Roskomnadzor, the Russian federal body responsible for blocking hundreds of foreign internet services, is now proposing to build a government-controlled VPN - specifically to let domestic IT workers access the platforms it has been blocking. The proposal, discussed at a June 8 meeting between the regulator's deputy head, Oleg Terlyakov, and representatives of Russian IT companies, was first reported by the independent outlet The Bell. It crystallizes a contradiction that has been building inside Russia's digital economy for years: aggressive internet isolation is now threatening the workforce the state most depends on to build its technological future.
A Problem the State Created for Itself
Russia's developers have found themselves cut off from tools that are effectively non-negotiable in modern software development. GitHub, the world's dominant platform for code sharing and version control, is routinely disrupted. Package repositories for Python, one of the most widely used programming languages, have become unreliable. Figma, the interface design platform used by product teams globally, is inaccessible. These are not niche services. They sit at the foundation of professional software work everywhere, including inside Russia's own strategically prioritized tech sector.
The difficulty Roskomnadzor faces is that its blocking infrastructure is not surgical. It tends toward broad disruption rather than precision. Efforts to restrict access to specific content or services frequently catch legitimate tools in the crossfire, and the regulator has shown little appetite for carving out exemptions on a case-by-case basis. Rather than revisiting that posture, the proposed solution is a single, centralized VPN tunnel that would route approved users' traffic out to the open internet - under conditions the state controls.
Why Russia's IT Community Is Refusing to Welcome the Offer
The reaction from developers and industry figures has been pointed. Sources who attended the June 8 meeting described the proposal as "shady," and their skepticism is technically well-founded. A VPN works by encrypting traffic between a user's device and a remote server, then forwarding that traffic to its destination. The privacy and security it provides depend entirely on who operates that intermediate server - and what they do with what passes through it.
A state-run VPN operated by the same body that enforces Russia's internet restrictions would place every developer's professional traffic - code commits, API calls, library downloads, design file transfers - on infrastructure Roskomnadzor directly controls. The agency would have structural visibility into which developers access which foreign services, at what times, and in what volumes. One meeting attendee told The Bell bluntly: "Cutting off Russians from international development tools will be even easier if everyone starts using the same VPN." That is not a minor concern. It describes a surveillance architecture that could be switched from permissive to restrictive at any point, with no recourse for users.
There are also practical concerns about the proposal's effect on Russia's relationships with foreign platforms. Concentrating outbound traffic through a single government gateway could make it straightforward for international services to identify and block Russian state-routed connections, potentially worsening access rather than improving it. Industry sources have flagged exactly this risk.
Beyond individual surveillance, commentators have noted the proposal risks institutionalizing a two-tier internet inside Russia - one version for a privileged professional class, another for everyone else. That distinction, once formalized, has a tendency to harden.
The Broader War on Circumvention Tools
Roskomnadzor has spent years attempting to make VPNs inaccessible to ordinary Russian internet users. Services that refused to comply with Russian data localization and content filtering requirements were progressively blocked. Since April of this year, Russian internet providers are legally obligated to detect and block active VPN connections, a technical requirement that pushes the enforcement burden onto the infrastructure level. The regulator has also faced accusations of conducting distributed denial-of-service attacks against VPN providers to disrupt their operations - a significant escalation if accurate, since it would constitute offensive action against foreign commercial services.
Despite this, Russian officials have themselves acknowledged that total prohibition is not achievable. VPN protocols are sufficiently flexible, and obfuscation techniques sufficiently developed, that determined users will find paths around national-level filtering. The technology exists in too many forms and too many jurisdictions to be cleanly extinguished. The state can raise the cost of circumvention, but it cannot reduce that cost to zero.
What this proposal reveals is that the Kremlin's internet strategy has reached a point of internal contradiction it can no longer paper over. The same controls designed to insulate Russian citizens from foreign influence are now undermining the country's capacity to develop software, train engineers, and maintain a functional domestic technology industry. A state VPN addresses none of that underlying tension. It offers a technical workaround while preserving - and potentially deepening - the surveillance infrastructure that makes independent access untenable in the first place.
Access Is Not the Same as Privacy
For context: the gold standard for VPN tools used by professionals who require genuine security is a service with an independently audited no-logs policy, meaning the provider is technically and legally prevented from recording user activity in ways that could later be disclosed or compelled. Jurisdiction matters too - services operating outside the reach of Russia's legal system cannot be served with data demands that Russian authorities could otherwise enforce.
A state-controlled VPN offers the opposite of these protections. It provides access - the ability to reach blocked services - while surrendering any meaningful privacy or operational security. For a developer debugging open-source code, that trade-off might seem acceptable. For a journalist, an activist, or anyone whose professional or personal communications carry legal or physical risk, it would be an actively dangerous tool to use. The distinction matters, and Russia's IT community appears to understand it clearly. Trust, once absent, is not restored by an access grant.
