Comment by PentiumBug
3 years ago
Ah! This could have been great for me, except that Tailscale recently cut off access to Cuban nationals to their service (they have their reasons, I guess.) Still, I think that the service they're building, step by step, is fine actually.
While I don’t work for Tailscale and don’t know their specific reasons, I do know that US export controls and sanctions with respect to Cuba are quite complicated and are designed more due to historical & continuing political pressures than sensible policy.
I used to be involved in leading a US charitable nonprofit that, during the Obama years, once wanted to pay for someone to attend a technical conference in Cuba (or maybe it was to pay for a Cuban to attend a technical conference elsewhere - I forget). We did actually make it happen, but it involved consulting with lawyers, comparing the details of the situation against the applicable rules, and getting people to promise to stay within those rules.
My guess is that either Tailscale or one of the providers they depend on is cutting off Cubans as an attempt to comply with these Cuba-specific US legal obligations, or at least to reduce their risk of falling into non-compliance.
At the very least, GitHub has found ways to legally make most (not all) of their offerings available to Cubans / in Cuba despite the sanctions, except for more narrowly banned individuals and groups. So if you can obtain the open source code for Tailscale (client) and Headscale (server), you can at least use that to benefit from Tailscale’s software.
I believe Tailscale re-incorporated from a Canadian company into a US company for various compliance things being easier, but a consequence is that now they have to follow certain US obligations WRT Cuba, amongst others.
Small / medium compagnies prefer to play it safe and don't really have the resources to deal with what the Department of State says.
Even Google follow some of those: https://support.google.com/google-ads/answer/6163740?hl=en
If Tailscale uses services from any of the big hyperscaler cloud providers then they haven't been given a choice.
Any sort of export control/embargo that cuts off specifically VPN access to foreign nationals is supremely stupid imo
then talk to the US government about their very fucking dumb failed sanctions regime against Cuba?
Dear US government, please open VPN access to everyone in the world. If you want citizens of an authoritative nation to be able to escape their local firewall, then these systems need to be available. You have a history of making these products and even funding them through things like Radio Free Asia. Though for some reason you also attack these systems too and cut their legs off. Get your fucking act together. Both citizens of our own country need encryption to avoid spying on from foreign nations as well as citizens of authoritarian nations need encryption to avoid spying from their own governments. They'll never rise up against their governments if they can't secretly communicate. Preventing encryption in our own country means you fear this too, which is not a great thing to tell your citizens.
Right, that is what I was referring to
Cubans are nice and poor. With their strong friendship with Russia and China, that is where we want them to be.
10 replies →
Exactly. I do believe that certain individuals and organizations might/should be excluded from service here; however, it seems like the only technical solution to regulations enforcement is to wholesale block a whole country.
Should they sell VPN services to North Korea? What might the reasons be on the "no" side?
The NK state is more than capable of arranging their own VPNs.
I think the West gains a lot more by having generally available VPN access in adversary states than it loses from their ability to purchase technical services that they still will have difficulty getting access to currency to pay for and they still will have difficulty actually shipping anything to NK.
> Should they sell VPN services to North Korea?
Yes? Making it easier for North Korean citizens, or even just leadership, to communicate privately with each other and with people outside makes it easier for them to negotiate or even defect, and would help de-escalation efforts.
> What might the reasons be on the "no" side?
I guess one could argue that the North Korean government doesn't have access to secure VPN systems for government use (pretty implausible IMO) and that increasing their costs is inherently worth it? Realistically most of the opposition would come from those who benefit from the status quo (e.g. arms suppliers) and don't want to see that de-escalation, and I guess the extremely risk averse who would rather keep kicking the can indefinitely and hoping the blowup doesn't come until after they're dead, than risk actually trying to help North Korea's people.
The vast majority of north koreans only have access to the nationwide intranet. Those that do have outside connection are few trusted elites who are there to do business. And no matter who you are (this also applies to foreigners in the country), your device and connection is heavily monitored by the state. Merely posessing a non-state sanctioned device as a north korean is considered a serious criminal offense. At that point the only use case of a VPN for someone with a north korean IP is for cybercrime and not dissidents.
Bad comparison. NK is a nuclear state with nuclear weapons that is constantly threatening its neighbors. Cuba flirted with the idea but they didn't really materialize any nuclear or military capabilities. This was also a long time ago.
You can run your own "head scale" control server and use their clients with it: https://github.com/juanfont/headscale
Requires a lot more setup, but it is an option. I've been self-hosting headscale for some time and it is quite stable.