Russia’s current messaging crackdown is the cleanest real-world stress check of decentralization in years, and it produced an ungainly outcome.
Roskomnadzor started throttling Telegram on Feb. 10, citing “non-compliance.” Two days later, authorities totally blocked WhatsApp, eradicating its domains from Russia’s nationwide registry and forcing customers towards VPNs or MAX, a state-backed messenger that critics describe as surveillance infrastructure disguised as a chat app.
The Kremlin had already mandated the preinstallation of MAX on all units bought in Russia, efficient Sept. 1, 2025.
The transfer appeared tailored to vindicate decentralized messaging. Right here was textbook censorship taking part in out in actual time, consisting of DNS manipulation, registry disruption, and platform coercion in opposition to companies with greater than 4 billion mixed customers.
But the “censorship-resistant” options constructed over the previous decade remained marginal. Customers did not flood into Session, Standing, or XMTP-based inboxes.
They patched the issue with VPNs and complained on Twitter.
The decentralization thesis did not fail as a result of the expertise does not work. It failed as a result of the expertise addresses an issue most customers do not acknowledge, and introduces trade-offs they’re unwilling to just accept.
Three-layer mismatch
What individuals name “decentralized messaging” really bundles three distinct properties that hardly ever align in follow.
Content material privateness means end-to-end encryption by default. WhatsApp makes use of the Sign Protocol for all messages and calls. Telegram doesn’t, as E2EE applies solely to Secret Chats, that are device-bound and do not sync throughout platforms just like the service’s default cloud chats.
Most Telegram customers do not toggle Secret Chats on, which makes the service’s “personal” status deceptive underneath stress.
Community resilience refers to blockability. Centralized companies current predictable choke factors, equivalent to DNS data, IP ranges, and CDN infrastructure.
Russia’s WhatsApp motion exploited precisely that. Peer-to-peer techniques scale back reliance on a single endpoint, however they commerce off reliability, battery life, and the supply ensures that mainstream customers anticipate.
Platform resilience is the layer nearly nobody discusses. Even apps marketed as decentralized rely upon Apple and Google’s push notification techniques (APNs and FCM) to ship messages immediately within the background.
These push rails create quiet centralization and metadata publicity, as Apple and Google could be legally compelled to share push notification metadata in some jurisdictions.
The coordination downside no protocol can clear up
Community results function as a mathematical lock-in.
WhatsApp stories greater than 3 billion month-to-month lively customers. Telegram claims over 1 billion. Switching prices are coordination prices: the worth of a messaging app scales with the variety of your contacts who use it, and the transition penalty grows exponentially with community dimension.
Telephone numbers make this each worse and higher on the similar time.
Sign nonetheless requires phone-number registration even after introducing usernames. The choice is not an oversight, as Sign’s personal documentation argues that cellphone numbers allow discoverability and assist resist spam.
Decentralized techniques that remove cellphone numbers should exchange that whole scaffolding with one thing else. Most have not.
Crypto-native messaging protocols equivalent to XMTP take a special strategy, constructing identification round pockets addresses.
This creates composability throughout apps and reduces platform lock-in. Nonetheless, it additionally inherits issues that destroy mainstream usability: key custody dangers, restoration failures, and identification confusion when customers juggle a number of wallets.
Spam because the adoption ceiling and the cell OS entice
Open networks grow to be spam magnets until constrained by identification techniques, fee limits, or financial prices. XMTP’s documentation explicitly states that permissionless networks will appeal to spam and that content-level moderation can not happen on the protocol layer if messages are encrypted.
The burden shifts to consent lists managed by particular person purchasers and apps.
Each mechanism that may curb spam, equivalent to identification proofs, token staking, and status scores, dangers re-centralizing energy or undermining anonymity.
In case you require proof of personhood to ship a message, you have created a brand new registry and a brand new assault floor. In case you cost a payment, you have excluded low-income customers and created alternatives for rent-seeking.
Mainstream customers anticipate prompt supply. On iOS and Android, that expectation is dependent upon background push notifications routed by APNs and FCM.
Even apps that place themselves as decentralized, equivalent to Briar, Standing, and Session, both compromise on “prompt” supply or settle for the centralization imposed by push techniques.
Push infrastructure additionally exposes metadata: who messaged whom, when, and from the place. Authorities can compel Apple and Google to share that knowledge in lots of jurisdictions.
For prime-threat customers, this can be a deadly flaw. For everybody else, it is invisible, till it is not.
