Lawmakers want to ban VPNs
Reminds me of my time in Zanzibar, where the internet was censored and some VPN providers (like Proton) weren't working. The authorities then imposed a complete ban of VPNs without permit, with threats of harsh punishment (2000 USD fine or 12m in prison). Exceptions could be made by filling a form justifying the use of the VPN and details about it (for example IP address) but reviews are slow and obscure.
The context with this article is different but the similarities are with how lawmakers misunderstand VPNs. They are an essential tool for workers and there are many other ways to circumvent censorship without VPNs anyway. The irony of this ban is that Zanzibar also wants to attract digital nomads, and the most important tool for them is an unrestricted and reliable internet connection.
A device-side IP filter locked behind a password that parents can configure in the device's settings would be much more effective and easier to implement than censoring the Internet. This should be the default solution, yet it's never brought up for whatever reason.
Not to mention these online content censorship laws for kids are wrong in principle because parents are supposed to be in control of how they raise each of their own kids, not the government or other people.
And these laws make authoritarian surveillance and control much easier. It's hard to not see this as the main objective at this point. And even if it isn't, this level of stupidity is harmful.
I'm reminded of efforts in the 1990s to ban strong encryption in email and websites because governments tried to tell us it was used by drug dealers and pedos to do their nefarious activities.
Yes, governments really did want to force us to use HTTPS with only broken/weak crypto.
Same propaganda, different buzzwords.
If the goal is to protect minors, then alcohol may be a better model:
a) Alcohol is considered harmful for minors, hence
b) It is unlawful for minors to posses and consume alcohol;
c) It is unlawful to sell alcohol to minors;
Similarly:
1) Internet may potentially contain harmful material, hence:
2) It is unlawful for minors access Internet;
3) It is unlawful to sell or provide to minors access to Internet or any devices or services that facilitate access to Internet
Easy-peasy
Remember the days when governments the world over didn't seem to realize the internet existed? I miss those days. I used to complain about and laugh at their technological ineptitude. Now I wish I could turn back time.
The water's getting a little warm isn't it, fellow frogs?
After Wisconsin finds out how to reliably filter vpn, they can then teach Netflix and Akamai how to do it.
Last time I checked modestly reliable geoblocking existed, and completely unreliable vpn blocking.
A friend told me that when he comes across a site for which Nordvpn is blocked, he just changes IP. Latest the third one always works, even on YouTube (he is all about privacy).
Of course, what if I use an SSH tunnel instead as that normally suffices a lot easier for me. It's basically the same underlying libraries? They would have to regulate the use of libssl, libcrypto, etc. This makes no sense lol.
Am I going to find myself in jail one day for "Unregulated use of a private/public key pair?"
Part of the problem is that in order to prove your age you need to hand over a bunch of unrelated data about yourself. Why do they need to know my name, address, signature, and what I look like? They don’t even need to know my actual age, just that I’m over 21. Laws like this would go down a lot better if there were privacy-respecting ways of verifying age.
Stuff like this really reminds me how nobody is actually in control. Entire countries are just going where ever the rivers takes them with those supposed in charge not knowing any better and often worse than the rest and functionally being so clueless they’re passengers too
It's funny how democratic countries copy whatever laws authoritarian regimes passed, but with a 5-year lag.
Wisconsin "porn" websites will just move out of Wisconsin.
The bill reads like you would think from someone who's been talking with the ceo of an age verification company. The bill gives the website two options: use a _commercial_ age verification product tied to gov't id checking, or "digitize" the web user's gov't id.
It's like trying to ban people from whispering in public because someone might say something inappropriate
As someone born in a post‑Soviet country with rather many odd digital laws--including one requiring that any use of encryption be registered with the department of commerce and the secret service (meaning no TLS unless you get a permit)--I can clearly see the endgame of similar proposals.
These laws aren’t meant to be followed. Their text is deliberately vague, and their demands are impossible by design. They aren't foolish, or at least their ignorance isn't needed to explain the system's broader function. They are meant to serve as a Chekhov's gun that may or may not fire over your head, depending solely on whether the people holding it decide like you.
In peaceful times, they fade into the background, surfacing only when it’s convenient to blackmail some company for cash or favors. In times of crisis, they declare a never-ending war on extremism, sin, and treason, fought against an inexhaustible supply of targets to take down in front of their higher‑ups, farming promotions, contracts for DPI software, and jobs updating its filters.
