The agency that has spent years systematically dismantling Russians' access to the open internet now wants to build them a VPN. Roskomnadzor, Russia's federal media regulator, is proposing a government-controlled virtual private network specifically for IT specialists who can no longer reach the foreign coding tools their work depends on. The proposal was aired at a June 8 meeting between the regulator's deputy head, Oleg Terlyakov, and representatives from several Russian IT companies, and it has been met with something between alarm and bitter laughter.
A Problem Built Entirely in Moscow
The crisis Roskomnadzor is now trying to manage is one it created itself. Years of blocking and throttling have left Russian developers increasingly cut off from the essential infrastructure of modern software work. GitHub, the world's dominant code-sharing platform, has faced access disruptions. Repositories for the Python programming language - foundational to everything from data science to web development - have become unreliable or unreachable. Figma, widely used for interface design, is similarly affected. These are not peripheral tools. They are the daily working environment for a significant portion of Russia's technology workforce.
Rather than revisiting the blocks, the regulator's preferred answer is to route approved users through a single, state-managed VPN tunnel. The logic is, on its surface, straightforward: a VPN encrypts a user's traffic and directs it through a server in another location, effectively making it appear that the connection originates elsewhere. For a developer in Moscow trying to reach a repository blocked by Russian law, the technology works. The problem is not the technology. The problem is who controls it.
Surveillance Dressed as a Solution
When a VPN is operated by a trusted, independent provider - one that has undergone independent audits and maintains a verified no-logs policy, ideally headquartered in a jurisdiction with strong privacy protections - the architecture genuinely shields user activity from third-party observation. A state-run VPN inverts this model entirely. Traffic routed through a government-managed gateway does not gain privacy. It loses it. Every connection, every query, every file accessed becomes visible to the agency operating the infrastructure.
Sources who attended the June 8 meeting, as reported by the independent Russian outlet The Bell, were candid about the risk. One described the situation plainly: concentrating all developer traffic onto a single government-managed channel would make it not only easier to monitor that traffic, but easier to sever access entirely if the political moment required it. A distributed, commercially operated VPN ecosystem, however imperfect, at least offers redundancy. A unified state system offers none. It is a single point of failure that also functions as a single point of surveillance.
Concerns about international implications have also emerged. A centralized national VPN could in practice become a mechanism for restricting inbound access as much as outbound access - potentially isolating Russian developers further from the global communities and collaborative workflows they depend on. The word that kept appearing in post-meeting commentary was "shady," which, for a regulatory proposal, is a damning consensus.
The Broader War Russia Is Losing Against Its Own Internet Policy
The state VPN proposal does not exist in isolation. Since April, Russian internet service providers have been legally obligated to detect and block active VPN connections - a significant escalation from earlier, patchier enforcement. Roskomnadzor has also been accused of conducting distributed denial-of-service attacks against VPN providers in an attempt to degrade their services from the outside. Despite this, Russian officials have themselves acknowledged that a comprehensive ban on VPN use is, in their words, simply impossible. Encryption is mathematically robust. Determined users will always find working services, and the underlying protocols that power VPNs are not going away.
What the regulator faces is a structural contradiction. Russia's government has staked considerable political capital on controlling its digital environment. At the same time, it has explicitly designated the technology sector as strategically vital to the country's economic future. These two goals are no longer compatible. Locking developers out of GitHub, Python repositories, and collaborative design platforms does not protect national security. It degrades national capability. The state VPN proposal is an attempt to thread this needle by creating a privileged tier of sanctioned access - what some commentators have already described as a "privileged caste" with rights that ordinary users would not enjoy.
That framing matters. A two-tiered internet, where developers working on approved projects can reach the open web while everyone else cannot, is not a technical solution to censorship. It is censorship with a carve-out. It also creates an obvious pressure point: access through the state VPN becomes something the government can grant, condition, and revoke. For a technology industry that depends on the free exchange of code and knowledge, that dependence on official sanction is itself a vulnerability.
What Genuine Secure Access Actually Requires
The standard for trustworthy VPN access, as established by years of independent security research and auditing practice, rests on a few clear principles. The provider must keep no logs of user activity. The jurisdiction in which the provider operates must offer meaningful legal protection against compelled disclosure. The underlying protocols - whether WireGuard, OpenVPN, or equivalent - must be open, auditable, and cryptographically sound. And critically, the provider must have no structural interest in exposing its users.
A government agency that has spent years trying to eliminate the very tools it is now proposing to replicate fails every one of these tests. Roskomnadzor's mission is surveillance and control. Its institutional incentives run directly against the privacy guarantees that make a VPN worth using in the first place. Russian developers appear to understand this clearly, which is why the proposal has generated opposition rather than relief. A tool built to watch you while pretending to free you is not a solution. It is a more sophisticated version of the problem it claims to solve.
