The agency responsible for blocking VPNs across Russia now wants to build one. Roskomnadzor, the country's federal media regulator, has proposed creating a unified, state-controlled VPN service to help domestic IT specialists reach the foreign coding platforms they can no longer access - platforms blocked, directly or indirectly, by the regulator's own censorship apparatus. The plan was discussed at a June 8 meeting between Roskomnadzor's deputy head, Oleg Terlyakov, and representatives from several Russian IT companies, and was first reported by the independent Russian outlet The Bell.
A Problem the State Created for Itself
For years, Roskomnadzor has waged an escalating campaign against tools that allow Russians to reach the uncensored internet. That campaign has not been surgical. In blocking circumvention tools and restricting traffic associated with VPN protocols, the regulator has also severed access to resources that Russia's own technology sector depends on daily. Developers report being cut off from GitHub, the world's dominant platform for code collaboration and version control; from package repositories for the Python programming language; and from Figma, the design tool widely used in software development workflows. These are not peripheral luxuries. For a working developer, losing access to them is roughly equivalent to a carpenter losing access to lumber.
Since April, Russian internet providers have been legally required to detect and block active VPN connections - a technical obligation that has tightened the net considerably. The Kremlin has long maintained that VPN restrictions are a matter of national sovereignty and information security. The consequence of that posture, apparently unexamined until industry complaints forced a meeting, is that the country's strategically important tech workforce has been caught in the same net as the dissidents and journalists the restrictions were designed to target.
Rather than revisiting the underlying policy, the regulator's proposed answer is a government-managed VPN designed, in Terlyakov's framing, for "those who really need it." The circularity is striking: a body that has spent years telling the public that VPNs are dangerous tools for bypassing legitimate state controls now proposes to run one itself.
Why the IT Community Is Refusing to Trust It
A VPN, at its most basic, is a tunneling mechanism. Traffic from a user's device is encrypted and routed through a remote server before reaching its destination; to any observer watching the connection at the network level, the data appears to originate from that server rather than the user's actual location. The privacy value of this arrangement depends entirely on who controls the server. A commercial VPN provider operating under a strict, independently audited no-logs policy in a jurisdiction with strong data protection laws offers meaningful protection precisely because it has neither the ability nor the legal obligation to hand over user activity records. A server run by the same government agency that mandates surveillance and blocks dissent offers none of those assurances.
Russia's IT community has responded to the proposal with open skepticism. Attendees at the June 8 meeting described the idea as "shady," and the concern is not abstract. Routing all developer traffic through a single, state-managed gateway would give Roskomnadzor visibility into exactly which foreign platforms are being accessed, by whom, and how frequently. One source who attended the meeting put the risk plainly: cutting Russians off from international development tools would become even easier if every developer is already using the same chokepoint. A single policy decision, or a single technical command, could terminate access for the entire profession at once.
There are also concerns about the proposal's international dimensions. A centralized state VPN endpoint would be a visible and identifiable target; foreign platforms and services might block traffic originating from it, either deliberately or as a byproduct of routine security filtering. The result could be a tool that offers neither the freedom developers need nor the security a professional environment demands.
The Structural Contradiction at the Heart of Russian Internet Policy
What the Roskomnadzor proposal exposes is not merely a bureaucratic blunder but a structural contradiction that has been building for years. The Kremlin's vision of a "sovereign internet" - a domestic network that can be isolated from the global web and controlled from within - has always sat uneasily alongside Russia's ambitions as a technology-producing nation. Writing software in the modern era is a globally networked activity. Open-source libraries, collaborative repositories, international documentation, and cloud-based tooling are not optional features of contemporary development; they are the infrastructure on which almost all professional software work depends.
Russian officials have already been forced to acknowledge, in public statements, that fully banning VPN use is "simply impossible." The technology is too widely distributed, too embedded in legitimate professional practice, and too adaptable to enforcement pressure for any single regulator to eradicate. More recently, Roskomnadzor was accused of directing distributed denial-of-service attacks against VPN providers - a drastic escalation that reflects the limits of conventional blocking rather than its success.
The state VPN proposal fits this pattern. Unable to make its restrictions technically complete, and unwilling to relax them politically, the regulator is attempting to manage the damage through a controlled exception. But that approach comes with its own risks. Several commentators have warned that a privileged access tier - a class of users granted approved connectivity while others remain blocked - would formalize a two-tiered internet and concentrate surveillance capability rather than reduce it. For Russia's developers, the prospect of trading one form of restriction for another, this time with monitoring built in by design, is not much of an offer.
What Genuine Secure Access Actually Requires
The irony of the situation is that the technical problem Roskomnadzor is trying to solve has known, proven solutions. Reputable commercial VPN services with independently verified no-logs policies, operating under jurisdictions that do not compel data disclosure, already provide exactly the kind of secure, stable access to international resources that Russian developers need. The distinguishing features of trustworthy services are transparency - published privacy policies, third-party audits, clear ownership structures - and the legal and technical inability of the provider to produce records of user activity even if required to do so.
A state-run VPN, by definition, inverts every one of those properties. The operator is the surveillance authority itself. There is no independent audit, no competing jurisdiction, and no structural reason to believe that traffic logs would not be retained and used. For developers handling proprietary code, communicating with international clients, or simply trying to do their jobs without generating a government record of their professional activity, that is not a workable arrangement.
The deeper problem is that no technical patch can resolve a policy contradiction. As long as Roskomnadzor pursues both aggressive internet restriction and a functional domestic technology industry as simultaneous goals, it will keep producing proposals that serve neither one well.
