• GrafZahl [he/him]@hexbear.net
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    1
    ·
    3 months ago

    Every multinational company uses VPN for their Intranet, no? I assume this would break so many things, lets go. Just set everything on fire already.

    • darkcalling [comrade/them, she/her]@hexbear.net
      link
      fedilink
      English
      arrow-up
      56
      ·
      3 months ago

      I get tired of seeing this smug-lord take.

      They would differentiate naturally between VPNs that are used for purposes like that (connecting to a corporate network) vs those used for anonymity, piracy, skipping around ID requirements within borders of a nation, etc.

      It doesn’t do the fight against these kinds of moves any good to smugly say “go ahead, the corporations will make you stop it” because it misrepresents what will happen.

      Which is that corporate VPNs will continue to work fine, will continue to be extensively logged, will continue to be used only for employee purposes and not skipping ID laws for adult content or piracy or engaging in anti-zionist speech they want to stop. Meanwhile they’ll implement technical measures to block anonymizing VPNs that people actually care about. They’ll make payment processors stop processing payments for them meaning you’d have to take the extra step of opening a crypto account but all modern crypto platforms are heavy KYC and they’ll be monitoring them and perhaps demanding they comply. Sure it won’t stop determined criminals or hardcore privacy hactivists but it will stop 95% of the population which is good enough for them

      • aanes_appreciator [he/him, comrade/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        17
        ·
        3 months ago

        Yeah the goal here is to go after the typical web user who was made tech illiterate from years of Apple/Windows/Android slop.

        The fact that we’re seeing VPN uptake at levels beyond other countries that enforced bans might at least mean there’s some minimum level of IT knowledge that Brits have to make the education of more advanced evasion possible.

      • SootySootySoot [any]@hexbear.net
        link
        fedilink
        English
        arrow-up
        15
        ·
        3 months ago

        I don’t think it’s that smug, it’s largely realistic. The point is that VPNs have significant legitimate and almost necessary usage, which means

        a - There will be some amount of corporate pushback. Maybe not enough, but it’s less likely to mean it’ll be a law. b - You can’t just instruct ISPs to block all VPN-like traffic, making a total ban impossible to enforce. c - Allowing ‘legitimate’ VPNs may allow people to slip preferred ones in as ‘technically allowed’.

        So yes, of course the government can just ban the “bad” VPNs, but that compromise alone means it’ll be significantly worse at banning.

        Also, given Mullvad takes cash for a significant fraction of payments, banning payment processors probably wouldn’t be so big a deal.

        Yeah, I suspect overall it’d still stop >50% of the population, but I’d argue not much more.

        • leftAF [comrade/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          9
          ·
          3 months ago

          You can’t just instruct ISPs to block all VPN-like traffic, making a total ban impossible to enforce

          I wholeheartedly believe they can and likely will before humanity’s brush with capitalism is over. They would just filter traffic from residential network endpoints more heavily than corporate/business users and start culling “illegitimate” business users. Then gradually close the loop on other methods of evading censorship. I do have a background contributing bug fixes to one of the big anti-censorship P2P networks out there.

      • GrafZahl [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        12
        ·
        3 months ago

        I agree with everything you said. I did not claim that corporations would stop a “VPN ban”, and as you said, a “VPN ban” would not try to ban VPNs, but it would target any kind of anonymity. Opposition to this should of course be supported. The law is an obvious deception to give law enforcement more power to use against anyone they wish, and terrible humor is my coping mechanism.

        Now to your point about stopping 95% of the population from hiding their ID online, have they done so successfully in the past? I’m not trying to pin down the number, I get that it’s probably just an estimation and youre talking about the “average person online”. My guess would be, they use a VPN at best, but they do not use it in a way that actually makes them anonymous, like they would still log onto their E-Mail and Facebook and whatnot. My understanding is, that this makes any VPN useless for anonymity, but please correct me if that’s wrong, I admit I’m not super well informed on that.

