. That operation is performed within legal limits, but from a technical perspective, such an operation could just as easily happen outside of legal limits, especially when the party trusted to properly respond to DNS queries is Russia.
tl;dr: Russia can very easily redirect any traffic to any .ru site to anywhere they want.
Ugh. First, how you explain DNS makes it hella confusing. I’ve read it like 3x and I still don’t get how it works based on your explanation of it. Also, this is just how DNS works. Everyone can redirect if they want to. Every country does for various reasons. That’s not really the important bits. The important bits are whether they actually do or not and for what purpose. Moreover, DNS is not bound to a simple suffix. I live in the US and have domains that range from .ca to .us. to whatever. Some countries control certain aspects, but there really isn’t any formal authority that says if you live in the US you can’t have a .ca. There’s so much more going on there and it’s almost unenforceable at this point.
Second, yandex.ru is not a thing. Go visit it. The correct address is yandex.com. Third, a redirect is obvious and no one is rebuilding a pirate site with a redirect. You’ll notice. Contrary to tinfoil hatters, governments aren’t building complicated honey pots when all they have to do is sit on a torrent and fire off automated emails to your ISP. Moreover, 99% of ISPs don’t give a shit and just do what’s legally required of them but to this date, none have really taken action.
Lastly, your tl;dr was enough but doesn’t actually speak to safety, just that “they can”. The CIA can just bust in your home rn and take you to a black site, make up some shit and you’re gone forever. If they wanted to. They don’t because why?
Honestly, this place is so full of doomsday preppers that if someone asked if it was safe to jaywalk, they’d be coming out the woodwork like “nah man, a cop could just run you over and blah blah blah.” Please.
tl;dr: yes .ru sites are just as safe as any other website
Third, a redirect is obvious
A redirect isn’t necessary if you control the DNS servers. If you control the DNS servers, you can MITM the website for any visitor because you can prove that you own the domain to a certificate authority and generate a new, trusted HTTPS cert. (Depending on specifics this may or may not foil the anti-phishing capabilities of Passkeys / U2F.)
Visit yandex.ru. It’s not the main Yandex domain just go visit it. Bro. Please. Stop.
Guy, I visit yandex.ru every day. It is my homepage.
It seems to me that you did not read my message, so here is the repeat:
- yandex.ru was main domain of yandex for decades.
- yandex sold some of services to mail.ru group
- as part of that deal yandex.ru became a redirect to dzen.ru, which contains links to services run by both, yandex and mail.ru
Here is even some proof of that: https://www.reuters.com/markets/europe/russia-tightens-grip-media-yandex-sells-homepage-news-rival-vk-2022-08-23/
tl;dr:
RussiaMITM can very easily redirect any traffic to any .ru site to anywhere they want.Yes, that’s true, but more generally speaking, an external attacker would need to first gain access. The governments who control their national TLDs already have that access. Could the UK do the same thing with the co.uk TLD? They could, but the UK government seems more trustworthy on that point than does the Russian government.
OP asked specifically about the “safety” of .ru sites. I answered that question in that context.
I don’t disagree, I am mainly pointing out that anyone who controls your DNS is mitm, so people understand that they aren’t much safer.
Just picking your poison here.
Also, I don’t have much faith in our government anymore than russia’s
Huh. I guess I didn’t fully understand how DNS works.
My understanding was that DNS servers propagated their listing to other DNS servers and you just had to point your computer to the one you want and it would just query that one. And if a URL can’t be found, then it’s probably because
A) it doesn’t exist
B) it exists but hasn’t been fully propagated yet
C) the DNS server listing is outdated
I’ll throw some more detail, still working from the “your computer” side.
Your computer is almost certainly configured with a couple of DNS server IP addresses, belonging either to your ISP, or to some publicly available DNS server. When you’re going to www.hotmail[.]com, your computer just asks a DNS server that it is configured to ask - it doesn’t go to a root server (although it could, every computer is configured with root server IPs).
But even before that, your computer first looks to its HOSTS file. That’s a local file that contains manually configured matches between DNS hostnames and IP addresses. Under normal circumstances, this HOSTS file would be empty, but it’s there. Side note: DNS (Domain Name System) is what replaced HOSTS files. Prior to DNS, a university network (for example) would distribute a hosts file for everyone to put on their computer, and that was it.
Okay, www.hotmail[.]com isn’t in my hosts file, what next? Not a DNS server yet - next your computer will look to its local cache. You visited www.hotmail[.]com a couple hours ago, you haven’t rebooted yet, computer looks in its local cache and uses whatever it finds there.
Not in the local cache? Now your computer asks the DNS server its configured to ask for everything. That DNS server has its own cache, so if anyone has asked it for www.hotmail[.]com recently, it already has it, and returns an answer to your query.
If that DNS server doesn’t have the entry cached, it may be configured with forwarders. This essentially means “If I, a DNS server, don’t have a listing in my own cache, I will always pass the query to my forwarder instead of going to a root server.” There may be multiple layers of this kind of behavior, maybe the next DNS server even knows who’s authoritative for hotmail[.]com, and says “go ask them.”
The last word, though, is always the root servers. Root DNS servers are authoritative for ‘.’ and they contain lists of TLDs and the DNS servers authoritative for those.
Another thing to be aware of is that if a computer doesn’t have an IP address for a particular hostname (and it is not configured with a DNS server to ask for everything), it only returns “go ask this other DNS server” to the computer making the query, and then that computer goes and makes the full query to that DNS server.
It is also important to make sure that the DNS server(s) your computer is configured to use are themselves trustworthy. “Dan’s Totally Not Sketchy I Promise Public DNS Server” could very easily be configured to believe it is authoritative for the hotmail[.]com domain, and hand you whatever IP address it is configured to hand out from its own “Totally Authoritative I Promise” zone file.
And I forgot about TTL (Time To Live). TTL is measured in milliseconds, and generally speaking, only gets as short as fifteen minutes. If a cached record is older than the TTL, then the DNS server (or your local cache) will discard it and go ask for a fresh one. This does not apply to hosts file entries, or to static entries in an authoritative DNS zone file; those never expire.
Thanks for the great explanation
DNS TTL is in seconds. And it’s frequently ignored, where caching DNS servers make their own decisions.
Yes if you are not in Russia.
- Mod of Russian Memes
Came here to see that and am not disappointed.
With the context of piracy in mind sites located beyond your own country’s authority are a better choice as they are less likely to cooperate.
Of course unless you take measures your isp will know you 've been accessing that site. Additionally even though the domain is normally under Russian control your country’s authority can actually order your ISP to have it’s DNS direct you elsewhere.
Follow usual safety procedures, avoid weird links and redirects, prefer services whose name you can google etc and you’d be fine.
Depends who you are. If you’re a person of interest to the Russians for any reason, I wouldn’t trust it.
If you trust the government that controls a TLD, then use the site. If not, proceed with caution.
So what are trustworthy TLDs?
It is the same question as “What are trustworthy countries” imo
That’s my point, I always have a reasonable suspicion of anything I get from the Internet, but I don’t trust any site just because some underpaid functionary or corporate employee in its respective country said it’s good.
I’m not suggesting that you should. But if the government that controls a TLD is not trusted, then no site under that TLD should be trusted either.
That’s an opinion question.
No.
Bye!
I think so, that is safe.