We are seeing the end of the liberal illusion of freedom online. In order to stop anti-zionist speech, to control the proles, and to establish necessary blackmail capabilities against the population to be able to stop revolutionaries before they get started by threatening to release their porn preferences or whatever the boot is coming down very hard and fast.
This isn’t just an EU thing or a UK thing (though they are a spectacular example of a fascist shit-hole whose boot-loving population hasn’t seen an abuse against them they don’t love yet even compared to subservient Amerikkkans).
Across the US laws of a similar nature are being drafted. The porn ban is just step one I’m sorry to say. They’ll see people getting around it with VPNs, point out these VPNs are also used for piracy. Scream about the children and terrorists and evil foreigners and soon enough there will be VPN bans state by state and then nationally with the payment processors (Visa, Mastercard, etc) having a gun pointed at them and they and the crypto exchanges (the non-criminal ones normal people can access after submitting government ID, submitting to an AI or person-driven face scan and comparison to that, etc ,etc) will be forced to stop allowing these things. More pertinently they’ll force hosting and bandwidth providers to drop them within the US and if necessary throttle all traffic that’s uninspectable (though that would take years more most likely).
I predict within 5 years online privacy and public piracy both will be relics of another era. The public will obediently accept giving out ID to access their porn after some grumbling and everything after that will be smooth sailing that most people don’t care about so easy-mode. Frankly the best place to stop these plans is at the porn ID phase because I’m sorry to say but it’s what the largest part of the population cares about out of all these measures.
To be honest I doubt there’s anything that can stop them at this point. The loss of control on the narrative about “israel” and the genocide of Palestinians has them freaked out as does the likely imminent loss in Ukraine. The level of mass mobilization and protest is simply not something you’re going to get over porn and after porn ID laws come laws for other services tying them to your real identity and people have already accepted the government knowing their kinks so will roll over for that as well.
There was a man on TV this morning saying that because Nigel Farage claims to be against all of this, he is basically the same as Jimmy Savile, and anyone else against any of it is a paedo.
Critical support to The FSF (Free Savile Foudnation)
Every multinational company uses VPN for their Intranet, no? I assume this would break so many things, lets go. Just set everything on fire already.
I get tired of seeing this smug-lord take.
They would differentiate naturally between VPNs that are used for purposes like that (connecting to a corporate network) vs those used for anonymity, piracy, skipping around ID requirements within borders of a nation, etc.
It doesn’t do the fight against these kinds of moves any good to smugly say “go ahead, the corporations will make you stop it” because it misrepresents what will happen.
Which is that corporate VPNs will continue to work fine, will continue to be extensively logged, will continue to be used only for employee purposes and not skipping ID laws for adult content or piracy or engaging in anti-zionist speech they want to stop. Meanwhile they’ll implement technical measures to block anonymizing VPNs that people actually care about. They’ll make payment processors stop processing payments for them meaning you’d have to take the extra step of opening a crypto account but all modern crypto platforms are heavy KYC and they’ll be monitoring them and perhaps demanding they comply. Sure it won’t stop determined criminals or hardcore privacy hactivists but it will stop 95% of the population which is good enough for them
Yeah the goal here is to go after the typical web user who was made tech illiterate from years of Apple/Windows/Android slop.
The fact that we’re seeing VPN uptake at levels beyond other countries that enforced bans might at least mean there’s some minimum level of IT knowledge that Brits have to make the education of more advanced evasion possible.
I don’t think it’s that smug, it’s largely realistic. The point is that VPNs have significant legitimate and almost necessary usage, which means
a - There will be some amount of corporate pushback. Maybe not enough, but it’s less likely to mean it’ll be a law. b - You can’t just instruct ISPs to block all VPN-like traffic, making a total ban impossible to enforce. c - Allowing ‘legitimate’ VPNs may allow people to slip preferred ones in as ‘technically allowed’.
So yes, of course the government can just ban the “bad” VPNs, but that compromise alone means it’ll be significantly worse at banning.
Also, given Mullvad takes cash for a significant fraction of payments, banning payment processors probably wouldn’t be so big a deal.
Yeah, I suspect overall it’d still stop >50% of the population, but I’d argue not much more.
You can’t just instruct ISPs to block all VPN-like traffic, making a total ban impossible to enforce
I wholeheartedly believe they can and likely will before humanity’s brush with capitalism is over. They would just filter traffic from residential network endpoints more heavily than corporate/business users and start culling “illegitimate” business users. Then gradually close the loop on other methods of evading censorship. I do have a background contributing bug fixes to one of the big anti-censorship P2P networks out there.
