I heard similar sentiments about censorship efforts in Russia, but it does seem to work, unfortunately. So far they have outlawed and blocked major VPN providers (and keep blocking more, including non-commercial ones, like Tor bridges, and foreign hosting companies' websites), blocked major detectable protocols used for those (IPsec, WireGuard), made usage of proxying ("VPN") an aggravating circumstance for the newly-introduced crime of searching for "extremist" information. That seems to deter many people already, and once the majority is forced to use the local approved (surveilled, censored) services, it is even easier to introduce whitelists or simply cut international connections (as is already practiced temporarily and locally), at which point the ban is successfully applied to everyone.
Is it working in Russia? I'm Russian and basically every single person I know has and actively uses a VPN with no consequences. WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation. They only blocked a few largest providers, but that's seemingly it.
I'd be concerned there about the combination of "loggable" with "practically everyone breaks the law every day" (the latter is generally true in many countries, but not always in ways that are easy to record). You can get away with it but if you ever displease someone, then the consequences could show up suddenly then.
That's the regime that the vast majority of the world lives under now. You're almost certainly breaking the law in some way; we have a vast corpus of law that is usually unenforced until you draw the ire of some bureaucrat, politician, or law enforcement officer, and then they come down on you like a ton of bricks. The average citizen is usually counting on being boring, nondescript, and non-threatening enough that nobody bothers to call them on it.
Why else do you think actual policies change so much between presidential administrations (assuming a U.S. bias, but other countries have similar issues)? All the laws about cryptocurrency, DEI, greenhouse gas emissions, environmental regulations, etc. that the Biden administration cared about but the Trump administration is choosing not to enforce are still on the books. If Democrats ever get back in to power, people that are casting them aside under pressure from the current administration are likely in for a whole lot of pain. And likewise, during the Biden administration all the laws about immigration and federal control over the federal budget were still in force, and people who relied upon a friendly administration are currently going through a world of pain right now.
No, this is not the way it should be. If I were to rewrite the Constitution, one thing I'd put in is a feedback mechanism between legislation and enforcement, so that laws which are not enforced fall off the books, and it becomes illegal for the executive branch to choose not to enforce a law. That'd force the body of law to converge to what is a.) realistically enforceable and b.) what actually happens in practice, so that people can look at what their neighbors are doing and be reasonably sure that they're not breaking any laws by doing the same thing.
But in the absence of that, your best bet is often to still just look at what your neighbors are doing and do the same thing, because then you blend in to the crowd and don't attract attention.
> every single person I know has and actively uses a VPN
I do know people who use no circumvention methods: some are simply not sufficiently familiar with technologies (including older people, who seem to think that something is wrong with their phones), for others it is a mix of regular shying away from technologies and being worried that it draws the government's attention. And then there are those who appear to genuinely support the censorship (or whatever else the government does). I also hear of people switching to local services as the regular ones are blocked.
Anecdotal data is of little use to determine the extent though, and trustworthy statistical data may be hard to come by, but if you somewhat trust the Levada Center, their polls indicate that YouTube's Russian audience halved following the blocking, among other things. [0]
> WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation.
For both IPsec and WireGuard, I have both heard of the blocks [1] and observed those myself, particularly to servers across the border (which were otherwise available; there is a chance that I misconfigured something back then, but I recall it working fine with local servers). For IPsec, I have also observed blocks within the country (and RKN lifting those on request, confirming an intentional blocking that way, twice; also confirmed that those were for IPsec packets in particular, not any UDP). But possibly it does not affect all the foreign subnets: as with a recent blackout [2], when quite a few were affected, but not all of them.
> WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation.
Good for you. I have a few machines around the world (a truly geo-distributed homelab lol), and my node on a residental connection in Russia (north-west, no clue about other regions) has pretty spotty vanilla Wireguard connectivity to the rest of the world - it works now and then, but packets are dropped every other day. My traffic patterns are unusual compared to usual browsing (mostly database replication), and something seem to trigger DPI now and then. Fortunately, wrapping it in the simplest Shadowsocks setup seems to be working fine at the moment.
But yeah, can confirm, VPNs are ubiquitous and work reasonably well for everyone I know who still lives there. Although I think all decent VPN providers have measures against traffic analysis nowadays, as plain Wireguard is not exactly reliable.
Have you tried AmneziaWG? From what I know, it's specifically designed to bypass protocol-level blocking of WireGuard
> decent VPN providers
You'd be surprised by the amount of people I know who use random "VPN services" which are literally just WireGuard configs you can buy through a Telegram bot for like 100₽/month
Well... It all started from a single-location homelab 20-ish years ago, while I was still living at my parents' place (although I had a 1/4 stake in ownership). Then I moved around but kept the server at the old place and added a second machine. Just because I'm self-hosting my email, and residential connections aren't best in terms of availability I thought having a HA system would be fun and useful - and so it was (although not always fun, of course). Few more moves later, I've ran a bunch of servers on residential connections all around the world. Some were demoted to VPSes for consensus and backups, as I moved out, some are still there.
There's a Wireguard-based mesh (static routing, but declarative centrally managed setup using Nix) with Shadowsocks for traversing hostile borders. Runs a few private/personal services for myself, family, and friends - email, messaging, media library, the commonplace homelab stuff. Certainly not the best design - things never are, there's always room for more and more improvements, no matter how much you work on it, but I'm pretty happy with it overall.
There's no real reason why is it like this. I could've done it more conventionally and probably avoid a lot of downsides - but it's a fun little exercise that allows me to play with various technologies, and I like that the system is truly mine, hardware and premises it's on, all built by my own hands (random fun fact: I was a founding engineer at the ISP that two of my nodes are on).
tl;dr: Had a single home server, moved around and added a few more. No particular reason, it's just a fun geeky toy for me. :-)
I think us software people tend to think in absolutes. Yes, completely banning VPNs is very difficult. But for a totalitarian government, reducing VPN usage by say 60% is a win. You only have to make it difficult enough for the layman.
> I think us software people tend to think in absolutes.
"Software people" have an above-average understanding of probabilities overall. It's politicians who tend to think in absolutes. If you tell them that the effectiveness of something is poor and vastly exceeded by its costs, they say "so you admit that its effectiveness is more than zero". And then people will instead have to say that something doesn't work when they mean it has low effectiveness or an underwater cost-benefit ratio.
Moreover, a lot of things with computers actually are absolutes. You can't backdoor encryption without a massive systemic risk to national security and personal privacy of someone bad getting the keys to everything. You can't allow people to send arbitrary data to each other while preventing them from communicating something you don't want them to -- the same string of bits can have arbitrarily many semantic meanings and that's proven with math, and software can do the math without the user needing to understand it.
And the most important one is this:
> But for a totalitarian government...
A totalitarian government is trying to do something different and illegitimate. Banning VPNs etc. has higher effectiveness as a means for censoring the general population than it does as a means to prevent crimes or limit contraband in a democracy, because criminals will take the required countermeasures when the alternative is being arrested or not getting their fix whereas laymen are less likely to when the alternative is "only" that they don't get to read criticism of the government.
"It works better for totalitarian regimes" is an argument for not doing it.
>"Software people" have an above-average understanding of probabilities overall. It's politicians who tend to think in absolutes.
If I had a penny for everytime a software person / nerd on HN and elsewhere made an argument that shows little understanding of probabilities and statistics, or perhaps only a theoritical understand that's context dependent (meaning they know the math, but magically forget them when discussing some specific topic), I'd be rich.
>"It works better for totalitarian regimes" is the argument for not doing it
Parent is not justyfing them doing it. They are explaining how little exhaustive their implementation can be, while still being effective for their goals.
> If I had a penny for everytime a software person / nerd on HN and elsewhere made an argument that shows little understanding of probabilities and statistics, or perhaps only a theoritical understand that's context dependent (meaning they know the math, but magically forget them when discussing some specific topic), I'd be rich.
If 75% of people in some group are above average then 25% of them still aren't.
> They are explaining how little exhaustive their implementation can be, while still being effective for their goals.
But their goals are different than yours. Or if they're not, you're the baddies.
> significantly reducing VPN usage is a win for (totalitarian) govs
But a loss for non-totalitarian countries, and therefore a cost rather than a benefit in the context of US states doing it.
> it's enough to make it difficult for the layman to achieve govs' goal
And I addressed that, but I'll reiterate.
Even ordinary people can bypass VPN blocks with a trivial amount of effort. It's really not that hard, and in fact there is an entire cottage industry dedicated to making it easier, because we don't want totalitarian regimes keeping their population in the dark -- and the people thwarting those blocks are our friends, or often even the US government itself, for actually good reasons for once.
So if you block something that people aren't that interested in seeing, like criticism of the government when that's something that tends to make a lot of people uncomfortable, then blocking people from seeing it has an effectiveness which is a little better than totally negligible. Because some people won't go out of their way even a little bit to see it, and then they don't. (Which is why it's important that we make it absolutely trivially easy for ordinary people to bypass those blocks.)
Whereas if you're trying to block something that people actually want -- drugs, porn, whatever -- it's not going to work because that trivial amount of effort to bypass it is too small to be meaningful in a context where the user is actively seeking it out.
> "It works better for totalitarian regimes" is an argument for not doing it.
The problem is that authoritarianism has been allowed to become attractive to many politicians, because they are allowed to be bought by corporate money, even if it harms their constituents. Rights, freedom, and privacy has become secondary to money and the blind lust for power.
That's more of a second order effect but I'm not sure it's wrong.
You have so many twits trying to get away with authoritarian nonsense that they're conditioning people through propaganda to accept authoritarian nonsense. What happens then? More twits trying to get away with authoritarian nonsense.
We need to come up with a better solution to this than the historical norm of things getting so bad that people are finally willing to fight a war over it.
I keep citing, as an example of this, speed limits.
You can literally break the law by just pushing your foot down harder. It's that easy! Therefore they're pointless.
Or, the TSA. They might have taken away my knife, but putting a rock in a sock and hitting someone in the head is an easy workaround. Therefore it's pointless.
(Arguing that the law is easy to break has no effect on whether the law is a good idea, should exist, or is effective.)
> You can literally break the law by just pushing your foot down harder. It's that easy!
How are you distinguishing that from any other law? You can literally break the law against theft by just picking someone's pocket. It's that easy!
But that was never the argument to begin with. They're proposing a law requiring websites to ban users who visit via a VPN. So to begin with we already have a major difference. The people subject to the law (websites) are different than the people who would be trying to circumvent it (users and VPN services).
Meanwhile websites have no actual means to know if someone is using a VPN. There are a zillion VPN services and anyone with an IP address can start one. There is no way for them to comprehensively ban them all. So now what happens? The website bans some VPNs -- they would be doing an incredibly painstaking job if they managed to get three out of every four -- and then the user just tries three or four random VPNs or VPN-equivalents until they find one that works and keeps using that.
At this point you could try to prosecute the website for failing, but then you'd be prosecuting everybody because nobody would actually be able to do it. Whereas if making an attempt is sufficient for compliance then they check their compliance box meanwhile everybody is still bypassing it. Which is why it's useless.
TSA really is pointless, and airport "security" in general is an example of what you get when you keep sacrificing real freedom to fight imaginary threats.
If Trump administration was ever serious about reducing government waste, they should have dismantled the TSA.
Plane hijackings used to occur because the SOP was to not resist and try to negotiate with the hijackers for the safe release of the passengers.
After 9/11 the assumption has to be that they're going to fly the plane into a building and kill everyone, so now if you try to hijack a plane all the passengers and crew are going to beat you to death with their fists and shoelaces like their life depends on it, which makes it a lot harder to hijack a plane. The TSA has approximately nothing to do with that.
TSA is security theater, but I think checks are still necessary. Otherwise people can bring C4 onto planes, blow themselves (and the plane) up in the air, and freak a lot of "Western civilization" out.
The liquids ban really is bullshit though, it's to prevent a fictional movie plot using a bomb mixed up using binary liquids...
It’s not about “damage”. Terrorism never is. It’s about instilling fear and an over reaction that will have people sympathetic to your cause. It worked during 911 and it’s working right now in Israel.
Yeah, but that's my point. Planes go missing somewhat regularly, and sometimes even get blown out of the sky intentionally. It's news for a week or two. So why go through the trouble of getting on a plane and blow it up in the sky (and kill yourself in the process) when you can just blow up something like a music star's concert and get more media attention, and even survive the whole thing.
