It's theoretically possible but difficult to actually do. China has a large central government and surveillance state, VPNs are essentially banned there, and yet a large percentage of the population uses them daily to the point where it's commonplace.
If China can't do it then nobody can. I'll only be worried if China manages to successfully block out VPN use in their country.
Snowflake or steganographic comunication, works even in North Corea, encrypted messages are not a solution, because they always cause suspicion in countries with strong surveillance and censorship. VPN are not the solution either, even in occidental coutries, there are a lot of webs which are not accesible with a VPN or Proxy, mostly streaming sites, eg. Rakuten and others.
That would severely cripple remote work/collaboration, which is essential for all megacorps. Unless there's some sort of carve out for that I don't see it happening
…some sort of carve out…
Oi oi, wotsalldisthen? U got a permit for that VPN, innit?
They will only apply it to retail VPNs. You think capitalists play by the same rules?
I have moments when I think "I might get banned for this", this is one of those moments.
You may try to ban vpns but you can not really, people usually find ways around censorship. We are notorious for this stuff, as a species.
Its infuriating to me when people just roll over for the powers that be. They may ban some nodes, others will pop up, those will get banned too and so the cycle of cat and mouse begins.
You can host your own vpn with wireguard. It takes a bit of figuring out, sure, but you can literally do so with a raspberry pi. Stick it in a network of choice and voila.
Oh they may control stuff, but this is not a game that can be won, human repression is a futile effort, it may work for a while, but there is a reason why regimes fall. See the wall of Berlin and so many other examples.
Fret not friend, for hope dies last.
Lots of places are applying that sort of regulation already. Problem is, how do you know which IPs are VPNs? There are some obvious ways, and many people block some VPNs already but you can't block every VPN. I can spin up a VPN right now and open it up to users in other countries. It's impossible.
The gov could theoretically maintain a repository of "known" VPNs that they could require sites to block, though. They could even force them to be blocked at the DNS level. This would probably be fairly effective.
But that's also most certainly going to be abused as well.
Same as the stupid age verification, it will funnel people away from legitimate services to dodgy ones.
Small scale version. I heard from some kids that they wanted to play Roblox at school. IT had blocked it on the Wifi. The kids advice to each other was “go on the play store, search VPN, and install whatever one is free.” - IT absolutely isn't making those kids safer.
They are only interested in retail, anonymizing VPNs. If you spin up your own VPN you are still 1:1 linked to that IP address. If you use a work VPN, they fully track everything. The anonymizing ones that dont track users and share an IP between many users are a threat to mass surveilance.
They are only interested in retail, anonymizing VPNs
Okay, and how will they know which ones those are?
If you spin up your own VPN you are still 1:1 linked to that IP address
I don't think you read that entire sentence. I wasn't talking about spinning one up for my personal use.
Not to mention that it’s trivial to change your IP on most cloud providers. So if a VPN provider is using a cloud service for some of its gateways then it can quickly remember them if necessary.
How can you ban a VPN (virtual private network)?
I have a VPN setup at home and at my parents home, I can connect either as if I was at either location physically. My office has VPNs for connecting between offices and connecting from remote locations. And dont get me started about being and to purchase a VPS in any country you want, and run a VPN on it.
Does this mean people and companies can no longer setup their own VPN's.
If this is about privacy and anonymity, evey bowsers on any device has a unique identifying fingerprint that allows it to be identifiable even using a VPN. So what is this ban even targeting?
The Hidden Tracking Method Your VPN Can't Block - https://www.youtube.com/watch?v=pJOpHSPkWMo
So what is this ban even targeting?
UK is one of the forerunners in regard to online ID checks, for example for porn sites. Brits now regularly use VPNs to escape those checks
Though a VPN does not provide you with guaranteed anonymity, it only allows you to access webpages and local services as if you were at that physical location, or on that specific network.
Connecting to your work office VPN and browsing Facebook does not make you anonymous, it's just makes you look like you are sitting in the office.
I think you're missing the point. A brit without VPN has to use his actual digital ID to access pornhub, as in name, address, birthday, etc... With a VPN you can spoof your location and access pornhub without ID. This has nothing to do with masking your IP to browse the web.
And this is my point actually, what are they trying to ban, is it the use of a VPN completely, or is it for only VPN that spoof locations out of country. (Which is what allows someone to circumvent the age-id, at the moment.)
Now that being said I work with people in the UK and they VPN into our office for network access and project file access. Does anyone see how this could impact access for Brits working with global firms for example?
That's the whole point of the discussion: what does "VPN" mean in this context? Is it only these VPN providers that let you be elsewhere, or VPN technology and traffic in general. The prior could be limited by blocking traffic to specific IP addresses that belong to VPN providers, albeit in a very laborious and expensive cat and mouse game. The latter would affect all VPN traffic including that which is used to safely connect to work sites for example. Which would be stupid and damaging.
