Ukraine’s internet caught in the crosshairs of Russia’s war

Masho Lomashvili


Controlling the narrative online is a deep obsession of the Kremlin. So as Russia occupies more Ukrainian territory, taking over the country’s internet infrastructure has become one of its main priorities. 

Routing Ukrainian internet access through Russian providers enables Russian authorities to keep a finger firmly on the pulse of Ukrainian society.

It means Russia can spread propaganda more effectively and have access to the trends and flows of information that are useful for military use.

For citizens of regions like Kherson, in the embattled south of Ukraine, this means that they are now subject to Russian online censorship and surveillance. From Ukraine’s largely uncensored, decentralized web, they have been forced into a centrally governed system. 

A system in which the state can closely monitor who you call, what you search for, and your online habits and behaviors. If necessary, even the content of individual communications can be accessed.

Ukraine’s decentralized networks mean a multitude of small local companies in most regions and cities provide services to users. These local service providers are now confronted with an existential question. In an occupation, what do you do with your infrastructure? Sabotage it or just abandon it to the invading Russian forces? 

It puts significant pressure on an individual to either resist or comply with Russian demands, with little direction from Ukrainian authorities. 

I spoke with Alp Toker, founder of London-based “NetBlocks,” a global watchdog organization that monitors cybersecurity and the governance of the Internet. Toker and his team have been recording and investigating Russia’s takeover of the internet in parts of Ukraine.

How does rerouting the internet work in the case of Ukraine?

Rerouting can be done through a variety of means, but in Ukraine it isn’t really a technical phenomenon.

It’s mostly done through physically switching the cables, very much like taking your Wi-Fi router at home and switching the cable in order to move to a new internet provider. So, it’s really human factors at play. The issues are about the pressures that people and companies face. 

What are these pressures?

Some companies voluntarily switch their infrastructure to Russian providers, others are pressured, sometimes physically. There’s also a third factor, Ukrainian providers have been increasingly choosing to sabotage their networks so that Russia doesn’t misappropriate them.

Ukraine has this healthy network design, this layout of internet providers that connect to one another. But it also means that the companies are sometimes quite small, and privately owned and the decision over the infrastructure’s fate can come down to one person — a company director, or an owner.

While the government of Ukraine has deemed some voluntary handovers as unpatriotic, they have not issued any alternative direct instructions on how to deal with Russians asking for control of your infrastructure. 

Is it a reasonable decision to destroy the infrastructure?

During the 2014 invasion of Crimea, the Internet infrastructure was just simply taken over by Russia. It was seen almost as a handover.

Part of the internet in newly occupied territories is now being rerouted to Russian companies operating from Crimea. So the main criticism is that the infrastructure that Ukrainians left behind is now making it easier for Russia to invade.

It’s obviously something we wouldn’t typically advocate — destroying infrastructure that helps people stay connected. But from the perspective of victims in an unjust war, it can be argued that handing over the infrastructure can also cause harm. 


An enormous leak of Chinese government data lays bare the extent of Beijing’s surveillance dragnet. That’s according to a recent investigation by the newsroom Grid, which accessed a sample data set by a hacker offering ‌personal information on “billions” of Chinese citizens in exchange ‌for hundreds of thousands of dollars in Bitcoin. If the leak is as extensive as the hacker claims, it may be one of the biggest breaches in China’s history.

The data set reviewed by Grid is rife with sensitive information. One file contains each person’s name, along with their address, national ID number, education level, military service, marital status, religion, ethnicity, photo, hotel check-ins, travel checkpoints, and record of police detainment. 

Another has detailed information about the individual’s food delivery orders, and a third lists citizens’ calls to the police.

“The publication of the data could seriously threaten the online and physical security of the Chinese citizens affected,” Grid writes. The sample data set also identifies at least 180 people as Uyghur, a chilling revelation given Beijing’s unrelenting campaign of surveillance and repression aimed at Uyghurs in Xinjiang and beyond, which we’ve covered extensively. For more on China’s crackdown on Uyghurs, check out our reporting here.

Immigrant rights groups in the United States are calling out the data broker LexisNexis over its relationship with U.S. Immigration and Customs Enforcement (ICE). Protestors gathered over the weekend outside a major library conference in Denver, Colorado, to demand the company end its contract with ICE. The popular research tool is used by librarians and immigration officials alike.

Last year, the company signed a $16.8 million contract with ICE to provide the agency with an enormous database of personal information. In just seven months, ICE agents searched the database more than a million times, according to The Intercept, including more than 250,000 times by officials with the agency’s Enforcement and Removal Operations, “a branch explicitly tasked with finding and deporting immigrants, often for minor infractions or no offense at all.” 

Past newsletters have looked at allegations that ICE is working with data brokers to bypass so-called sanctuary city policies that limit the types of information local law enforcement agencies can share with federal immigration authorities. You can check them out here and here.

Virtual private networks, or VPNs, have been helping Russian citizens evade state censorship since the onset of the war in Ukraine. Now the Russian state has mobilized Russian influencers to discredit VPN services, according to SOTA. In posts on VK (a Russian social media platform), influencers complain about freezing applications, increased traffic, and draining batteries. 

“I went to a service center and thought that I’d replace my battery, but the master told me. ’VPN, huh?’” one influencer wrote on VK, as if their particular troubles were entirely due to their VPN use. Another wrote: “It turns out VPNs are not transparent at all; they sell your data.”

This isn’t the first time that VPNs have come under attack in Russia. Earlier this month, the pro-Kremlin media outlet RIA Novosti published an article attempting to persuade Russians not to use VPNs, arguing that it’s unsafe to share personal data with VPN providers. For more, check out our in-depth look at the Russians using VPNs to access blocked social media and news sites as the country descends into digital totalitarianism.


  • If you haven’t yet, now is probably a good time to dig into the Uber Files, a sweeping investigation published by a consortium of dozens of newsrooms around the world. The multi-part series, which is more than enough to keep you occupied until next week’s newsletter, exposed how the company “used stealth technology and evasive practices to thwart regulators and law enforcement in at least six countries and how it deployed a phalanx of lobbyists to court prominent world leaders to influence legislation and help it avoid taxes,” wrote the International Consortium of Investigative Journalists, which helped to oversee the collaboration.

This newsletter is curated by Coda’s senior reporter Erica Hellerstein. Liam Scott and Ivan Makridin contributed to this edition.