Roskomnadzor has long been testing the isolation of the Russian internet, known as the “sovereign internet.” This is part of a project designed to enable the Russian internet to operate independently of the global internet. These actions are linked to attempts to tighten control over information and protect against external threats, as they claim.
The last time the RKN disconnected Russia from the global internet was on December 6, 2024, as part of a drill. At that time, foreign services ceased to function entirely in Chechnya, Dagestan, and Ingushetia.
During RNA exercises, some regions of the Russian Federation experience problems accessing foreign websites, including social media platforms and online services. As a rule, such exercises cause concern among users and businesses, as access to international resources becomes restricted.
What is the “Great Russian Firewall”?
First of all, we need to understand what exactly 金盾工程, or “The Great Chinese Firewall” (or "The Golden Shield"). There are several methods for blocking websites that are used in “Golden Shield”:
- IP blocking — access to a host via its IP address is prohibited. If the server is running shared hosting, access will be blocked to all hosted websites.
- DNS filtering and redirection — domain names do not resolve, or incorrect IP addresses are returned.
- URL filtering — blocking based on a URL or a keyword in the resource's URL.
- Packet filtering — interrupting the transmission of TCP packets based on keywords found in the packet.
- Connection reset — if you attempt to access a resource that has been blocked based on a keyword again, all subsequent attempts to connect to that resource will also be blocked for 30 seconds. Users who are behind the same NAT as the violator often suffer from this type of block.
- SSL man-in-the-middle attack — a classic MITM attack in SSL.
- Active IP probing — actively scanning the network and non-public IP addresses for prohibited content. Any resources found are blocked in accordance with items 1 and 2.
- VPN/SSH traffic recognition — identifies VPN and SSH traffic. They have already learned to block VPN connections if the company has not obtained authorization from the Ministry of Industry and Information Technology of the People's Republic of China.
As we can see, only a small fraction of the blocking methods are currently in place in Russia. But the Russian Federation is moving steadily and consistently toward full 金盾工程.
If Russia really will be disconnected from the global internet based on the Chinese model (full-fledged “The Great Russian Firewall” (including DPI, MITM, VPN blocking, and keyword filtering), then here's what can actually work, and what is just a pipe dream.

🚫 What WON'T work in the case of a “strict firewall”?
Standard VPNs (NordVPN, Surfshark, etc.) — will be blocked via DPI and SIGINT, especially if they don't use obfuscation.
Tor Browser — would be pointless if the bridges are blocked and access to the Tor network is impossible (as in China).
Telegram Proxy (MTProto) — They already know how to catch and cut them. That was back in 2018–2020, and they’ll be able to do it again.
DNS-over-HTTPS without masking — It's burning and flickering.
Cloud Proxies via CDN — They overheat with prolonged use.
SSH Tunnels and Shadowsocks Without Obfuscation — They burn and cut through in a flash.
✅ What MIGHT work (but with some caveats and precautions)
1. Obfuscated VPN (StealthVPN, Obfs4, XTLS, Shadowsocks-RUST)
- These are VPNs disguised as regular HTTPS traffic.
- Some people use the Xray + VLESS + XTLS + Reality protocol—a complex stack, but it actually bypasses China's Great Firewall.
- Shadowsocks-RUST with obfuscation via TLS is also a viable solution.
- But: they can be tracked down if the server's IP address is discovered.
2. Tor via bridges + obfs4 or meek
- Tor doesn't work on its own, but it can connect through obfuscated bridges (obfs4).
- Meek bypass — a proxy using domains like Google or Microsoft (via a CDN), but it's slow and unreliable.
3. Decoy Routing (Refraction Networking)
- Technology used in the U.S. and Europe (for example, in the CensorSpoofer and TapDance systems).
- It's not widely available yet, but in theory, it's possible to integrate it into the traffic of popular websites.
- It works as a passive way to bypass censorship, but requires support from international service providers.
4. Peer-to-peer and mesh networks
- Freenet, I2P, Yggdrasil, and cjdns are alternative network protocols that operate without centralized DNS and IP addressing.
- They operate on the principle of a mesh network, but they have slow data transfer, limited content, and require technical expertise.
5. Satellite Internet
- Starlink, OneWeb, and others.
- Starlink isn't sold in Russia (and never will be), but if you have the physical equipment and take precautions to hide it, it will work. That said, you could end up in jail for doing so.
- People who have tried to pull off such schemes in border areas have already been caught.
6. Sneakernet 2.0
There are examples from China where VPN clients and Tor updates were distributed in this way.
USB flash drives, hard drives, QR codes, offline data transfer—yes, these will become relevant again. Especially if all external traffic is blocked.