Binary explosives aren't fictional. They'll make just as much of a hole in the plane as C4.
The liquids ban is bullshit because you can have arbitrarily many small bottles of liquid and an arbitrarily large empty bucket to mix them in once you're inside. And because blowing up a plane isn't any more of a problem than blowing up a subway car or a highrise hotel lobby but it's ridiculous and infeasible to stripsearch everyone who goes into a high population density area.
Guns are trash on a plane. The use of a firearm is to be able to incapacitate someone from far enough away that they can't counterattack. Planes are densely packed with people. You'd have people surrounding and disarming you long before you could get control of the plane. How many shots do you expect to get off when anyone you're not currently aiming at can put their hands on the gun while someone else grabs your other arm to pull you in the opposite direction and a third person comes up behind you and kicks you between the legs?
Also notice that even if you somehow managed to kill everyone on the plane, you'd then be left with just a plane full of terrorists for the government to blow out of the sky. And if all you wanted was to kill a bunch of random people then being on a plane has nothing to do with it.
Terrorism is never about how many people you kill. It’s about instilling fear and sending a message and the downstream economic harm.
Look no further than 911. Two costly unnecessary wars (that even republicans don’t defend anymore) that caused an entirely new generation of people to hate America.
> Terrorism is never about how many people you kill. It’s about instilling fear and sending a message and the downstream economic harm.
But again, what does it have anything to do with it being a plane? If they were to blow up a train instead of a plane, are people going to be like "haha you idiots, that only works if it's a plane"?
> Look no further than 911. Two costly unnecessary wars (that even republicans don’t defend anymore) that caused an entirely new generation
It sounds like you're saying that inhibiting overreactions to terrorism would lessen its effect and act as a deterrent to it.
(I edited my above comment. I didn’t finish my thought “caused an entire generation to hate America”).
My wife and I fly a lot so we don’t think twice about it. But I’m sure you know how many people are deftly afraid of flying. Can you imagine how reticent people would be about flying if planes start blowing up? Much more economic harm comes from a disruption of air travel than if mass transit stopped in one city.
No one in America to a first approximation cares about trains or mass transit. They are mostly popular in those left leaning cities that are infested by criminality any way. I can see it now “what did they expect when they elected a socialist Muslim” (please note sarcasm).
> Can you imagine how reticent people would be about flying if planes start blowing up? Much more economic harm comes from a disruption of air travel than if mass transit stopped in one city.
There are more than four times more riders of the subway in NYC alone than there are plane tickets sold nationwide.
Meanwhile if you're actually worried about deterring people from flying then what does it do to force them to risk missing their flight if they don't waste two hours getting there early, or subject them to warrantless suspicion, scary radiation, uninvited groping, nude body scanners and senseless humiliation?
And all for nothing because it can't be the thing preventing people from blowing up planes when tests consistently show that they're still letting through three quarters of contraband.
You realize every single country has similar procedures? The only difference in my experience flying out of LHR (London) this year and flying out of ATL is that you don’t have to remove your shoes and they allow liquids to pass through security after a secondary screening. SJO (Costa Rica) was about the same earlier this year except they also don’t aloud liquids.
You also have to go through screening and metal detectors to get on the train between London and France (the “Chunnel”)
If NY gets disrupted - no one cares outside of New York. Do you remember how people were stuck after 911 or more recently when a bad software update took out airlines nationwide?
There is a reason that the government set up a fund to protect the entire airline industry from collapse from liability after 911.
> You realize every single country has similar procedures?
The US has a way of setting bad precedents or pressuring other countries to adopt its inanity, yes. Another reason not to do it here.
> If NY gets disrupted - no one cares outside of New York.
The very large number of people in New York probably care though. Also, why would someone blowing up a train in New York be less scary to people in DC than someone blowing up a plane in New York would be to people in DC?
> Do you remember how people were stuck after 911 or more recently when a bad software update took out airlines nationwide?
Less than a quarter as many people as get stuck when the NYC subways are offline, presumably.
If you haven’t noticed, “the people in DC” right now don’t care about the US outside of red states. And the reason a plane is different because people think it could happen to them if they got on a plane. If you don’t live in NYC, it’s easy to avoid the NYC train system. If I want to get from ATL to Seattle - what am I going to do drivers two or three days?
>Less than a quarter as many people as get stuck when the NYC subways are offline, presumably.
There plenty of ways to get from Manhattan to Queens if the train system went down then to get from California to Florida.
Is it really that hard to see the difference between a localized transportation system in NYC and a worldwide network of planes? Especially since airline security doesn’t just affect domestic flights it also affects flights leaving the US.
And you think the US pressured England of all places to have higher security? Did you forget about all the bombing they use to have? Did they also irsssye countries to have higher security security measures for domestic flights and their internal train system?
Or do you think that Israel would have less security if it weren’t for US pressure or Central America?
Why would the US care for instance if there were screenings to get on the baby Sansa propellor plane that flies from San Jose Costa Rica to Manual Antonino?
> If you haven’t noticed, “the people in DC” right now don’t care about the US outside of red states.
I feel like you're failing to see the symmetry at all. We have direct historical evidence on point that they cared about some New York City skyscrapers, and those were definitely Republicans too. Do you really think they wouldn't care about the same thing today regardless of whether it was a plane or a train?
> And the reason a plane is different because people think it could happen to them if they got on a plane.
But if it happens to a train people don't think it could happen to them if they got on a train? Either that's not true or those people would have such a disconnected relationship to logic that there is no use pandering to them anyway because they wouldn't see the connection between your policies and the results.
> There plenty of ways to get from Manhattan to Queens if the train system went down then to get from California to Florida.
Spoken like someone who hasn't seen the days when it goes down. What happens when you take the 4 million people who ride the subway every day and tell them it isn't there? Impassable gridlock.
> Is it really that hard to see the difference between a localized transportation system in NYC and a worldwide network of planes?
All of the transportation systems are interconnected. What does the connectedness change? If something happens on a train in New York, does it materially affect San Francisco but not Honolulu because trains connect New York and California but not Hawaii?
Planes are even less affected by this than other things because you can damage train tracks or road bridges that act as a bottleneck but the only infrastructure air travel requires is airports and planes, and airports are widely distributed and planes are easy to move around.
> Especially since airline security doesn’t just affect domestic flights it also affects flights leaving the US.
Which is another reason it's a farce, because it also affects flights entering the US and then it doesn't matter what the TSA does when you can go through airport security in the country of your choosing with the weakest or most bribe-accepting security that lets you get behind the checkpoint on a plane to the US.
> And you think the US pressured England of all places to have higher security?
Your original claim was that all other countries do this. Before 9/11, they didn't, and now you're having to resort to only the countries with the most stringent checks. Obviously Israel where bombings are practically a daily occurrence would need more than countries where that is much less common, but that's kind of the point, isn't it?
> Why would the US care for instance if there were screenings to get on the baby Sansa propellor plane that flies from San Jose Costa Rica to Manual Antonino?
Are you saying that the screenings to get on that plane are the same as the ones imposed by the TSA, or are you now conceding that this is wrong:
> You realize every single country has similar procedures?
No I’m saying it’s completely illogical that you believe the US pressured countries to have the same security screenings on domestic flights within the country including to get on a baby twin engine plane for a 30 minute flight from SJO to XQP or that countries like Great Britain or Israel that had a history of bombings wouldn’t have increased security measures.
If you are asking whether it is the same, everywhere. In my recent experience of flying out of international airports…
- LHR - you don’t remove your shoes and they have newer scanners that supposedly detect explosives in liquids.
> But if it happens to a train people don't think it could happen to them if they got on a train?
Well first most people outside of NYC aren’t as heavily dependent on public transportation. They already see it as dangerous and for poor people (yes I think that’s ignorant). In other words people with means already avoid public transportation and they would even be more likely to do so. This is very much a car centric culture
Do you know how many people outside of NYC believe the narrative that the minute you step on a train in NYC that you are going to be shot or raped?
No I don’t believe that. I’ve used NYC mass transit once when I went to the US Open (the reason I mentioned Queens where the Arthur Ashe stadium is).
I lived in Atlanta for 25 years. I took MARTA once to get from the north suburbs of Atlanta to the airport. The rest of the time we would drive or take Uber. I took it again recently to get from the airport to downtown when visiting.
MARTA also has such a reputation for only being for poor people to the point where its derogatorily called Moving Africans Rapidly Through Atlanta (before the pearl clutching starts about me using a racist acronym I’m Black). If people started bombing trains. You would see even less ridership from people who had alternatives.
> All of the transportation systems are interconnected. What does the connectedness change? If something happens on a train in New York, does it materially affect San Francisco
You mean all 5 people who ride trains inter-city across the country?
> Which is another reason it's a farce, because it also affects flights entering the US and then it doesn't matter what the TSA does when you can go through airport security in the country of your choosing with the weakest or most bribe-accepting security that lets you get behind the checkpoint on a plane to the US.
Most bribes are for drugs and other contraband. Have you ever in the past 20 years heard of a case where someone bribed an official to bring a weapon on board a plane that was used to take over or bomb a plane?
But you still haven’t answered the main overriding question - why does every major airport in every country have the same procedures? Is everyone in the world wrong? And if it is because of supposed pressure from the US, why is it true for domestic flights within their own borders and for their train systems (at least my n=1 experience on a train outside of the US)?
Eyeballing the data [1], it looks like total fatalities in the low 1000s, and roughly 20 hijackings per year 1980-2000. Let's value each human fatality at $1M, and - lacking any knowledge about the subject - cargo also at $1M/incident.
That's about $1B in human life loss and $20M/year in cargo.
The 2025 budget for ths TSA was over $10B, so we're spending 10x the loss to prevent it. Value each human life at $10M? Then the total value of lives lost over a 20 year span is about one year of TSA spending.
The current VSL (value of a statistical life) is approximately $13.1 million, a figure that varies by agency. For example, the Department of Transportation (DOT) uses $13.7 million for its safety standards.
You’re completely ignoring the knock on economic effects of lower confidence in flight safety, liability and the not so hypothetical ability of someone to take over a plane and use it to attack ground targets.
AirTran for instance went out of business because of one crash. If someone blew up a United plane, I can guarantee you that Delta would increase the security before you got on their flights to instill confidence on passengers.
And people act as if airport security and the TSA measures are unique to the US. My wife and I just got into a position where the stars aligned for us to fly a lot post Covid. But during that time the three countries that we have flown out of - London, Costa Rica and Mexico all have the basic same security measure with the slight difference that you can bring liquids on board from LHR because they have newer scanners that supposedly detect explosives.
And it’s not just airlines. We also had to go through the same type of security to get on the “Chunnel” from London to France.
The only thing that is really theatre is taking off your shoes in the US.
One notable change is: reinforced cockpit doors that can't be forced open from the outside easily. Good luck hijacking with that.
But another notable change is that plane crews and passengers all understand now that plane hijacking is a life or death situation, and would fight hijackers to the bitter end.
Which is what happened on the very day of 9/11, on Flight 93.
With reinforced doors - pilots still come out to use the restroom. Flight attendants usually just block the aisle. People will fight back in the case of knives. But how much fighting back dk you think is going to happen if people have guns?
How long do you think it’s going to be before a pilot opens the door if a hijacker starts shooting people?
Airport security is by far not just in America with the only exception in my experience is that other airports don’t make you take your shoes off and some allow liquids in carryon
If people think the plane is about to be flown into a skyscraper, I'm not sure a gun will stop them. There are hundreds of people on a plane and at most twenty rounds in a gun. The math isn't in the terrorist's favor.
There also isn't room to get away from angry passengers. They're probably going to overwhelm terrorists with guns relatively quickly.
I don’t believe I’m making up this scenario. But here I go..
I would book a first class flight in the first seat in front of the plane. Make all of the first class passenger - fewer of them, probably wealthier business travelers who don’t think they are Rambo - move to the back of the cabin.
The aisle would be the perfect kill zone. I watched a documentary and they said SWAT training for taking over a plane from terrorist they know that whoever goes in first is likely to get shot.
Are you suggesting that TSA can reliably stop being from bringing guns onboard?