Historically, such controls were limited by the motivation and competence of the arms dealers, usually taking the form of DNS or IP blocks easily bypassed with proxies. With modern DPI, it's entire protocols going dark. Even so, those able to learn easily find a way around them. The people who suffer most are seniors, unable even to call family across the border without a neighbor's help, and their relatives forced into using least trustworthy messengers (such as Botim, from the creators of ToTok, a known UAE intel operation [0]) thinking they're the only way to stay in touch, not knowing how or wanting to use mainstream IM over a VPNs that may or may not live another month.
If wherever you are your votes still matter, please fight this nonsense. Make no mistake, your enemies are still more ridiculous than Voltaire could hope they'd be, but organizing against or simply living through a regime constantly chewing on the internet's wires is going to be a significantly greater inconvenience than taking _real_ action now.
And cue the rise of self-hosted VPNs. 1 click to get a VPS instance, install VPN software, and make a connection. Automatically destroy the instance with another click or after a certain amount of time.
Sadly (at least for me, I am a US citizen) we are seeing the slow burn collapse of western ‘democracies’ and the slow steady rise of the global south.
Western leaders are in panic mode. I am not very political but when I look at the last Biden administration and the current Trump administration I see two men in panic mode - very weak.
A partial solution to western civilization collapse is to make ourselves as individuals strong: prioritize family, friends, continual life long education, spirituality, highly productive work, supporting our local communities, etc.
Isn't it Wisconsin law that lets the Governor change any numeric digits in a law while it's on his or her desk?
One of the most bizarre legal opinions I've ever heard of, but if they used any digits in the writing of the law those are up for grabs. Law makes a 30 day window or something? The governor can just change it to a million days with a stroke of the pen and then sign the edit into law with the same pen!
"Here's what happens if VPNs get blocked: everyone has to verify their age by submitting government IDs, biometric data, or credit card information directly to websites—without any encryption or privacy protection."
Can someone explain how this is true? Even if there is not a VPN, there should be https encryption and privacy protection.
I'll be surprised if my country (the UK) doesn't go down the same path. I don't like the reform party, but they seem to be the only party that see the danger in all of this.
All it does is make it easier for the Government to monitor VPN connections. They already can request logs from providers. Most, if not all VPNs require a proof of identity which is used to subpoena your data. Next up is device security itself. Most phones can be remotely compromised with man in the middle style certificates. Most sites do not use certificate pinning and there is always a master key for decryption built in at the certificate authority level. Unless you have banking level certificates with certificate pinning between sites, a random VPN not tied to your identity and secure devices, a VPN just sells you the illusion of security.
Considering many of these VPNs are operated by shady groups that probably sell data to intelligence services, I suspect efforts to ban them will mysteriously fail.
This will be an unpopular take, but... ban all the VPN's. Do it now.
Every time such a thing happens new technology is created out of necessity. The more totalitarian a regime is the more people are pushed under ground. This only hurts big companies and governments that benefit from having all the juicy delicious data flowing through cooperating CDN's and big centralized platforms where they can see it real time and with real identities.
Motivate developers to make easy-peazy tools to push the normies to Tor, SSH tunnels, hybrid open source VPN's, DNS tunneling, HTTPS piggy-backing, Obfuscated HTTPS websockets, Domain Fronting, Lora Relays, Laser Relays, open source user-space mesh VPN's like Tinc and watch the arms race unfold.
My super secret ulterior motive is that I despise the big platforms including all the big VPN platforms that have money trails or claim BTC is anonymous and claim to not log anything or have real time lawful intercept API's thus allowing them to claim no logs.
I octo-dog dare governments to ban VPN's.
They will then need to be all encrypted traffic if such a law survive legal challenge.
Why ban VPNs when you can freely force social networks like HN to tie nickname registration to an state issued digital ID certificate to guarantee freedom of speech and legal accountability?
https://old.reddit.com/r/XGramatikInsights/comments/1ovd88s/...
I'm curious how they plan to enforce it lol, because I don't think they can. Unless they plan to build something similar to the Great Firewall of China. But it will have to be nationwide. I don't think one state can do it.
Republican lawmakers, in this case.
Well, let’s be honest — users of VPNs regularly don’t know what they are doing, too.
