Lee DunaOnline age checks came first — a VPN crackdown could be next
_haha_oh_wow_This article seems a little misinformed: VPNs are still regularly used in business and are necessary for companies to function. That’s still probably their primary use if I had to guess.
People who are trying to ban them clearly have no clue what they’re doing as banning VPNs would be an absolute disaster, not just for privacy minded people or folks who want to watch something region locked, but for the basic tech functions of just about any sizeable business.
Larry
ryannathansVery easy to write “except businesses” in legislation
Them I am a business. Sorry pal.
Commercial VPNs are businesses too :)
I know dude, literally everyone ignores this. Its like an ostrich putting it’s head in the sand.
When do governments do anything clever when writing legislation or laws or whatever?
They’re not doing so great, but also, if someone really wants to use an encrypted connection there’s ways around it even in places like Russia and China.
alakeyUltimately the end goal is going to become using whitelists, as what some of the aforementioned countries have implemented/are implementing as we speak. Do not delude yourself into thinking that just because there will be at least some way to send a very short, lightweight message out into the world and receive a similarly small response while remaining undetected, then it has to mean that you as an everyday Joe will be able to browse yourfavourite.site as if it didn’t get blocked. Stop this while you still can, don’t count on incompetence or existing circumvention methods.
I am all for stopping it, but the politicians suggesting these bans have absolutely no idea what they’re talking about or how damn near impossible it would be to actually accomplish: Fight it? Absolutely! It’s stupid as hell and will be a complete waste of time and money.
It will 100% not stop anyone with even moderate technical ability, but yes, it should still be fought against.
“New legislation mandates that we no longer offer the VPN connections necessary for our remote workers to access the company intranet off premises. Starting immediately, all employees are to return to office 7 days a week. If this does not work for you, please reach out to HR and they will accept that as your resignation in lieu of a written document.”
— Meta (the corp pushing the age verification laws), probably.
What about all of the site-to-site VPNs?
Legal, probably. Whichever corporations push that hypothetical bill are going to write it very specifically to ensure that it excludes their use cases.
Here’s an example of how they could do it:
S.A.V.E.K.I.D.S:
Support Age Verification Environments Keeping Internet Detectable Signals
Blah blah pretext and background information…
Blah blah surface-level purported reason for the bill is to prevent kids from bypassing age verification checks by using a VPN to pretend they’re a resident of another country…
No entity operating in or doing business within <jurisdiction> may provide services or make available technology that irreversibly redirects, masks, or otherwise obscures internet-destined traffic to appear as originating from any source other than the internet-connected network in which it was generated.
Site–to-site VPN? Fine, it’s destined for the intranet.
NAT? Also fine, it is the originating internet-connected network.
HTTP reverse proxies? Still fine, they pass the origin IP along.
VPN that routes all traffic through it? You’re getting locked up and they’re throwing away the key.
I know right? Egypt, Tanzania, China, India, Iran, Iraq, Myanmar, Oman, Pakistan, Turkey, Turkminestan, The UAE, Belarus, and Russia all have laws outright banning or restricting (you know, not business but individuals [yes, they can do that]) VPN usage.
But it won’t happen here! You can take that to the bank.
They’re legally banned but that has not stopped the use of VPNs in the countries that tried to ban them, there are already multiple ways around the efforts to stop them.
Legally banned = electronics seized, fines, and jail time when they catch you circumventing it and decide they want to make an example out of you.
I’m sure that won’t ever be used negatively or to target specific groups like investigative journalists and whistleblowers.