The only thing preventing that is that people mostly don't want to bring guns on board. It's a pointless exercise that accomplishes basically nothing .
Are you saying metal detectors don’t work? Why is it that absolutely every airport in the world has similar security - as well as Brightline in Florida and the Chunnel between London and France?
As far as people not wanting to bring guns on planes - did you forget what country this is? 2nd Amendment people get their panties in a knot anytime they can’t bring a gun anywhere.
What stops people from speeding more than they already do is enforcement. The law isn't doing anything.
But the TSA isn't a law. The TSA is, notionally, the enforcement. And it doesn't do anything either.
So the TSA really is pointless. If you drive around at 30 mph over the limit, you're going to get a ticket, and this traffic cop presence stops people from speeding "too much". If you smuggle explosives onto an airplane, you may die in the crash, but that would have happened regardless of the TSA. The TSA hasn't added any value.
The examples are similar in that they demonstrate that reducing probability is a reasonable goal, and it is a mistake to say anything imperfect is useless.
Your take on TSA seems to be in the imperfect=useless camp. There are good ROI, efficiency, and philosophical reasons to want to abolish TSA, but it seems naive to say there is zero value and their mere existence has not deterred anyone.
I think the problem with these examples is that they conflate instrumental goals with terminal goals.
People speed to get to a destination faster or to relieve their frustration on the road (street racers notwithstanding). If the cost of speeding increases they'll speed much less, because they're more interested in their terminal goal. There's a lot of elasticity here.
Attacking a plane is a terminal goal for terrorists. If it gets harder, they'll do it somewhat less or pursue softer targets. But there's much less elasticity here. So it's less clear that more security measures will result in fewer deaths.
That doesn't imply the TSA is useless but I think it might be clarifying to the discussion.
the problem with TSA is that their effectiveness is near 0. every time there have been tests, ~3/4ths of bombs/guns go straight through. you'd get better accuracy out of a monkey pointing at whoever happens to have a banana in their bag
> There are good ROI, efficiency, and philosophical reasons to want to abolish TSA, but it seems naive to say there is zero value and their mere existence has not deterred anyone.
Are you familiar with the TSA's measured efficiency? It's not naive at all to say that, below a certain detection threshold, the deterrence value is zero.
You'll notice that what I actually said was "[the TSA doesn't] do anything", which is accurate in a context of accident prevention. I didn't call them imperfect. I called them useless directly. It isn't the case that they do some good work and some bad work. They don't do anything that is useful in any degree.
One time in China (in 2018) I ran my own OpenVPN instance on a Linode VPS in Singapore, and then it got blocked within a couple of days lol. I'm guessing it was deep packet inspection.
I'm from Russia, can confirm that. We are constantly trying to get around these blocks but no tech can help from cutting international connections. Also there is another issue: local browsers (Yandex and Atom from Mail Ru group) are using government certificates by default. That means that https encryption between sites inside the country becomes useless
*without resorting to complete Russian style government control
The US is not (yet) Russia. The rule of law is definitely being destroyed as we speak, so who knows 5, 10 years down the road, but there are still several prerequisite institutions that need to be destroyed before the US could reliably enforce a VPN ban.
From my reading, the GP comment isn’t claiming otherwise, but just that that sort of VPN ban isn’t enforceable in advance of some of those changes. They do directly suggest they don’t know how long this will remain the case.
>Every country that has slid into North Korea style total control begins with a "it won't happen here. And it'd stop before it gets that bad."
This is a pretty bold claim and I'm not sure it matches up with reality.
Karl Marx said that in the first stage of communism there would be a required period of dictatorial control in order to transition from and dismantle capitalist institutions. This is exactly what happened in China and the USSR... there just never was a phase 2.
That's not quite "this will never happen here", more like premeditated dictatorship that never ended because the ruling class preferred being a ruling class rather than return themselves to "communist paradise".
If we’re exhuming odious corpses, Lenin did say the first step would be to control the telegraph and telephone exchanges. Control over the spread of information was understood to be crucial even then. (Admittedly in Lenin’s case he was also talking about battlefield coordination inside a city, what with the absence of portable radios.)
As far as Marx, well, he didn’t provide a recipe for phase 2 either—he just kind of assumed that things would fall into place naturally after the revolution (that needed to be global! the whole communism-within-a-country thing was a later invention / post-hoc rationalization, lampooned masterfully by Voinovich’s Moscow 2042). The entirety of the nascent social sciences field (which Marx was performing to the contemporary standards of, however disastrously that turned out) was rather high on the whole natural law thing around that time. Turns out that, if you created a power vacuum, it would be filled by people who had most ruthlessly optimized for capturing power, as opposed to fairness, your preferred ideology, or anything else. Which at first meant Lenin and then ultimately Stalin, in whose purges died the last true (if at that point very, very bloody) believers. (Notice also how there are very few mentions in history of the eponymous soviets, councils [of workers and peasants], deciding anything whatsoever.) Also most of the intellectual backbone of the nation and the national liberation movements of multiple peoples, but who’s counting.
> Karl Marx said that in the first stage of communism there would be a required period of dictatorial control
Not that it particularly matters, but he didn't say that. Marx never set down specific ideas about how a communist or proto-communist society should organize itself. He thought history was a natural progression of inevitable forces and was more interested in establishing the inevitability of communism (ha) than in describing specifically what a post-capitalist society would look like. (Misleadingly, he did use the phrase "dictatorship of the proletariat," though not to describe any type of dictatorial government.)
The whole "vanguard party of elites ruling by fiat" thing was Lenin's idea. Lenin though the working class wasn't educated enough to lead itself, so a ruling Communist Party should act as a steward on their behalf. Naturally, this idea was popular with people like Lenin and Mao, since it justified their being elevated to the status of authoritarian dictators.
> more like premeditated dictatorship
Lenin's communist party was, in theory, meant to represent the public. The pitch was never, "time for our prescribed period of temporary authoritarian dictatorship." Like any other political party, the Communist party was supposed to be democratically selected and represent the public. Obviously it quickly became corrupt and snuffed out the democratic elements, but any government is vulnerable to that sort of thing.
No, I think the USSR's descent into authoritarianism was very much an "it won't happen here" phenomenon, save perhaps for the fact that the Tsar's monarchy had only just ended and authoritarianism would have been nothing new to Russia.
Russia was primarily an agricultural exporter, but it was most certainly a capitalist society prior to revolution. It bought and sold many things, and was an industrial nation, on par with many others in Europe, with a capacity to build war ships, tanks, artillery, trains and so on. It had other tremendous inequalities, but without factories, without lower officers in the navy and army, without the first revolution where the capitalists took over, there would be no second revolution of the bolsheviks, or soviets.
If buying and selling things internationally makes a country capitalist, then Soviet Russia was capitalist. Pre-Soviet Russia was mercantilist, which can be somewhat handwavyly described as capitalism-unless-I-can-kill-you, both between people within a nation and between nations themselves and is still not entirely dead.
Capitalism is circumlocutions of long dead people who provided little to society but the sound of their voice, vacuous writings.
So kind of the educated labor exploiters of the past to explain how the world must work. Very TINA of them.
Capitalism is people socially convincing each other there's a communal upside to capitalism. Sounds almost like socialist communist nonsense, this capitalism.
Strip away endless obfuscation the real economy is anything but physical statistics, it becomes clear capitalism is just empty rhetoric.
You said "if buying and selling things internationally makes a country capitalist," somebody told you that's not what capitalism is, and you said "no true scotsman."
You have to do better than this to convince people of things.
If you had said "Buying and selling things internationally makes a country capitalist" rather than posing a pointless hypothetical, you would have had to defend that, and you weren't ready to.
Capitalism and communism couldn’t be more different, in the true definition of the terms.
Communism is literally a ruling class dictating the lives of an entire country. Capitalism at least gives the opportunity of individual action.
You are allowed to hate capitalism, clearly you do, and advocate for socialism, et. al. Whatever point you think you just made with your post is completely devoid of substance.
Not really, that’s just the type the EFF gins up. The problem is the regulation of speech and requiring verification.
The VPN stuff is a misapplication of security “best practices”. Tech companies are amoral and happily facilitate the use of their technology for oppression in other places.
I would argue it's more accurate to say tech companies take the "old-style" US approach. It's based on the idea that propaganda doesn't actually work. There weren't many actual communists in Russia, it was a dictatorship with mostly prisoners/hostages who were threatened into lying, and knew full well that they were threatened, and after the teenage phase is over, actually start asking "why are we being threatened over this?".
So as soon as they left with little intention to return, they suddenly become the problem that socialists really hate to discuss: ex-Soviets hate socialism. It's like cults, or, if we're honest, there's other repressive groups and repressive ideologies that have loooooooooong lost their any usefulness and really only the repression remains.
In other words, if tech companies show Chinese that non-communist democratic states exist and how it is to live there, then no amount of CCP censorship will ever actually convince those people that the CCP has good intentions.
Judging by my conversations with Chinese, it's working.
Hierarchies are fractal; at every level of an ideological authoritarian society, comfort and influence are only granted in exchange for affirming and regurgitating state ideology. Cognitive dissonance forces people who take that deal to choose between losing self-respect and accepting the ideology. I think you'd be surprised how well this works. People always want to believe that they deserve the things they have.
> ex-Soviets hate socialism
Naturally, they change their minds when they leave. There's no longer any psychological incentive to believe. Besides, people who choose to leave have typically already broken with the ideology. You compare it to a cult, but the thing about cults is that the members generally do believe.
> non-communist democratic states exist and how it is to live there
Life in many authoritarian states is fine for most people. It is what it is; if you don't make a fuss, you can live pretty comfortably. Obviously many dictatorships are not like this, but China is fairly stable.
For almost all of human history, people have lived under authoritarian governments. It's unpleasant to think about, but authoritarianism can be stable and durable. There's no guarantee that democracy wins.
> Life in many authoritarian states is fine for most people. It is what it is; if you don't make a fuss, you can live pretty comfortably. Obviously many dictatorships are not like this, but China is fairly stable.
I've always found Chinese who left are either rich or not. If they're rich, they've seen other rich suddenly fall out of grace, suddenly "relocate" or outright disappear.
If they're not rich, they've always been miserable in China, and don't want to go back.
Well, most are not rich and the biggest complaint is hukou, ie. that you can't actually live where you want in China. The state assigns you a city and you go there. There's a huge set of consequences if you don't, and a lot of people aren't happy with the choice made for them. People outside of China think China is like the US. You want to live in, oh, say Washington, or Anchorage, you can just go live there, find a job and live life.
Which also means your basic question is kind-of wrong. There's a lot of Chinese who want to leave but can't. The only Chinese who actually leave were asked by the government to leave, for a purpose (often studying), usually only for a limited time. Now it's not like it's 100% forced, they do ask for volunteers and what you want but it's certainly not a free choice to leave China or go back.
In China you're effectively locked into your city/town/village, and often a specific building and job (you can leave for a weekend or ..., that's not usually a problem, though sometimes it is)
For the rich the fear is kind-of the same, just with much more pressure and much more consequences, essentially being asked to relocate, give up a company (apparently much more common under Xi), forced to hire someone and give them a high position, buy or sell certain things, and being arrested, even tortured (in some kind of torture chair) if you are even suspected of not complying with often corrupt requests from government officials. The issue with that is just how many corrupt governments or de-facto governments there are. State, province, city, 1000 special purpose governments (e.g. one for the coal industry). Of course, the state can't be bothered with having a standard for identifying/authorizing themselves, so there's scam requests too. Then there's the local police, and 10+ police services that all operate where you live for one reason or another.
Makes you wonder. I always thought a communist state would be like a gigantic bureaucracy. And it is, but it's also a mafia.
Second complaint you keep hearing is about the consequences of failing the Gaokao, or even succeeding but getting selected wrong/not what you want. There are no second chances.
And I do get almost all of Asia is less "do what you want" than the US or Europe is, but some aspects of China are absurdly controlling.
Don’t exaggerate the level of control required. For all that things are bad and getting worse, Russia has not reached the North Korea percolation point where every facet of government control is tied to every other one. (Neither has Russia reached a NK-style total war economy, partly through bureaucratic dysfunction and partly by design; but I digress.) The things that it does are still pretty modular and don’t require $YOURCOUNTRY becoming Russia in its entirety. Hell, London had more outdoor surveillance than Moscow until after Covid. As far as Internet censorship, here’s what the playbook was:
1. Have a dysfunctional court system. (Not a powerless one, mind you; it’s enough that it basically never rule against the government. It would probably even be enough if it never ruled against any of the following.)
