I know it isn’t specific to just Linux but I use Linux anyway so my question is,
Is there a way you could use a VPN without them knowing that? Or if they outlaw them is it really just game over?
If they made VPNs illegal I suppose stuff like TOR would follow except TOR is partly funded by the US state department and the US is one of my countries closest allies (one of the five eyes). So surely they wouldn’t shut down something the US funds directly… Would they?
I’ve read very very little about Gemini and other protocols like Gopher, would this be the way forward if they do this? And is that even remotely close to the security and potential anonymity you would receive from a VPN?
Until the “whitelist” principle is implemented for the network—you’re fine. You’ll be able to use stealth protocols, whose traffic is practically indistinguishable from regular HTTPS traffic to any website.
You might ask:
But won’t the internet censor notice that suspiciously large amounts of traffic are going to a single IP and block it?
you’d be right, but only in the case where your server is configured incorrectly. nothing stops you from finding a hosting provider whose subnet contains YouTube caching servers and disguise your traffic as coming from there. then, to the censor, everything will look natural, since traffic is indeed going to YouTube.
Once you have your own proxy server, you can create proxy chains to well-known services like Mullvad, IVPN, Proton, etc. Your intermediate server won’t see the traffic, so your privacy will be just as strong as when using these popular services directly—except with slightly higher ping.
You might say: what if they introduce those very whitelists, allowing access only to IPs within your country of residence? Like in North Korea?
I’ll answer: first, it’s unlikely to happen overnight, as it would be a fatal blow to the country’s economy. Second, even with whitelists, there are ways around them. In Russia, many people rent Russian CDNs (content delivery networks that reduce ping to services) and use them as an intermediate layer between a foreign server and themselves.
Why can’t the censor block them? Because large companies use them—so blocking these CDNs would also break taxi services, banks, and many other services included in the whitelist.
So it’s not that bad. The main thing is to have the will to fight for your rights, for your freedom. And methods, one way or another, will remain even under the strictest regimes :)
mullvad has wireguard obfuscation making it harder to detect vpn traffiic
+1 ro this. The obfuscation tunnels traffic through the QUIC protocol used by https/3. Basically, it’s almost impossible to block QUIC without sabotaging the web. This is opposed to traditional VPN connections, which send encrypted (usually AES) packets over UDP, which is much easier to tell is a VPN.
Tor and the Snowflake projects have a lot of work they do on that fight
My recommendation would be Tor and use bridges. Bridges connect to Tor for you, and the IPs of bridges are secret. So no one really knows that you’re connecting to Tor. They can only see you connect to a random IP. For extra security you can use the “tails” OS.
While not foolproof, should be good enough for any sort of “normal” people under mass surveillance. If you’re special enough to have human attention on you, I don’t know sadly.
This. Pretty sad that people in my country (UK) might have to use technology designed to help people in repressive regimes for basic access to perfectly legal and moral information, but here we are.
I don’t see how any modern country could do it. It would close off all cloud things.
They could pass laws that made VPNs nearly useless (mandatory logging and law enforcement access), or could pass laws that made it nearly impossible to make money from running a VPN service (make VPNs liable for any “damages” they “facilitated”).
Not exactly since your VPN could be in a country that doesn’t give a shit about the laws in your country .
Yeah, I think they have ways to block payments. Could use crypto though. Would make them much less profitable, since less people would want to go through those hoops. I guess countries like China does pretty intense DPI, and starts throttling and blocking connections that just exhibit suspicious-looking patterns, not to mention blocking every known VPN, Tor bridge, etc.
You could rent a VPS in a neutral country and use ssh to create a SOCKS proxy to it, then use foxyproxy to add the proxy to firefox/librewolf/whatever and either allowlist certain sites you don’t want your country knowing about or denylist websites you don’t care if your country knows about (especially higher bandwidth sites that aren’t controversial like YouTube).
At that point you’d have plenty of “real” traffic from the unproxied websites and any traffic the rest of your OS is using, and when you access the proxies sites you want to hide it’ll look like you’re using ssh and/or scp.
You could also create a proxy server with a tor connection on the server and use ssh port forwarding to access it locally. The Mullvad browser + foxyproxy would probably be your best bet for using that since it’s basically tor browser without tor.
This, but I’d use separate browsers to keep seperate digital fingerprints. Otherwise your ad trackers would know it’s the exact same person going to site a directly and site b indirectly.
Also worth noting that Facebook has a back door on its mobile app, that keep listening on some port. When you use certain apps with meta code ( could be a newspaper that monetizes with Facebook ads ) or websites with meta code ( same “newspaper”), those apps/websites send your ad tracker id directly to Facebook app through that port. This de-anonimizes the shit out of your “anonymous” ad IDs. Other techniques rely on lots of data points and some degree of guessing, but this ways it’s mercilessly effective and accurate.
P2P tunnelling could be a thing, but obv there are issues with having a stranger’s traffic coming out of your home network range. I guess they can’t really lock out all traffic from AWS and Azure, so cloud data centres are an option.
