I'm an ISP. It is not us. We face specific obligations due to our licensing. There are two primary requirements we must adhere to:
1) We have to filter URLs, domains, and IP addresses from the RKN blacklist. Failure to comply can lead to fines and the loss of the license.
2) We must purchase DPI hardware from a state-affiliated supplier. This equipment is installed on every internet access channel we manage, and we are required to hand control over it to a contractor associated with a state agency (RKN). The state refers to these DPI as ТСПУ (Технические Средства Противодействия Угрозам), which are purportedly designed to counter threats to Russian infrastructure. However, their current use primarily targets the bandwidth throttling to foreign services, aiming to encourage the adoption of locally-controlled alternatives. Because this DPI implementation falls under national security concerns, the state does not disclose its specific objectives or operations. No court approval is necessary for these actions. This lack of transparency allows state representatives to lie with a straight face to the public and the press regarding the true reasons behind the diminished performance of services like YouTube and Cloudflare. They always promote the use of local services instead, blaming foreign services for lacking compliance with local laws, proper technical support, and adequate resources.
The ISPs are unable to countermeasure this practice and even fail to provide their customers with a consistent explanation not contradicting the official position.
Which is true.
But yeah, things are going to get worse here in Russia in terms of internet censorship.
stek29•7mo ago
For example, when YouTube blocking first began, TSPUs were only throttling it on wired networks. This created an unfair advantage for cellular ISPs, prompting many people to cancel their wired internet contracts and switch to mobile networks.
Since there were no legal grounds for the block, and the government even denied the blocks, trying to blame the throttling on Google, some ISPs just started circumventing the blocks, effectively counteracting the TSPU blocks.
They soon had to stop doing that because of warrants and threats from Roskomnadzor — but it clearly illustrates that ISPs have virtually no control over internet blocking — in either technical or legal terms.
As for Cloudflare specifically — there’s more to the story, and I’m disappointed the post didn’t include more details.
Roskomnadzor is blocking TLS 1.3 ECH — and they are doing it for Cloudflare specifically, forcing Cloudflare users to disable ECH on their domains if they want their websites to be accessible in Russia when using up-to-date browsers.
This also means that, for the website using Cloudflare to be accessible, it needs plaintext SNI. Cloudflare also does not allow domain fronting.
This has allowed Roskomnadzor to implement selective allowlist-based blocking on Cloudflare networks, which is a new step in Russian internet censorship. It feels like Cloudflare could've done a more in-depth analysis of selective blockings, since they probably can see whether there are statistically noticeable differences in metrics for different domains.
References (some are in Russian):
On some regions having some services like Telegram blocked for months:
- https://ntc.party/t/в-дагестане-отключили-зарубежный-интерне...
- https://www.forbes.ru/tekhnologii/532303-v-dagestane-i-cecne...
- https://www.vedomosti.ru/technology/articles/2025/05/31/1114...
On ISPs getting threats from Roskomnadzor for un-throttling YouTube:
- https://www.cnews.ru/news/top/2024-08-29_mgnovennaya_reaktsi...
- https://www.forbes.ru/tekhnologii/520476-uskorausim-youtube-...
On cloudflare-ech being blocked (since November 2024):
- https://github.com/net4people/bbs/issues/417
- https://ntc.party/t/обсуждение-блокировка-замедление-ech-clo...
on allowlists:
- https://ntc.party/t/09062025-информация-по-блокировке-cloudf...
- https://ntc.party/t/белые-списки/16717/10