Russian users of WhatsApp, the world’s largest messaging platform owned by Meta (designated an extremist organization and banned in Russia), are experiencing serious disruptions and the threat of a full shutdown of the service in the country. The situation has become another milestone in the long‑running confrontation between Roskomnadzor and foreign platforms that rely on end‑to‑end encryption to secure communications.
Escalating Restrictions on WhatsApp in Russia
Service Degradation, Slowdowns and Mass User Complaints
According to monitoring services “Сбой.рф” and Downdetector, on 22 December thousands of Russian users reported issues with WhatsApp. Complaints included delayed message delivery and unstable voice calls, while media outlets estimated an overall performance slowdown of around 70–80%. Roskomnadzor publicly confirmed that these problems were the result of phased technical restrictions, framed as a way to “allow users to migrate to other messengers.”
This approach effectively means a controlled “degradation” of the service: from targeted throttling of specific features to the possibility of a complete block. Similar tactics have previously been used in Russia against other platforms, typically implemented through traffic filtering and shaping at the ISP level, which can cause unpredictable side effects for unrelated services sharing the same infrastructure.
Roskomnadzor’s Justification: Security and Crime Prevention
The regulator states that WhatsApp systematically violates Russian law. In official communications, Roskomnadzor claims the messenger is used to plan and coordinate terrorist attacks in Russia, to recruit perpetrators, and to facilitate fraud and other crimes against citizens.
Roskomnadzor has repeatedly warned that if the platform does not comply with national legislation, it will be fully blocked. Restrictions reportedly began in August 2025, when the regulator initiated the “degradation” of voice calls. In autumn, these measures expanded to partial service limitations, and by late November Roskomnadzor was openly signalling the possibility of a complete shutdown.
WhatsApp’s Position: Defending End‑to‑End Encryption and User Access
Against the backdrop of tightening Russian controls, WhatsApp representatives told Reuters that the company intends to fight to keep the service available to users in Russia. The company argues that restrictions effectively deprive more than 100 million people of secure, private communication.
WhatsApp emphasizes the importance of end‑to‑end (E2EE) encryption, under which only the sender and recipient can read message content. Neither internet providers nor the platform itself can decrypt the data. International bodies, including the UN Special Rapporteur on freedom of expression, have repeatedly noted that strong encryption is a key safeguard for privacy, journalists, human rights defenders and ordinary citizens.
Company representatives warn that forcing users to switch to less secure or state‑controlled applications could lead to a net decrease in security for Russian citizens. In Russia, WhatsApp functions as a core communication tool: for family and work chats, coordination of small businesses, logistics, customer support and neighborhood communities. In practice, this makes the messenger part of the everyday digital infrastructure of millions of people.
Cybersecurity Risks of Forced Migration to Alternative Messengers
Security Gaps and Weak Encryption in Replacement Apps
From a cybersecurity perspective, a mass, time‑pressured migration to other messengers introduces several risks. Not all alternative platforms provide full, properly implemented end‑to‑end encryption across all message types, group chats and backups. In some products encryption is optional, applies only to part of the data, or is implemented using outdated protocols.
This creates opportunities for man‑in‑the‑middle attacks, traffic interception and unauthorized access on the server side. Research by organizations such as the Electronic Frontier Foundation (EFF) and academic cryptographers consistently shows that even small design flaws in messaging protocols can lead to large‑scale data exposure.
Fake Apps, Phishing and Malware During Periods of Uncertainty
Periods of restriction and censorship reliably attract cybercriminals. When popular services are slowed or blocked in various countries, attackers typically exploit user anxiety by promoting malicious “secure messengers” and VPN clients through social networks, messaging channels and search ads.
Users, eager to restore communication, may download applications from unofficial stores or follow links from unverified sources. This dramatically increases the risk of installing spyware, banking trojans or backdoored VPNs, which can compromise messages, contacts and even corporate networks. Security incidents in Turkey, Iran and other jurisdictions that have restricted major platforms illustrate how quickly such malware campaigns can scale.
Impact on Business Communications, Critical Services and Digital Rights
For many organizations, especially small and medium‑sized businesses, WhatsApp has become embedded in operational workflows: order confirmations, logistics coordination, customer support and incident response all often rely on the messenger. Service degradation or blocking can lead to missed deliveries, broken SLAs, slower customer service and direct financial losses.
There is also a broader issue of digital rights and confidentiality. Strong encryption is recognized by numerous international standards and expert communities as a baseline control for protecting personal data. Restricting access to such technologies in the name of crime prevention creates long‑term risks: it undermines trust in the digital environment and encourages the use of unregulated “shadow IT” channels that are harder to secure and oversee.
In this environment, Russian users and organizations benefit from developing a proactive digital security strategy. Individuals should assess their threat models, choose reputable messengers with transparent security architectures, install apps only from official stores, enable two‑factor authentication and keep operating systems updated. Businesses should audit their communication channels, define backup options (including multi‑vendor messaging strategies and secure email), train staff to recognize phishing and fake apps, and document playbooks for operating during service disruptions. Strengthening basic cybersecurity hygiene and planning for service unavailability can significantly reduce the risks posed by evolving regulatory and technical restrictions on encrypted communication.
