Russia’s latest messaging crackdown is the cleanest real-world stress take a look at of decentralization in years, and it produced an ungainly consequence.
Roskomnadzor started throttling Telegram on Feb. 10, citing “non-compliance.” Two days later, authorities totally blocked WhatsApp, eradicating its domains from Russia’s nationwide registry and forcing customers towards VPNs or MAX, a state-backed messenger that critics describe as surveillance infrastructure disguised as a chat app.
The Kremlin had already mandated the preinstallation of MAX on all gadgets bought in Russia, efficient Sept. 1, 2025.
The transfer appeared tailored to vindicate decentralized messaging. Right here was textbook censorship taking part in out in actual time, consisting of DNS manipulation, registry disruption, and platform coercion towards companies with greater than 4 billion mixed customers.
But the “censorship-resistant” alternate options constructed over the previous decade remained marginal. Customers did not flood into Session, Standing, or XMTP-based inboxes.
They patched the issue with VPNs and complained on Twitter.
The decentralization thesis did not fail as a result of the know-how does not work. It failed as a result of the know-how addresses an issue most customers do not acknowledge, and introduces trade-offs they’re unwilling to just accept.
Three-layer mismatch
What folks name “decentralized messaging” truly bundles three distinct properties that not often align in follow.
Content material privateness means end-to-end encryption by default. WhatsApp makes use of the Sign Protocol for all messages and calls. Telegram doesn’t, as E2EE applies solely to Secret Chats, that are device-bound and do not sync throughout platforms just like the service’s default cloud chats.
Most Telegram customers do not toggle Secret Chats on, which makes the service’s “personal” status deceptive underneath strain.
Community resilience refers to blockability. Centralized companies current predictable choke factors, comparable to DNS information, IP ranges, and CDN infrastructure.
Russia’s WhatsApp motion exploited precisely that. Peer-to-peer programs scale back reliance on a single endpoint, however they commerce off reliability, battery life, and the supply ensures that mainstream customers anticipate.
Platform resilience is the layer nearly nobody discusses. Even apps marketed as decentralized depend upon Apple and Google’s push notification programs (APNs and FCM) to ship messages immediately within the background.
These push rails create quiet centralization and metadata publicity, as Apple and Google might be legally compelled to share push notification metadata in some jurisdictions.
The coordination downside no protocol can resolve
Community results function as a mathematical lock-in.
WhatsApp studies greater than 3 billion month-to-month lively customers. Telegram claims over 1 billion. Switching prices are coordination prices: the worth of a messaging app scales with the variety of your contacts who use it, and the transition penalty grows exponentially with community dimension.
Cellphone numbers make this each worse and higher on the similar time.
Sign nonetheless requires phone-number registration even after introducing usernames. The choice is not an oversight, as Sign’s personal documentation argues that cellphone numbers allow discoverability and assist resist spam.
Decentralized programs that remove cellphone numbers should change that total scaffolding with one thing else. Most have not.
Crypto-native messaging protocols comparable to XMTP take a unique method, constructing identification round pockets addresses.
This creates composability throughout apps and reduces platform lock-in. Nonetheless, it additionally inherits issues that destroy mainstream usability: key custody dangers, restoration failures, and identification confusion when customers juggle a number of wallets.
Spam because the adoption ceiling and the cell OS lure
Open networks turn out to be spam magnets until constrained by identification programs, price limits, or financial prices. XMTP’s documentation explicitly states that permissionless networks will appeal to spam and that content-level moderation can not happen on the protocol layer if messages are encrypted.
The burden shifts to consent lists managed by particular person purchasers and apps.
Each mechanism which may curb spam, comparable to identification proofs, token staking, and status scores, dangers re-centralizing energy or undermining anonymity.
Should you require proof of personhood to ship a message, you’ve got created a brand new registry and a brand new assault floor. Should you cost a charge, you’ve got excluded low-income customers and created alternatives for rent-seeking.
Mainstream customers anticipate immediate supply. On iOS and Android, that expectation will depend on background push notifications routed by way of APNs and FCM.
Even apps that place themselves as decentralized, comparable to Briar, Standing, and Session, both compromise on “immediate” supply or settle for the centralization imposed by push programs.
Push infrastructure additionally exposes metadata: who messaged whom, when, and from the place. Authorities can compel Apple and Google to share that knowledge in lots of jurisdictions.
For prime-threat customers, it is a deadly flaw. For everybody else, it is invisible, till it is not.
