Hello ,
As the title says what happens if theUK requires age verification for VPN’s or makes it illegal to use them?
Does that mean everyone will move to tor or I2P?
It seems if the UK gov keep pushing their agenda under the guise of protecting children people will increasingly go dark .
I guess what I’m asking is how does everyone think this will unfold?
M
First and foremost, it’s not something limited to UK. Maybe it’s because I’m watching things from “outside” the so-called “first world” (I’m Brazilian), and I can’t help but notice how it’s something that have been spreading throughout the countries: Canadian bill whose number I forgot, EU’s “Chat Control”, some Australian laws, etc… It’s getting everywhere! It didn’t start yesterday, also: I remember SOPA and PIPA back in 2010s (or was it 2000s? I’m getting old).
It’s worldwide, and it won’t be long before there are no more countries where “nothing to fear, nothing to hide” is the official motto via some kind of global treat/pact. It won’t stop in adult entertainment: eventually, it’ll cover every online activity. In this sense, “children” are just the frogs being morally leveraged by scorpions to cross an Orwellian river.
That said, VPNs are someone else’s computers sitting between latitudinal and longitudinal coordinates delimiting some geodesic convex hull we know as “country/nation” ruled by an entity who happens to have the monopoly over asymmetrical forces ruling over that very someone. Even nodes from Tor, I2P, Yggdrasil, Hyphanet, GNUNet, Usenet servers or grand-old SOCKS4/SOCKS4a/SOCKS5 proxies are someone else’s computer sitting inside some “country”.
And if all countries end up agreeing, out of shared dominance interests (even the so-called “inimical” countries, because even those “inimical” countries agree on certain treats such as the Global Treat regarding Antarctica), to some kind of “Online Kid Protection Global Treat” or whatever frog they can take any moral advantage of, there will be no computer proxification left for circumventing the new KYC requirements for accessing the Web, because there’ll be no more alternative countries left… Not even micronations such as Principality of Sealand.
Yeah, future doesn’t seem good, and the majority of global citizens won’t fight against it (we, privacy-conscious and tech-savvy people, we’re not the majority), so it’s kind of a Cassandra curse going on right now.
Maybe we must go back to radio communication? Radio mesh networks? Perhaps well-hidden geo-treasure pen-drives for exchanging and archiving files? Creating our own novel ciphering methods, steganography and security through obscurity, becoming able to physically speak through coded language on a daily basis? Even carrier pigeons and smoke signaling (I’m not joking) feels “safe” and out of the Orwellian reaches for now… For now.
(I guess they could still be spotted by LEO satellite imagery. And god-forbid a smoke pattern is caught modulating and transmitting the original uncropped Lena picture over the atmosphere /s).
I wonder if Tor and I2P’s other hops could eventually be obfuscated like bridges are now, so that a network could entirely exist within plain sight without being as blatant.
I’ve been having the same thoughts recently. Your mention of carrier pigeon and smoke signals now has me thinking that embedding data inside a birds sing like the recent jpeg someone tested could be our future soon.
Which species of bird was that? Time to raise them en masse and genetically breed them to sing more and also adapt to any environment on the planet to propagate. We need to widen coverage and bandwidth!
Those LoRa devices like meshtastic look good. I don’t like the idea of TOR and I2C because it’s known to hold disgusting and concerning stuff. But the original principles of the internet and a Cipherpunk approach is on the way .
Those LoRa devices like meshtastic look good
Yeah, tinkering with radio and Open-source hardware in general is funny and awesome. I did some personal projects in this regard, not exactly meshtastic, but experiments using a cheap RTL-SDR and some transmission-capable things such as Baofeng UV-5R and remote controllers from some of my childhood toys. I wish I could afford to experiment more with hardware, electronic and, especially, radio equipment.
Unfortunately, it’s like @[email protected] said, radio equipment can become targets, too.
In reality, this is already happening in EU: recently, I saw something about EU passing a law requiring all radio-capable devices to be, as far as I can recall, “tampering-proof” or something similar, and this is threatening alternative mobile OSes (such as GrapheneOS) because this law requires bootloaders to be unlockable or something. So, in practice, governments are already targeting radio.
