In theory React websites should transfer less data since you just send a JSON model instead of one annotated in full HTML markup. The React runtime would be cached after the first visit.
I'm pretty sure Russia is close to boiling over this. If the tanks roll through Kyiv and start shooting inside the city we might see massive protests in Russia.
For example, you buy a burner phone, but the place you bought it from, even if a second hand shop, had a security camera. Maybe they also record IMEI's before selling phones.
Or you carry your burner phone together with your real phone. Or alternatively, you leave one at home when using the other. Both of these things can be linked by a sufficiently determined actor (FBI/NSA level).
Or they track you to using a public square WiFi one day. Again, cameras are everywhere.
If they got your real name, no matter how, it's game over. You will be surveilled and they will find proof to link you. This is why all those posts "if only DPR used this kind of encryption or dead-men-switch" are ridiculous. Once they knew his real name it was just a matter of time and building a case.
Or Russian infiltrators. Isn't it funny how after deciding to get rid of nuclear reactors Germany suddenly realized that it needs to build a gas pipeline to Russia to cover it's energy needs.
The former German chancellor, Gerhard Schröder is now chairman of Russian energy company Rosneft, and was a strong advocate of the Nord Stream pipeline project.