2. Mandate page-level blocks of “information harmful to the health and development of children” (I wish I were joking) for consumer ISPs, by court order; of course, that means IP or at least hostname/SNI blocks for TLS-protected websites, we can’t help that now can we. The year is 2012.
3. Gradually expand the scope throughout the following steps. (After couple of particularly obnoxious opposition websites and against an unavoidable background of prostitution and illegal gambling, the next victim, in 2015, was piracy including pirate libraries. Which is why I find the notion of LibGen or Sci-Hub being Russian soft power so risible, and the outrage against Cloudflare not being in the moderation business so naïve.)
4. Make sure the court orders are for specific pieces of content not websites (as they must be if you don’t want the system to be circumventable by trivial hostname hopping), meaning the enforcement agency can find a particularly vague order and gradually start using it for whatever. Doesn’t hurt that the newly-blocked website’s owner will be faced with a concluded case in which they don’t even have standing.
5. Ramp up enforcement against ISPs.
6. Use preexisting lawful intercept infra at ISPs to ramp up enforcement even further. Have them run through the agency-provided daily blacklist, fine the offenders. Any other probe you can get connected to the ISP will work too.
7. Offer ISPs a choice (wink, wink) of routing their traffic through agency-controlled, friendly-contractor-made DPI boxes they will need to buy, promising to release them from some liability. (First draft published 2016, signed into law 2019.)
8. Mandate the boxes.
9. It is now 2021 or so and you’ve won, legally and organizationally speaking, the rest is a simple matter of programming to filter out VPN protocols, WhatsApp calls and such. Pass additional laws mandating blocks of “promotion” of block evasion if you wish, but the whole legal basis thing is a pretence at this point. For instance, you can de facto block YouTube absent any legal order by simply having the DPI boxes make it very slow, a capability not mentioned in any law whatsoever, then cheerfully announce that in the national press.
See how very easy it is? How each legal or technical capability logically follows from very real deficiencies of the preceding ones so even a reasonable court would be disinclined to rule against them? Understand now why I’m furious when reasonable people on this forum defend the desires of their—mostly good and decent!—governments to control the Internet?
(See also how most of this happened before “Russia bad” became the prevailing sentiment, and how most of it went largely unnoticed in the EU and US, aside from a couple of reputable-but-fringe orgs like RSF to whom very few listen because they cry wolf so much? The ECtHR didn’t even get to the cases, IIRC, before the trap snapped shut and Russia was drummed out of the Council of Europe to widespread cheering, making the matter de facto moot.)
You know that road. You know exactly where it ends.
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
But then VLESS is thriving and the only way to stop this is by enforcing whitelists. Which is not something those scumbags are incapable of, of course.
Unless the government decides to ban all cryptography, or forcefully install their own certificates on every device, it should be possible to avoid any restriction attempts. If they're doing deep packet inspection to detect specific protocols, then those can be tunneled via encrypted protocols they do allow, such as TLS or SSH. This is certainly more inconvenient to use, but not impossible.
If they're blocking all traffic beyond their borders, then that's a separate matter, but usually such restrictions are more annoying than absolute.
Take a look at the tools Chinese people use to evade the national firewall. They're extremely sophisticated, and need to advance all the time because the GFW constantly becomes more sophisticated. There are a lot of encryption technologies that the government also allows to work until they block them at a critical moment. All of the VPNs you've ever heard of in some advertisement on YouTube or whatever are easily and totally blocked in China.
Governments can make evading their censorship very difficult, painful, and risky, if they want to. It can have a huge impact.
> All of the VPNs you've ever heard of in some advertisement on YouTube or whatever are easily and totally blocked in China.
Have you actually been to China? I was there not long ago traveling around a range of cities and never had trouble with either Mullvad or Astrill having used both hotel and residential networks. I have many friends who have similar experiences. In fact, I've never recalled anyone having trouble getting outside of the great firewall.
You can buy a Hong Kong esim in China that has access to everyrhing. You can use any vpn service and it just works. The only place I had trouble was the airport wifi but shadow proxy works fine. So I don't know what you're talking about
Technically it's easy to come around restrictions (for example, where I live, RT.com is fully censored "to protect me").
But from a lawmaker perspective, the topic is not technical.
The question, at the end, is about the enforcement of the punishments that go with circumvention; and in some places there is punishment even when you are "just" trying to circumvent these restrictions.
It's easy to break-in into someone's place. What prevents you from doing it, is the punishment (and potentially ethics), not the physical barrier.
> It's easy to break-in into someone's place. What prevents you from doing it, is the punishment (and potentially ethics), not the physical barrier.
It's illegal to steal a macbook that has been abandoned on the train. Try leaving yours and see if the more important thing is the physical barrier or ethics/punishment/existence of laws.
The thing is, you're still breaking the original law, which is "you must prove your age to access this content."
Using a VPN, or any other technical workaround you can think of, doesn't negate that the law in your state says you must prove your age to access the content.
States require proof of age to purchase alcohol. You can ask someone who is of age to buy it for you, that doesn't make it legal for you to have it.
>simply cut international connections (as is already practiced temporarily and locally)
No, international connections are not cut.
The mobile internet gets cut locally and temporarily when the Ukraine attacks Russian cities trying to terrorize population. Several essential or popular Russian services are whitelisted. All the rest of Russian internet is as inaccessible as foreign servers.
Russia is not even remotely similar to the U.S.A. in terms of freedom, rights, and infrastructure.
Politicians will never be able to ban VPNs or vetted e2e encryption (like signal, and now X) in the US. Especially with this strongly pro-American, strongly pro-privacy admin and Supreme Justices on the watch.
> Especially with this strongly pro-American, strongly pro-privacy admin
lol
"pro-privacy" and "pro-cop" are diametrically opposed, and Republicans pick "pro-cop" every time. And "pro-American" doesn't mean anything; it's a marketing term.
> Supreme Justices on the watch.
Have you been keeping up with their rulings? The Roberts court is completely spineless. They do whatever the administration wants and justify it post-hoc. In their shadow docket rulings, they don't even bother with justifications.
Here's one: How successful was the combined efforts of politicians + 3-letter agencies + universities, at banning computer encryption in the past? Not successful at all, hahaha.
A device-side IP filter locked behind a password that parents can configure in the device's settings would be much more effective and easier to implement than censoring the Internet. This should be the default solution, yet it's never brought up for whatever reason.
Not to mention these online content censorship laws for kids are wrong in principle because parents are supposed to be in control of how they raise each of their own kids, not the government or other people.
And these laws make authoritarian surveillance and control much easier. It's hard to not see this as the main objective at this point. And even if it isn't, this level of stupidity is harmful.
The goal is controling the flow of information online. "protecting the children" may or may not be a sincere concern but ultimately censorship is what is desired here.
Same way the government needs to read all your emails because some terrorist on the other side of the world may or may not be using email as well to communicate.
Ultimately information is power, especially now. Governments naturally gravitate to wanting more and more power. Authoritarian types are all around, and their power is growing in the current political climate of America as they see a method that works, turning Americans against each other and creating national scares which in turn can be used to gain more control over every aspect of our lives
No. Stop using Hanlon's razor as a magic word that lets those in power evade responsibility for turning tech against people. They already excel at dodging consequences without anyone resorting to lazy two word arguments in their defense.
It doesn't take a computer genius to understand the broader implications this has on civil society. If they genuinely lack the insight to comprehend this, then they certainly wouldn’t be using children as a shield.
It is the objective, it's always been the objective. The worst part is that I bet these people don't even think of themselves as authoritarian so much as they stumble into it through a combination of selfishness, ignorance, and complete disregard for ethics. They like money and power, more information means more of both, darn the torpedos, tap the lines, hit the gas and all of a sudden it's oops all facism.
Hitler and Mussolini, the infamous socialists. What an insane idea. Its only claim to fame seems to be famous American conservatives who want to cleanse the image of the far-right by writing off their ideologies to the other side. It also conveniently lets everyone pretend that totalitarianism could never happen here - it's all just evil communism/socialism, and we're not doing communism here, so just trust us, y'all!
These ideologies have very little in common. While states practicing both have been heavily totalitarian, the means through which they got there, the reasoning for their absolute power and its methods of enforcement, the strength of their grip and their national ideas/goals were completely different. Trying to shove them into one box is beyond reductionism, it borders on good-and-evil storytelling where all the bad guys have a simple, one-line explanation for their badness.
I disagree that legislation can't help. Fundamentally there's an education disconnect and unnecessary friction in setting up parental controls. Governments can better educate parents about the risks, and give them better tools to filter/monitor content their children watch (eg at the device level). Being a parent is hard and it's possible to make this part easier imo.
eg consider child-proof packaging and labeling laws for medication, which dramatically reduced child mortality due to accidental drug misuse.
Well the law could be simple - “every computer sold must have a prominently displayed ‘parental choice’ screen on first boot that lets the owner specify whether this device will be used by a child and give the parents and option to block adult content”
This is 100% the response. I work with kids in mental health and the “kick the can to the parents” response is so shortsighted
Apple and android controls aren’t that difficult to understand. Roblox parental controls aren’t that difficult to understand. Could it be simpler by unifying these things under one framework? Sure - I’ve worked with tons of parents who fall under the trap that Roblox is safe because they set iOS parental controls. I feel for them because they aren’t “tech” people and apple conditions them to expect a setting to be universal across the operating system, so it’s quite a shock when they find out their child has been texting with some groomer from Roblox chat.
The parents who are doing that will continue to do that. Improving those controls will help those parents and I agree efforts should be made for them. But for every one of those parents I encounter I get about 4-5 more who don’t bother to set any kind of parental control or filter on their children’s devices. When their 9 year old starts talking about pornhub and I give them resources on setting up parental controls it almost always falls on deaf ears. They simply don’t give a fuck. They can’t be bothered to spend 20 minutes figuring out how to set it up, even if I offer to walk them through it.
It is the new form of parental neglect, the modern version of a latchkey kid
Yes but massive censorship and the constant surveillance of children is also not good for the children ultimately. We need to bring the question of “does this help create a world that we want children to grow up in?”
Are we really going to argue “since some parents won’t adequately parent their children, we’re going to create a massive censorship and surveillance apparatus and the Government will tightly control what everyone is allowed to view or talk about online”?
I might dryly suggest that it is prudent preparation for the computing environments they will encounter in their future jobs. Like the way expensive prep schools have children wearing business casual...
Android doesn't have parental controls, does it? The closest thing I'm aware of is Family Link, which is a Google service that requires parent and child to have a Google account.
It'll take legal responsibility being placed on the parent, and one parent being prosecuted and convicted for child neglect, in order for that attitude to change.
A trivial amount of legislation can fix that. Law reads: ISPs must implement implement parental blocks by default, exceptions may only be made on a per-device basis. Parental controls must also be enabled on public wifi. Easy as that. It doesn't matter how lazy you are, actively going and turning something off is more effort than not.
>ISPs must implement implement parental blocks by default
This is already the case in the UK. We discovered another sad fact. Parents will suddenly develop the technical literacy to turn parental controls off because it's inconveniencing them, but won't bother to fine grain the control to make it safe for their children.
Yeah, we can have fancy NN-based filters, but I think even a simple IP blocker with some carefully-made presets would go a long way.
Anyways, the main point I was making is the filtering should be done on-device at the parents' discretion, if they really wanted to protect their children. We can give them that feature and eliminate an excuse for authoritarian laws at the same time. This doesn't even require legislation, we can just do it if enough people working on operating systems agree.
I have worked in cloud consulting for a little over five years. A lot of companies specifically ask that we blocked traffic from cloud providers. It’s a built in feature of AWS WAF.
Ironically enough, that meant when I was working at AWS, I sometimes couldn’t access a site that I was working on for a client when I went into the office for a business trip (I worked remotely).
These are religious fanatics trying to ban porn because they believe it's evil. All the rest is dressing to advance that cause and isn't worth spending too much time trying to make sense of.
They'd latch on to whatever reason they'd think would stick.
> And even if it isn't, this level of stupidity is harmful.