        In my experience, and anyone I talk to in real life, the advice is to generally not even use phones to talk/message about organizing stuff. I mostly go by the assumption that the average person is already not able to hide their identity online, other than by “hiding in the crowd”. Right now, the amount of data makes it hard for anyone to find anything, so people still get away with a lot of shit because noone is looking at them too closely. I think this might soon end, as law enforcement is starting to use software tools from Palantir, and the biggest critics of those tools in germany are apparently opposed to it, because it is a US product, and not a EU product. Police has not been bothered to check whether the use of this software to indiscriminately analyse personal data is even legal. Courts might intervene, but I’m not sure how relevant that is, because they will probably still allow the use of such tools in some capacity, and then police can just do some oopsies and use it illegally anyways.

        I don’t wanna dismiss people who rely on online communication a lot, I get that it’s important for many. I think E-Mail and encrypted messaging in 1on1 messages is still sort of safe? But I wouldn’t be surprised if that also has no future. Eventually the state figured out they could just open the mail of a “suspect”, why wouldn’t they do the same with online comms?

        • darkcalling [comrade/them, she/her]@hexbear.net
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          Now to your point about stopping 95% of the population from hiding their ID online, have they done so successfully in the past?

          They never really saw a great need to. Western capitalism was strong enough it could afford to pretend to have these liberal freedoms and tolerance of speech and so on. Now it’s not and it’s discarding that mask.

          My understanding is, that this makes any VPN useless for anonymity

          Against a resourced threat actor directly attacking you yes. If you’re a “terrorist group” then you’re fucked by opsec mistakes like that. More complicated is that tech companies like Google, your email provider, bank, etc aren’t really going to be interested in helping the feds coordinate and unmask VPN users. They’ll either block VPN access entirely for their own reasons (risk compliance) or not. Facebook a bit more up in the air given how they’re basically an info gathering operation for the west but still I don’t think they’re going to unless forced hand over lists of time, IP address, real name access logs of people connecting from VPNs for what? Hunting down people viewing porn? To do that you’d need either a tap on the porn provider’s infrastructure or their cooperation (they’d rather just block VPN addresses at that point I think) or else to have compromised the VPN itself. You could try and do timing attacks I suppose. I tend to doubt that much effort will be expended on porn because it’s simply not the real target just a convenient moral hazard to panic about and bulldoze over initial opposition with.

          So in an absolute sense yes you shouldn’t connect to things that connect back to your real identity while on your VPN, especially while on your VPN and in the same session from the same end-point doing things you want to hide from threat actors of a government kind. So for example if you create an anonymous Twitter account and post some violent threats on your VPN and then log into and browse facebook and do this a few times that’s a way of potentially being caught or at least an attack surface you don’t want. But in that example both Twitter and facebook are cooperating actively whereas I think porn sites would be less keen to cooperate on unmasking users rather than just blocking VPNs at that point. It could happen I suppose for government blackmail but I tend to think they’d just prefer the porn sites end up blocking VPNs at that point and force people to browse after submitting ID.

          As to the hiding in a crowd thing. If they can actually use machine learning to sift through the vast NSA gathered signals intelligence in bulk at scale that would be the end of that strategy having any merit because they’d have total visibility and insight into most things and could even do traffic timing coordination attacks on a bulk scale and without significant mitigations that wouldn’t be possible to easily defeat.

          I tend to suspect things like Signal are compromised by a National Security Letter or other means. But those are “deep secrets” meant for catching valuable fish so not likely to be blown on anything too mundane like a moral panic. E-mail isn’t really safe at all. You can hide message content using PGP (but unless you’re exchanging your keys in person or taking great pains to obfuscate them that may not help if you exchange keys online via the same or similar mechanism) but not metadata which is what they most care about for crushing activists which allows them to create relationship graphs mapping out people with relations to others like members of an org.

          • GrafZahl [he/him]@hexbear.net
            link
            fedilink
            English
            arrow-up
            1
            ·
            3 months ago

            Thank you, I think I will have to reconsider the usefulness of VPN. I may have been more pessimistic about them than warranted. I hadn’t realized that metadata in E-Mails thing but that makes sense. Also too many people stay logged into their accounts all the time anyways, so it sucks when someone gets their devices confiscated.