this post was submitted on 26 Nov 2025
526 points (99.3% liked)

Technology

77072 readers
3323 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
526
Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing (www.eff.org)
submitted 17 hours ago by wuffah@lemmy.world to c/technology@lemmy.world
68 comments fedilink hide all child comments
 

Following the same legislative and narrative pattern as the EU for “Chat Control”, similar laws and rhetoric are now cropping up in the US. The narrative is “save the children from porn” but the action is censorship, mass surveillance, and the elimination of privacy on the Internet.

As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing—potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction.

Wisconsin’s bill has already passed the State Assembly and is now moving through the Senate. If it becomes law, Wisconsin could become the first state where using a VPN to access certain content is banned. Michigan lawmakers have proposed similar legislation that did not move through its legislature, but among other things, would force internet providers to actively monitor and block VPN connections. And in the UK, officials are calling VPNs "a loophole that needs closing.

you are viewing a single comment's thread
view the rest of the comments
[–] shalafi@lemmy.world 9 points 16 hours ago* (last edited 16 hours ago) (2 children)

My IT experience is fading fast so can anyone explain this bit?

block the access of users connected via VPN

I'm running a Digital Ocean droplet on the other side of the Pond with my own, static IP. How could a site detect I'm using a VPN? Imgur blocks me if it's on. How do they know?!

[–] Godort@lemmy.ca 15 points 16 hours ago (2 children)

Generally, they know you're using a VPN because of where your traffic is coming from.

They probably block Digital Ocean's IP pool as a whole as it's often a hub for cybercrime and it would only affect a fraction of users.

[–] muusemuuse@sh.itjust.works 14 points 13 hours ago* (last edited 13 hours ago) (2 children)

The thing is, VPNs won’t protect your privacy much. Browser fingerprinting technology has achieved its goal. True anonymity online is damn near impossible now.

VPNs are able to help circumvent authoritarian bullshit by making the traffic appear to come from somewhere else. So states that implement laws banning what is essentially protected speech aren’t able to really be effective in their efforts because the people that live there just route their traffic outside the state the have it all bounced back in. Banning VPNs would help them censor anything they consider porn.

That’s the real danger. A teenager jerking off is not the concern. It’s the excuse.

I wonder, what if we end run this with the cheap GPUs about to hit the market once the AI bubbles pop? Just set up a bunch of Remote Desktop instances people log in to pull shit up on and stream that to the browser. When they disconnect, nuke the container and pull the instance up again, route everything again. It’s basically Netflix of a remote session. And if they ban that, it would invoke the wrath of some incredibly powerful industries.

All because naked people are scary.

[–] acosmichippo@lemmy.world 5 points 12 hours ago (1 children)

The thing is, VPNs won’t protect your privacy much. Browser fingerprinting technology has achieved its goal. True anonymity online is damn near impossible now.

except for traffic that does not come from a web browser at all. like API calls to download linux ISOs.

[–] muusemuuse@sh.itjust.works 8 points 11 hours ago

Linux distros are incredibly dangerous for children. They teach them they have options. It’s incredibly dangerous. We much protect them. For the ~~children~~ shareholders

[–] Aceticon@lemmy.dbzer0.com 1 points 3 hours ago* (last edited 3 hours ago) (1 children)

Given that the only way for those websites to block VPN traffic is to block the IP addresses of all known VPN exit points, what you would see is first the commercial VPN providers regularly rotating those IP addresses of their VPN server exit points, and second people simply setting up their own VPN servers software in rented VPS machines in cloud providers anywhere in the World to run their own personal VPN.

You don't really need a full blown remote session, just a VPN server in a machine (physical or virtual) with an IP address which isn't yet blocked by such a site.

Now, the sites might try and block this by only allowing in connections from blocks of addresses which are known to belong to ISPs (which would theoretically only be direct connections from individuals, so not using a VPN), but that's way less reliable than merelly lists of IP addresses of the VPN servers of big providers, plus it would block thing such as the entirety of Amazon AWS.

[–] muusemuuse@sh.itjust.works 1 points 1 hour ago

They don’t care if it’s reliable. Timmy saw boobs!

[–] Tanoh@lemmy.world 6 points 15 hours ago

There are lots of companies selling data, just one of them is a list of known VPN IP addresses. Updated every X days. Just plug that into your service and it gets a lot harder, but still not impossible, to use with a VPN.

[–] Aceticon@lemmy.dbzer0.com 1 points 4 hours ago* (last edited 3 hours ago)

Ok, so basically when your computer uses a VPN it just connects to a VPN server over the Internet using an encrypted TCP/IP or UDP/IP connection. On your computer side all your connections to the Internet just get shoved into that encrypted tunel instead of going directly into the whole wide world from your own network connection - so nobody but that server sees those connections - whilst on the VPN server side they're recieved from that encrypted tunel and then exit to the whole wide world from that VPN server as if they're connections initiated by that server not by your own machine, so to the whole world they look like connections coming from the VPN server machine.

Nations with nation-wide firewalls can try and block VPN by blocking the actual encrypted network connections to VPN servers (there are ways to recognize those, but there also ways to disguise them), but for websites to block them (which is what this legislation demands) the websites have to block the actual VPN servers since the websites can only see connections to them which seem to originate in those servers, not traffic elsewhere on the Internet such as the encrypted connections from VPN customers to VPN servers.

Now, there are lists of the IP addresses of the exit points of VPN providers (generally the VPN server internet address), which are the IP addresses were the traffic of somebody using that VPN enters the Internet, so to try to comply with this legislation those sites would start by blocking all traffic from any of those IP addresses - remember those websites don't know were the traffic coming from a VPN server to that website really comes from, so they can't tell traffic from people in Wisconsin using that VPN server from traffic from people elsewhere using it, hence have to block everything from it to catch everybody from Winsonsin.

This would affect everybody anywhere in the World using those exit points of those VPN providers.

Then there's the problem that the legislation applies to all VPNs, not just commercial VPN providers serving retail customers, meaning that the websites would also theoretically have to block VPN servers from business VPNs (and given how the networks of many large companies work, that might mean blocking the entire company) as well as things like schools using VPNs and, even more entertaining, VPNs set up by individuals by, for example, renting a Virtual Private Server or physical server and installing a Linux there running their own VPN server software or even installing the VPN server software on something like Amazon AWS or Microsoft Azure, which means they might have to block every single IP address of any provider of servers space anywhere in the World (as any Wisconsian could, theoretically, over the Internet rent a cheap VPS in, say, Malasia, and install a Linux with running the VPN server software in it) as well as of all AWS and Azure servers since again any Wisconsian could theoretically run VPN server software hosted in one of those providers.

The whole things is insane as fuck and would have some trully fucked up implications for any website that tried to comply, as well as for anybody anywhere in the world using VPNs who might want to access such sites.