Will Basschat survive the Online Safety Act?

[Woodinblack]

39 minutes ago, TimR said:

But as @Bassassin points out, very hard to do as everyone would just use an offshore VPN server. Unless, of course, those VPN servers are also blacklisted. 

 

how can you blacklist a vpn? Anyone can setup a vpn server on any machine, and it doesn't even have to be a static address. 

[rwillett]

4 hours ago, Woodinblack said:

 

how can you blacklist a vpn? Anyone can setup a vpn server on any machine, and it doesn't even have to be a static address. 

 

The only way to stop VPN's this is to put a UK wide firewall and take charge of every single communications line in the UK, thats every company leased line, every fibre line, every microwave transmitter, every homemade Pringles wifi (https://www.makeuseof.com/tag/how-to-make-a-wifi-antenna-out-of-a-pringles-can-nb/), every analogue modem line, every satellite link, ever type of mobile connection, every modem. You'd also have to stop people standing at Dover occasionally getting French mobile providers. You'd also have to stop all the ham radio people as well,

 

You them have to route every packet through possibly the worlds largest firewall system (that would dwarf the Chinese one). Check every packet and see where its going. Oh and nobody can use https or any encryption as they need to see everything in clear. So the banks, military, lawyers would love that....

 

We'd probably have to build a new nuclear power station or two to run all this new hardware. You'd also need Cisco or Juniper or somebody to have a dedicated production line setup just for the UK.  The legislation necessary to seize all these comms would also have to be rammed through Parliament without recompense as this is about £1T of value.  We'd also need most people in the country to actually run this system. I suppose by this time we'd have a military junta in place so a lot of the legal stuff will have gone by the wayside anyway.

I'm trying to work out the most obscure way to set an TCP/IP network that could run a VPN. Of particular note is https://en.wikipedia.org/wiki/IP_over_Avian_Carriers however I'm not sure how to integrate VPN into that particular protocol.

 

As an intellectual exercise it's quite fun. Similar to Pave the Earth https://www.reddit.com/r/pavetheearth/

 

Of course this is just my opinion. Others may disagree.

[TimR]

6 hours ago, Woodinblack said:

 

how can you blacklist a vpn? Anyone can setup a vpn server on any machine, and it doesn't even have to be a static address. 

 

Not a true VPN and not 'anyone'. Your ISP will still be able to block websites. 

[TimR]

1 hour ago, rwillett said:

The only way to stop VPN's this is to put a UK wide firewall and take charge of every single communications line in the UK

 

Nope. 'You' wouldn't have to do anything. The responsibility would be with the ISPs. 

[rwillett]

12 minutes ago, TimR said:

 

Nope. 'You' wouldn't have to do anything. The responsibility would be with the ISPs. 

How is the ISP going to do this? Who is going to tell the ISP the block list that changes every second? Who is going to pay for the hardware and the software to do this? The second it's published it's out of date, mind you it was never accurate to start with. Who.is going to collate all the VPN'S in the first place? No obligation of foreign VPN'S to even publish their IP addresses they use, so how's an ISP going to know? The UK govt wouldn't know. 
 

How are you going to know that an https request to a non UK website isnt actually a vpn tunnel? The ISP can't know as it appears to be on port 443.  How do you stop somebody tunneling through an ssh session? I run some of my ssh sessions on different ports as it's easier to configure on the firewalls. You'd have to do a man in the middle hijack to look at the initial handshaking, however to do that you'd have to spoof the TLS certificates. You see this with some WiFi connections as they try to manage the certificates and get it wrong. 

 

Also not everybody has an ISP. I've setup direct leased lines between businesses.  Some people buy their lines. Some people pay to lay dedicated lines. I've had them explicitly laid down  that follows certain routes in the road for redundancy so they go through roads. Some large companies have direct international lines. Some companies lease capacity on their lines at different times of the day and night. None of these use an ISP as they want to control what they do. How are you going to control those?

 

The VPN genie is out the bottle now, its like saying to the ISPs to block porn. Too late, you can block the main sites but there are 10,000s of sites out there. You can't put the onus onto the ISP to do this, it would cost 10's of billions. The govt looked at this and backed off years ago. Netflix has tried to block VPN's and failed.  There are simply too many and they change all the time. 
 

Also setting up a VPN on a home server is a true VPN. Just because its not sold or advertised doesn't make it any less of a VPN. It uses high grade encryption, if I wanted to use even higher grade, i'd probably go for dedicated hardware which isn't that expensive. 

There are so many different and easy ways to get around anything your ISP puts in place. Never underestimate the skills of a 16 year old boy wanting to look at adult sites. 

 

 

 

[Woodinblack]

1 hour ago, TimR said:

 

Not a true VPN and not 'anyone'. Your ISP will still be able to block websites. 

yes, a true VPN, very simple to set up in a few seconds. Anyone could set one up following simple instructions. Not quite sure what you think a VPN is if you think there are 'true' ones?

[rwillett]

1 minute ago, Woodinblack said:

yes, a true VPN, very simple to set up in a few seconds. Anyone could eat one up following simple instructions. Not quite sure what you think a VPN is if you think there are 'true' ones?

My pfsense VPN took around 15 mins to setup as I had to read the documentation, I then had to transfer files safely to my devices. I do feel I was letting the side down by reading the docs though

 

https://www.comparitech.com/blog/vpn-privacy/openvpn-server-pfsense/

 

Not sure if thats a "true" VPN or not. Looks like one to me, works like one as it uses stuff like Tunnelblk, OpenVPN and Viscosity, all VPN clients. Works on my iPad, iPhone and Macbooks. I don't use Windows at home so can't comment on that.