I agree with everything you said. I did not claim that corporations would stop a “VPN ban”, and as you said, a “VPN ban” would not try to ban VPNs, but it would target any kind of anonymity. Opposition to this should of course be supported. The law is an obvious deception to give law enforcement more power to use against anyone they wish, and terrible humor is my coping mechanism.
Now to your point about stopping 95% of the population from hiding their ID online, have they done so successfully in the past? I’m not trying to pin down the number, I get that it’s probably just an estimation and youre talking about the “average person online”. My guess would be, they use a VPN at best, but they do not use it in a way that actually makes them anonymous, like they would still log onto their E-Mail and Facebook and whatnot. My understanding is, that this makes any VPN useless for anonymity, but please correct me if that’s wrong, I admit I’m not super well informed on that.
In my experience, and anyone I talk to in real life, the advice is to generally not even use phones to talk/message about organizing stuff. I mostly go by the assumption that the average person is already not able to hide their identity online, other than by “hiding in the crowd”. Right now, the amount of data makes it hard for anyone to find anything, so people still get away with a lot of shit because noone is looking at them too closely. I think this might soon end, as law enforcement is starting to use software tools from Palantir, and the biggest critics of those tools in germany are apparently opposed to it, because it is a US product, and not a EU product. Police has not been bothered to check whether the use of this software to indiscriminately analyse personal data is even legal. Courts might intervene, but I’m not sure how relevant that is, because they will probably still allow the use of such tools in some capacity, and then police can just do some oopsies and use it illegally anyways.
I don’t wanna dismiss people who rely on online communication a lot, I get that it’s important for many. I think E-Mail and encrypted messaging in 1on1 messages is still sort of safe? But I wouldn’t be surprised if that also has no future. Eventually the state figured out they could just open the mail of a “suspect”, why wouldn’t they do the same with online comms?
Now to your point about stopping 95% of the population from hiding their ID online, have they done so successfully in the past?
They never really saw a great need to. Western capitalism was strong enough it could afford to pretend to have these liberal freedoms and tolerance of speech and so on. Now it’s not and it’s discarding that mask.
My understanding is, that this makes any VPN useless for anonymity
Against a resourced threat actor directly attacking you yes. If you’re a “terrorist group” then you’re fucked by opsec mistakes like that. More complicated is that tech companies like Google, your email provider, bank, etc aren’t really going to be interested in helping the feds coordinate and unmask VPN users. They’ll either block VPN access entirely for their own reasons (risk compliance) or not. Facebook a bit more up in the air given how they’re basically an info gathering operation for the west but still I don’t think they’re going to unless forced hand over lists of time, IP address, real name access logs of people connecting from VPNs for what? Hunting down people viewing porn? To do that you’d need either a tap on the porn provider’s infrastructure or their cooperation (they’d rather just block VPN addresses at that point I think) or else to have compromised the VPN itself. You could try and do timing attacks I suppose. I tend to doubt that much effort will be expended on porn because it’s simply not the real target just a convenient moral hazard to panic about and bulldoze over initial opposition with.
So in an absolute sense yes you shouldn’t connect to things that connect back to your real identity while on your VPN, especially while on your VPN and in the same session from the same end-point doing things you want to hide from threat actors of a government kind. So for example if you create an anonymous Twitter account and post some violent threats on your VPN and then log into and browse facebook and do this a few times that’s a way of potentially being caught or at least an attack surface you don’t want. But in that example both Twitter and facebook are cooperating actively whereas I think porn sites would be less keen to cooperate on unmasking users rather than just blocking VPNs at that point. It could happen I suppose for government blackmail but I tend to think they’d just prefer the porn sites end up blocking VPNs at that point and force people to browse after submitting ID.
As to the hiding in a crowd thing. If they can actually use machine learning to sift through the vast NSA gathered signals intelligence in bulk at scale that would be the end of that strategy having any merit because they’d have total visibility and insight into most things and could even do traffic timing coordination attacks on a bulk scale and without significant mitigations that wouldn’t be possible to easily defeat.
