Comment on UK households could face VPN 'ban' after use skyrockets following Online Safety Bill

<- View Parent
arc99@lemmy.world ⁨4⁩ ⁨days⁩ ago

Actually it can be done and is being done. Software like Fortigate Firewall can do deep packet inspection on encrypted connections by replacing certs with their own and doing man in the middle inspection. It requires the browser has a root cert that trusts the certs issued but the proxy but that’s about it.

And if Fortigate can do it then any filtering software can too. e.g. a kid uses their filtered device to go to reddit.com, the filter software substitutes reddit’s cert for their own and proxies the connection. Then it looks at the paths to see if the kid is visiting an innocuous group or an 18+ group. So basic filtering rules could be:

  1. If domain is entirely blocked, just block it.
  2. If domain hosts mixed content, deep packet inspection & block if necessary
  3. If domain is innocuous allow it through

This is eminently possible for an ISP to implement and do so in a way that it ONLY happens when a user opts into it on a registered device while leaving everything open if they did not opt into it.

And like I said this is an ISP problem to figure out. The government could have set the rules and walked away. And as a solution it would be far more simple that requiring every website to implement age verification.

source
Sort:hotnewtop