I know it isn’t specific to just Linux but I use Linux anyway so my question is,
Is there a way you could use a VPN without them knowing that? Or if they outlaw them is it really just game over?
If they made VPNs illegal I suppose stuff like TOR would follow except TOR is partly funded by the US state department and the US is one of my countries closest allies (one of the five eyes). So surely they wouldn’t shut down something the US funds directly… Would they?
I’ve read very very little about Gemini and other protocols like Gopher, would this be the way forward if they do this? And is that even remotely close to the security and potential anonymity you would receive from a VPN?
Say you rented a server at Amazon and ran your own VPN server software on it. Not that hard. The server could expose an HTTPS endpoint.
VPN software on your laptop connects to that.
From the network level, it appears you spend a lot of time connected to the same random website, hosted on some IP not owned by a VPN company.
It wouldn’t stand up to traffic pattern analysis:
- VPN traffic tend to have very uniform traffic pattern
- Most VPN traffic runs on UDP, not TCP
- All VPN protocols that I’m aware of have characteristic handshake patterns, even wireguards extremely fast 1-RTT handshake.
- HTTPS traffic is very bursts and TCP retransmission patterns look very distinct.
But then I doubt an ISP would run deep traffic pattern analysis on all traffic. So you’d probably be fine.
But yeah, setting up your own VPN server on some random 1-core/2 GB RAM server is extremely easy.
mullvad has wireguard obfuscation making it harder to detect vpn traffiic
+1 ro this. The obfuscation tunnels traffic through the QUIC protocol used by https/3. Basically, it’s almost impossible to block QUIC without sabotaging the web. This is opposed to traditional VPN connections, which send encrypted (usually AES) packets over UDP, which is much easier to tell is a VPN.
You could always get a friend in another country to host a VPN just for you (and then run that through a commercial VPN).
Use a VPN with a circumvention protocol like Stunnel. Windscribe has a ‘stealth’ mode using it.
I don’t know how any company I’ve worked for would operate, especially when headquartered in another country. They’ll just have to fire everyone in that country rather than compromise their security
I’d assume they’d give companies an exemption if they made private VPN use illegal. Doesn’t China do something similar to this?
I think the Chinese VPN ban is a bit exaggerated
They don’t really ban them, but there is deep packet inspection where they may throttle the connection or in my experience, cut it off after a period of time. Sometimes they block them during national occasions. I could probably try something better than OpenVPN. I only use it for personal use anyway and I am a foreigner, so they really wouldn’t care (if anything, it’s kind of expected waiguoren behaviour). If you are roaming on a foreign sim card and using mobile data, there is no censorship from my experience. Just needed the VPN for wifi
To be fair, it’s Mullvad that simply rocks.
VPNs work fine in China. The point of the great firewall is to keep Facebook et al out, not to keep anybody in.
Banning VPNs is on the list of braindead government restrictions up there with banning encryption. The latter is basically a ban on math, just like in that book where 2+2 is sometimes 3, sometimes 5.
just like in that book where 2+2 is sometimes 3, sometimes 5.
You mean
book1.xls?haha
Though to be fair whenever I encountered an issue in Excel/Calc, it was a user (me) error.
Aren’t they both the same thing? A VPN is just applied encryption.
You’re right though, banning encryption is a pipe dream. Encrypted data is not distinguishable from random noise. So you’re not allowing me to send around random numbers now?
To me “banning VPNs” is more like banning packet routing. Because VPNs or just that. “Normies” think they are like some magical hacker trick when in reality they are just routing+encryption. (technically you could have VPNs without encryption so for me the routing ban is more accurate) I guess that depends on the way the ban is implemented, though.
Yes but they’ve done this before in countries like US. They went after the T Shirt producers printing the DeCSS on them and recently the whole tornado cash fiasco where they tried to make smart contracts illegal (although this was overturned).
Granted though I think DeCSS contained proprietary code so its a little different but unfortunately I view most governmental control and censorship to be braindead but I still fear they will do it.
They would have exemptions for corporate VPNs and encryption and for members of parliament and all that of course, but I could absolutely see them trying to fuck us all sooner rather than later.
I hope I’m just paranoid.
Off topic, but with DeCSS the problem wasn’t that it was proprietary or a trade secret. Once the algorithm got out, it was out. Since it had been a trade secret, there was no patent protection on it.
However, some laws and treaties prohibit distributing code that circumvents copy protection schemes, and this is where they ran into trouble.
And that’s why they were all those songs and t-shirts and other free speech items made with the DeCSS algorithm on them. Eventually the cases were dropped.
As a person from the UK, I am fully expecting them to implement this in the next year or two, because ruining the internet seems to be the government’s top priority rather than say, fixing the economy or preventing Reform from taking over for some fucking reason.
this is exactly what’s going on in China (PRC), bypass method depends on how hard the government implements it
Deep-packet inspection exists. They can tell when vpns are being used generally. They kept shutting off my VPN in China ☹️
How does that work if the traffic is encrypted?
They can’t read the contents of the traffic but they can tell it’s a VPN
Does tor and i2p work?
Greetings Englishman!