Not to mention how “easy” is to triangulate a signal and how telecommunication regulators often do “wardrive” scanning in order to seek “irregular transmissions” (not just those disrupting others’ transmissions, but anything they could deem “irregular” because they’re the authorities in charge of allowing or refusing others rights, and this deemed “irregularity” could easily be using Briar through Bluetooth, or meshtastic nodes, during a strike/protest).
This takes me to another point from your reply:
I don’t like the idea of TOR and I2C because it’s known to hold disgusting and concerning stuff
It’s worth mentioning that disgusting and concerning stuff isn’t exclusive to Darknet, Clearnet also has such stuff, especially mainstream social media.
I mean, you’re not wrong, Darknet is indeed used for that, not because it’s inherent to Darknet, but because people who do concerning stuff also seek anonymity just like legitimate, well-intentioned privacy-concerned people, and Darknet happens to provide such anonymity for both uses in a double-edged sword manner.
Problem is: there’s no way to differentiate two anonymous actors without breaking the very fundamentum of anonymity.
And this very argument you used unfortunately can be twisted by authorities to justify breaking anonymity and, by extension, privacy.
For authorities willing to control everyone’s lives so badly, it just takes a small leap for the phrase to be reshaped and re-adapted as…
“private content/people’s intimacies must be scanned/watched because they’re known to hold disgusting and concerning stuff”
This is almost the argument behind EU’s “Chat Control”. And the majority of people end up joining this bandwagon unaware of where this bandwagon leads to: something that makes 1984 feel like a sugarcoated documentary.
Unfortunately, there’s no easy solution regarding “disgusting and concerning stuff”, but we should be really careful lest to throw the baby out with the dirty bathwater.
Just wait until they mandate embedding some sort of hardcoded device identification into LoRa devices.
I don’t think I2P can hold anything. It’s just anonymization through multiple hops, not a network within the network, no?
I don’t know. I’ve not used I2P before but I heard it was a decentralised internet just on a smaller scale like a WAN
Reading about it further, I was completely wrong about it. I2P is entirely self contained and exit proxies are not really a thing.
Your concerns may be warranted.
I’m already using the Shadowsocks bridge in Mullvad. If things get more serious, I’ll do some research and consider switching to Tor with either obfs4 or WebTunnel on Tails, and Snowflake on mobile.
Yes, this way they need 2 seconds more to track you, if they want. TOR is the most monitored Network by all security agencies and secret services, it was created by these. I2P is maybe somewhat more secure. Decentralized network is anyway the future, also P2P communications.
I2P is brilliant, yes, but I can’t use it for clearnet sites.
Besides, in this case I would be using it purely for tunneling without detection by my ISP. Anonymity would be more of a bonus.
using it purely for tunneling without detection by my ISP. Anonymity would be more of a bonus.
I feel like people like you and me end up helping people who actually need anonymity - by creating a larger crowd :)
I2P certainly is not the clearnet, but if they continue to contaminate the clearnet with massive surveillance, there are not much more alternatives if you don’t want to go back to communicate with Finger commands like in the 70th (still works, see also this)
I hope they’re dumb enough to just ban VPNs … and completely halt half the corporations from working, because any WFH or remote accessing is built on VPNs.
Hell, it might just make using Zscaler illegal, one of the biggest cybersecurity tools in the corporate world!
Easy fix: just sell a license to companies that want to use VPNs
With the Tories soon you can’t go online if your webcam is off. The UK has not longer something to do with the EU, it’s more and more like the US. The UK always was very curious monitoring the nettraffic since a lot of years.
can’t go online if your webcam is off
I think spoofing a webcam should be pretty easy.
Yes, but not so easy to synchronize your activity with the video.
Just use a VPN outside the country or lease a low end VPS outside the country with decent bandwidth and host your own VPN endpoint. They can’t force ISPs to block all of the VPN protocols in general or they’ll lose a ton of businesses that rely on it for basic security of remote/traveling employees.
They can’t force ISPs to block all of the VPN protocols in general
They very much can, I’ve seen it happen last year. The main protocols are VERY easily recognizable by DPI. However, there are obfuscation methods that can get through even Chinese Firewall, and they’re constantly improving.
You can’t DPI a VPN tunnel because it will break the tunnel connection.
I meant that the DPI can easily detect the fact that the connection is indeed Wireguard or OpenVPN.
Even if they did, you can run VPNs over https, or make Tor disguise itself as other kinds of web traffic.
