Monday, 11 August 2025 06:54

From Firewall to Iron Curtain: Russia’s Digital Gulag Featured

Russia is hurtling toward its own “Cheburnet” with the roar of a tank stripped of its muffler. The model pinned above the desk is China’s Great Firewall, but the Russian copy is pure local craftsmanship: improvised, graft-ridden, and tailored to the needs of the security establishment, which still measures success in intercepted SMS messages and the annual quota of “traitors” convicted. The promised destination is “digital sovereignty”; the reality looks more like electronic shackles.

The warning signs came long ago. YouTube was banned, “hostile” social media platforms were declared extremist, and recently even a clumsy search query has become grounds for prosecution. Under a new amendment to Article 13.53 of the Administrative Code, the “deliberate search for extremist materials” is a punishable offense. Ernest Valeev, deputy head of the Security Committee, assures citizens that “those who aren’t searching intentionally have nothing to fear.” In Russia, such reassurances are less than comforting: if the state needs a law for you, it will find one.

The latest step is the launch of the national messenger MAX—a product seemingly assembled not in a tech incubator, but in a basement, with wires, duct tape, and an official ID badge lying on the table. From September 1, it will come preinstalled on every new smartphone in the country. Tomorrow? Perhaps a fine for deleting it—or even arrest. Regional administrations are already “migrating” first. Komi, Kemerovo, St. Petersburg report in unison. Promotional banners beam with smiling officials, praising convenience. They omit, of course, what lies under the hood.

 

A Trojan Horse with a Security Badge

MAX is not merely “a messenger for sovereign communication.” It behaves like a piece of malware—albeit one sanctioned “in the interests of national security.” Upon installation, it requests the full range of permissions: constant location tracking, access to SMS, call logs, contacts, calendars, microphone, camera, clipboard, and full device administrator rights. Grant them, and they cannot be revoked; refuse, and core features will be disabled, accompanied by a quiet flag to the authorities: this citizen objected to security.

It runs permanently in the background, immune to force-stopping or removal through standard settings. Copy a one-time password from a banking SMS, and it is instantly logged on the server. Take a screenshot, and it is silently transmitted. Switch off location services, and it quietly triangulates your position via cell towers and Wi-Fi networks—an ankle bracelet in all but name.

Code audits by independent researchers uncovered more than 1,200 references to TamTam—the failed Telegram clone Mail.ru Group attempted to push seven years ago. The media engine is identical. Fragments of the interface are identical. Even outdated OpenSSL versions remain in place. TamTam’s security flaws were carried over wholesale: “man-in-the-middle” attacks are still possible, and chat encryption conveniently ends where official interest begins.

 

The Tailor of a Leaky Suit

The developer’s identity is obscured by corporate camouflage. Officially, MAX was created by LLC “Communication Platform”, a company incorporated in September 2024 and immediately elevated to the federal stage. Its CEO, Elena Bagudina, is a serial nominal director, heading a dozen zero-revenue companies sharing the same phone line.

A few layers down, the old ownership resurfaces: VK Holding. Three VK-branded LLCs are listed as co-founders, effectively signalling, “Yes, it’s us again. This time with root access.” Given Mail.ru’s history of leaked credentials—VKontakte, Odnoklassniki—one can reasonably predict where dinner plans discussed on MAX will ultimately end up.

The main customer is unnamed, but the permissions list reads like an FSB wish-list. In practice, MAX functions as Mobile SORM 4.0: user-to-server encryption is undone by provider-held keys, and “callback” functionality allows security services to activate a microphone or download chat histories at will—legally, instantly, and without warrants.

 

Target: Telegram

For a public accustomed to choice, the most popular button in MAX was “delete.” Ratings in Google Play and the App Store crashed to one star within days, as suspicious five-star reviews were purged.

White-glove PR having failed, the next move was black propaganda—directed at Telegram. The tactic was textbook: accuse your rival of precisely your own sins. Creators of the FSB-backed MAX launched a campaign equating Telegram with the security services, commissioning an “investigation” video titled “Telegram, the FSB, and the Man in the Middle.”

The narrative, loosely stitched together, pointed to Telegram’s servers in Miami, maintained by Global Network Management, whose owner, Vladimir Vedeneev, once ran a company that many years ago provided fibre-optic services to the Presidential Property Management Department. From there, the chain of logic leaps: the presidential office equals the FSB, “once” becomes “always,” and Vedeneev becomes a Kremlin spy able to read every message.

No technical or legal basis is provided—“remote hands” technicians replace hardware; they do not decrypt chats. But the piece relies on the right buzzwords: “bots,” “surveillance,” “Kremlin propaganda,” “security services.”

Pavel Durov dismissed the claims as technically illiterate, legally void, and politically obvious. No keys are held by the provider, Telegram has no Russian subsidiaries, and Miami is simply a colocation site. Predictable, but the rebuttal was itself part of the plan: the point was not to persuade the thoughtful, but to seed distrust. Once the air is contaminated, every truth smells suspect.

 

The Predictable Endgame

The strategy is transparent. The FSB gains immediate blocking powers at the first hint of “danger.” VK clears the market of a competitor unwilling to surrender encryption keys. Bureaucrats earn political cover for mandating MAX on every device. But every smear campaign betrays its target: the harder they attack Telegram, the clearer the unspoken advice—delete MAX.

The dystopian plot is now on autopilot. On the shelf, a brand-new phone with factory-fresh plastic—and MAX embedded beyond removal. Purchase it, and you’ve subscribed to constant surveillance. Telegram stalls behind yet another wall of DPI filtering. Each week brings a friendly letter from your provider: “For your safety, we recommend switching to the national messenger.” Recommend. Insist. Require—the font grows bolder with time.

Everything you share travels in two directions: one pipe to analytics centres where algorithms stitch your movements, habits, and conversations into neat dossiers; the other, through TamTam’s old vulnerabilities, into the darkest corners of the internet, where for a few hundred crypto-rubles you can buy what was once called private—passport scans, guest lists, even the menu for a family dinner.

In the morning, you plan a romantic evening. By nightfall, a bot offers you “perfect” roses and an online course in relationship repair.

This is “digital sovereignty” in its crash-built form: a state-protection label on the outside, corroded valves on the inside. Unless the process is stopped, every word will soon be in a file—and no one will know who opens it first.

Published in Main news
More in this category: 10 Million Gone, Not a Penny Left: How Maurice Anisimov Pulled Off His Financial Trick »
back to top

TOP

“Which way, American man?”: The Utility of Memes for the Trump Administration

Saturday, 08 November 2025 13:16

This County Was the “Model” for Local Police Carrying Out Immigration Raids. It Ended in Civil Rights Violations.

Tuesday, 21 October 2025 09:11

The Interview

The Unseriousness of Young Revolutionaries

  • Saturday, 08 November 2025 13:15

Erdogan Condemns Netanyahu While Waging His Own War on the Kurds

  • Saturday, 08 November 2025 13:15

The Amazon Under Threat: The Urgency of COP30 in Brazil

  • Saturday, 08 November 2025 13:14