I tend to suspect things like Signal are compromised by a National Security Letter or other means. But those are “deep secrets” meant for catching valuable fish so not likely to be blown on anything too mundane like a moral panic. E-mail isn’t really safe at all. You can hide message content using PGP (but unless you’re exchanging your keys in person or taking great pains to obfuscate them that may not help if you exchange keys online via the same or similar mechanism) but not metadata which is what they most care about for crushing activists which allows them to create relationship graphs mapping out people with relations to others like members of an org.
Thank you, I think I will have to reconsider the usefulness of VPN. I may have been more pessimistic about them than warranted. I hadn’t realized that metadata in E-Mails thing but that makes sense. Also too many people stay logged into their accounts all the time anyways, so it sucks when someone gets their devices confiscated.
deleted by creator
They’ve managed to ban all Wireguard/OpenVPN-based VPNs here in Russia. Only V2Ray/XLESS and Shadowsocks still work.
We should see about getting lemmy to stop rendering pages unless you’re logged in. That would help stop crawlers from automatically flagging anti-Israel content. The next problem is going to be keeping AI agents out (hey this is just like that movie!). 2FA with a phone is tricky. I’m not sure if they can solve captchas yet, maybe a captcha on login would work. But then again, that’s just helping google train their bots.
We should see about getting lemmy to stop rendering pages unless you’re logged in. That would help stop crawlers from automatically flagging anti-Israel content.
The downside of that is it would kill the search traffic for the entire platform. I’d wager that’s almost half the traffic other lemmy sites that aren’t communist get.
2FA with a phone is tricky.
We’d half Hexbear’s users if you required people to give their phone number to the site for any feds to make a list of.
2FA with SMS is fundamentally broken anyway. Proper two factor works with crypto (e.g. google authenticator).
I found Hexbear through a search for some historical thing iirc. But at the same time, I dunno. The authorities are not fucking around.
Allowing mods/OP to optionally designate a post as logged-in-only or non-federated would be a good feature though.
Maybe even something like spoiler tags except you have to be logged in to see them.
This would effectively kill federation, no? You need go be able to view content without auth to display it on other instances.
This may be necessary, but just a consideration!
EDIT:
There are other clever ways to kill webcrawlers such as sinkholes that send recursives down a path of bogus cheap-to-serve data, for example.
Perhaps even using CAPTCHA or other auth to catch bots.
Both still have the issue of federation tho.
they can absolutely do captchas
I’m not confident but I will say this is very difficult to implement in practice with how many systems rely on VPNs to function, namely thousands of busineses that are the backbone of our information economy.
I know this usually gets legislated around in countries where they’re applied, such as demanding that VPN providers forfeit user privacy or deploy censors, or allowing corporations to bypass certain restrictions.
However, I would also point to the number of users here from countries where western services are banned alongside VPNs. For example, we have a few Iranian comrades, where VPNs outside of backdoored options are banned.
Enforcing these bans is hard to do, if the govt’s current record on enforcing bans on torrenting/copyrighting content is to be observed. We must do what we can to disseminate the tools to bypass our governments!
I think it will be implemented as a compliance thing. Where enterprises will have the motivation and resources to go through a permitting process, and individuals will be either unable to use one, or the process will be very long and demoralizing. “Oi, you have a loicence for that VPN?” and so forth. It’s also an easy way to jail any opsec-minded detractors.
if you want to go to that route get ready to buy a shitload of chinese equipment because those are the only ones capable enough to block at least some of the modern VPNs, and it’s not even that effective. in my experience the only real way to ban VPNs is to kill almost all outbound traffic.
ban porn, VPN sales goes up. ban VPNs, starlink sales goes up. ban starlink, then what?
At the end of the day there’s no way to differentiate VPN traffic against HTTPS traffic, so the only way you could stop VPNs is to either shut down all external traffic between your country and the rest of the world or ban all encryption across wires, and either of those options are suicide on about 200 different levels simultaneously.
ban porn, VPN sales goes up. ban VPNs, starlink sales goes up. ban starlink, then what?
Slow scan television over HF radio
The reason why VPN ban exist in China is mainly to brew a home made internet system on top of filtering out foreign internet influences and political actors. The reason why a 3rd world country like the UK does it is purely to implement a compliance system to control the narrative
deleted by creator
China 2.0
What are we, a bunch of asians?
China doesnt even totally ban VPNs, it just mandates that services enforce their content restrictions. I guess for most people that amounts to a ban
I found a YouTube link in your comment. Here are links to the same video on alternative frontends that protect your privacy:
