from freedickpics@lemmy.ml to privacy@lemmy.ml on 27 Nov 01:10
https://lemmy.ml/post/39527194
With the UK apparently floating ideas of a VPN ban it’s got me worried about the future of anonymity online. Now people have already pointed out that a VPN ban doesn’t make sense because of all the legitimate uses of one and wouldn’t even be enforceable anyway, but that got me thinking.
What if governments ordered websites (such as social media sites) to block traffic originating from a VPN node? Lots of sites already do this (or restrict your activity if they detect a VPN) to mitigate spam etc. and technically that wouldn’t interfere with “legitimate” (in the eyes of the gov) VPN usage like logging onto corporate networks remotely
It’s already a pain with so many sites either blocking you from access or making you jump through a million captchas using VPNs now. I’m worried it’s about to get a whole lot worse
threaded - newest
It’s theoretically possible but difficult to actually do. China has a large central government and surveillance state, VPNs are essentially banned there, and yet a large percentage of the population uses them daily to the point where it’s commonplace.
Snowflake or steganographic comunication, works even in North Corea, encrypted messages are not a solution, because they always cause suspicion in countries with strong surveillance and censorship. VPN are not the solution either, even in occidental coutries, there are a lot of webs which are not accesible with a VPN or Proxy, mostly streaming sites, eg. Rakuten and others.
<img alt="" src="https://lemmy.ml/pictrs/image/786b30e6-4350-4cf5-9cf5-57153513ec0f.png">
That is not effective either and is easy to break. At least steganographic I know nothing about snowflake but if it’s similar it would be trivial.
Steganographic messages are pretty save, not so because they are very difficult to reveal, but if they see an innocent selfie, a photo from a kitten or an mp3 from a famous song, they don’t think tat it can be a hidden message and don’t cause further interests, like an encrypted unreadable message do. Snowflake is another thing, often used by journalists in totalitary countries. www.usenix.org/conference/…/bocovich
If China can’t do it then nobody can. I’ll only be worried if China manages to successfully block out VPN use in their country.
I still believe they let it happen. Could be wrong but it reminded me of the Machines in the Matrix.
How can you ban a VPN (virtual private network)?
I have a VPN setup at home and at my parents home, I can connect either as if I was at either location physically. My office has VPNs for connecting between offices and connecting from remote locations. And dont get me started about being and to purchase a VPS in any country you want, and run a VPN on it.
Does this mean people and companies can no longer setup their own VPN’s.
If this is about privacy and anonymity, evey bowsers on any device has a unique identifying fingerprint that allows it to be identifiable even using a VPN. So what is this ban even targeting?
The Hidden Tracking Method Your VPN Can’t Block - www.youtube.com/watch?v=pJOpHSPkWMo
UK is one of the forerunners in regard to online ID checks, for example for porn sites. Brits now regularly use VPNs to escape those checks
Though a VPN does not provide you with guaranteed anonymity, it only allows you to access webpages and local services as if you were at that physical location, or on that specific network.
Connecting to your work office VPN and browsing Facebook does not make you anonymous, it’s just makes you look like you are sitting in the office.
I think you’re missing the point. A brit without VPN has to use his actual digital ID to access pornhub, as in name, address, birthday, etc… With a VPN you can spoof your location and access pornhub without ID. This has nothing to do with masking your IP to browse the web.
And this is my point actually, what are they trying to ban, is it the use of a VPN completely, or is it for only VPN that spoof locations out of country. (Which is what allows someone to circumvent the age-id, at the moment.)
Now that being said I work with people in the UK and they VPN into our office for network access and project file access. Does anyone see how this could impact access for Brits working with global firms for example?
That’s the whole point of the discussion: what does “VPN” mean in this context? Is it only these VPN providers that let you be elsewhere, or VPN technology and traffic in general. The prior could be limited by blocking traffic to specific IP addresses that belong to VPN providers, albeit in a very laborious and expensive cat and mouse game. The latter would affect all VPN traffic including that which is used to safely connect to work sites for example. Which would be stupid and damaging.