How much more proof do we need that we're speedrunning the authoritarianism and frankly we're already somewhat authoritarian, it's just pluralism for now. Wait until the elites eat each other and only one dictator is left.
> parents are supposed to be in control of how they raise each of their own kids
You realize that a lot of parents support this sort of thing because they are not technically sophisticated enough to control it themselves? Or they simply think that it has no place in polite society? That is why politicians enact these laws, because they are hearing from constituents that they want it.
Excuse my somewhat peeved tone, but if parents aren't capable of pressing one (1) button on a iPhone/Android setup screen to turn on the parental controls and content blocking, then perhaps we should be rethinking their capacity to raise children.
> You realize that a lot of parents support this sort of thing because they are not technically sophisticated enough to control it themselves?
We can make it so that it's as easy as changing the settings on their child's phone and then setting a password to lock that setting. The technical barrier isn't high.
> Or they simply think that it has no place in polite society?
That doesn't justify giving the government the tools to crush free speech on the Internet, which threatens the very existence of polite society. The current wave of authoritarianism around the world is a direct consequence of undemocratic governance systems on the Internet. In hindsight, it was kind of our fault. Failing to foresee its civilization-scale impact, we did not design the Internet with democratic principles in mind. This eventually resulted in large social media and cloud services platforms with enough users to sway elections, that operate under opaque centralized moderation and curation mechanisms. This became a real problem when smartphones were invented and most of human communication suddenly got moved online: freedom of speech has been de facto damaged for almost two decades now.
But it's a problem that can reverse itself, if we can figure out a way to neutralize the Internet's implicit incentives that encourage the centralization of compute and storage (which is equivalent to the centralization of power when most communication occurs online). And as you might guess, such solutions require a free enough Internet to create and deploy. That's why we must push back against these Internet control laws in the meantime, otherwise governments will simply use these legal tools to suppress attempts to decentralize the Internet, and we'd end up with authoritarian regimes all around the world.
Reminds me of my time in Zanzibar, where the internet was censored and some VPN providers (like Proton) weren't working. The authorities then imposed a complete ban of VPNs without permit, with threats of harsh punishment (2000 USD fine or 12m in prison). Exceptions could be made by filling a form justifying the use of the VPN and details about it (for example IP address) but reviews are slow and obscure.
The context with this article is different but the similarities are with how lawmakers misunderstand VPNs. They are an essential tool for workers and there are many other ways to circumvent censorship without VPNs anyway. The irony of this ban is that Zanzibar also wants to attract digital nomads, and the most important tool for them is an unrestricted and reliable internet connection.
I'm reminded of efforts in the 1990s to ban strong encryption in email and websites because governments tried to tell us it was used by drug dealers and pedos to do their nefarious activities.
Yes, governments really did want to force us to use HTTPS with only broken/weak crypto.
After Wisconsin finds out how to reliably filter vpn, they can then teach Netflix and Akamai how to do it.
Last time I checked modestly reliable geoblocking existed, and completely unreliable vpn blocking.
A friend told me that when he comes across a site for which Nordvpn is blocked, he just changes IP. Latest the third one always works, even on YouTube (he is all about privacy).
You don't have to reliably block something to make a law against it. Murder is illegal despite the government not figuring out how to reliably stop people from murdering each other.
So many people miss this in such discussions. Like that Australian politician’s “the laws of physics are all very well, but the laws of Australia are the only ones we care about” which was widely ridiculed in technical circles that did not grasp its truth: that law is all about declaring physically-possible actions illicit.
However, to address your specific chosen example, one could argue a difference from murder, if they say “your site must block these traffic sources or you’re in trouble”: one could argue (it’s not at all cut and dried) that it’s like saying that venues are liable for the murders committed at them, rather than the murderer.
It is a cat and mouse game, it is whether the service provider do or not. I remember AWS WAF can block VPN ages ago, according to this announcement, it is 2020.
It’s different if you have influence over the network, like a government might. I spend a lot of time in China, and they’ve done a good job of blocking VPNs in recent years, including my personal WireGuard connection to my home network. Not that any technical solution is impossible to bypass, but a motivated state government could make VPN use difficult if it wasn’t for the whole Constitution thing.
Lots of sites do in fact block VPNs successfully. How? Well they could just sign up for NordVPN and see which IPs they use directly. Its not rocket science.
I do have a bit of experience with managing WAFs for large online gaming providers and I can tell you it's not a solved problem. Netflix would also love to hear how I guess.
Even if you somehow manage to enumerate the Nordvpn IPs - a thing of which Nordvpn probably thought in their threat model - then you still have thousands of other providers.
You misunderstand. When they "ban VPNs", it's not that the VPN police will be patrolling your neighborhood trying to catch you using Mulvad or whatever. Instead, the AG will send a letter to the VPN provider, threatening to prosecute them for selling an illegal service. And they will comply and shut down. Once the commercial services are gone, it won't matter that you could hide your own VPN usage in a practical sense, because 1 in 100 people have the resources, technical expertise, and time to set up their own VPN server offshore. Furthermore, it may be cost prohibitive... I'm spending $3/month or so. I can't spend $250/month on this. And if I could, it will just break more often, I won't get the 99% uptime I usually get either.
Something that's extraordinarily low effort will become exceedingly high effort, and this will achieve their goals.
The text we are discussing says:
"It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN."
That's what I was discussing. Not sure where AG and vpn providers come in.
Exactly, but each time any lawmakers wants to "protect the children", the "alcohol solution" needs to be brought up. While it is somewhat ridiculous when applied to Internet access, it bring in the right perspective -- the population as a whole does not need to be affected by the measure
Extending the analogy would be a pretty weird but plausible thing - you show your ID to buy "internet credits" then go home and use them however you want. But those credits probably have an ID or known endpoint that will be tied to your ID/credit card.
Until someone finds a clever and credible way to anonymize "internet credit", we could just outlaw any internet-connected devices in possession or in use by a minor. To extend the analogy, just like a bottle of whiskey. For the safety of the minors, of course.
Yes but on the internet, at least in the US, asking "Are you 21 Yes/No" with no actual check has been acceptable. Same with all mature content like violence and porn.
Someone needs to make a case as for why in 2015 this was perfectly acceptable but in 2025 it's not anymore. The internet has gotten tamer since its inception and porn is still porn, exactly as depraved as it always was. What's considered the bad parts of the internet these days used to be the whole thing.
Stuff like this really reminds me how nobody is actually in control. Entire countries are just going where ever the rivers takes them with those supposed in charge not knowing any better and often worse than the rest and functionally being so clueless they’re passengers too
Of course, what if I use an SSH tunnel instead as that normally suffices a lot easier for me. It's basically the same underlying libraries? They would have to regulate the use of libssl, libcrypto, etc. This makes no sense lol.
Am I going to find myself in jail one day for "Unregulated use of a private/public key pair?"
“Small government” is ambiguous. It used to mean exactly that — scope of powers. These days it’s become unclear and some people use it to mean headcount.
"Small government" in all its forms and variations is smoke.
If you hear someone who says they desire small government, they are either lying to your face because they want their despot to have power, or haven't given their position enough interrogation to ask themselves the question "If the government isn't powerful, what is preventing a power-hungry despot from seizing power?"
Are you a child? Probably not, so you are just accessing legally available content by alternate means. It's strange how many people think they are out-smarting a system when said system is explicitly designed to allow them access.
These laws are primarily intended to stop children browsing the internet from being exposed to porn and gore when they're simply browsing the web. A child who has gained sufficient independence to purchase their own VPN subscription or operate an SSH server to look at pictures of boobies without their parents knowing has also likely reached the point in life where doing so is not harmful to them.
Firstly, the article makes it clear that the definition of "harmful to children" is being systematically expanded to mean "makes conservatives a bit uncomfortable."
And secondly:
> It's strange how many people think they are out-smarting a system when said system is explicitly designed to allow them access.
The whole point of the article is to draw attention to the fact that certain regions are trying to make the use of a VPN illegal. If that were to happen, using an SSH tunnel would indeed be "outsmarting the system."
I agree with you, except maybe 'using an SSH tunnel would indeed be "outsmarting the system."'
Not sure how you meant that, but I'm sure that using an SSH tunnel to get around VPN restrictions will be determined to be illegal. They'll just say an SSH tunnel IS a VPN in the legal sense.
Of course, this won't matter for the vast majority that they don't prosecute - it will only matter for the few they do, which hopefully isn't you or me. But you never know. You get pulled over for a broken taillight and then - "hey, is that a NordVPN sticker on your laptop there..." and next thing you know you're doing 10-life.
> the article makes it clear that the definition of "harmful to children" is being systematically expanded to mean "makes conservatives a bit uncomfortable."
Seems clear to me that a lot of religious sites are directly harmful to children if they allow the church elders abuse them with impunity.
This sort of thing turns up very regularly in US politics, from the Comstock Laws to the Communications Decency Act. The late 90s even had a requirement to use easily breakable encryption (48-bit RSA) which big tech companies generally obeyed. And a worse proposal (the "clipper chip") which was never deployed.
Authoritarianism is not limited by your birthplace, it can turn up anywhere. And when it does people are often really enthusiastic about it.
UK ISPs block around 1500+ domains through High Court orders and police make 12k+ arrests a year for online speech. You don’t need a formal firewall when the effect is the same in practice.
I don't really get why this is surprising or actually particularly worrying.
30 arrests a day for something in a population of seventy million people, a large proportion of whom are online in some way, is not that much.
And it's not 30 arrests per day for saying things the government don't like or that are politically incorrect, is it? It's mostly for things that rise to the level of threats or harassment or cause alarm.
On the one hand it's a new conduit for threatening conduct, and on the other hand, it's probably replacing some.
I'd note something that comes up when this number is mentioned often enlightens the context: that people often use this figure to say "that's more than in Iran or Russia", as if the number itself is actually meaningful. Nobody's going to arrest you in Russia for abusing transgender people; nobody's going to arrest you in Iran for encouraging the punishment of promiscuity or gay people. In either case they might turn a blind eye if you threaten the lives of those people. But the things they would arrest you for — criticising the government or the war — you know not to even say out loud when not among friends. Because the punishment is not the mild inconvenience you would get in the UK.
There are bigger problems in the UK with misunderstanding policing of speech in the real, physical world: the Palestine Action stuff is being much more obviously mishandled. I think it's much more important to focus on getting the government to handle that more logically and sanely.
>And it's not 30 arrests per day for saying things the government don't like or that are politically incorrect, is it?
We don't know, as offence type isn't provided by police services.
The key takeaway is that arrests have risen since 2020 while convictions have not. Given the sole evidence needed for a conviction is also needed for an arrest, you'd think convictions would rise at almost the same level. But it looks like people are being arrested and later released for perfectly legal speech. That would arguably be seen by many as an impairment of freedom of expression.
> The key takeaway is that arrests have risen since 2020 while convictions have not.
Yes, but this also coincides with the pandemic which put more people online and created a lot of anger and harassment of nurses, doctors, government officials, and it also coincides with growing activism in the trans debate space, which has undoubtedly led to more actual harassment.
> But it looks like people are being arrested and later released for perfectly legal speech.
But you just said we don't know, because offence type is not provided?
If there has been a rise in the amount of harassment due to the pandemic, then why have actual convictions dropped compared to before the pandemic. I refer to the graph of convictions per year in the HoL report linked above.
>But you just said we don't know, because offence type is not provided?
If someone is arrested but not convicted, we must presume innocence. "Legal speech" isn't a type of offence.
Part of the problem is that in order to prove your age you need to hand over a bunch of unrelated data about yourself. Why do they need to know my name, address, signature, and what I look like? They don’t even need to know my actual age, just that I’m over 21. Laws like this would go down a lot better if there were privacy-respecting ways of verifying age.
There are privacy-respecting ways, e.g. https://blog.google/products/google-pay/google-wallet-age-id... uses Zero Knowledge Proofs to just verify age without revealing any other personal data. If Online Safety was just a data collection Trojan horse than this kind of approach wouldn’t be allowed.
20 years ago the boogeyman was "the terrorists!" And now the boogeyman is "not the children!!" Or "immigrants!!" Depending on your audience's political views, but the ultimate goal is more surveillance, more control and more power abuse by who’s in control.
