On May 27, 2026, the Russia VPN block campaign entered a dramatic new phase as Kod Durova reported an unprecedented wave of MTProto proxy failures rolling across the entire country. According to the publication, the outage struck all operators, internet service providers, and regions simultaneously, leaving millions of Telegram users unable to connect through the proxy infrastructure they have relied on for years to bypass Roskomnadzor's restrictions. This is the second large-scale wave in two months, following a similar event on April 1, 2026, and it signals that the regulator has dramatically improved its ability to identify and kill circumvention tools at scale.
What Happened on May 27
Reports from Russian users started flooding in during the early hours of May 27, with the same pattern observed everywhere: freshly published MTProto proxies stopped working within 30 minutes to 2 hours of being shared. An expert cited by Kod Durova summarized the situation bluntly: "RKN found another vulnerability in the MTProto-proxy mechanism, causing mass failures. Some users benefit from cascading through Russian servers." In other words, the only proxies still functioning reliably are those routing traffic through servers physically located inside Russia, which defeats the entire purpose of the tool for anyone seeking access to blocked foreign resources.
How Russia's VPN Block Works: Inside the TSPU
Engineers and independent researchers have identified several layers in this new generation of filtering. Russia's deep packet inspection (DPI) system, deployed through the TSPU equipment installed at every major ISP, is now capable of detecting the Fake TLS handshakes that MTProto-proxy uses to disguise itself as ordinary HTTPS traffic. The system is also fingerprinting Chrome client hello packets and blocking partial TCP-RAW traffic patterns that MTProto relies on.
- Chrome fingerprint blocking: DPI now recognizes the spoofed Chrome TLS signature used by MTProto.
- TCP-RAW filtering: Partial blocking of raw TCP behavior breaks the proxy handshake.
- Fake TLS detection: The disguise that worked for years no longer fools TSPU.
- Aging codebase: The MTProto-proxy protocol has not received a meaningful update since 2018, leaving it structurally exposed.
| Detection Method | How TSPU Blocks the Connection |
|---|---|
| Fake TLS Detection | Recognizes and blocks the disguise MTProto uses to spoof ordinary HTTPS traffic |
| Chrome Fingerprinting | DPI identifies the outdated or spoofed Chrome TLS signature used by the proxy |
| TCP-RAW Filtering | Partial blocking of raw TCP behavior breaks the initial proxy handshake |
| Aging Codebase | Exploits structural flaws in MTProto, which has not had a major update since 2018 |
A Broader Crackdown, Not an Isolated Incident
The proxy massacre fits into a much larger pattern. By February 2026, Roskomnadzor had blocked more than 469 VPN services, up from roughly 400 at the start of January - a 70 percent increase in just three months. On April 15, 2026, major Russian platforms including Ozon and Kinopoisk were ordered to begin blocking users who arrive via VPN connections, turning private companies into enforcement partners. Apple has already removed 761 or more VPN applications from the Russian App Store under government pressure, and Roskomnadzor has publicly stated its goal of blocking 92 percent of all VPN services by 2030, backed by a budget of roughly 20 billion rubles per year to build a permanent censorship infrastructure.
What Was Postponed
Not every restriction made it through, however. A planned surcharge on mobile data for international traffic exceeding 15 GB per month, widely seen as a financial penalty against VPN users, has been quietly postponed until after the September 2026 elections. Analysts read this as a political calculation: the Kremlin is willing to squeeze technical access aggressively but reluctant to hit ordinary mobile subscribers in the wallet during an election cycle.
The Human Scale of the Problem
Despite the legal status of Telegram remaining ambiguous, an estimated 65 million Russians continue to use the messenger every day, the overwhelming majority of them through some combination of VPN tunnels or MTProto proxies. The collapse of public proxy lists therefore does not just affect activists or journalists - it disrupts the daily communication habits of nearly half the adult population. With MTProto increasingly unreliable, attention is shifting toward more modern circumvention tools such as obfuscated WireGuard, Shadowsocks with plugin layers, and protocols specifically engineered to defeat TSPU fingerprinting.
What Russian Users Are Doing Next
Communities on Telegram and GitHub are already migrating toward protocols with active development teams and stronger anti-DPI resistance. For most users, the practical takeaway is that single-protocol solutions are no longer sufficient inside Russia: layered approaches, frequently rotated endpoints, and providers that ship obfuscation by default are becoming the baseline. Choosing a reputable, audited VPN with modern obfuscation has shifted from a privacy nice-to-have to a practical necessity for anyone who needs reliable access from inside the country.
