A splintered web

The internet delivers inventions such as AI straight to your device and, for some, opens access to vital services. It is also the “blood of the blockchain”: a cohesive web keeps open source alive and accelerates the development of an alternative financial system.

In this new ForkLog piece, we examine regulators’ latest moves to curb internet freedom, outline Europe’s specific plans, review the “successful” measures of China, Russia, Iran, Turkmenistan and others, and look at who is pushing back and how.

European democracy

After the headline-grabbing MiCA, adopted in 2023, the blockchain industry in the EU gained clearer contours, with all the consequences that entails.

The following year, 2024, became a period of implementing a raft of laws aimed at protecting citizens’ digital rights. They include a fairer distribution of roles among Big Tech and their market clout. Data openness, disclosure of end-to-end encryption keys and control over AI are the main goals of regulation. As a result, the 27 EU countries risk becoming a discrete cluster within what was once a unified global network.

Main European Parliament initiatives aimed at safeguarding the digital sphere:

• Digital Services Act (DSA). Ensures platform safety and transparency and combats illegal content and disinformation. Mandatory since February 2024. The law applies to channel providers, hosting services, online platforms and marketplaces;

• Digital Markets Act (DMA). Designed to foster market competition by regulating gatekeepers such as Google, Microsoft and Amazon. In force since spring 2024. Firms must comply with interoperability rules for devices and messaging platforms—with a ban on “self-preferencing”: they must be interchangeable rather than stand out through unique features. In Apple’s case, authorities demanded that iOS operate on third-party devices in the EU;

• Data Act. Entered into force in January 2024 and seeks to ensure fair access to user and machine data. Under it, API standards open access to user data for public authorities in emergencies. The regulation also defines who owns data and how it may be used. It covers manufacturers of appliances, electronics and IoT devices, along with their owners and sellers;

• Data Governance Act (DGA). In force since September 2023. It introduced provisions to govern data sharing between companies. Unlike the earlier GDPR, it is not limited to personal data and has a broader scope. Using soft coordination and structure, it served as a preparatory step for the Data Act and even included requirements for smart contracts executing data-sharing agreements;

• Cyber Resilience Act (CRA). Phased in from December 2024, the law strengthens security standards for products with digital components and obliges manufacturers and sellers to ensure conditions throughout a product’s life cycle. Full implementation is due by 2027. It covers all products directly or indirectly connected to devices or networks, with some exceptions.

Some measures remain under consultation, for example the Digital Fairness Act. The bill targets manipulative behaviour at the interface level. It seeks to curb “dark” UX patterns such as hidden “cancel” buttons, auto-subscriptions and obstructed exits from services. It also opposes “emotional targeting”—ads shown based on a user’s vulnerable state.

Another initiative under discussion in Europe concerns the distribution of illegal content involving minors. Proposed in spring 2025, CSAM/Chat Control would allow state agencies to obtain the encryption keys of all available messengers to scan content.

Some countries oppose the proposal, arguing, among other things, that it would restrict press freedom. Germany, Poland and the Netherlands have taken a firm line.

In August 2024, the European Parliament adopted the world’s first comprehensive law regulating AI by risk level—the Artificial Intelligence Act.

Risk categories:

• prohibited (highest) — bans on AI for social scoring, manipulation of user behaviour and mass surveillance;

• high — mandatory registration, audit and oversight. Applies to bank lending, medicine, education and employment;

• limited — user disclosure suffices for chatbots, content generators and simple recommender systems;

• no restrictions for games, photo-editing apps and spam filters.

Implementation is gradual: the top category applies from February 2025; high-risk provisions are slated through August 2027. AI startups and large companies must adapt their algorithms to the new rules or face fines of up to 7% of annual turnover.

The law requires developers to:

• check the quality of the data used to train AI to avoid discrimination;
• ensure transparency. If a user interacts with AI, they must be told;
• keep documentation. Technical descriptions and logging to enable audits;
• conduct mandatory risk assessments—especially in critical areas (health care, security, finance);
• register in a special European registry—for high-risk systems.

These sweeping measures to protect the digital sphere demand a swift response from the sector. Over the next one to two years, companies must adapt to the new reality or forgo users in the euro area. Breaches of the DSA and DMA can bring fines of up to 6% and 10% of annual revenue, respectively. The laws have extraterritorial reach and apply to all EU citizens, wherever they live.

The yellow middle

According to Freedom House, more than a third of internet users are fully restricted in their access to information due to state censorship. A similar share has “partial” access, while “fully free” users barely reach 17%.

Of the 72 countries in the study, citizens in only 19 can use the internet freely; 32 face relatively few restrictions; and residents of 21 countries live under strict censorship.