I was querying that the motivation is control and power abuse more than protecting children. I live in the UK and know people that go into politics. A lot want to protect children. People can be over cynical about assuming everyone is evil.
Maybe “simple and easily manipulated” is better. The driving force behind the UK’s “child safety” push seems to be mostly because there was “enormous potential across the Safety Tech sector … to foster the development of sustainable, high-tech companies across the country” [1].
Don’t be deceived - huge amounts of lobbying went into this, because some savvy entrepreneurs saw a market to sell age-verification services. The key driver behind the laws is more about creating that market than actual child protection - if they were actually interested in that, they wouldn’t be pushing things that are clearly so ineffective (but expensive).
If the people you know are supporting and expanding mass surveillance you can bet that it's because they want control and power and not because of how much they want to protect children. Not everyone is evil. People who want to surveil and censor everyone are though. If they actually care about children they'll be trying to protect those children from such impositions on their freedom.
As someone born in a post‑Soviet country with rather many odd digital laws--including one requiring that any use of encryption be registered with the department of commerce and the secret service (meaning no TLS unless you get a permit)--I can clearly see the endgame of similar proposals.
These laws aren’t meant to be followed. Their text is deliberately vague, and their demands are impossible by design. They aren't foolish, or at least their ignorance isn't needed to explain the system's broader function. They are meant to serve as a Chekhov's gun that may or may not fire over your head, depending solely on whether the people holding it decide like you.
In peaceful times, they fade into the background, surfacing only when it’s convenient to blackmail some company for cash or favors. In times of crisis, they declare a never-ending war on extremism, sin, and treason, fought against an inexhaustible supply of targets to take down in front of their higher‑ups, farming promotions, contracts for DPI software, and jobs updating its filters.
Historically, such controls were limited by the motivation and competence of the arms dealers, usually taking the form of DNS or IP blocks easily bypassed with proxies. With modern DPI, it's entire protocols going dark. Even so, those able to learn easily find a way around them. The people who suffer most are seniors, unable even to call family across the border without a neighbor's help, and their relatives forced into using least trustworthy messengers (such as Botim, from the creators of ToTok, a known UAE intel operation [0]) thinking they're the only way to stay in touch, not knowing how or wanting to use mainstream IM over a VPNs that may or may not live another month.
If wherever you are your votes still matter, please fight this nonsense. Make no mistake, your enemies are still more ridiculous than Voltaire could hope they'd be, but organizing against or simply living through a regime constantly chewing on the internet's wires is going to be a significantly greater inconvenience than taking _real_ action now.
Selective enforcement should be illegal - people practicing it should be put in prison, the law should be auto-repealed, any past sentences cancelled and the people sentenced should be compensated.
This should be written into every constitution, just like free speech and the right to kill when killing is right ("right to bear arms").
Agree. Good intentions. How do you practically approach this? Which incentives would you suggest to steer the system that way? What will keep the system from slipping back to selective enforcement?
Ok, 2 downvotes, so I surmise there are 2 people who genuinely think selective enforcement is right and should be legal. Either of you care to justify your opinion?
Wisconsin "porn" websites will just move out of Wisconsin.
The bill reads like you would think from someone who's been talking with the ceo of an age verification company. The bill gives the website two options: use a _commercial_ age verification product tied to gov't id checking, or "digitize" the web user's gov't id.
Holding out for government IdP that can return verified but anonymous data (like age)--like a JWT that has no identifier besides an age claim.
Seems highly unlikely it would ever happen (at least in the U.S.) but seems like it'd solve a decent amount of verification problems. With a JWT, the IdP wouldn't even necessarily need to know the recipient since the validity could be verified by the consuming party using asymmetric crypto.
Remember the days when governments the world over didn't seem to realize the internet existed? I miss those days. I used to complain about and laugh at their technological ineptitude. Now I wish I could turn back time.
And cue the rise of self-hosted VPNs. 1 click to get a VPS instance, install VPN software, and make a connection. Automatically destroy the instance with another click or after a certain amount of time.
If this keeps going, they will ban self-hosting next: only government-approved hosts allowed.
We can't just rely on technological solutions because you can't out-tech the law at scale. People need to actually understand that the government is very close to having the tools needed for a stable technocratic authoritarian regime here in the US and all around the world. It might not happen immediately even if they have the tools, but once the tools are built, that future becomes almost unavoidable.
I feel like that'd take a level of surveillance that's technically unsustainable. But then again, sustainability isn't a consideration when it stands in the way of "better" control.
AI is the perfect low cost tool to enable that. Plantir knows this and has been making strategic moves to build this
Seems quite achievable and sustainable to me
Every human carries dense compute and sensors with them. If they don't they stand out while still surrounded by dense compute and sensors held by others at all times
Not nice to think about but it is the reality we are moving towards – vote accordingly
Voting doesn’t help. You need to win hearts and minds, and the synergy of resources available between the trillion dollar industries like AI and Marketing and you makes that a losing battle too.
People want this stuff. People want ring doorbells, they want age verification, they want government control. Think of the children/criminals/immigrants.
Voting doesn't work because people are not smart enough to think multiple steps ahead of people who are professionals at this.
Voting doesn't work because everybody votes on everything, not just people who understand the subject matter.
Voting doesn't work because it's impossible to express nuanced choice - you vote for a candidate or party as a whole, not on specific policies. The number of parties is much smaller than the number combinations of policies so some opinions can't be expressed at all.
Those are arguments why voting does not produce a perfect outcome. That's different than "voting doesn't work". Using arguments like yours nothing can ever work.
Society is complex and there will always be someone somewhere that can influence an outcome where he/she doesn't understand the subject matter. Hence, nothing works and can ever work.
"Let's just give up" is the only conclusion I can see. Hardly useful.
Can you give an example of something that works by your standards?
It does not work to produce a society where people are actually the ones holding power and where laws side with those in the right - i.e. the current legal system anywhere does not represent a consistent moral system and is not even close.
You're right it's too strong as a general statement but it was in response to a specific issue - those in power wanting to take yet another bit of power from the general population - (this time and in this particular country) by banning VPNs.
People always vote based on the most pressing issues to them - immigration, taxes, abortions, LGBT rights (random list which is different in every country). Minor issues fall between the cracks until they become so bad they become pressing to enough people.
> "Let's just give up" is the only conclusion I can see. Hardly useful.
Then you're reading it wrong. I listed specific issues - the solution is to find solutions to those issues.
Here's a couple suggestions I'd like to see gamed out and tested:
- The right to vote not as a function of age but a test of reasoning ability and general knowledge.
- Limiting the amount of time a person can perform politics (including professional lobbying) to 5-10 years.
- Splitting laws into areas of expertise and potentially requiring tests to prove understanding to gain the right to vote on those areas for both the general population and politicians.
- Replacing FPTP with more nuanced voting systems.
These are just a few random suggestions described briefly. When I do this, people start nitpicking and then I have to reply with obvious solutions to surface issues - I encourage everyone to instead think how to make this work (yes, in an adversarial environment) instead of just trying to shoot it down.
When the ban happens it'll be really easy to implement without requiring only government approved hosts or any such distributed measures requiring enforcement. Certificate Authorities.
There are just a handful of corporations get to decide which websites are visitable every 90 days. Put a bit of legal pressure on the corporate certificate authorities and there's instant centralized control of effectively the entire web thanks to corporate browser HTTPS-only defaults and HTTP/3 not being able to use self-signed certs for public websites.
The full list of CAs with root certs in corporate browsers is fairly short. That's all that matters. If your CA isn't in $browser/$os cert root store then it's not going to be useful.
$ ls -lathr /etc/ssl/certs/ | wc -l
265
And of those far fewer are going to actually be giving out certs to human people. CAs are the chokepoint but I acknowledge that saying 'a handful' was hyperbolic. A few dozen.
Feels like they'd make that illegal, and enforce it by checking the CCTV footage for the person who planted that mini computer, then arresting that person.
If it went this far, the US would no longer be recognizable. Not to say it can’t happen, and the US is fast marching in that direction, but this would be a dramatic shift in the entire underlying fabric of the country.
For sure. And the US looked very different under McCarthyism too, so there’s even precedent. But my point is that there are other prerequisites that have to happen first.
Why is that important? Sounds like saying "well before winter comes, autumn must come first". Yeah duh, so what? Winter is still coming, if anyone cares about it.
Because if you overreact to an issue, then that can and will be used to dismiss your arguments entirely, and the general public can more easily be swayed against you.
Non sequitur. Pointing out an intermediate step changes nothing about how bad or good the issue is or how appropriate or inappropriate the reaction is.
I did this for years during the early 2010s, but given the IP ranges of most the major VPS players are widely known, many sites and services now just block them outright. It got to the stage I had to stop doing it. I suspect it has only gotten worse now many sites are trying to prevent scraping for AI training as well.
If your primary focus is just reaching region blocked content, Self hosted VPNs can work great if you have access to a residential IP in your target country- I've taken advantage of family member's domestic connections instead of VPSes now, as I was lucky enough to have family in the regions I wanted. Devices like the Apple TV can function as a Tailscale exit node too, which greatly simplified deployment.
Consider SoftEther, which is VPN over Ethernet wrapped in HTTPS. It's open-source. It has a server discovery site called VPNGate. You can host a server to let somebody else use, then use a server soneone else is hosting.
We're really only missing a few things before there's decentralized VPN over HTTPS that anyone in the world can host and use, and it would be resistant to all DPI firewalls. First, a user-friendly mobile client. Second, a way to broadcast and discover server lists in a sparse and decentralized manner, similar to BitTorrent (or we may be able to make use of the BT protocol as is), and we'd have to build such auto-discovery and broadcasting into the client. Third, make each client automatically host a temporary server and broadcast its IP to the public server lists when in use.
Technically such a mobile client already "exists". I've been working on a cross-platform "super app", which is essentially just a Python REPL, but a key design is that components/controls of the UI framework that hosts it can be returned as a result.
SoftEther isn't Tor, it's just like modernized client-server L2TP style VPN, same deal as WireGuard. The volunteer public gateway thing is completely optional and voluntary add-on.
The reason it exists is just that it predates WireGuard by ~decade.
The risk surely exists if you decide to run their gate service:
"After you activate the VPN Gate Service, anyone can connect a VPN connection to your computer, and access to any hosts on the Internet via your computer"
"When you are running the VPN Gate Relaying Function on your company's network, then any person's communication to Internet hosts will be relayed via your company's network."
It's no different from a coffee shop providing an open WiFi, or an ISP providing you with a fiber connection. What people do on it is their problem, not yours. Their web traffic is wrapped in another layer of HTTPS, not in plaintext you can read. Most traffic is not criminal traffic, you're not any more likely to be the exit node for a criminal than you are to purchase something from a criminal in real life. That waitress you just tipped at the restaurant? Might've been a murderer. In either case, you don't know that you've dealt with a criminal. You providing the exit node is like a transaction: you're "paying" for the VPN service by helping run the service.
The point of all this is to make it so that governments can't pin down the IP of any client without expending significant resources. It makes mass surveillance, control, and prosecution prohibitively expensive. Law enforcement would still be able to trace suspects through the hops with their rich arsenal of backdoors, exploits, and clues in the physical world, just not without significant effort and therefore expenses. So they will only be able to pursue criminals in a targeted manner, which is how law enforcement in a free society is supposed to work.
The decentralized VPN service can only work if clients are also servers, otherwise there will be too many people who use the service without contributing to it, resulting in a tragedy of the commons.
Tailscale makes this trivial, which is why I'm worried about governments starting to block the Tailscale control servers. Which I think China already does.
I don't know if Tailscale has any plans to make their service more censorship resistant, but I hope they do.
Isn't it Wisconsin law that lets the Governor change any numeric digits in a law while it's on his or her desk?
One of the most bizarre legal opinions I've ever heard of, but if they used any digits in the writing of the law those are up for grabs. Law makes a 30 day window or something? The governor can just change it to a million days with a stroke of the pen and then sign the edit into law with the same pen!
> Isn't it Wisconsin law that lets the Governor change any numeric digits in a law while it's on his or her desk?
Pretty close.
> (b) If the governor approves and signs the bill, the bill shall
become law. Appropriation bills may be approved in whole or
in part by the governor, and the part approved shall become law.
