It’s not some theoretical topic, it’s the reality for China, Russia, Iran. They do block commonly used VPN protocols, so people now use VPN with obfuscations. Some work, some doesn’t, some stop working as time goes. So when people say “Ha-ha, I’ll just use VPN”, it will help you for some time but the trend is they will make it a problem for you, better start preparing before it happened.
Steganography is extremely far from undetectable, unfortunately. And trivial to find out once you know its there; if we ever allow a framework to be put in place to intercept communication at a large scale, it will be the inverse of the cat and mouse game we have with encryption : very hard to improve, very easy to detect.
And I’m aware of the many funky things we did. At some point people tunneled DNS queries through HTTPS, to get through wifi captive portal that only allowed HTTPS traffic until authenticated.
Just to be clear, I’m aware of the issues of detecting stealth data, and even detecting encryption against seemingly random data. It’s kinda fascinating to detect the difference, too; some people have looked into that. But the point is, if you’ve already agreed on “banning encrypted communication that can’t be listened to easily”, you can basically just say “this is gibberish, decrypt it or get to jail”. I also know that this sounds insane and throw away the “innocent until proven guilty” principle, but we’re slowly creeping toward a world where our device scans all our document and communication to notify of issues to a central authority, where black box in large networks are already present, and so on.
It’s been slowly creeping toward that. Finding way to hide traffic on public networks can only go so far if the listener can just stop you if it detect what looks like encrypted content.
And, since this is kind of a heated discussion, I’ll reiterate: it would be batshit crazy to go this way. But I would have found batshit crazy to have our own devices spy on us and report suspicious activities to third parties years ago, and yet here we are.
They fully can’t, there’s too many legitimate reasons that their corporate overlords use it for, the most you’ll get is loud filibuster about “we’ll totally do that!” until the topic gets forgotten.
Also, my personal conspiracy is that someone important in the gov owns some secret stocks and shares in a VPN company and this was very much a cash grab from that person.
Again, that’s not some theoretical topic. They can block most VPNs, they do so in China, Russia, Iran. And there are no riots on the streets, their corporate overlords don’t do anything against it. One of the reasons is that they do allow ipsec for corporate clients. Are you a corporate client? Do you use ipsec for vpn? Are there riots on the streets for this censorship instance?
The “tech experts” in government are fucking idiots, almost every single one of them. The most I think they’d be capable of asking providers nicely to follow their rules and then going “hahaha, no”, same as happened for every other time.
And I know for a fact that those blocks in China and Russia don’t work, cause I talk to a Russian on the daily (she wants to get the fuck out, but hasn’t got enough money)
And one major difference, it’s very very very easy to form a company in the UK, it’s literally a small fee and a form that takes 30-60 minutes to fill in
What vpn obfuscations do you use? Because you know they’ll block vpn next.
You can probably block companies offering public VPN services.
But good luck blocking VPN in general.
It’s not some theoretical topic, it’s the reality for China, Russia, Iran. They do block commonly used VPN protocols, so people now use VPN with obfuscations. Some work, some doesn’t, some stop working as time goes. So when people say “Ha-ha, I’ll just use VPN”, it will help you for some time but the trend is they will make it a problem for you, better start preparing before it happened.
Anything encrypted is blocked. Boom, done.
Is it stupid? Yes. Never stopped lawmakers.
How do you know if something is encrypted?
https://en.wikipedia.org/wiki/Subliminal_channel https://en.wikipedia.org/wiki/Steganography
Or for more practical implementations: https://blog.frost.kiwi/ssh-over-https-tunneling/ (granted, this one uses normal looking encryption to hide hide maybe unwanted encypted traffic) https://nurdletech.com/linux-notes/ssh/via-http.html
Steganography is extremely far from undetectable, unfortunately. And trivial to find out once you know its there; if we ever allow a framework to be put in place to intercept communication at a large scale, it will be the inverse of the cat and mouse game we have with encryption : very hard to improve, very easy to detect.
And I’m aware of the many funky things we did. At some point people tunneled DNS queries through HTTPS, to get through wifi captive portal that only allowed HTTPS traffic until authenticated.
Just to be clear, I’m aware of the issues of detecting stealth data, and even detecting encryption against seemingly random data. It’s kinda fascinating to detect the difference, too; some people have looked into that. But the point is, if you’ve already agreed on “banning encrypted communication that can’t be listened to easily”, you can basically just say “this is gibberish, decrypt it or get to jail”. I also know that this sounds insane and throw away the “innocent until proven guilty” principle, but we’re slowly creeping toward a world where our device scans all our document and communication to notify of issues to a central authority, where black box in large networks are already present, and so on.
It’s been slowly creeping toward that. Finding way to hide traffic on public networks can only go so far if the listener can just stop you if it detect what looks like encrypted content.
And, since this is kind of a heated discussion, I’ll reiterate: it would be batshit crazy to go this way. But I would have found batshit crazy to have our own devices spy on us and report suspicious activities to third parties years ago, and yet here we are.
I knew HTTP would make a return without its brother TLS someday!
There several sites I visit I have to fight with cause of VPN blocking.
That isn’t blocking VPNs, it’s blocking requests from data centers. Important distinction
They fully can’t, there’s too many legitimate reasons that their corporate overlords use it for, the most you’ll get is loud filibuster about “we’ll totally do that!” until the topic gets forgotten.
Also, my personal conspiracy is that someone important in the gov owns some secret stocks and shares in a VPN company and this was very much a cash grab from that person.
Again, that’s not some theoretical topic. They can block most VPNs, they do so in China, Russia, Iran. And there are no riots on the streets, their corporate overlords don’t do anything against it. One of the reasons is that they do allow ipsec for corporate clients. Are you a corporate client? Do you use ipsec for vpn? Are there riots on the streets for this censorship instance?
You think the UK could?
The “tech experts” in government are fucking idiots, almost every single one of them. The most I think they’d be capable of asking providers nicely to follow their rules and then going “hahaha, no”, same as happened for every other time.
And I know for a fact that those blocks in China and Russia don’t work, cause I talk to a Russian on the daily (she wants to get the fuck out, but hasn’t got enough money)
And one major difference, it’s very very very easy to form a company in the UK, it’s literally a small fee and a form that takes 30-60 minutes to fill in