On June 4, 2026, the developers behind Amnezia VPN — one of the most widely used circumvention tools inside Russia — made a claim that, if accurate, marks a meaningful escalation in how Moscow polices its internet. "For the first time," they wrote, "we can state as fact that Roskomnadzor has begun not only blocking VPN servers but actively attacking our infrastructure." The service described an "unprecedented DDoS attack coupled with the targeted blocking of an array of Amnezia VPN IP addresses", beginning in late May and leaving free and premium users unable to hold stable connections for days.
From filtering to flooding
The distinction matters. For years, Russia's censorship apparatus has worked by denial — refusing to route packets to disfavored destinations. What Amnezia alleges is disruption: directing a flood of traffic at privately operated servers to knock them offline. According to Meduza, connectivity problems began in late May, Amnezia formally announced the attack on June 1, and the company issued its direct accusation against Roskomnadzor on June 4. A second provider, BlancVPN, reported parallel disruptions over the same window, with one representative noting that there had been more blockings in 2026 than in 2025, and more in 2025 than in 2024. Roskomnadzor did not comment.
None of this can yet be independently attributed to the regulator with forensic certainty — DDoS traffic is, by design, hard to trace, and the agency's silence leaves the providers' word as the primary record. We flag that caveat plainly. But the allegation is consistent with the trajectory of Russian enforcement, and it deserves to be taken seriously rather than dismissed.
The machinery behind the claim
The escalation rests on infrastructure built over seven years. Russia's "sovereign internet" law (Federal Law 90-FZ), enacted in 2019, requires every internet service provider in the country to install state-supplied "technical means of countering threats" (TSPU) — deep-packet-inspection equipment controlled centrally by Roskomnadzor, not by the carriers themselves. As Human Rights Watch documented, that hardware shifted Russian censorship from a blacklist model to direct, non-transparent control of the traffic stream itself: by February 2026 the agency had confirmed blocking 469 VPN services, up from roughly 197 in October 2024.
The state is doubling down on the hardware. As Mediazona reported, citing Kommersant, the government plans to raise TSPU's processing capacity roughly 2.5-fold by 2030, to around 954 terabits per second, at a cost near $186 million. By late 2025 the system had begun blocking entire VPN protocols by behavioral fingerprint — including VLESS, a protocol specifically engineered to look like ordinary web traffic. Magistrates' courts in Moscow and St. Petersburg have started fining ISPs whose traffic was found bypassing TSPU at all. An agency with that posture turning its capacity outward, from filtering to flooding, is a difference of degree, not of kind.
Steelmanning the state
The strongest case for aggressive action is not imaginary. The line between a privacy VPN and abusable proxy infrastructure is genuinely blurry, and real harm flows through the gap. In May 2026, Dutch authorities dismantled a botnet of more than 17 million compromised devices tied to ASOCKS, a Russia-based residential-proxy network whose services were used for DDoS attacks and command-and-control hosting. Every government has a legitimate interest in disrupting criminal proxy networks, and proxy traffic does not announce whether it carries a dissident's browsing or a botnet's payload.
But that case collapses on the specifics here. Amnezia is a consumer privacy and censorship-circumvention tool, not a criminal proxy ring, and the alleged remedy is not a court-ordered takedown coordinated with the host country — the model the Netherlands used against ASOCKS — but a unilateral cyberattack on civilian infrastructure that often sits outside Russian jurisdiction. A state that DDoSes private servers it dislikes is not enforcing law; it is conducting offensive operations against tools whose primary users are its own citizens reading the open web.
Why proportionality is the whole argument
We support a state's authority to pursue genuine cyber threats. What proportionate regulation cannot license is an enforcement method that is indiscriminate by construction. A DDoS flood does not distinguish lawful users from unlawful ones; it simply degrades a service until it fails. When the same DPI apparatus that already blocks 469 services and fines carriers for leaks begins actively attacking infrastructure, the cost is borne overwhelmingly by ordinary Russians using encryption for the reasons people everywhere do — banking, journalism, private correspondence.
There is also a contagion risk worth naming. Normalizing state-run DDoS against disfavored services lowers the threshold for every other government tempted to treat the open internet as a battlefield rather than a commons. The healthier path is the one the sovereign-internet model rejects: narrow, transparent, court-supervised action against specific criminal conduct, leaving the general-purpose encryption that secures the entire economy intact. Russia's apparatus is now optimized for the opposite — breadth over precision, disruption over due process. The Amnezia incident is a preview of where that logic leads.