Can’t count how often I‘ve heard otherwise technologically literate people saying how they use a VPN (NordVPN e.a.) because „something something security“.
You don't need to burn books if you can just ban access to them!
20 years ago the boogeyman was "the terrorists!" And now the boogeyman is "not the children!!" Or "immigrants!!" Depending on your audience's political views, but the ultimate goal is more surveillance, more control and more power abuse by who’s in control.
People of the West, repeat after me:
Xray
Vless
Hiddify
Streisand
(and buy VPSes by heaps while you can)
How does changing post titles work? I think it's more accurate that:
"Lawmakers want to ban VPN users from accessing porn websites."
or
"Lawmakers wants porn websites to ban VPN users"
It's an important distinction that has caused a lot of confusion in the last thread about this article.
I know that the author is arguing a slippery slope for political reasons, but it's not factual and it causes confusion.
So 2020 - 2030 will be known as the years when "western societies" (read: corrupt politicians that see us as nothing but cattle) decided to become more authoritarian and dystopic than China and Russia.
ive been invovled in privacy for decades and not once has anyone named the parties behind the bills or authors of it, or who lobbies and uses leverage over lawmakers to push these bills through.
they are persistent and have continuity through generations, organize across borders, influence manufacturers and even pressure individual developers.
tech doesnt secure privacy. finding these people and calling them out directly might.
I wonder if all of the journalism on Epstein would be considered "Sexual content" and if journalists would be forced to self-doxx to report in these states
It seems it would be much more effective to regulate ISPs, requiring them to disallow users from accessing adult sites and VPNs without first verifying their age. This also wouldn't be a violation of privacy since you are already giving your ISP your physical address. The only place users would be expected to identify themselves is over public wifi.
I've been thinking a lot about VPNs lately, mainly for 2 reasons:
1) In my home state I can no longer access Pornhub
2) Last month I visited Mississippi and could not access BlueSky, even though I can from my home state.
[I personally blame this on the "holier then thou", "don't tread of me" conservatives who cannot resist the urge to try to rule over the activities of others.]
I haven't selected a VPN provider because I have heard that a lot of websites create barriers to people who use VPNs. For example, I've seen people say that couldn't access Reddit via a VPN.
Couldn't all of this be handled by META tags, request/response headers and some "they'll obviously do it" laws aimed at operating systems, device manufacturers and browser companies?
How are vpns detected?
Lawmakers in general have less than one percent knowledge on what they make laws on. I look forward to them all logging in remotely after the ban.
The key change is needed with things such as meshtastic and lora. Taking things out of the hands of regulators is key
>Businesses run on VPNs. Every company with remote employees uses VPNs. Every business traveler connecting through sketchy hotel Wi-Fi needs one. Companies use VPNs to protect client and employee data, secure internal communications, and prevent cyberattacks.
Oh look, someone's conflating business VPNs and consumer VPNs again. This time to legitimize consumer VPNs.
The cited laws propose to ban pornography for minors, and ban VPNs that hide geolocation and their use in accessing pornography. Nothing to do with businesses using private VPNs to encrypt employee traffic.
>Vulnerable people rely on VPNs for safety. Domestic abuse survivors use VPNs to hide their location from their abusers.
Woah, maybe VPNs have some uses I haven't considered, let's take a look at the linked article.
>Use a virtual private network (VPN) to remain anonymous while browsing the internet, signing a new lease or applying for a new home loan. This will also keep your location anonymous from anyone who has gained access to or infiltrated your device.
I think the loan thing is rubbish I don't get it, and it's unaffected by the law. But the idea of installing a VPN in case the device is compromised might make sense, if the device is compromised it might still be trackable, especially while downloading the VPN, but maybe if it connects at startup, and the RAT isn't configured to bypass the VPN bridge, it might work.
Quite a stretch if you ask me. And again, not relevant to adult sites blocking VPNs.
The rest of the example are the usual "people use it to evade the government and regulations but it can be THE BAD GOVERNMENt AND REGULAtiONS"
Okay, I'm generally a fan of the EFF, but what they say in this article is untrue?
> Their solution? Entirely ban the use of VPNs.
> Yes, really.
Which is then followed by the actual explanation:
> an age verification bill that requires all websites distributing [...] “sexual content” to both implement an age verification system and also to block the access of users connected via VPN.
This doesn't ban VPNs - it requires age-verified sites to block VPN users.