Even if VPN providers could be banned at IP level, what’s stopping you from spinning up a host in another country, setting up wireguard on that?
I understand they are frustrated that their excellent child protection plans and user information gathering is so easy to circumvent, but their proposed solutions are just absurd.
If you have a VPN then chances are you have a credit card, which means you are an adult, which means you can access porn. The VPN is your age verification :)
No, there are free VPN out there where you don’t need an creditcard (Windscribe, Proton, Calyx…), even if not, it can be a child on the PC from the parents. Anyway, age verification has only one reason, access and control of user data, nothing else. The resposability of the children is by the Parents and not by webpages or services, apart impossible to control the access by childrens, when they use the PC of the parents to websites which already have the ID from the adults. Nobody else as the parents can control it. Apart it isn’t a rule which is worldwide, with countries without age control in their server, easy accesible from everywhere but out of the control by goverments.
I forgot about the free VPN services. Good point. But yes, the government shouldnt be the ones raising our kids. As you said, this is all about control and getting information. Nothing more.
For profit VPNs I think is what everyone means. So people can get past region blocks or censorship. Since they offset very little else.
.
The end goal is to either make encryption completely ineffective or get rid of it altogether. Remember the last few times lawmakers have tried “protecting the children”?
That would severely cripple remote work/collaboration, which is essential for all megacorps. Unless there’s some sort of carve out for that I don’t see it happening
Oi oi, wotsalldisthen? U got a permit for that VPN, innit?
They will only apply it to retail VPNs. You think capitalists play by the same rules?
in my experience, community and people would always find work arounds
That is false. Everyone says that but where where the hacks for direct TV or the Nagra 3 for dish? They never came besides massive money sitting on the table for whoever did. Or modern console jailbreaking? Have the PS5 and latest XBox have hacks?
I have moments when I think “I might get banned for this”, this is one of those moments.
You may try to ban vpns but you can not really, people usually find ways around censorship. We are notorious for this stuff, as a species.
Its infuriating to me when people just roll over for the powers that be. They may ban some nodes, others will pop up, those will get banned too and so the cycle of cat and mouse begins.
You can host your own vpn with wireguard. It takes a bit of figuring out, sure, but you can literally do so with a raspberry pi. Stick it in a network of choice and voila.
Oh they may control stuff, but this is not a game that can be won, human repression is a futile effort, it may work for a while, but there is a reason why regimes fall. See the wall of Berlin and so many other examples.
Fret not friend, for hope dies last.
They could ban VPNs and not play cat an mouse. I always think China allows some VPN use when they could stop it completely. I always think of the Matrix with the option of leaving.
I had my Internet crippled in China in 2012 after I used Hamachi to log into my home computer in Australia.
The crippling got worse if I repeated my action eventually disabling the internet completely for about an hour.
I played this game a few times to pick up on the pattern.
Anything can be made illegal. Enforcement is tricky. At the moment it is very easy to block Wireguard protocol at the ISP level, some even do it. But that would probably push Wireguard and others to invest more in obfuscation.
As a sidenote, it bugs me that Wireguard does not support obfuscation out of the box, and you have to put it on top of wireguard.
You can always just route your traffic through a roll your own tunnel to some cheap cloud VM. Modern automation makes it even painless.
People won’t do that as we are lazy as a species. Any sort of friction and the people who do it well drop considerably.
People used to not use VPNs too - until they realized how useful they can be by spread in pop culture and increasing tech awareness of the general public.
If commercial VPNs are banned the tech savvy will move onto a replacement immediately, and the knowledge will slowly expand through social circles and social media until it has similar penetration in society.
A VPN ban would be both harmful (to business and consumers short term) and pointless.
When privacy is outlawed, only outlaws will have privacy.
I do this. I already had a cloud vps with a vpn on it for remote access so i figured i might as well set it up to route traffic as well.
Still get loads of sites blocking me
I do exactly this, but it doesn’t protect your privacy. That one IP address is literally tied to your credit card number and you are the only person using it.