 

Its not advertised anywhere though. I also sometimes change the ports as some foreign ISP's in ski hotels have blocked the more common VPN ports. The French seem to like to do this for some reason, I have a feeling there's a law. Took a few seconds to sort that out.

 

Thats how easy it is.

 

 

[Woodinblack]

I used to do phone networks, so we had to do vpn tunnelling through many networks to get to the machines which were mostly in other countries in protected network providers. Doing it on windows, you just need putty, on a Mac / general unix you just use OpenSSL but have to type it out. You get pretty fast after you have done it a few hundred times!

 

obviously these days most decent home routers have a button to switch a vpn on

[rwillett]

I'll bow to your greater experience here. I have done it on Linux a few times when working abroad, but it tended to be ad-hoc, then it got to be a fag, so I set it all up on a dedicated laptop and took that with me. I have a tiny matchbox sized unit I use now, which does all the hard work and gives me a private wifi network abroad with a VPN home.

 

One day I'll go back to a sensible simple home network, I'm currently upgrading my Netgear Orbi 5 mesh network to OpenWRT, but until then I'll play.

 

Anyway, I'm off to investigate how to run a true VPN over pigeons

 

Rob

[Woodinblack]

6 minutes ago, rwillett said:

Anyway, I'm off to investigate how to run a true VPN over pigeons

l can make a true VPN and also have a pair of pigeons, maybe I will try too, although so far can only manage a semaphore system with cable ties, and only if the recipient is sitting in a box n the upstairs hallway!

[cybertect]

3 hours ago, rwillett said:

I'm trying to work out the most obscure way to set an TCP/IP network that could run a VPN. Of particular note is https://en.wikipedia.org/wiki/IP_over_Avian_Carriers however I'm not sure how to integrate VPN into that particular protocol

 

I have considered this myself on previous occasions, but I figured the latency would be a killer for VPN applications 🥸

 

[rwillett]

7 minutes ago, cybertect said:

 

I have considered this myself on previous occasions, but I figured the latency would be a killer for VPN applications 🥸

 

As would the hawks and other birds of prey 

[tauzero]

8 hours ago, rwillett said:

I'm trying to work out the most obscure way to set an TCP/IP network that could run a VPN. Of particular note is https://en.wikipedia.org/wiki/IP_over_Avian_Carriers however I'm not sure how to integrate VPN into that particular protocol.

 

I'm pretty sure there was another April 1st RFC for using smoke signals.

[asingardenof]

On 20/12/2024 at 11:06, rwillett said:

 

As she is your MP, she should reply in her capacity as your MP to one of her constituents, rather than as Home Sec. I would be somewhat surprised if her response is anything but 100% supportive of the Home Secretary.

 

There is zero chance of the act being repealed, but there is a small chance that guidance will be more forthcoming and may be more explicit in defining things like small websites.

Yeah, she has two email addresses, one for constituency business and one for in her capacity as Home Secretary; my email went to the former, and asked for her to advocate for changes to the guidance to be less like a hammer to the nut.

[asingardenof]

On 20/12/2024 at 11:26, TimR said:

 

You don't police it. You make it illegal to access it. And if VPN companies are creating software that allows its use, then they're also culpable. 

You don't need a VPN to access the dark web, you just need the Tor browser, which is created by a non-profit organisation and has the backing of several government departments and NGOs around the world including the US State Department.

[asingardenof]

On 20/12/2024 at 14:33, rwillett said:

Since the govt uses VPNs all the time, unlikely to happen.

If they ban them that's the end of working from home. Given how prevalent hybrid working is nowadays no politician would dare propose it.

[asingardenof]

On 20/12/2024 at 20:30, Bassassin said:

 

All the time VPN providers make a big selling point of keeping no records of user traffic & never, ever making any records they do hold available to external scrutiny (which may or may not be true!) then that seems improbable. If the service VPN providers offered was restricted by local legislation to being functionally identical to an ISP, it'd be much the same as outlawing them & hard to see why anyone would use one.

Some VPN providers will absolutely turn over records to government authorities, which is why the ones who don't make a big thing about the fact they don't.

[rwillett]

21 minutes ago, asingardenof said:

Some VPN providers will absolutely turn over records to government authorities, which is why the ones who don't make a big thing about the fact they don't.

 

Most IT companies will work within the local laws in which they operate. Note the word local. Xwitter makes a big fuss of saying that they are only concerned with freedom of speech, but the moment the local law enforcement knocks on their doors, they wring their hands, shout about it and the quietly do what's asked. See recent cases of Xwitter in India and Brazil. Indeed since President elect Musk took over, it appears to have got worse for users. Facebook is the same. Not one of them will refuse a legal warrant as they can't afford to. The law is against them.

 

VPN operators will work within the law but unless the law says they must keep logs and specify exactly what is in those logs (highly unlikely), they don't keep logs apart from when they lie and do keep logs.  For accountancy purposes, they keep logs of who pays them, so that's a good start for law enforcement. In most cases, law enforcement follows the money trail as everybody keeps that information. 

 

Sensible people will have a number of VPN's when using TOR, so the use of TOR is slightly hidden in the encrypted traffic. As previously stated TOR was set up to avoid censorship by having multiple data paths such that it is impossible to track. FBI successes against the Silk Road and other Dark Web operators seem to indicate it's not quite as anonymous as people think. I'm not sure what to believe here though. 

 

Still can't see how the UK can ban VPN's though. 

 

Rob