And there are still ways to detect that.
Note: if you live in the UK, your government sees you as their possession. Make sure that they know you are not.
They can try, they can’t effectively stop it.
I mean they very well could. I mean it seems to be going this way anyway but separate networks. No global Internet just a bunch of networks each country controls.
Given the reliance on US and other overseas companies, to completely isolate the UK in their own intranet would be next to impossible. Only North Korea has that kind of network.
has anyone ever effectively stopped a program from being used?
You live in a bubble my friend. Not everyone will move to tor. Not even close. Linux has reached 3% in the steam statistics recently. Remove the deck users and you’ll be lucky if it hits 1%. Of those 1% not even everyone will be able to give up the regular web. I’m sure there will be a surge in alternative browsing prorocols, but not enough to change the status quo.
The Deck has done incredibly well, but they can’t manufacture enough to make your numbers make sense. Also, last I saw, Linux streaming was around 5%.
However, yeah, most people won’t know how to use these tools. There will probably be a ton of sites that pop up temporarily that don’t have age verification. Any time they go after them it’ll go down, and a new one will appear. They’ll be sketchy sites, but that’s how most people will avoid it if they want to avoid it.
Most of the mainstream social media is blocked where I am. Good news: a huge part of even uneducated population does indeed learn to evade censorship. Bad news: they tend use the most easily-accessible services, which are sketchy, like reselling the users’ IPs as residential proxies.
I found out students in my kids highschool were using VPNs to play roblox on the network (bypassing IT’s block). They way they did it was 1. Search “VPN” in the app store or play store. 2. Install the first result.
That’s probably a good model of what mass adoption of VPNs would look like.
- my own kids got a tailscale app connecting to my headscale network in 10 minutes and me wiping my brow that I dodged a bullet.
The normies are mad . I use Arch BTW.
I use Arch BTW.
Gotta start em on something lighter. A gateway distro, if you will.
If the UK is serious about blocking VPNs that don’t comply they’ll mostly succeed for the big ones. They’ll get them removed from app stores which will prevent most normies from finding and using them. They’ll apply network blocks to their entrance IP addresses (laughably easy, there are commercial vendors who sell data like this so they don’t even need to invent the wheel here) and make it difficult. They wouldn’t be able to prevent truly determined VPN providers from providing service but the days of $4/month for privacy/torrenting would be gone as the prices would likely be higher and you’d have to do things like mail cash.
Beyond the known IPs, VPN traffic is fairly easy to flag with DPI solutions and could be detected and blocked or dropped by ISPs acting under the law. This could also be used to stop people running tunnels to hosted VPS solutions outside of the country or run by friends from their homes. There are obviously ways around these, disguising traffic, various techniques but for most people they’d give up and either stop browsing porn or cough up their ID. Of course this would create a dangerous state of affairs where anyone using a VPN without being KYC’ed is clearly a criminal, at the very least a suspected video pirate, at the most a dangerous child predator or terrorist.
Additionally the UK isn’t like Russia or China, lots of western CEOs and employees pass through and within its jurisdictions and if a particular VPN is providing service without this they could try and arrest c-suite people or engineering staff associated with it and slam them with jail time. So that’s a problem.
I know you aren’t saying this. But it’s not just porn that’s the issue. It’s the wider scope this act encompasses and a trend other govs could follow. I use porn sure , but imagine your facial and sexual preferences leaking. What if you come from a religious family and you’re a lesbian and pitted by this?
Even worse than this. What if the government suddenly makes abortions illegal, or use it to round up LBGTQ people, or people with immigration status’s that aren’t standard. Even without going USA dystopian, a person under the age of 18 that is abused by a caregiver and needs to privately visit websites that would give help and advice. The use of the rule to limit free speech and the inability for small websites and groups to not be able to manage the technical ramifications of stopping actual 18+ content, so just put up an age restriction to protect themselves means lots of free resources with no actual 18+ content are being shuttered.
And yet a child can still easily get to 18+ content and content of harm through Nintendo chat or their text messages and chat with others.
It’s a bit like when a games manufacturer makes your new game you purchase have to be connected to the internet so they know you are not cheating or stealing their game. It adds barriers for legitimate users and purchasers yet people pirating or cheating have ways to get around it and actually have a better game experience than those that are playing by the rules.