It takes lawful intercept by ISP out of the loop and the egress point should be in a minimally cooperative jurisdiction. You know the endpoint is known good since you’re the admin and the IP is not in a known VPN exit blocklist. Of course economically it makes sense to share tunnels with family and friends.
Lots of places are applying that sort of regulation already. Problem is, how do you know which IPs are VPNs? There are some obvious ways, and many people block some VPNs already but you can’t block every VPN. I can spin up a VPN right now and open it up to users in other countries. It’s impossible.
The gov could theoretically maintain a repository of “known” VPNs that they could require sites to block, though. They could even force them to be blocked at the DNS level. This would probably be fairly effective.
But that’s also most certainly going to be abused as well.
Same as the stupid age verification, it will funnel people away from legitimate services to dodgy ones.
Small scale version. I heard from some kids that they wanted to play Roblox at school. IT had blocked it on the Wifi. The kids advice to each other was “go on the play store, search VPN, and install whatever one is free.” - IT absolutely isn’t making those kids safer.
Not to mention that it’s trivial to change your IP on most cloud providers. So if a VPN provider is using a cloud service for some of its gateways then it can quickly remember them if necessary.
They are only interested in retail, anonymizing VPNs. If you spin up your own VPN you are still 1:1 linked to that IP address. If you use a work VPN, they fully track everything. The anonymizing ones that dont track users and share an IP between many users are a threat to mass surveilance.
Okay, and how will they know which ones those are?
I don’t think you read that entire sentence. I wasn’t talking about spinning one up for my personal use.
Anything is possible. Except being free of course.
Just human things.
Yes they can ban it, you will face repercussions if you violate that ban just like if you violate the ban your country probably has on heroin or machine guns.
You can get around it by using doh and a http proxy configured in your web browser, not at the os level.
Yeah, next they’ll shut down computer servers
Stupid
Tor bridges exist for this don’t they?
VPN technology will never be banned, as most companies rely on it heavily, e.g. for remote work. The only thing I could see is ISPs keeping a blacklist of known addresses of commercial VPN providers, but that seems like an uphill battle
Companies like Akamai already do this to an extent. My employer is an Akamai customer, and they’ve offered this service to us in the past when we saw a lot of malicious traffic originating from commercial VPN providers.
There are already (crappy) ip blocklists available specifically for retail VPN providers. They don’t include corporate vpn providers because capitalism. Anonymizing VPN services have limited IP blocks that are easily tracked.
A company can run their own VPN server. A third party need not be involved. The commercial VPN service providers can therefore be blocked by government without affecting those businesses.
Yes. By ‘VPN technology’ I mean e.g. wireguard, openVPN, which are infeasible to ban since companies probably use the same software stack.
I don’t know what a software “stack” is but government can packet sniff to see if that kind of software is used but the vendors in this cat and mouse game apparently can sometimes fool the packet sniffers.
China cannot block all VPN’s so it is looking good for us geeks. However we need to educate the masses.
I imagine it’d be a jurisdiction issue for what you propose. If, say, the UK mandates that websites block VPN nodes, that will affect websites served from the UK (creating a Great Firewall of Britain). But what about websites served outside the UK? Those websites can’t possibly tell if a user is from the UK and using a VPN, vs outside the UK and using a VPN, so they can’t only block UK visitors—they’d have to block all VPN traffic, which is probably not worth it from a business point of view. I suppose the UK could then deem that website illegal in the UK and block them, but then that’d only block the website for non-VPN users in the UK… But if the website owner is outside the UK they can’t be punished for violating that law.
More probable (though I still think unlikely) is that a country could sniff for e.g. Wireguard packets and block those. But again that’s unlikely because of businesses using VPNs to let employees access company intranets at home.
These laws tend to effect any company that does business in the state or country. Any commercial service or company wanting to make money from UK customers will be required to implement the VPN block for all their customers.
Prohibition has never been a deterrent to consumption.
Lol it would break so much shit they just couldn’t.