Which makes 3 of the 4 categories they describe basically unaffected by the change to the law. Business users, students, journalists protecting sources - all can turn off their VPN to access porn when they want to, and enjoy the use of their VPN at any other time. (The fourth category is "people who want privacy," who are in fact negatively affected by the law.)
Don't get me wrong, I think this is a bad bill, but it's also a bad article that is basically lying.
"Here's what happens if VPNs get blocked: everyone has to verify their age by submitting government IDs, biometric data, or credit card information directly to websites-without any encryption or privacy protection.
We already know how this story ends. Companies get hacked. Data gets breached. And suddenly your real name is attached to the websites you visited, stored in some poorly-secured database waiting for the inevitable leak. This has already happened, and is not a matter of if but when. And when it does, the repercussions will be huge."
Then
"Let's say Wisconsin somehow manages to pass this law. Here's what will actually happen:
People who want to bypass it will use non-commercial VPNs, open proxies, or cheap virtual private servers that the law doesn't cover. They'll find workarounds within hours. The internet always routes around censorship."
Even in a fantasy world where every website successfully blocked all commercial VPNs, people would just make their own. You can route traffic through cloud services like AWS or DigitalOcean, tunnel through someone else's home internet connection, use open proxies, or spin up a cheap server for less than a dollar."
EFF presents two versions of "here's what will happen"
If we accept both as true then it appears a law targeting commercial VPNs would create evolutionary pressure to DIY rather than delegate VPN facility to commercial third parties. Non-commercial first party VPNs only service the person who sets them up. If that person is engaged in criminal activity, they can be targeted by legislation and enforcement specifically. Prosecution of criminals should not affect other first party VPNs set up by law-abiding internet users
Delegation of running VPNs to commercial third parties carries risks. Aside from obvious "trust" issues, reliability concerns, mandatory data collection, potential data breach, and so on, when the commercial provider services criminals, that's a risk to everyone else using the service
This is what's going on with so-called "Chat Control". Commercial third parties are knowingly servicing criminals. The service is used to facilitate the crime. The third parties will not or cannot identify the criminals. As a result, governments seek to compel the third party to do so through legislation. Every other user of the service may be affected as a result
Compare this with a first party VPN set up and used by a single person. If that person engages in criminal activity, other first party VPNs are unaffected
EFF does not speculate that third parties such AWS, DigitalOcean, or "cheap server[s] for less than a dollar" will be targeted with legislation in their second "here's what will happen" scenario
Evolutionary pressure toward DIY might be bad news for commercial third party intermediaries^1
But not necessarily for DIY internet users
1. Those third parties that profit from non-DIY users may invoke the plight of those non-DIY users^2 when arguing against VPN legislation or "Chat Control" but it's the third parties that stand to lose the most. DIY users are not subject to legislation that targets third party VPNs or third party chat services
2. Like OpenAI invoking the plight of ChapGPT users when faced with discovery demands in copyright litigation
>So when Wisconsin demands that websites "block VPN users from Wisconsin," they're asking for something that's technically impossible. Websites have no way to tell if a VPN connection is coming from Milwaukee, Michigan, or Mumbai. The technology just doesn't work that way.
https://youtu.be/Pr4v725LPOE?si=ih3gfTSpiHumtrFs&t=79
"That's not how apps work"
"Then make it work you think we are stupid but we are not, we know" VPNs have something to do with IPs which are necessarily geolocatable , and also users need to make an account to connect to a VPN, you can just ask them what country and State they are in.
Being willfully obtuse draws no sympathy, and will not exclude companies from compliance
[dead]
Still not as bad as the previous administration colluding with Facebook, Twitter, and Youtube to censor American citizens and in many cases, get them fired from their jobs.
> It Won’t Even Work
I heard similar sentiments about censorship efforts in Russia, but it does seem to work, unfortunately. So far they have outlawed and blocked major VPN providers (and keep blocking more, including non-commercial ones, like Tor bridges, and foreign hosting companies' websites), blocked major detectable protocols used for those (IPsec, WireGuard), made usage of proxying ("VPN") an aggravating circumstance for the newly-introduced crime of searching for "extremist" information. That seems to deter many people already, and once the majority is forced to use the local approved (surveilled, censored) services, it is even easier to introduce whitelists or simply cut international connections (as is already practiced temporarily and locally), at which point the ban is successfully applied to everyone.