Even if VPN providers could be banned at IP level, what's stopping you from spinning up a host in another country, setting up wireguard on that?
I understand they are frustrated that their excellent child protection plans and user information gathering is so easy to circumvent, but their proposed solutions are just absurd.
If you have a VPN then chances are you have a credit card, which means you are an adult, which means you can access porn. The VPN is your age verification :)
No, there are free VPN out there where you don't need an creditcard (Windscribe, Proton, Calyx....), even if not, it can be a child on the PC from the parents. Anyway, age verification has only one reason, access and control of user data, nothing else. The resposability of the children is by the Parents and not by webpages or services, apart impossible to control the access by childrens, when they use the PC of the parents to websites which already have the ID from the adults. Nobody else as the parents can control it. Apart it isn't a rule which is worldwide, with countries without age control in their server, easy accesible from everywhere but out of the control by goverments.
I forgot about the free VPN services. Good point. But yes, the government shouldnt be the ones raising our kids. As you said, this is all about control and getting information. Nothing more.
The end goal is to either make encryption completely ineffective or get rid of it altogether. Remember the last few times lawmakers have tried "protecting the children"?
VPN technology will never be banned, as most companies rely on it heavily, e.g. for remote work. The only thing I could see is ISPs keeping a blacklist of known addresses of commercial VPN providers, but that seems like an uphill battle
Companies like Akamai already do this to an extent. My employer is an Akamai customer, and they’ve offered this service to us in the past when we saw a lot of malicious traffic originating from commercial VPN providers.
A company can run their own VPN server. A third party need not be involved. The commercial VPN service providers can therefore be blocked by government without affecting those businesses.
Yes. By 'VPN technology' I mean e.g. wireguard, openVPN, which are infeasible to ban since companies probably use the same software stack.
I don't know what a software "stack" is but government can packet sniff to see if that kind of software is used but the vendors in this cat and mouse game apparently can sometimes fool the packet sniffers.
China cannot block all VPN's so it is looking good for us geeks. However we need to educate the masses.
However we need to educate the masses.
Well that's kind of the earlier point, the working masses already know. What they might not understand is that they can use a VPN outside of the office and how it benefits them.
There are already (crappy) ip blocklists available specifically for retail VPN providers. They don't include corporate vpn providers because capitalism. Anonymizing VPN services have limited IP blocks that are easily tracked.
Tor bridges exist for this don't they?
Anything can be made illegal. Enforcement is tricky. At the moment it is very easy to block Wireguard protocol at the ISP level, some even do it. But that would probably push Wireguard and others to invest more in obfuscation.
As a sidenote, it bugs me that Wireguard does not support obfuscation out of the box, and you have to put it on top of wireguard.
You can always just route your traffic through a roll your own tunnel to some cheap cloud VM. Modern automation makes it even painless.
I do this. I already had a cloud vps with a vpn on it for remote access so i figured i might as well set it up to route traffic as well.
Still get loads of sites blocking me
I do exactly this, but it doesn’t protect your privacy. That one IP address is literally tied to your credit card number and you are the only person using it.
It takes lawful intercept by ISP out of the loop and the egress point should be in a minimally cooperative jurisdiction. You know the endpoint is known good since you're the admin and the IP is not in a known VPN exit blocklist. Of course economically it makes sense to share tunnels with family and friends.
Anything is possible. Except being free of course.
Just human things.
in my experience, community and people would always find work arounds
Prohibition has never been a deterrent to consumption.
Lol it would break so much shit they just couldn't.
It's a law. Just words in a document. It doesn't have to be realistic or even enforceable for them to pass a law.
Yeah, next they'll shut down computer servers
Stupid
I imagine it'd be a jurisdiction issue for what you propose. If, say, the UK mandates that websites block VPN nodes, that will affect websites served from the UK (creating a Great Firewall of Britain). But what about websites served outside the UK? Those websites can't possibly tell if a user is from the UK and using a VPN, vs outside the UK and using a VPN, so they can't only block UK visitors—they'd have to block all VPN traffic, which is probably not worth it from a business point of view. I suppose the UK could then deem that website illegal in the UK and block them, but then that'd only block the website for non-VPN users in the UK... But if the website owner is outside the UK they can't be punished for violating that law.
More probable (though I still think unlikely) is that a country could sniff for e.g. Wireguard packets and block those. But again that's unlikely because of businesses using VPNs to let employees access company intranets at home.
These laws tend to effect any company that does business in the state or country. Any commercial service or company wanting to make money from UK customers will be required to implement the VPN block for all their customers.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)