Back to blog

Russia's Mass MTProto Ban: Why Telegram Proxies Collapsed in May 2026

2026-05-316 min read
TelegramMTProtoDPITSPURussia censorship

May 27, 2026: The Day Public MTProto Proxies Died in Russia

At dawn on May 27, 2026, Russian Telegram users woke up to a new reality. Kod Durova, a channel tracking censorship events, reported an unprecedented wave of MTProto proxy failures rolling across every operator, every ISP, and every region simultaneously. Freshly published proxies stopped working within 30 minutes to two hours of being shared. For millions of Russians, the primary tool they had relied on for years to bypass Roskomnadzor's restrictions had become useless overnight.

This was not an isolated glitch. It was the second nationwide strike in two months, following a similar event on April 1, 2026. The message from the regulator was clear: Roskomnadzor has dramatically improved its ability to identify and kill circumvention tools at scale, and the MTProto-proxy protocol, last meaningfully updated in 2018, can no longer withstand modern deep packet inspection.

How the TSPU Learned to See Through Fake TLS

Russia's censorship backbone is the TSPU, Technical Means of Countering Threats, deep packet inspection boxes installed at every major internet service provider under the 2019 Sovereign Internet law. For years, MTProto proxies evaded these boxes by wrapping their traffic in a Fake TLS handshake, disguising themselves as ordinary HTTPS connections to an unsuspecting observer. That disguise no longer works.

Engineers and independent researchers have identified four specific detection layers now active in the TSPU:

  • Fake TLS Detection: The system recognizes and blocks the spoofed TLS handshake MTProto uses to mimic ordinary HTTPS traffic.
  • Chrome Fingerprinting: DPI identifies the outdated or spoofed Chrome TLS signature embedded in MTProto-proxy connections.
  • TCP-RAW Filtering: Partial blocking of raw TCP behavior breaks the initial proxy handshake before it can complete.
  • Aging Codebase Exploitation: The MTProto-proxy protocol has not received a structural update since 2018, leaving known vulnerabilities exposed.

The result is devastating for public infrastructure. Any MTProto proxy published publicly on May 27 burned out within two hours. Shared lists, public bots, and community channels that once circulated working endpoints have effectively become obsolete.

The Collapse in Numbers

The proxy massacre fits into a much larger pattern of escalation. By February 2026, Roskomnadzor had blocked more than 469 VPN services, up from roughly 400 at the start of January, a 17 percent increase in just two months. On April 15, 2026, major Russian platforms including Ozon, Wildberries, Sberbank, and Yandex were ordered to begin blocking users arriving via VPN connections, turning private companies into enforcement partners.

Apple has already removed 761 or more VPN applications from the Russian App Store under government pressure. Roskomnadzor has publicly stated its goal of blocking 92 percent of all VPN services by 2030, backed by an annual budget of roughly 20 billion rubles to build a permanent censorship infrastructure.

Despite these restrictions, an estimated 65 million Russians continue to use Telegram daily, the overwhelming majority through some combination of VPN tunnels or MTProto proxies. The collapse of public proxy lists therefore disrupts the daily communication habits of nearly half the adult population.

What Still Works: The Migration to Modern Protocols

With MTProto increasingly unreliable, attention inside Russian technical communities is shifting toward protocols with active development teams and stronger anti-DPI resistance. The practical consensus is that single-protocol solutions are no longer sufficient inside Russia. Users need layered approaches, frequently rotated endpoints, and providers that ship obfuscation by default.

The most discussed replacements include:

  • Obfuscated WireGuard: Forks such as AmneziaWG and AmneziaWG 2.0 modify WireGuard's fixed packet signatures, jitter, and handshake timing to evade TSPU fingerprinting while preserving the protocol's speed.
  • VLESS with Reality: The Xray-core implementation uses genuine TLS certificates and real website fronting, making traffic indistinguishable from legitimate HTTPS sessions to passive inspection.
  • Shadowsocks with Plugin Layers: Tools like v2ray-plugin or Xray-plugin add additional obfuscation on top of the Shadowsocks stream, complicating traffic classification.

For most users, the practical takeaway is that choosing a reputable, audited VPN with modern obfuscation has shifted from a privacy preference to a practical necessity. Providers that offer automatic endpoint rotation, multi-hop routing, and protocol fallback are becoming the baseline for reliable access from inside Russia.

Why the Kremlin Is Accelerating Now

The timing of the May 27 block is not accidental. Russia is approaching September 2026 parliamentary elections, and the Kremlin views information control as a prerequisite for regime stability. Not every restriction has survived political pushback. A planned surcharge on mobile data for international traffic exceeding 15 GB per month, widely interpreted as a financial penalty against VPN users, was quietly postponed until after the elections. Analysts read this as a political calculation: the Kremlin is willing to squeeze technical access aggressively but reluctant to hit ordinary mobile subscribers in the wallet during an election cycle.

Meanwhile, the government is preparing a far-reaching tightening of licensing criteria for telecommunications operators. If implemented, the plan would eliminate small and medium-sized broadband providers, currently accounting for roughly 30 percent of the market, and consolidate control into an oligopoly of five state-influenced giants: Rostelecom, VimpelCom, ER-Telecom, MTS, and MegaFon. The Association of Small Telecom Operators of Russia has warned that this could leave remote and frontline areas without service, where large companies have long deemed operations unprofitable.

Conclusion: A Milestone, Not a Glitch

The May 27 Russia VPN block is a milestone. Roskomnadzor has demonstrated that it can disable an entire class of circumvention tools nationwide in a single coordinated push. MTProto in its current form is on its way out for Russian users, and the next eighteen months will be defined by how quickly newer, obfuscation-first protocols can replace it. For anyone relying on Telegram or independent information sources from inside Russia, the era of single-protocol, set-it-and-forget-it circumvention is over. The new baseline is layered, rotated, and actively maintained.

Source: Russia VPN Block: MTProto & VPNs Mass-Banned May 2026