CBaaS
Censorship Bypass as a Service, where your new updates are your [unique user ID].com
Comment on Movie industry demands US law requiring ISPs to block piracy websites
khorovodoved@lemm.ee 7 months agoAs a guy from Russia, I must admit that vpns are not a big problem for censors. They can be easily blocked, including self-hosted ones by protocol detection. And DNS would not do much with IP and clienthello-based blocks. And most users are not enough tech-savvy to constantly switch to new protocols as old ones get blocked.
Syn_Attck@lemmy.today 7 months ago
rottingleaf@lemmy.zip 7 months ago
Even HTTPS-incapsulated? C’mon.
That most users won’t care enough - that’s true.
khorovodoved@lemm.ee 7 months ago
Https does not actually make difference here. You can still detect VPN usage by unencrypted clienthello, encryption-inside-encryption, active probing, obscure libraries that vpn protocol depends on, etc.
rottingleaf@lemmy.zip 7 months ago
WTF? How are you going to look inside HTTPS?
Or is the word “encapsulation” (misspelled it first) unfamiliar to you in the network context? Maybe shouldn’t argue then?
obscure libraries that vpn protocol depends on
What? Are you an LLM bot? Answer honestly.
khorovodoved@lemm.ee 7 months ago
At first, please, be a little bit more patient and no, I am not a LLM.
All https traffic is https-encapsulated by definition. And you can look inside https just fine. The problem is that most of data is TLS-encripted. However, there is so-called “clienthello” that is not encripted and can be used to identity the resource you are trying to reach.
And if you are going to https-encapsulate it again (like some VPN a proxy protocols do) data will have TLS-encription on top of TLS-encription, which can be identified as well.
And about libraries: VPN protocol Openconnect, for example uses library gnutls (which almost no one else uses) instead of more common openssl. So in China it is blocked using dpi by this “marker”.
conciselyverbose@sh.itjust.works 7 months ago
You have no rights in Russia.
VPNs can’t be categorically banned in the US without major first amendment issues. It’s not a huge technical issue, but unless the courts just throw out the Constitution (a risk that we’re seeing too much of, but still a meaningful bar to cross), there are huge legal barriers to doing so.
Your government doesn’t need to care about legal barriers because you have a dictator.
redfox@infosec.pub 7 months ago
We are just a little behind trying to elect our new dictator…
But just for a day…
/S 🙄
khorovodoved@lemm.ee 7 months ago
VPNs are not categorically banned in Russia either. Just 95% of them. Categorical ban is not actually required here. Government can just create licensing procedure and license only those VPNs, which follow “rules”. I do not see how this is different from ISP bans.
conciselyverbose@sh.itjust.works 7 months ago
Entirely unconstitutional restriction of speech.
The government can shut down specific illegal acts, such as sharing other people’s intellectual property. They can’t ban tools or protocols. There’s plenty of precedent of the government trying to restrict encryption and being shut down. Removing the ability to communicate securely is a first amendment violation.
khorovodoved@lemm.ee 7 months ago
By the same logic they should not be able to force ISPs to ban sites, bit here we are. If they can enforce bans with ISPs, why can’t they do the same with VPN providers?
Woozythebear@lemmy.world 7 months ago
You realize the tik tok ban bill is also going to ban the use of VPN’s right?