Comment

Comment on Movie industry demands US law requiring ISPs to block piracy websites

<- View Parent

rottingleaf@lemmy.zip ⁨7⁩ ⁨months⁩ ago

Even HTTPS-incapsulated? C’mon.

That most users won’t care enough - that’s true.

source

Sort:hotnew top

khorovodoved@lemm.ee ⁨7⁩ ⁨months⁩ ago
Https does not actually make difference here. You can still detect VPN usage by unencrypted clienthello, encryption-inside-encryption, active probing, obscure libraries that vpn protocol depends on, etc.

source
- rottingleaf@lemmy.zip ⁨7⁩ ⁨months⁩ ago
  WTF? How are you going to look inside HTTPS?
  
  Or is the word “encapsulation” (misspelled it first) unfamiliar to you in the network context? Maybe shouldn’t argue then?
  
  obscure libraries that vpn protocol depends on
  
  What? Are you an LLM bot? Answer honestly.
  
  source
  - khorovodoved@lemm.ee ⁨7⁩ ⁨months⁩ ago
    At first, please, be a little bit more patient and no, I am not a LLM.
    
    All https traffic is https-encapsulated by definition. And you can look inside https just fine. The problem is that most of data is TLS-encripted. However, there is so-called “clienthello” that is not encripted and can be used to identity the resource you are trying to reach.
    
    And if you are going to https-encapsulate it again (like some VPN a proxy protocols do) data will have TLS-encription on top of TLS-encription, which can be identified as well.
    
    And about libraries: VPN protocol Openconnect, for example uses library gnutls (which almost no one else uses) instead of more common openssl. So in China it is blocked using dpi by this “marker”.
    
    source
    rottingleaf@lemmy.zip ⁨7⁩ ⁨months⁩ ago
    
    However, there is so-called “clienthello” that is not encripted and can be used to identity the resource you are trying to reach.
    
    Yes, so how is it going to inform you that this is a VPN server and not anything else? You put your little website with kitties and family photos behind nginx on a hosting somewhere, and some resource there, like /oldphotos, you proxy to a VPN server, with basic auth before that maybe.
    
    And about libraries: VPN protocol Openconnect, for example uses library gnutls (which almost no one else uses) instead of more common openssl. So in China it is blocked using dpi by this “marker”.
    
    Ah. You meant fingerprinting of clients.
    
    Banning everything using gnutls (which, eh, is not only used by openconnect) is kinda similar to whitelists.
    
    Both applicable to situations like China or something Middle-Eastern, but not most of Europe or Northern America.
    
    source
    -> View More Comments