Due to the UK’s Online Safety Act implemented earlier this year, accessing my Bluesky DM’s now means I need to allow a third-party service to scan my face, ID, or bank card. Understandably, that gives me the willies. So I can either simply never look at my messages again, whip out the likeness of Norman Reedus, OR I can log on via a VPN. However, the days of this vastly preferable third option may be numbered.
US states Wisconsin and Michigan have already proposed VPN crackdown bills aiming to close off this workaround—and the UK may be looking to follow suit. Online privacy nonprofit the Electronic Frontier Foundation recently criticised this strategy, taking aim at Wisconsin’s bill in particular, saying that blocking the use of VPNs is “going to be a disaster for everyone.”
The UK was the first one to this particular bag of shit. There was a British MP, whose name I forget, who retired from Parliament having sunk a bunch of money into investing in the UK’s chosen third party service, run by his friends, and IIRC wrote the bill so that it would go into effect long enough after he quit that he wouldn’t technically run afoul of corruption laws. The whole thing stinks to high heaven, and I’m sick that this crap is creeping into the US as well.
So anyway, here’s a great usecase for generative AI to game this fucked up system with pictures of nobody.
I’m a traveling repair man. I have to regularly use a VPN to connect to my corporate network to get schematics,manuals and securely transmit confidential files. My main office is in Wisconsin. How tf am I supposed to do my job, dumb fucks?
I do wonder how they’re going to even try to enforce this. VPNs aren’t exactly blockable without a great firewall type apparatus. If they block major providers then you can just setup your own, and if they block VPN protocols outright then it ranges from ineffective to outright destroying the internet. I just don’t really get how this is going to work practically. Which is good… hopefully it doesn’t pass though.
It seems like a “great firewall” is where all this will lead. Projects like xray-core may become important to a lot more people in the future.
I could see them using it a law they only enforce when they want to target someone.
The way I understand it, any company wanting to do business in the state would have to block access to their services from (anonymous?) VPN providers. That means IP blocks for PIA, mollivard, etc will be blacklisted by companies. There are already blocklists of IPs for VPN providers that many corporate web filters use (yes, they are terrible and inaccurate).
Yes, you would probably be able to fire up a VPS from a no-name provider and get through. However,
- a) that option isn’t really available to 99% of the tech-illiterate public,
- b) a lot of sites already have issues with non-residential IP blocks, especially AWS, and
- c) that usually means there is a 1:1 mapping between your IP address and your identity (often a credit card). Which is what they want.
If they block major providers then you can just setup your own
The major providers have “no logging” policies. They generate no data linking your payment information to your activity, so they have no data to turn over if requested. Your activity is traceable from the sites you visit back to the VPN’s endpoint, but the no-logging policy prevents further tracing back to you.
Any VPN you setup on your own is going to be tied to you just as closely as a facial scan, ID, or bank card.
As apex32 pointed out, it isn’t about logging, it’s about your ISP either ratting you out or outright blocking the domains and IP blocks of major providers and that’s why I said you can setup your own. Ofc even hosting one yourself your ISP can probably still determine you’re using a VPN through traffic analysis even if you’re using TCP 443 to blend in but it makes it harder.
My point is that setting up your own, you have a second ISP for the VPN endpoint. Traffic from/to that endpoint is traceable to the operator of that VPN, but now that operator is you, rather than a major provider.
The no-logging feature of the major ISPs provides anonymity by leaving them unable to correlate traffic on the endpoint to an actual person. That feature is the core function of a VPN, but it is not something that you can setup for yourself.
So what do you propose? Just not using a VPN? If you’re that worried you can run a second public VPN on top of your private one. The point of the private one is to avoid ISPs outright blocking known major providers.
It depends on how the law is implemented.
If simply connecting to a VPN is illegal, then your ISP could rat you out. They can’t tell what you are doing, but they can see a bunch of encrypted traffic between you and a VPN server.
If simply connecting to a VPN is illegal,
Such a law would prohibit Cloudflare’s entire business model. That interpretation will never survive the courts.
You good sir underestimate the stupidity of courts
The courts understand money. A handful of state legislators can’t throw nearly as much money at such a case as the big names in tech. Therefore, big tech wins.
Wrong end for most of us. It’s not that we live in a backward-state where VPNs are illegal, it’s that companies that want to do business in the state will have to block ALL users coming in through a VPN, regardless of where you live. They know which users are using a VPN because the IP blocks are well known, and they will just have to block those users. That’s why this one state is trying to f- over everyone.
That makes more sense and is…even worse tbh because that’s actually enforceable and so obvious I don’t know how I missed it. That would also probably impact Tor since those IPs are already heavily reputation damaged. The stuff governments have been pulling recently is just insane
This state is going to hell quick, they just recently banned any vape/juice that is not approved by the FDA, which is very expensive, so of course the only stuff available is the stuff made by big tobacco and the shit by the company that makes stuff for folks in jail which I refuse to support; lots of small companies went under. We’re STILL waiting on legal weed while our neighbors have had it for years, if that hemp ban goes though more businesses will be gone. Smh. This legislature is fully captured by big business, I have faith only in Tony Evers.
I look forward to the internet being completely captured by the political and business classes…
Espcially when done like Reddit did, where everything that is not marked as nonNSFW needs an account, even though its neutral
Last time I checked, you cab use old.reddit.com to bypass this login requirement.
Reddit doesn’t let me in with ny VPN on, though, so I just stopped using it.
Reddit doesn’t let me in with ny VPN on, though, so I just stopped using it.
This is exactly what this law and others like it will cause across the Internet. More and more sites will just block VPN users.
They already do that. I can’t watch YT, Reddit and have trouble logging in to FB. Cloudfare sometimes hits me with a endless captcha too.
I use Mullvad. Nothing of value was lost, and it has tremendously help me with finally stopping waating my time on those services.
I haven’t used Reddit for a few years, but the issue is that a lot of search engine results point to answers that now require an account. It’s no biggie, to find other results, but still annoying. Next time I stumble uppon this, i’ll try with the old reddit version and see if this works, but I am not desperate