💣 What will be critical
Even if you find a way, it could be blocked within 1–7 days, especially if the IP address is not dynamic.
All detours will be depend heavily on exactly how the filtering is implemented. DPI? MITM? Complete IP blocking? SSL spoofing?
Firewall can be flexible: They allow access to YouTube but block Reddit. Or they disable Cloudflare but allow access through Google.
🛡 What should we do right now?
Install alternative apps on PCs and phones firewalls and proxy clients in advance (Otherwise, you won't be able to download it later.)
Configure my own VPS abroad (in Europe or the U.S., preferably with no Russian IP addresses in the logs).
Use VMess/VLESS with TLS+XTLS or ShadowsocksR with obfuscation.
Learn how to use Tor bridges and meek, do not rely on the standard Tor.
Learn more about Yggdrasil, cjdns, and mesh networks.
Have backup access to content via IPFS or local archives.
The history of Russia’s “Sovereign Internet,” which many compare to China’s “Golden Shield”—but without China’s technical capabilities. Instead, it is driven by Russian enthusiasm and authoritarian ingenuity:
- 2011 — The Safe Internet League drafted amendments to Federal Law No. 139-FZ “On the Protection of Children from Harmful Information”
- 2012 — Amendments to Federal Law No. 139-FZ take effect; Roskomnadzor’s blacklist
- 2013 — The Hentai Ban
- 2014 — Mandatory user identification on public Wi-Fi networks (Decree of the Government of the Russian Federation No. 758, dated July 31, 2014).
- 2015 — The Safe Internet League signed a cooperation agreement with the China Information Security Association, which calls for holding a Russia-China forum twice a year. Promotes the concept of “pre-filtration.”
- 2016 — The “Safe Internet Forum” was held.
- 2017 — The so-called “Yarovaya Package” was adopted. It requires telecommunications operators and internet companies to store all user data (messages, calls, traffic) for up to six months, and metadata for up to three years, and to hand it over upon the first request from law enforcement agencies. Companies began to panic: the volume of data to be stored was enormous, and the infrastructure was not ready.
- 2018 — Mandatory requirements were introduced for the preinstallation of domestic software on government systems and devices. This applied to both web browsers and antivirus software. A campaign began to promote Russian software—often clunky, but “patriotic.” At the same time, controls over VPNs and anonymizers were tightened: they were required to cooperate with Roskomnadzor or face being blocked.
- 2019 — A law on the “sovereign internet” was passed. It enshrines the ability to isolate the Russian segment of the internet from the global network and mandates the creation of a national traffic routing system. Roskomnadzor gains control over Internet exchange points and is required to deploy Deep Packet Inspection (DPI) at the ISP level. The first real-world tests of the “autonomous Runet” began.
- 2020 — Mandatory labeling of “information products” is introduced, even on social media and messaging apps. YouTube bloggers and TikTok influencers are targeted. Meanwhile, a national domain name system is being developed—just in case the country is cut off from ICANN. At the same time, drills are being conducted to test the isolation of specific regions from the global internet.
- 2021 — Against the backdrop of the elections, pressure mounts on major platforms: Twitter, Facebook, and YouTube. They are fined for “refusing to remove prohibited content.” YouTube is accused of “censoring Russian media.” The promotion of domestic alternatives—such as Rutube, YaRUS, Smotrim, and others—begins. At the same time, the first major test of the Runet infrastructure’s resilience is conducted, involving the shutdown of international traffic in several regions.
- 2022 — Following the outbreak of the war in Ukraine, the issue of digital sovereignty becomes critically important. The transition to domestic servers, software, and cloud services accelerates. Google, Meta, Instagram, and Twitter are all blocked or restricted. Demand for VPNs is skyrocketing, and at the same time, there are attempts to block them on a massive scale. A registry of sites “spreading fake news” about the special military operation is introduced, and websites are being blacklisted en masse.
- 2023 — A Center for Traffic Monitoring and Threat Analysis is established under Roskomnadzor. The “Digital Passport Law” is enacted: to gain full access to certain resources, citizens must verify their identity through “Gosuslugi.” The widespread implementation of DPI continues, and the concept of “deep traffic filtering” emerges. The internet begins to lag and behave like a school network with a firewall—but on a national scale.
- 2024 — Roskomnadzor conducts large-scale drills to completely disconnect Russia from the global internet — December 6 beheaded International services in Chechnya, Dagestan, and Ingushetia. These regions are becoming a testing ground for a regime of complete isolation. A pilot “digital user trust rating” system is being introduced—unofficially, through banking and IT services.
- 2025 (as of mid-year) — Runet is ready for full autonomy. The national infrastructure for DNS, email, social media, search engines, and video hosting is functioning with varying degrees of success. VPNs are blocked at the ISP level, SSL encryption is intercepted, and the use of domestic encryption algorithms is being actively promoted. The introduction of a “Russian SIM card” with a built-in access level to Runet is expected.
Many compare the current situation to China’s “Golden Shield”—but without China’s level of technical expertise. Instead, it features Russian enthusiasm and authoritarian ingenuity.

0 comments
Enter your email and we will send you a one-time code. No passwords or accounts.
Code sent to
If the email doesn't appear in your inbox within a few minutes, check your spam, junk, or promotions folder, as some email services may mistakenly place automated messages there