> (c) In approving an appropriation bill in part, the governor
may not create a new word by rejecting individual letters in the
words of the enrolled bill, and may not create a new sentence by
combining parts of 2 or more sentences of the enrolled bill
> Evers’s veto is part of a dubious Wisconsin tradition. In 1975, Gov. Patrick Lucey struck the word “not” from the phrase “not less than,” reversing its meaning. In the 1980s, Govs. Tony Earl and Tommy Thompson crossed out individual letters to create entirely new words. And in 2005, Gov. Jim Doyle reappropriated over $400 million from its intended use by striking all but 20 words from a 752-word passage, creating a new sentence bearing no resemblance to the language approved by the legislature.
Random trivia: Memes in that format are known as "speed of lobsters" memes, where you take a screenshot of some text/post/tweet/whatever and then delete/hide words and letters to make up completely different sentences.
I'm not in the US so I've no dog in this race only curiousity.
I can understand allowing a governor to change the text of a bill. But I cannot understand allowing them to sign those changes into law. It seems like that would mean they could creatively reverse the meaning of any bill.
It seems like a governor should be able to approve the text as written, or change it and send it back.
The original intention was to allow for what is called a "line-item veto." Let's say you had a bill (and this is not uncommon) with a lot of basically unrelated provisions. It creates programs A, B and C. This would allow the governor to approve A and C but not B, and would prevent the sort of "horse-trading" that legislators like to do ("I'll support your pet idea if you support mine").
That was the idea. But Wisconsin has twisted into something else entirely. Arguably, the idea was not a good one to begin with, anyway.
> To both implement an age verification system and also to block the access of users connected via VPN.
This would require blocking VPN use for all users, regardless of where the user comes from (at just until their age verified). That seems like a big invasion of rights of users from other states.
If they insist on blocking VPN use, the onus should be on VPN service providers, or VPN service users.
"Here's what happens if VPNs get blocked: everyone has to verify their age by submitting government IDs, biometric data, or credit card information directly to websites—without any encryption or privacy protection."
Can someone explain how this is true? Even if there is not a VPN, there should be https encryption and privacy protection.
They mean "no privacy protection from the website", presumably. Websites getting compromised and leaking IDs is a big deal, now that we've decided that websites should be seeing our IDs.
I think they're referring to the verification end, in terms of being required to hand over personal info to various parties, a certain percentage of which will have insufficient security and be compromised resulting in your info being leaked.
Or otherwise that if you want to effectively ban VPNs you'll end up at the point where secure encryption is effectively banned, because there are ways to tunnel traffic over pretty much any protocol eg. SSH, HTTPS if you're creative.
Sadly (at least for me, I am a US citizen) we are seeing the slow burn collapse of western ‘democracies’ and the slow steady rise of the global south.
Western leaders are in panic mode. I am not very political but when I look at the last Biden administration and the current Trump administration I see two men in panic mode - very weak.
A partial solution to western civilization collapse is to make ourselves as individuals strong: prioritize family, friends, continual life long education, spirituality, highly productive work, supporting our local communities, etc.
You're one of the few that correctly sees this goes beyond partisanship boundaries.
The polarization keeps us divided. Meanwhile, the billionaire become more and more rich and powerful, no matter which sides currently has the power. Baillouts, tax cuts, regulation or de-regulation. Doesn't matter, there is a group who always win.
Our current crop of leaders are, to quote Succession, not serious people.
You could point to many examples why, but I don't think there's a better example of this than how China managed to utterly snooker the west when they tried to run the same old economic imperialism playbook on them.
The nepo-babies making those decisions who wanted to coast on the US's global superpower status were outsmarted by a hungry up-and-comer. Now they're pissed off, but don't have an actual plan for how to fix things, so they're resorting to a series of own-goals that make them feel good in the moment.
Some of them are even building bunkers, but don't seem to have the foresight to understand that they're either setting themselves up to bend the knee to the first warlord who lays siege, or betrayed from within by their bodyguards. Like I said, not serious people.
These are dark times, and as an individual it can sometimes feel hopeless. I don't know if we can save our country. But you can try saving yourself, your friends, your family, you community, the people you truly care about.
Western "democracies" are most certainly fraying, but the rise of the global south is nowhere near a certainty. Their institutions are nowhere near strong enough, especially rule of law. People are also not migrating en-mass to them, either.
> A partial solution to western civilization collapse is to make ourselves as individuals strong: prioritize family, friends, continual life long education, spirituality, highly productive work, supporting our local communities, etc.
I broadly agree, but western civilization has had so much regulatory capture by vested interests that sap productivity (whether it's US billionaires capturing the tax code or retirees in France demanding the state fund their arguably too early retirement) that individualism may not be enough.
As a rule, criticism of the ruling elite will never be tolerated in the long term. The Internet was free and unrestricted until the masses shifted their attention to it, at which point, the ruling elite cracked down on it in order to maintain their hegemony by maintaining the ignorance of the masses, which they see as cattle to be herded and milked and sacrificed ritualistically from time to time for their internal social bonding purposes.
They actually act perfectly rationally. Media post articles about how easy it is to bypass the law using VPN, mock the government, and what the law author should feel reading this? "Ok let them break the law"? Of course, the reasonable response is to close the loopholes.
The issue is tech isn't as simple as that, vpn's are key in many jobs, are they banned? It is the same issue when they ask for backdoors in every messaging app. It is rational if you don't think any deeper than surface level but once you dig an inch deep, it is clear why it isn't rational.
Being a devil's advocate, you already entrust the government to register your property, issue your money, prosecute you for wrongdoing (including death penalty) and send you to the war. Your data is already collected and sold by thousands of data brokers. What are you losing by having a backdoor that would be used only in strict accordance with the law (laws being created by your elected representatives) and only for legal purposes? You must comply with the law anyway, no matter if the government can or cannot see what you are doing.
If you truly believed in democracy and rule of law in your country, you would have no doubts and volunteered to install the backdoor yourself.
The issue being that governments in the west have repeatedly demonstrated they will implement blanket surveillance and not follow due process in using it.
Further those who do wish to break the law could still utilize cryptography to avoid backdoors so this would only really apply said surveillance to those not breaking the law.
Perhaps this is also different for digital activities due to the history of the digital space and the scale/ease at which if allowed it can be surveilled.
Some company would surely jump in and get an exception written for certain corporate VPNs. But if not, it can be that those who contribute to the right people get exceptions and those who don't, don't. Rational or logical consistency just....don't have to apply
The companies using VPN for work can file an application for an white list exception, if they provide an application with a list of employees having access. I think this is how it works in my country. You are making an elephant from a fly (proverb meaning exaggerating minor issues).
For better security, a signed obligation to observe law might be collected from every employee, and an access log kept, with records signed by company's digital signature.
>Businesses run on VPNs. Every company with remote employees uses VPNs. Every business traveler connecting through sketchy hotel Wi-Fi needs one. Companies use VPNs to protect client and employee data, secure internal communications, and prevent cyberattacks.
Oh look, someone's conflating business VPNs and consumer VPNs again. This time to legitimize consumer VPNs.
The cited laws propose to ban pornography for minors, and ban VPNs that hide geolocation and their use in accessing pornography. Nothing to do with businesses using private VPNs to encrypt employee traffic.
>Vulnerable people rely on VPNs for safety. Domestic abuse survivors use VPNs to hide their location from their abusers.
Woah, maybe VPNs have some uses I haven't considered, let's take a look at the linked article.
>Use a virtual private network (VPN) to remain anonymous while browsing the internet, signing a new lease or applying for a new home loan. This will also keep your location anonymous from anyone who has gained access to or infiltrated your device.
I think the loan thing is rubbish I don't get it, and it's unaffected by the law. But the idea of installing a VPN in case the device is compromised might make sense, if the device is compromised it might still be trackable, especially while downloading the VPN, but maybe if it connects at startup, and the RAT isn't configured to bypass the VPN bridge, it might work.
Quite a stretch if you ask me. And again, not relevant to adult sites blocking VPNs.
The rest of the example are the usual "people use it to evade the government and regulations but it can be THE BAD GOVERNMENt AND REGULAtiONS"
The only way to block a VPN is to have the knowledge that certain IPs are used by VPN providers. It's pretty trivial for someone to run a script/app that spins up a server somewhere, installs VPN software on it, and uses that for the connection. Now there's no way to separate whether a user is connecting via a VPN or not.
You’re right, because laws against underage drinking and drug use have really been affective over the years. It only takes one smart 12 year old to show everyone else how to do it. Heck if I were 12 now with 1TB u/d internet connection, I’m sure I would have set some type of proxy up for my friends.
If I could figure out 65C02 assembly programming at 12 in the 80s without the Internet and some books, I’m sure the 12 year old me in 2025 could set up a proxy.
I think you misunderstand the comment you are replying to, it's talking about the perspective of the sysadmin of the adult website, and how it would detect a VPN user.
> Quite a stretch if you ask me. And again, not relevant to adult sites blocking VPNs.
With the workaround I outlined, adult sites can no longer be aware of all VPNs in order to block them, if things do get that far. And you can be sure the ones the measure is supposed to "protect" will gain access to scripts/apps for said workaround.
Why ban VPNs when you can freely force social networks like HN to tie nickname registration to an state issued digital ID certificate to guarantee freedom of speech and legal accountability?
Not just social media, expect ANY app to be able to “verify” you through the new apple digital ID (android wallet soon I assume), the “verification is simple and seamless!!”, and add few Alegria drawings explaining why providing your ID helps defeating the “bad evil guys!!” and you are good to go.
I don’t know about the US, but in UK and the EU they are certainly trying to do just that.
And if not today, the will simply cook us slowly a little longer until they succeed.
The problem is, that regular people just don’t care enough.
There's a lot of things that used to be unthinkable in the US. Things that only evil governments in other (usually communist) countries did, but which now happen in the USA. It turns out there's not as much of a difference as you might think, and not much you can do to change that.
> you can freely force social networks like HN to tie nickname registration to an state issued digital ID certificate to guarantee freedom of speech
Nothing guarantees free speech like making it trivial to keep a copy of everything everyone says that can always be tracked back to their real identity! No way that could have a chilling effect on perfectly normal speech.
To this day I have no clue what the point of this idea is. Forcing you to use an ID on the internet is the real world equivalent of making everyone you interact with take a photo of your ID. It's completely nonsensical.
Considering that most crimes require people to be physically present at the crime scene, it also doesn't seem to be a functioning deterrent at all in the real world.
Most of the bad behaviour is concentrated in "seedy" places, where you usually have to go out of your way to interact with that place. A real name policy doesn't change the nature of the place at all.
If anything, the places that would be most affected are the ones where people are roleplaying or pretending to be something other than "themselves". E.g. gay or transgender people, furries, MMO/MUD/MUSH players, streamers, etc which overall seem to be exceedingly harmless.
There is also the blatantly obvious problem that this only works on people who are risk averse to begin with. So it will basically have no effect on actual perpetrators, who see some risk vs reward tradeoff for their bad behaviour.
I'll be surprised if my country (the UK) doesn't go down the same path. I don't like the reform party, but they seem to be the only party that see the danger in all of this.
Well, let’s be honest — users of VPNs regularly don’t know what they are doing, too.
Can’t count how often I‘ve heard otherwise technologically literate people saying how they use a VPN (NordVPN e.a.) because „something something security“.
I would trust a foreign country with my data much more than I would trust the US. A foreign country can’t do me nearly as much harm as the US can as a US citizen.
This seems like an insane way to achieve what they want. I’m surprised they don’t pass a law like the UAE has - it’s illegal to use a VPN to get around internet censorship.
This will be an unpopular take, but... ban all the VPN's. Do it now.
Every time such a thing happens new technology is created out of necessity. The more totalitarian a regime is the more people are pushed under ground. This only hurts big companies and governments that benefit from having all the juicy delicious data flowing through cooperating CDN's and big centralized platforms where they can see it real time and with real identities.
Motivate developers to make easy-peazy tools to push the normies to Tor, SSH tunnels, hybrid open source VPN's, DNS tunneling, HTTPS piggy-backing, Obfuscated HTTPS websockets, Domain Fronting, Lora Relays, Laser Relays, open source user-space mesh VPN's like Tinc and watch the arms race unfold.