| Choice | Layer 1: E2EE by default? | Layer 2: Block / throttle resistance | Layer 2: Main choke factors | Layer 3: Push (APNs / FCM) for “prompt”? | Layer 3: App-store dependence | Adoption: Identification mannequin | Adoption: Restoration | Adoption: Spam / abuse posture | Adoption: Mainstream UX gaps |
|---|---|---|---|---|---|---|---|---|---|
| ✅ Sure | ❌ Low | DNS / IP / CDN; centralized servers | ✅ Sure | ✅ Excessive | Telephone quantity | ✅ Easy | ⚠️ Centralized enforcement | ✅ Minimal (baseline feature-complete) | |
| Telegram (Default cloud chats) | ❌ No | ❌ Low | DNS / IP / CDN; centralized servers | ✅ Sure | ✅ Excessive | Telephone quantity | ✅ Easy | ⚠️ Centralized enforcement | ✅ Minimal (feature-complete) |
| Telegram (Secret Chats) | ⚠️ Optionally available | ❌ Low | Identical as above (service nonetheless centralized) | ✅ Sure | ✅ Excessive | Telephone quantity | ✅ Easy | ⚠️ Centralized enforcement | ❌ Multi-device sync (device-bound); UX friction |
| Sign | ✅ Sure | ❌ Low–Med | Centralized servers; area/IP | ✅ Sure | ✅ Excessive | Telephone quantity (usernames assist, nonetheless phone-based) | ⚠️ Average | ⚠️ Centralized + fee limits | ⚠️ Community results / “second messenger” |
| Matrix (Component) | ⚠️ Optionally available / is dependent upon setup | ⚠️ Medium | Dwelling servers; federation hyperlinks; public servers | ✅ Sure | ✅ Excessive | Username (server-based) | ⚠️ Average | ⚠️ Server / group moderation | ⚠️ Admin/UX complexity; inconsistent defaults |
| Briar | ✅ Sure | ✅ Larger | Machine availability; Tor bridges; native connectivity | ❌ No (not “prompt” like mainstream) | ⚠️ Medium | QR/peer add; no cellphone quantity | ❌ Exhausting | ⚠️ Restricted floor; smaller networks | ❌ Reliability / always-on; battery; onboarding |
| Session | ✅ Sure | ⚠️ Medium–Larger | Relay community / routing layer; endpoints | ⚠️ Partial | ✅ Excessive | Session ID (no cellphone) | ❌ Exhausting | ⚠️ Consumer-side + community guidelines | ⚠️ Supply reliability; UX studying curve |
| Standing / Waku | ✅ Sure | ⚠️ Medium | Waku relays; bootnodes; app infra | ⚠️ Partial | ✅ Excessive | Pockets / keypair | ❌ Exhausting | ⚠️ Consumer-side consent + filters | ⚠️ Beta maturity; spam/identification friction |
| XMTP-based inboxes | ✅ Sure (message-level) | ⚠️ Medium | XMTP community nodes / relays; endpoints | ⚠️ Partial | ✅ Excessive | Pockets deal with | ❌ Exhausting | ⚠️ Consumer-side consent; spam assumed | ⚠️ “Who am I messaging?”; key mgmt; historical past sync pitfalls |
Efficiency tax and have regression
Multi-device sync, giant group chats, media attachments, message search, and cloud backups are options customers barely discover till they break.
Pure peer-to-peer architectures make it troublesome or unimaginable to implement these options with out introducing a relay or storage layer.
Telegram illustrates the trade-off straight. The service’s default cloud chats sync seamlessly throughout units, however they do not use end-to-end encryption. Secret Chats use E2EE, however they’re locked to a single system and can’t be synchronized.
That is the price of sustaining the privateness assure, not a compromise.
Matrix, the federated protocol behind Component and different purchasers, gives self-hostable infrastructure and avoids single-operator management.
Nonetheless, federation shifts complexity to directors and nonetheless leaves blockable server targets.
Why the options keep area of interest
Sign has one of the best privateness defaults within the business, nevertheless it stays a second messenger for many customers. The phone-number requirement reduces anonymity, and the smaller community means it is the place activists go, not the place everyone seems to be.
Briar was designed explicitly for crises, because it operates over Tor, Bluetooth, and Wi-Fi Direct to avoid shutdowns. That design is why it is area of interest. Onboarding is tougher, battery drain is larger, and always-on supply does not match WhatsApp’s responsiveness.
Standing positions itself as a web3 super-app with decentralized messaging on the core, powered by the Waku peer-to-peer protocol. The challenge’s personal documentation flags it as beta and acknowledges the reliance on unproven infrastructure.
XMTP gives the strongest composability narrative, with wallet-based identification and protocol-level consent options that work throughout completely different apps.
Nonetheless, the documentation reveals actual friction: spam is handled as inevitable, native database encryption can disrupt historical past sync if mishandled, and the whole mannequin assumes customers are comfy managing cryptographic keys.
The trilemma that will not resolve, and what occurs subsequent
It’s doable to optimize for 2 of the next, however hardly ever all three: excessive privateness (each metadata and content material), excessive usability (prompt supply, multi-device sync, massive teams, search), and excessive decentralization (no single operator, minimal choke factors).
Mainstream apps prioritize usability and scale. Privateness instruments choose privateness and decentralization.
Crypto-native initiatives search to offset usability losses with token incentives and protocol design, however they incur new complexity associated to spam, identification, and regulatory publicity.
Russia’s WhatsApp block elevated the ache of censorship, nevertheless it did not cross the switching threshold. Customers will change when the ache of censorship exceeds their tolerance, and the choice gives near-zero onboarding friction, prompt supply, low spam, and ample contacts already utilizing it. VPNs are simpler.
The forcing capabilities will not be ideological. They will be institutional: obligatory preinstalls equivalent to MAX, public-sector adoption mandates, app retailer removals, and stricter VPN enforcement.
Freedom Home documented the fifteenth consecutive 12 months of declining international web freedom in 2025.
Shutdowns and throttling stay normal instruments of state management. Demand for censorship-resistant communication is rising. The provision facet nonetheless cannot ship the product that customers will really undertake.
The stack that solves it will want push-notification independence with out battery drain, spam resistance with out identification registries, and key administration that does not punish frequent errors.
Till then, decentralized messaging stays a hedge, not a alternative. It is the app individuals set up when issues get unhealthy, not the one they use daily.