| Possibility | Layer 1: E2EE by default? | Layer 2: Block / throttle resistance | Layer 2: Main choke factors | Layer 3: Push (APNs / FCM) for “immediate”? | Layer 3: App-store dependence | Adoption: Identification mannequin | Adoption: Restoration | Adoption: Spam / abuse posture | Adoption: Mainstream UX gaps |
|---|---|---|---|---|---|---|---|---|---|
| ✅ Sure | ❌ Low | DNS / IP / CDN; centralized servers | ✅ Sure | ✅ Excessive | Cellphone quantity | ✅ Easy | ⚠️ Centralized enforcement | ✅ Minimal (baseline feature-complete) | |
| Telegram (Default cloud chats) | ❌ No | ❌ Low | DNS / IP / CDN; centralized servers | ✅ Sure | ✅ Excessive | Cellphone quantity | ✅ Easy | ⚠️ Centralized enforcement | ✅ Minimal (feature-complete) |
| Telegram (Secret Chats) | ⚠️ Optionally available | ❌ Low | Identical as above (service nonetheless centralized) | ✅ Sure | ✅ Excessive | Cellphone quantity | ✅ Easy | ⚠️ Centralized enforcement | ❌ Multi-device sync (device-bound); UX friction |
| Sign | ✅ Sure | ❌ Low–Med | Centralized servers; area/IP | ✅ Sure | ✅ Excessive | Cellphone quantity (usernames assist, nonetheless phone-based) | ⚠️ Average | ⚠️ Centralized + price limits | ⚠️ Community results / “second messenger” |
| Matrix (Ingredient) | ⚠️ Optionally available / will depend on setup | ⚠️ Medium | Residence servers; federation hyperlinks; public servers | ✅ Sure | ✅ Excessive | Username (server-based) | ⚠️ Average | ⚠️ Server / neighborhood moderation | ⚠️ Admin/UX complexity; inconsistent defaults |
| Briar | ✅ Sure | ✅ Increased | Gadget availability; Tor bridges; native connectivity | ❌ No (not “immediate” like mainstream) | ⚠️ Medium | QR/peer add; no cellphone quantity | ❌ Onerous | ⚠️ Restricted floor; smaller networks | ❌ Reliability / always-on; battery; onboarding |
| Session | ✅ Sure | ⚠️ Medium–Increased | Relay community / routing layer; endpoints | ⚠️ Partial | ✅ Excessive | Session ID (no cellphone) | ❌ Onerous | ⚠️ Consumer-side + community guidelines | ⚠️ Supply reliability; UX studying curve |
| Standing / Waku | ✅ Sure | ⚠️ Medium | Waku relays; bootnodes; app infra | ⚠️ Partial | ✅ Excessive | Pockets / keypair | ❌ Onerous | ⚠️ Consumer-side consent + filters | ⚠️ Beta maturity; spam/identification friction |
| XMTP-based inboxes | ✅ Sure (message-level) | ⚠️ Medium | XMTP community nodes / relays; endpoints | ⚠️ Partial | ✅ Excessive | Pockets handle | ❌ Onerous | ⚠️ Consumer-side consent; spam assumed | ⚠️ “Who am I messaging?”; key mgmt; historical past sync pitfalls |
Efficiency tax and have regression
Multi-device sync, massive group chats, media attachments, message search, and cloud backups are options customers barely discover till they break.
Pure peer-to-peer architectures make it troublesome or unattainable to implement these options with out introducing a relay or storage layer.
Telegram illustrates the trade-off immediately. The service’s default cloud chats sync seamlessly throughout gadgets, however they do not use end-to-end encryption. Secret Chats use E2EE, however they’re locked to a single machine and can’t be synchronized.
That is the price of sustaining the privateness assure, not a compromise.
Matrix, the federated protocol behind Ingredient and different purchasers, gives self-hostable infrastructure and avoids single-operator management.
Nonetheless, federation shifts complexity to directors and nonetheless leaves blockable server targets.
Why the alternate options keep area of interest
Sign has the most effective privateness defaults within the business, nevertheless it stays a second messenger for many customers. The phone-number requirement reduces anonymity, and the smaller community means it is the place activists go, not the place everyone seems to be.
Briar was designed explicitly for crises, because it operates over Tor, Bluetooth, and Wi-Fi Direct to avoid shutdowns. That design is why it is area of interest. Onboarding is more difficult, battery drain is bigger, and always-on supply does not match WhatsApp’s responsiveness.
Standing positions itself as a web3 super-app with decentralized messaging on the core, powered by the Waku peer-to-peer protocol. The challenge’s personal documentation flags it as beta and acknowledges the reliance on unproven infrastructure.
XMTP gives the strongest composability narrative, with wallet-based identification and protocol-level consent options that work throughout completely different apps.
Nonetheless, the documentation reveals actual friction: spam is handled as inevitable, native database encryption can disrupt historical past sync if mishandled, and all the mannequin assumes customers are snug managing cryptographic keys.
The trilemma that will not resolve, and what occurs subsequent
It’s potential to optimize for 2 of the next, however not often all three: excessive privateness (each metadata and content material), excessive usability (immediate supply, multi-device sync, large teams, search), and excessive decentralization (no single operator, minimal choke factors).
Mainstream apps prioritize usability and scale. Privateness instruments decide privateness and decentralization.
Crypto-native initiatives search to offset usability losses with token incentives and protocol design, however they incur new complexity associated to spam, identification, and regulatory publicity.
Russia’s WhatsApp block elevated the ache of censorship, nevertheless it did not cross the switching threshold. Customers will swap when the ache of censorship exceeds their tolerance, and the choice gives near-zero onboarding friction, immediate supply, low spam, and ample contacts already utilizing it. VPNs are simpler.
The forcing capabilities will not be ideological. They’re going to be institutional: obligatory preinstalls comparable to MAX, public-sector adoption mandates, app retailer removals, and stricter VPN enforcement.
Freedom Home documented the fifteenth consecutive 12 months of declining world web freedom in 2025.
Shutdowns and throttling stay normal instruments of state management. Demand for censorship-resistant communication is rising. The availability aspect nonetheless cannot ship the product that customers will truly undertake.
The stack that solves it will want push-notification independence with out battery drain, spam resistance with out identification registries, and key administration that does not punish frequent errors.
Till then, decentralized messaging stays a hedge, not a alternative. It is the app folks set up when issues get dangerous, not the one they use every single day.