On the infographic above, yellow marks places where access to the internet remains open but with partial restrictions. These include Ukraine, where until February 2022 web browsing was free. Users have faced coercive measures since 2017—blocking of resources from Russia, including Yandex and the social networks VKontakte and Odnoklassniki. More serious changes began five years later. Targeted restrictions have affected almost all resources with the “.ru” domain and their mirrors. The list is now regularly expanded.

Blocking is implemented by the state at the DNS and IP levels. Internet providers obey orders, but many users bypass the ban via VPN and DNS-over-HTTPS (DoH). DoH protocols encrypt the browser’s request for a site’s IP address and substitute it.

Countermeasures in such cases are easy to implement: minimal preparation and knowledge are enough for normal communication with the outside world.

Pioneers of “purple borders”

Many would name North Korea the undisputed leader of the internet vacuum—and they would be right. In the country, only the elite—senior officials, hackers, researchers—have access to the global network. Even then, all traffic is tightly monitored and filtered.

In 2019 North Korea had 1,024 IP addresses, mostly belonging to state entities. Primary connectivity is via China’s China Unicom and, since 2017, Russia’s TransTeleCom.

A sanctioned analogue—the internal “Kwangmyong” network—is available to everyone. It contains mostly educational and propagandistic content. The sole mobile operator, Koryolink, does not support mobile internet. All domestically produced smartphones carry software-level restrictions.

China and Russia stand out as huge purple patches on the internet-freedom map. Both pursue control “to protect citizens” and receive some of the lowest scores in the ranking.

The study uses a composite internet-freedom score from 100 to 0, where a lower value indicates total isolation. If North Korea were included, it would score 0.

China has built the most extensive digital-control system in the world—technically powerful but politically closed. Freedom of speech is replaced by automated censorship, and independent information by local propaganda.

With a score of 9, on par with Myanmar, China’s national gateway—the Great Firewall—showcases model technocommunism.

All external traffic is filtered using DNS spoofing, URL keyword matching and analysis inside HTTPS—Deep Packet Inspection (DPI). When banned words are detected, the connection is forcibly terminated.

China has its own equivalents of popular apps: Baidu instead of Google,
WeChat instead of WhatsApp, Weibo instead of X. Algorithms can automatically delete posts and block accounts. All activity is tracked in real time:

• censorship systems analyse text, images and video;
• AI is used for facial, emotion and speech recognition;
• operators must identify users by passport.

Skirting the Great Firewall is technically hard, as China actively combats any form of tunnelling and encryption. Yet even under heavy censorship, independent researchers, developers and journalists find loopholes.

Examples of tools that can work to bypass the Great Firewall:

• obfuscated VPNs. OpenVPN with Obfsproxy, Stunnel, Shadowsocks, Outline can work with proper configuration. The software masks traffic as ordinary HTTPS to evade DPI and is often hosted on private servers outside China;
• Shadowsocks (SS/SSR). An effective proxy protocol with non-standard configuration and in combination with VPN. Popular on mobile devices until 2022; now partially detected, but custom installs can still serve;
• V2Ray / XRay. A modern, flexible framework for circumvention. Supports various protocols and can mask traffic;
• Tor with bridges. Core Tor nodes are blocked, but obfuscated relays such as obfs4, meek-azure and Snowflake may work.

Russia follows its neighbour’s lead. The internet is not yet fully isolated, but it is rapidly moving toward a Chinese-style model of “digital sovereignty”—with control, filtering and penalties for online activity.

After the 2019 sovereign-internet law, the risk arose of detaching the Russian segment from the global one. Since 2020 Roskomnadzor has actively used DPI equipment; a national DNS system has been tested since 2023. Pressure on VPN services is also mounting.

Iran is moving in the same direction, sitting between China and Russia in the internet-freedom ranking. The Islamic Republic is rolling out the SHOMA national information network. It is a tightly controlled internet space with censorship and connectivity shutdowns. Authorities regularly cut off access in regions with protests, such as Kurdistan and Baluchistan. As in North Korea, virtually all resources are blocked, including media, human-rights and opposition sites.

Another leader in digital isolation is Turkmenistan. Sitting on the Silk Road, the country is rich in natural gas and closely tied to its main importer, China.

Standing by the golden statue of Turkmenbashi in Ashgabat, you are unlikely to share a picturesque selfie: messengers and video calls are banned. Control is concentrated in the hands of a single operator—Turkmentelecom. Its services are expensive and among the slowest in the world.

In the republic, the internet remains a luxury rather than a basic right, and any hint of independent online activity is a risk for the user. There have been arrests, dismissals and intimidation over likes, posts or VPN use. Authorities can seize phones and check their contents, especially among the young.

Conclusions

The internet is fragmenting before our eyes: jurisdictions are choosing divergent approaches to digital governance, many of which bring more local restrictions rather than genuine user safety. This trend is likely to intensify amid political and technological competition. The scale of change, inevitably, will be revealed over time.