Businesses would be heavily impacted
Make good connections with people you trust internationally. If it really comes down to it, between friends, people who care could work together to set up SOCKS5 tunnels or some such to walk around it pretty cleanly, but you would really have to trust whoever you give credentials to since they would be using your internet connection for whatever. Could also straight up just install the OpenVPN server for this.
Once or twice I have opened a tunnel to friends on one of my servers through a bastion host - any outgoing traffic from the server goes through my own VPN, so it wouldn’t matter if they couldn’t access a VPN in their country.
For anyone who doesn’t care to learn, which in my experience is the vast majority of all people, not much can be done. Even the people I meet who say they do feel that they care deeply mainly just like to be loud about that, but never actually put in the work to learn how to do something as simple as use
ssh -D, let alone learn how a proxy actually functions.I suppose the best those in the know can do is to make it clear that they do know. Should friends actually begin to care, then they will know who to go to for possible solutions.
How though? Commercial VPNs that simply function as proxies, sure. VPN as in the protocols themselves? Not possible without breaking too much stuff.
Yes, they can block the protocols. The VPN protocols are pretty easily detected by DPI, and they might just not care about breaking things (like what I’ve seen). There are ways to obfuscate such traffic, though.
Sure but someone hosts these services . I can make a VPN right now and the service is paid by my debit card.
If you have a friend outside airstrip one you can tunnel through them. I could see some kind of tailscale like mesh vpn type deal being deployed for this purpose
Get a VPN from outside the UK.
With a payment method from outside the UK? Or crypto where most companies have KYC ?
Go to mullvad.net and make an account. It’s a 16-digit number, and you’re never asked for personal information. There’s no credit on it, but you can pay with a card, crypto if you do that sort of thing, or by sending some banknotes in the post to the company along with the account number to top up.
Yeah but who controls the on ramps for crypto, KYC is everywhere
If you use Monero, it can’t be traced back to original KYC sources
I don’t think this is a good idea still. First - the very fact that you bought crypto can be suspicious. Second - then your anonymity depends on the assumption that Monero wouldn’t have flaws found in it later, which is just not a good approach with any technology, no matter how well-regarded. And third, most mundane - introduces yet another place from where your ID can leak.
Don’t use crypto then.
You can pay for Mullvad in cash by just posting it to them.
Sure but you can wash it befre you send it to your VPN, so the connection bwtween your purchase and your expenditure becomes lost.
Mullvad has zero kyc
dkyc fucking rocks
Only the enlightened will move to Tor. The unwashed masses will just suck the dick as normal.
So, current issue I’m trying to solve.
- Discord is kind if innately de-annonymized because I’ve talked about where I live for the purposes of visiting people.
- Discord cannot make voice calls through VPNs.
Should I try and find a workaround for that or just use discord from the desktop app and keep it segregated from my other traffic while accepting its compromised without even the minor protection of a VPN.
Or go full paranoid and make a brand new account and re-grab my old friends which creates an identifiable but not immediately obvious link to an old account (and then just self censor my own speech from then on out to avoid self doxing)
Discord cannot make voice calls through VPNs
I’ve never had any issues with this, am I missing something? Is my VPN not configured properly?
Discord is bad because it’s centralized. So I would recommend something like simpleX, which protects your privacy. If your friends don’t want to use it, then you need better friends because they should understand that you care about yours and their privacy.
As for real-time calling, that uses UDP, which is why something like Tor can’t do it, since it’s a TCP-only network, so either you need to find something that will let calls work over TCP, or give up on the idea of real-time calls and switch to voice messages, which can do over TCP.
Will any of the washed ones suck dick, though? Asking for a friend.
Only by choice… That’s the entire point of this exercise.
1.- You realize you are under the so called “communist china 2.0: capitalist descendant” western countries fear so “much”
2.-You run away like when honk kong got forcibly reincorporated to mainland china laws
3.- You would be free again in a brave new country!
4.- For a while… until the distopian totalitarian regimes fueled by greed catches up to you…
Edit: Hahaha, got downvoted 'cause they know im right and got butt hurt.
Just remember, today was UK, EU plans to do it tomorrow, and USA is already makin’ drafts. You either protest now (oops, you cant do it in the UK) or lose your rights until the tree of fredoom demands blood again.
Added it to edit, so… nothing here anymore