P2P tunnelling could be a thing
it is!
If you go to dark(.)fail, go to Dread forums and head to c/OpSec, one of the top posts has information on how to bypass all Internet censorship. It’s a super in-depth tutorial on bypassing censorship in countires like Russia, China, etc.
You can create a VPN through HTTPS. Bad idea performance-wise, but it’s harder to detect.
You could always get a friend in another country to host a VPN just for you (and then run that through a commercial VPN).
I don’t know how any company I’ve worked for would operate, especially when headquartered in another country. They’ll just have to fire everyone in that country rather than compromise their security
I’d assume they’d give companies an exemption if they made private VPN use illegal. Doesn’t China do something similar to this?
VPNs work fine in China. The point of the great firewall is to keep Facebook et al out, not to keep anybody in.
I think the Chinese VPN ban is a bit exaggerated
To be fair, it’s Mullvad that simply rocks.
They don’t really ban them, but there is deep packet inspection where they may throttle the connection or in my experience, cut it off after a period of time. Sometimes they block them during national occasions. I could probably try something better than OpenVPN. I only use it for personal use anyway and I am a foreigner, so they really wouldn’t care (if anything, it’s kind of expected waiguoren behaviour). If you are roaming on a foreign sim card and using mobile data, there is no censorship from my experience. Just needed the VPN for wifi
Most popular VPNs have some form of obfuscation options in their apps. But if you’re using e.g. raw Wireguard you won’t be able to use their obfuscation function.
Btw technically they can’t really outlaw VPNs as a whole, only commercial/“privacy” VPNs. They couldn’t really tell if you’re e.g. using your friend’s PC as a VPN to access their LAN, since it’s a residential IP. Unless they’re looking for Wireguard packets, but that seems like an unlikely law since it’d piss off a lot of businesses that use VPNs to let their workers access the company intranet at home.
I’d be careful with wireguard if VPN is illegal. OpenVPN has a SSL handshake. Wireguard has a Wireguard handshake.
OpenVPN fingerprinting exists too but it’s an actual effort. For Wireguard you just need tcpdump and a basic filter.
True, but laws being written by morons with little to no tech knowledge, they’ll ban VPN companies’ services.
It’d be a really bad situation. I mean we rely on VPNs and tunnels a lot. For half the people doing home-office, logging into the company’s VPN is the first thing in the morning. Field crew relies on them. That’s an additional layer of protection in the ATM of your bank…
It’d wreck half the economy in the process. Or “they” need to outlaw specific things. Like private VPNs. And gather a list of private VPN providers and ban them via a great firewall. That’s possible. And would make life worse in a country. It’s possible to circumvent these measures. And it’s difficult to discern traffic and distinguish VPN traffic from other encrypted traffic so the country might want to implement some harsh measures as well. A police force knocking on people’s doors if they suspect them to evade law and demand they show their computer and smartphones.
So in conclusion your best option is probably to move to a different place if you can afford to, once that becomes reality.
Banning VPNs is on the list of braindead government restrictions up there with banning encryption. The latter is basically a ban on math, just like in that book where 2+2 is sometimes 3, sometimes 5.
Aren’t they both the same thing? A VPN is just applied encryption.
You’re right though, banning encryption is a pipe dream. Encrypted data is not distinguishable from random noise. So you’re not allowing me to send around random numbers now?
To me “banning VPNs” is more like banning packet routing. Because VPNs or just that. “Normies” think they are like some magical hacker trick when in reality they are just routing+encryption. (technically you could have VPNs without encryption so for me the routing ban is more accurate) I guess that depends on the way the ban is implemented, though.
As a person from the UK, I am fully expecting them to implement this in the next year or two, because ruining the internet seems to be the government’s top priority rather than say, fixing the economy or preventing Reform from taking over for some fucking reason.
just like in that book where 2+2 is sometimes 3, sometimes 5.
You mean
book1.xls?haha
Though to be fair whenever I encountered an issue in Excel/Calc, it was a user (me) error.
Yes but they’ve done this before in countries like US. They went after the T Shirt producers printing the DeCSS on them and recently the whole tornado cash fiasco where they tried to make smart contracts illegal (although this was overturned).
Granted though I think DeCSS contained proprietary code so its a little different but unfortunately I view most governmental control and censorship to be braindead but I still fear they will do it.
They would have exemptions for corporate VPNs and encryption and for members of parliament and all that of course, but I could absolutely see them trying to fuck us all sooner rather than later.
I hope I’m just paranoid.
Off topic, but with DeCSS the problem wasn’t that it was proprietary or a trade secret. Once the algorithm got out, it was out. Since it had been a trade secret, there was no patent protection on it.
However, some laws and treaties prohibit distributing code that circumvents copy protection schemes, and this is where they ran into trouble.
And that’s why they were all those songs and t-shirts and other free speech items made with the DeCSS algorithm on them. Eventually the cases were dropped.