They use connections to known VPNs as reported by the infrastructure that handles your requests. Use doh and a https proxy then connect to your vpn of choice.
spys.one
you don’t need to dl a vpn app, or even pay to use some vpns. Being german or american gets you treated the best by websites, except youtube which treats southeast asian countries better
Firstly, it depends on how illegal it is. Is it illegal like you shouldn’t do it and we will try to block you? Or is it illegal like if we catch you do it, you can get arrested or worse?
Scenario A:
- just try shit out, try different VPNs. Some of them provide certain obfuscation. You can see if they work. If they don’t work, you’ve got some more dedicated VPNs such as Tor with all kinds of Tor bridges (obfs4, snowflake, etc) Or psiphon
Scenario B:
- The risk is real and you might consider not doing it at all, but if you do, obfs4 is the only thing I can recommend, Psiphon is easily detectable (it’s just good at bypassing blocks)
“Making VPNs illegal” doesn’t stop you from using them.
They would have to implement north korea/iran levels of restrictions in order to prevent you from using VPNs.
Can your ISP not tell you’re using a VPN?
Sometimes.
They can keep a record of VPNs and monitor if you connect to their servers, or block that connection altogether.
The problem with this is that new VPNs come and go all the time and active VPNs don’t always have static configurations. It would be impossible for them to reliably track all of them.
But if it were illegal as soon as you connected to one single blacklisted IP you’d be fucked, right?
That would be up to the courts to decide.
It’s very easy to accidentally connect to an unknown server, so it would depend on your state’s criteria for determining guilt.
A VPN wrapped in HTTPS would be basically undetectable. Yes, your ISP could start marking IP addresses as “VPN”, but that would be a wack-a-mole situation, and wouldnt scale at all.
A VPN wrapped in HTTPS would be basically undetectable.
are there any implementations doing this?
SSL VPN is the more general term to describe it, and there are definitely some vendors that do that. Not sure about standalone VPN software though.
I can see the UK doing this, they love to implement ludicrously restrictive and impossible to enforce anti-privacy laws. My working theory is that they’re lobbied to implement them by IT consultancy firms, who then get hired to consult on, say, banning VPNs, take 10 years to investigate it at eye-watering cost to the public, then go “Yeah turns out you can’t ban VPNs, I don’t know what the previous government was thinking” and then use that money to lobby the new government to ban encryption or some other nonsense, then repeat.
Þe absolute best feature of beaurocracy is how inefficient it is. The Principia Discordia tells us:
The thing about large organizations is that, while they do small things badly, they do large things badly, too.
Somewhat. They can certainly maintain a list of known IP addresses. Those IPs can be changed.
When they change, you as a user need to be able to find the new addresses. Whatever mechanism you can use, your ISP can likely disrupt too. For instance, they can DNS block the API that returns the list of possible endpoints (as sometimes happens to Proton where I live).
You can then counter by using private DNS. It’s a cat and mouse game.
Would it not be easy for them to block access to VPNs if they outlaw them?
Not necessarily. It’s reasonably easy to keep long lists of known IP address ranges of known VPN providers and block access to these, but VPN traffic to a not well known IP address is generally impossible to distinguish from perfectly legal encrypted traffic such as a VPN connection to a corporate intranet. (There are also VPN protocols that are made deliberately hard to identify at all.)
It is distinguishable via deep-packet-inspection, China uses this
Mullvad has many methods of obscuring the fact that you are sending VPN traffic, specifically designed to fight VPN censorship and firewalls.
There is some nuance to what exactly is banned.
I self host a vpn at my home that i use to connect to my home network on the go. This is a super common use-case and also cant be used to circumvent regional blocks.
Work also uses a vpn to securely tunnel company hardware to our servers.
A blanket ban on vpn software and technology would be ridiculously dumb. Almost as bad as blanket ban on encryption.
If they make exceptions and only ban vpn with intention to hide and circumvent the law, then you only need some legal excuse if someone comes asking and its more a morality guideline then a criminal law.
If they blanket ban “vpn technology” i would simply suggest ignoring it. Laws that stupid are too incompetent to take seriously. I recon its completely unenforceable.
Either way you’re unlikely to be investigated unless the government already has a reason to investigate you. In which case you’re probably fucked no matter how secure your internet.
You can rent a server and run OpenVPN on that server on port 443. Maybe even with port sharing so that the server can act like a regular webserver too.
It’s easier to trace the traffic back to you if the server runs in your name but it’s pretty hard to tell that you are using VPN if you aren’t connecting to a known VPN provider.
You could buy a webserver outside the country and set up your own VPN software or something. I think there are forms that look like https.
You should probably try to tell at least one person a week to never vote for those people again and try to resist your oppressive state in every way you can without getting yourself in trouble or hurt.
Also try to do anything you can that they don’t want. If the powerful people in your country want something, try to oppose them. Don’t let them just shit in you and get away with it.
You could buy a webserver outside the country and set up your own VPN software or something. I think there are forms that look like https.
Anyone used / got any opinions on Algo?
There are VPNs that operate in stealth mode so they don’t look like VPN traffic as they’re being used.
Still illegal, but not detectable. No riskier than being a political activist antagonistic to the state.
