However, such efforts are technically flawed because the only reliable method for identifying VPN protocol signatures is deep packet inspection at the network level, which the EPRS paper doesn’t mention.
I mean, you can tunnel whatever over whatever. You can tunnel a VPN over anything else that’s encrypted, so unless you also want to ban SSH and HTTPS connections and suchlike (well, okay, for UDP-based VPNs, you’d probably prefer something UDP-based, but I think that the point stands), you’re going to have trouble, say, blocking OpenVPN connections.
Tor exists for the explicit purpose of not being blocked.
Maybe you could try to characterize VPN traffic and do traffic analysis without being able to look inside the encrypted payload, say “VPN traffic tends to look like this”, but again, it’s not that hard to add noise to the signal.
And you don’t even mostly need a full-on VPN for most of this, since it’s mostly just people trying to access Web services.
Get yourself any Linux system in some less-restrictive location (which I’ll call server) running OpenSSH. SSH into it from client like so:
[tal@client ~] $ ssh server -N -D127.0.0.1:1080
On the client, install the Proxy Toggle Firefox plugin. Set it to use localhost, port 1080 as a SOCKS5 proxy. Click the toolbar button to toggle on proxy use. Now all your browser traffic is coming from that remote server. All a network provider can see is an SSH connection. Click again, and you’re back to normal mode.
But tal, that’s complicated. Some people won’t know how to use SSH.
So is virtually everything that a computer does. Raytracing. Image composition. Decoding discrete cosine transformation encodings. Rendering real-time video game worlds. If there’s a need, someone goes out and writes software that makes it easy for the end user. And if you create a situation where there is an unlimited quantity of stuff that a lot of end users want access to behind a wall which someone can make a one-click program to bypass, it’s probably a reasonably safe bet that that those one-click programs are going to show up.
There is no loophole that can be trivially closed here. It’s a fundamental limitation — if users are going to be able to send traffic that you cannot inspect the inside of — and avoiding that would mean encryption spanning your borders being disallowed, which you probably do not want — then they can appear to be coming from wherever in the outside world they want.
And plenty of people pointed out that this was a problem before age-verification stuff was put into force. This isn’t a situation where one just does the thing and there are a few lingering minor issues to iron out. It’s fundamental to the concept of doing age verification.
But voters don’t want their kids seeing porn.
Well, frankly, if said kids have Internet access and they want to see porn, they probably are going to be able to see porn or otherwise enjoy use of the least-restrictive set of rules out there. That’s part of having a world-spanning network where people can communicate with each other. There is going to be blasphemy and pornography and political extremism and stuff saying that Santa Claus doesn’t exist out there. Some of that is going to be material that doesn’t conform to the set of social norms where you live and will conform to social norms elsewhere in the world. I don’t personally see that as all that catastrophic.
Theoretically - yes there will be some loophole to do some stuff online. Something tells me people don’t exactly want to pay for gigabit connections and then be forced to tunnel through kilobit loopholes. Look at north korea to see the end goal, look at iran to see phase 3, look at russia to see phase 2, you are currently in phase 1 of the plan to isolate the internet.
Tor also has been banned in authoritarian shitholes for ages. New bridge IPs pop up and get banned daily. Good luck getting a working bridge in the first place, too.
Just gonna say that the Tor situation in such places is actually not as bad as you say. Look at what the Tor project did in Russia when it tightened internet control: it brought new tech out of beta, implemented a couple of changes, and restored connectivity to any decently techy person. The only thing that authoritarian states have shown us is that there will always be a loophole, hell, even when that loophole is considered illegal, its still there and is still used. The only way to truly control the internet is to kill it, otherwise there will always be someone smart enough and motivated enough to beat whatever restrictions are put in place.
Reform got a shitload of votes in this week’s elections, and one of their few actual policies is repealing the online safety act, so it’s not even particularly safe to say that voters don’t want their kids seeing porn if it means it’s any more inconvenient for adults to see porn.
Get yourself any Linux system in some less-restrictive location
Now you have a fixed IP. You need a VPN afterwards to be anonymous. But don’t expect the other location to not report this VPN connection back to your country. Otherwise you can expect the location to be banned from doing business with your country.
Incognet.io. They require an email, but they are perfectly happy to accept privacy masking emails just as long as they can get communications to you. They don’t care.
I know they do domain hosting, and I am pretty certain they do VMs as well, and you can pay for them with Monero.
One other note: One of the first conversations on here I had was when Ada, the lemmy.blahaj.zone admin, was talking to some gay guy in some Middle Eastern country where content related to homosexuality were banned. The lemmy.blahaj.zone instance was blocked at his country’s network, but he could view the text content from any other home instance (since any accessible home instance on the Threadiverse itself intrinsically basically acts as a proxy for the content on other instances). I remember pointing out that he could tunnel via SSH. His problem was that he couldn’t view images, since the images were hosted on the lemmy.blahaj.zone server, but these days, some lemmy home instances (including my home instance, lemmy.today) automatically locally proxy images posted elsewhere to hide the IP address of their users, so he wouldn’t even have that problem now.