My super secret ulterior motive is that I despise the big platforms including all the big VPN platforms that have money trails or claim BTC is anonymous and claim to not log anything or have real time lawful intercept API's thus allowing them to claim no logs.
I'm curious how they plan to enforce it lol, because I don't think they can. Unless they plan to build something similar to the Great Firewall of China. But it will have to be nationwide. I don't think one state can do it.
All it does is make it easier for the Government to monitor VPN connections. They already can request logs from providers. Most, if not all VPNs require a proof of identity which is used to subpoena your data. Next up is device security itself. Most phones can be remotely compromised with man in the middle style certificates. Most sites do not use certificate pinning and there is always a master key for decryption built in at the certificate authority level. Unless you have banking level certificates with certificate pinning between sites, a random VPN not tied to your identity and secure devices, a VPN just sells you the illusion of security.
> All it does is make it easier for the Government to monitor VPN connections.
That is not all it does. We're talking about them banning VPNs.
> They already can request logs from providers.
Most claim they do not keep logs. This has been proven for certain providers. Providers operating in different jurisdictions are not necessarily obligated to provide these logs.
> Most, if not all VPNs require a proof of identity...
I have never been asked by a VPN for proof of identity.
> Next up is device security itself...
This is by far a separate issue. Yes it is true mitm attacks are still possible when using a VPN, they do however provide an extra layer of security and shift trust to an entity you should consider trustworthy (your VPN) from a possibly untrustworthy LAN, ISP, or country.
This is ignoring the primary use which is of privacy. Governments have shown time and time again when possible they will implement blanket surveillance and often not follow due process. Just as someone, some organization, or some government should require a very good reason to open your mail, or obtain a warrant to search your house, they should too require this to eavesdrop on your digital communications.
VPNs and similar technology are also useful to those under oppressive regimes to communicate privately. While this is not currently the case in the US, the mechanisms to retain the freedoms currently enjoyed should be upheld in case they are ever required.
Further, you ignore the benefits VPNs provide in terms of geoblocking.
Finally, VPNs are also useful in corporate, education, and other networking settings including accessing your home network from elsewhere or remote services you host.
Considering many of these VPNs are operated by shady groups that probably sell data to intelligence services, I suspect efforts to ban them will mysteriously fail.
It's also possible to write legislation that makes it difficult for new or independent entrants, which funnels more business and traffic to the honeypots.
I wonder if all of the journalism on Epstein would be considered "Sexual content" and if journalists would be forced to self-doxx to report in these states
ive been invovled in privacy for decades and not once has anyone named the parties behind the bills or authors of it, or who lobbies and uses leverage over lawmakers to push these bills through.
they are persistent and have continuity through generations, organize across borders, influence manufacturers and even pressure individual developers.
tech doesnt secure privacy. finding these people and calling them out directly might.
I've been thinking a lot about VPNs lately, mainly for 2 reasons:
1) In my home state I can no longer access Pornhub
2) Last month I visited Mississippi and could not access BlueSky, even though I can from my home state.
[I personally blame this on the "holier then thou", "don't tread of me" conservatives who cannot resist the urge to try to rule over the activities of others.]
I haven't selected a VPN provider because I have heard that a lot of websites create barriers to people who use VPNs. For example, I've seen people say that couldn't access Reddit via a VPN.
I've not had much problem. Never had that problem with Reddit. I use the free veepn browser extension.
Accessing imgur from the UK has been a bit tricky. Sometimes they limit certain IP addresses like the US one usually doesn't work but the Singapore one does (slowly) for some reason.
It seems it would be much more effective to regulate ISPs, requiring them to disallow users from accessing adult sites and VPNs without first verifying their age. This also wouldn't be a violation of privacy since you are already giving your ISP your physical address. The only place users would be expected to identify themselves is over public wifi.
Couldn't all of this be handled by META tags, request/response headers and some "they'll obviously do it" laws aimed at operating systems, device manufacturers and browser companies?
So 2020 - 2030 will be known as the years when "western societies" (read: corrupt politicians that see us as nothing but cattle) decided to become more authoritarian and dystopic than China and Russia.
"Here's what happens if VPNs get blocked: everyone has to verify their age by submitting government IDs, biometric data, or credit card information directly to websites-without any encryption or privacy protection.
We already know how this story ends. Companies get hacked. Data gets breached. And suddenly your real name is attached to the websites you visited, stored in some poorly-secured database waiting for the inevitable leak. This has already happened, and is not a matter of if but when. And when it does, the repercussions will be huge."
Then
"Let's say Wisconsin somehow manages to pass this law. Here's what will actually happen:
People who want to bypass it will use non-commercial VPNs, open proxies, or cheap virtual private servers that the law doesn't cover. They'll find workarounds within hours. The internet always routes around censorship."
Even in a fantasy world where every website successfully blocked all commercial VPNs, people would just make their own. You can route traffic through cloud services like AWS or DigitalOcean, tunnel through someone else's home internet connection, use open proxies, or spin up a cheap server for less than a dollar."
EFF presents two versions of "here's what will happen"
If we accept both as true then it appears a law targeting commercial VPNs would create evolutionary pressure to DIY rather than delegate VPN facility to commercial third parties. Non-commercial first party VPNs only service the person who sets them up. If that person is engaged in criminal activity, they can be targeted by legislation and enforcement specifically. Prosecution of criminals should not affect other first party VPNs set up by law-abiding internet users
Delegation of running VPNs to commercial third parties carries risks. Aside from obvious "trust" issues, reliability concerns, mandatory data collection, potential data breach, and so on, when the commercial provider services criminals, that's a risk to everyone else using the service
This is what's going on with so-called "Chat Control". Commercial third parties are knowingly servicing criminals. The service is used to facilitate the crime. The third parties will not or cannot identify the criminals. As a result, governments seek to compel the third party to do so through legislation. Every other user of the service may be affected as a result
Compare this with a first party VPN set up and used by a single person. If that person engages in criminal activity, other first party VPNs are unaffected
EFF does not speculate that third parties such AWS, DigitalOcean, or "cheap server[s] for less than a dollar" will be targeted with legislation in their second "here's what will happen" scenario
Evolutionary pressure toward DIY might be bad news for commercial third party intermediaries^1
But not necessarily for DIY internet users
1. Those third parties that profit from non-DIY users may invoke the plight of those non-DIY users^2 when arguing against VPN legislation or "Chat Control" but it's the third parties that stand to lose the most. DIY users are not subject to legislation that targets third party VPNs or third party chat services
2. Like OpenAI invoking the plight of ChapGPT users when faced with discovery demands in copyright litigation
It appears the bill would exempt AWS, DigitalOcean and "cheap server(s) for less than dollar"
"(b) No Internet service provider or its affiliates or subsidiaries, search engine, or cloud service provider shall be held to have violated sub. (2) on the basis of the entity having provided access or connection to or from a website, content on the Internet, or a facility, system, or network not under that entitys control, or the entitys provision of communicating, transmitting, downloading, intermediate storage of, providing access software for, or other services that communicate ...
(c) No Internet service provider or its affiliates or subsidiaries, search engine, or cloud service provider shall be held to have violated sub. (3) on the basis of the entity having provided access or connection to or from a website, content on the Internet, or a facility, system, or network not under that entitys control, or the entitys provision of communicating, transmitting, downloading, intermediate storage of, providing access software for, or other services that communicate ..."
The bill restricts "persons" from knowingly retaining identifying information on users. This is some peculiar wording maybe trying to allow for some loophole where automated retention of information is exempted
"Under the bill, persons that perform reasonable age verification methods may not knowingly retain identifying information of the individual attempting to access the website after the individuals access has been granted or denied"
"(b) A person that performs a reasonable age verification method in compliance with par. (a) may not knowingly retain identifying information of the individual attempting to access the website after the individuals access has been granted or denied."
The EFF title is inaccurate
The bill does not "ban" VPNs
It does not create illegality
It creates potential civil liability for certain businesses, and only if and when someone sues and wins
Preexisting solutions to future problems! Thanks to AI (mostly) botnets specifically for renting residential IPs have multiplied since most commercial VPN IP blocks get rate-limited, captcha'd, outright blocked which got even worse with AI.
People causing shenanigans using residential IPs if they ban VPNs is gonna lead to a lot of kicked doors, red herrings, lawsuits, and very probably ballooning budgets and will yet again fail to stop Bad Things™ not that it was really designed to anyway. I wonder if they think this is a good idea because they have machinations or is it just that they are clueless wealthy dinosaurs corrupting a future that isn't theirs?
Commercial third parties intermediating use of the web don't solve problems of "privacy"
They might interfere with the businesses of other third party intermediaries like "Big Tech"
Paying the middleman (intermediary) might in theory discourage it from conducting commercial surveillance but it doesn't solve the problem presented by using third parties as middlemen
The possibility to profit from surveillance remains
An effective solution would remove the possibility, and thereby the incentive, by removing the third party
>So when Wisconsin demands that websites "block VPN users from Wisconsin," they're asking for something that's technically impossible. Websites have no way to tell if a VPN connection is coming from Milwaukee, Michigan, or Mumbai. The technology just doesn't work that way.
"Then make it work you think we are stupid but we are not, we know" VPNs have something to do with IPs which are necessarily geolocatable , and also users need to make an account to connect to a VPN, you can just ask them what country and State they are in.
Being willfully obtuse draws no sympathy, and will not exclude companies from compliance
> VPNs have something to do with IPs which are necessarily geolocatable
The website (which is the party these obligations are being placed on) could geolocate the VPN IP, but that wouldn't tell them where the user is actually from.
IPs are geolocatable yes, not with a perfect accuracy, but with a jurisdictional accuracy.
First of all, IP addresses are issued in blocks and the IPs are distributed within regional proximity. This is how connections are routed, a router in say, Texas, knows that it can route block, say 48.88.0.0/16 to the south to mexico, 48.95.0.0/16 to the west to Arizona, and so on.
whois/RDAP data will tell you the precise jurisdiction of the company that controls the block. It's entirely sensible to use that for geographic bans, the mechanisms are in place, if they are not used, a legislative ban will force providers to use that mechanism correctly. I wouldn't say it's trivial, but it what the mechanism has been designed to do, and it will work correctly as-is for the most part.
There is no difference with IPv6. IPv6 64-bit prefixes are allocated like IPv4 addresses. I suspect that a lot of ISPs allocate them together. The 64-bit local part is irrelevant.
They probably know that the technology doesn't work this way. But such law will force websites to block ALL VPN connections even for users not from Wisconsin, and that's the plan.
Okay, I'm generally a fan of the EFF, but what they say in this article is untrue?
> Their solution? Entirely ban the use of VPNs.
> Yes, really.
Which is then followed by the actual explanation:
> an age verification bill that requires all websites distributing [...] “sexual content” to both implement an age verification system and also to block the access of users connected via VPN.
This doesn't ban VPNs - it requires age-verified sites to block VPN users.
Which makes 3 of the 4 categories they describe basically unaffected by the change to the law. Business users, students, journalists protecting sources - all can turn off their VPN to access porn when they want to, and enjoy the use of their VPN at any other time. (The fourth category is "people who want privacy," who are in fact negatively affected by the law.)
Don't get me wrong, I think this is a bad bill, but it's also a bad article that is basically lying.
Still not as bad as the previous administration colluding with Facebook, Twitter, and Youtube to censor American citizens and in many cases, get them fired from their jobs.
Yes instead now we have a president accepting bribes from companies - Paramount, Disney, Google, Twitter and Facebook.
Trump also called out someone to be fired from Microsoft he didn’t like and let’s not forget that the FCC threatened ABC because Kimmel dare speak bad about a racist podcaster.
States also were firing teachers because they said mean things about the same podcaster.
I heard similar sentiments about censorship efforts in Russia, but it does seem to work, unfortunately. So far they have outlawed and blocked major VPN providers (and keep blocking more, including non-commercial ones, like Tor bridges, and foreign hosting companies' websites), blocked major detectable protocols used for those (IPsec, WireGuard), made usage of proxying ("VPN") an aggravating circumstance for the newly-introduced crime of searching for "extremist" information. That seems to deter many people already, and once the majority is forced to use the local approved (surveilled, censored) services, it is even easier to introduce whitelists or simply cut international connections (as is already practiced temporarily and locally), at which point the ban is successfully applied to everyone.
reply