They fully can’t, there’s too many legitimate reasons that their corporate overlords use it for, the most you’ll get is loud filibuster about “we’ll totally do that!” until the topic gets forgotten
What vpn obfuscations do you use? Because you know they’ll block vpn next.
gwl@lemmy.blahaj.zone 3 weeks ago
pressanykeynow@lemmy.world 3 weeks ago
Again, that’s not some theoretical topic. They can block most VPNs, they do so in China, Russia, Iran. And there are no riots on the streets, their corporate overlords don’t do anything against it. One of the reasons is that they do allow ipsec for corporate clients. Are you a corporate client? Do you use ipsec for vpn? Are there riots on the streets for this censorship instance?
gwl@lemmy.blahaj.zone 3 weeks ago
You think the UK could?
The “tech experts” in government are fucking idiots, almost every single one of them.
And I know for a fact that those blocks in China and Russia don’t work, cause I talk to a Russian on the daily (she wants to get the fuck out, but hasn’t got enough money)
ragas@lemmy.ml 3 weeks ago
You can probably block companies offering public VPN services.
But good luck blocking VPN in general.
pressanykeynow@lemmy.world 3 weeks ago
It’s not some theoretical topic, it’s the reality for China, Russia, Iran. They do block commonly used VPN protocols, so people now use VPN with obfuscations. Some work, some doesn’t, some stop working as time goes. So when people say “Ha-ha, I’ll just use VPN”, it will help you for some time but the trend is they will make it a problem for you, better start preparing before it happened.
cley_faye@lemmy.world 3 weeks ago
Anything encrypted is blocked. Boom, done.
Is it stupid? Yes. Never stopped lawmakers.
ragas@lemmy.ml 3 weeks ago
How do you know if something is encrypted?
en.wikipedia.org/wiki/Subliminal_channel en.wikipedia.org/wiki/Steganography
Or for more practical implementations: blog.frost.kiwi/ssh-over-https-tunneling/ nurdletech.com/linux-notes/ssh/via-http.html
cley_faye@lemmy.world 3 weeks ago
Steganography is extremely far from undetectable, unfortunately. And trivial to find out once you know its there; if we ever allow a framework to be put in place to intercept communication at a large scale, it will be the inverse of the cat and mouse game we have with encryption : very hard to improve, very easy to detect.
And I’m aware of the many funky things we did. At some point people tunneled DNS queries through HTTPS, to get through wifi captive portal that only allowed HTTPS traffic until authenticated.
Just to be clear, I’m aware of the issues of detecting stealth data, and even detecting encryption against seemingly random data. It’s kinda fascinating to detect the difference, too; some people have looked into that. But the point is, if you’ve already agreed on “banning encrypted communication that can’t be listened to easily”, you can basically just say “this is gibberish, decrypt it or get to jail”. I also know that this sounds insane and throw away the “innocent until proven guilty” principle, but we’re slowly creeping toward a world where our device scans all our document and communication to notify of issues to a central authority, where black box in large networks are already present, and so on.
It’s been slowly creeping toward that. Finding way to hide traffic on public networks can only go so far if the listener can just stop you if it detect what looks like encrypted content.
And, since this is kind of a heated discussion, I’ll reiterate: it would be batshit crazy to go this way. But I would have found batshit crazy to have our own devices spy on us and report suspicious activities to third parties years ago, and yet here we are.
PieMePlenty@lemmy.world 3 weeks ago
I knew HTTP would make a return without its brother TLS someday!
myfunnyaccountname@lemmy.zip 3 weeks ago
There several sites I visit I have to fight with cause of VPN blocking.
Taldan@lemmy.world 3 weeks ago
That isn’t blocking VPNs, it’s blocking requests from data centers. Important distinction