I mean, you can tunnel whatever over whatever. You can tunnel a VPN over anything else that’s encrypted, so unless you also want to ban SSH and HTTPS connections and suchlike (well, okay, for UDP-based VPNs, you’d probably prefer something UDP-based, but I think that the point stands), you’re going to have trouble, say, blocking OpenVPN connections.
Tor exists for the explicit purpose of not being blocked.
Maybe you could try to characterize VPN traffic and do traffic analysis without being able to look inside the encrypted payload, say “VPN traffic tends to look like this”, but again, it’s not that hard to add noise to the signal.
And you don’t even mostly need a full-on VPN for most of this, since it’s mostly just people trying to access Web services.
Get yourself any Linux system in some less-restrictive location (which I’ll call
server) running OpenSSH. SSH into it fromclientlike so:On the client, install the Proxy Toggle Firefox plugin. Set it to use localhost, port 1080 as a SOCKS5 proxy. Click the toolbar button to toggle on proxy use. Now all your browser traffic is coming from that remote server. All a network provider can see is an SSH connection. Click again, and you’re back to normal mode.
But tal, that’s complicated. Some people won’t know how to use SSH.
So is virtually everything that a computer does. Raytracing. Image composition. Decoding discrete cosine transformation encodings. Rendering real-time video game worlds. If there’s a need, someone goes out and writes software that makes it easy for the end user. And if you create a situation where there is an unlimited quantity of stuff that a lot of end users want access to behind a wall which someone can make a one-click program to bypass, it’s probably a reasonably safe bet that that those one-click programs are going to show up.
There is no loophole that can be trivially closed here. It’s a fundamental limitation — if users are going to be able to send traffic that you cannot inspect the inside of — and avoiding that would mean encryption spanning your borders being disallowed, which you probably do not want — then they can appear to be coming from wherever in the outside world they want.
And plenty of people pointed out that this was a problem before age-verification stuff was put into force. This isn’t a situation where one just does the thing and there are a few lingering minor issues to iron out. It’s fundamental to the concept of doing age verification.
But voters don’t want their kids seeing porn.
Well, frankly, if said kids have Internet access and they want to see porn, they probably are going to be able to see porn or otherwise enjoy use of the least-restrictive set of rules out there. That’s part of having a world-spanning network where people can communicate with each other. There is going to be blasphemy and pornography and political extremism and stuff saying that Santa Claus doesn’t exist out there. Some of that is going to be material that doesn’t conform to the set of social norms where you live and will conform to social norms elsewhere in the world. I don’t personally see that as all that catastrophic.
Theoretically - yes there will be some loophole to do some stuff online. Something tells me people don’t exactly want to pay for gigabit connections and then be forced to tunnel through kilobit loopholes. Look at north korea to see the end goal, look at iran to see phase 3, look at russia to see phase 2, you are currently in phase 1 of the plan to isolate the internet.
Tor also has been banned in authoritarian shitholes for ages. New bridge IPs pop up and get banned daily. Good luck getting a working bridge in the first place, too.
Just gonna say that the Tor situation in such places is actually not as bad as you say. Look at what the Tor project did in Russia when it tightened internet control: it brought new tech out of beta, implemented a couple of changes, and restored connectivity to any decently techy person. The only thing that authoritarian states have shown us is that there will always be a loophole, hell, even when that loophole is considered illegal, its still there and is still used. The only way to truly control the internet is to kill it, otherwise there will always be someone smart enough and motivated enough to beat whatever restrictions are put in place.
Reform got a shitload of votes in this week’s elections, and one of their few actual policies is repealing the online safety act, so it’s not even particularly safe to say that voters don’t want their kids seeing porn if it means it’s any more inconvenient for adults to see porn.
Now you have a fixed IP. You need a VPN afterwards to be anonymous. But don’t expect the other location to not report this VPN connection back to your country. Otherwise you can expect the location to be banned from doing business with your country.
Also, I don’t of any VM provider that doesn’t require some sort of I’d already, at least an email address.
Incognet.io. They require an email, but they are perfectly happy to accept privacy masking emails just as long as they can get communications to you. They don’t care.
I know they do domain hosting, and I am pretty certain they do VMs as well, and you can pay for them with Monero.
One other note: One of the first conversations on here I had was when Ada, the lemmy.blahaj.zone admin, was talking to some gay guy in some Middle Eastern country where content related to homosexuality were banned. The lemmy.blahaj.zone instance was blocked at his country’s network, but he could view the text content from any other home instance (since any accessible home instance on the Threadiverse itself intrinsically basically acts as a proxy for the content on other instances). I remember pointing out that he could tunnel via SSH. His problem was that he couldn’t view images, since the images were hosted on the lemmy.blahaj.zone server, but these days, some lemmy home instances (including my home instance, lemmy.today) automatically locally proxy images posted elsewhere to hide the IP address of their users, so he wouldn’t even have that problem now.