Comment by gorgoiler
9 days ago
The VPN trick potentially won’t last long. We’ve seen it go stale already in the world of intellectual property rights. For at least the last ten years Netflix et al have been well aware of which AS numbers / IP netblocks correspond to people sat at home in front of the TV, and which correspond to servers in a rack somewhere (including those hosting VPN endpoints.)
One tweak to the rules and all of a sudden not only do porn sites have to verify the age of their UK visitors but also anyone connecting from something other than a residential ISP.
The more troubling thing about these laws is enforcement. The threat of fines only works against websites that map to a business entity. For anything else there will surely see a ramp up in the size of The Great British Firewall Ruleset, edited by the courts, and distributed to the Big N (5?) ISPs.
What will become of the smaller ISPs that refuse to block illegal sites?
This is just a cat a mouse game. VPN services will start to offer residential endpoints when enough websites start blocking them enough to damage the value proposition. There is no way on the current internet to verify an ip address means anything at all other than it's an ip address.
There is no way to offer “residential endpoints” at scale with sufficient bandwidth for anything other than simple browsing of text websites. As shown by the very effective Netflix strategy of blocking VPN addresses, it’s been very hard to slip through for a good four or five years now.
It is absolutely possible and multiple providers already do it, just search for “residential ip vpn”. The legit ones pay people $20 a month or so to plug a mysterious box into their network which the provider will route traffic through. The shadier ones will just route your traffic straight through a botnet.
1 reply →
Netflix blocking just wasn't a big enough of a motivator to solve that problem. But messing with people's porn access would be. The internet was built on porn distribution.
> There is no way to offer “residential endpoints” at scale with sufficient bandwidth for anything other than simple browsing of text websites
They can, it’s just a lot more expensive than a $10 a month VPN. They’re typically metered and you pay by the byte.
As someone totally uninformed, are you saying that all those YouTube ads about e.g. Private Internet Access (et al), which specifically cite getting around geo restrictions in the ad copy, are BS?
Which sounds like a silly question ("of course the marketing is BS") but why even bother marketing if the core value proposition of your billed-monthly service doesn't work? Seems like a waste of money since you'll at most get people for one month when they cancel after realizing they can't watch Canadian Netflix from Florida, or whatever.
7 replies →
I have a residential fibre connection that’s 3Gbps symmetrical, unmetered. If there was something in it for me (and I was legally shielded) I would consider renting some of that out. And there’s definitely other people out there who would change that “consider” to “definitely.” It’s possible to even get a residential 8Gbps symmetrical connection here for not a ton of money; that can support a lot of video traffic.
2 replies →
> As shown by the very effective Netflix strategy of blocking VPN addresses, it’s been very hard to slip through for a good four or five years now.
And is_vpn(ip_address) is a service that's offered by a variety of vendors already.
> There is no way to offer “residential endpoints” at scale
Bot nets.
Netflix was blocking by endpoint IP? That is just a cat and mouse game. They should have been blocking if the MTU was not 1500 bytes.
2 replies →
Hola, eso suficiente.
I mean, it’s more of a bot network really, but there is a massive amount of bandwidth there.
This cat and mouse game applies to OP's first category of sites that want to comply for fear of the British government, but not the second category of sites that actively don't want to comply. Let's refer to the second category as deliberately non-compliant.
The UK instructs ISPs to block access to deliberately non-compliant sites, however users want to make connections to the sites and those sites want to receive connections to those users. VPNs will be effective in allowing access to non-compliant sites as long as ISPs can't identify the VPN traffic.
Of course, the British ISPs can initiate the tactics used by China to identify and block illegal traffic. However there are limits to this. Unlike Chinese users, British internet users regularly make connections to international servers so various bridging techniques are possible. Like VPNs, proxies or even Remote Desktop.
> One tweak to the rules and all of a sudden not only do porn sites have to verify the age of their UK visitors but also anyone connecting from something other than a residential ISP.
The UK does not have jurisdictional power over anything outside their country - they can not a foreign site to do age verification of foreign residents.
Now, the UK can say that they need to check for all UK residents, regardless of them using VPNs. But if there are no practical way to do this, I think the UK will have diplomatic issues enforcing anything to non UK companies breaking that laws - as they would need, eg. Germany, to help them enforcing the law on certain providers.
Other counties and regions have or will have similar laws. I can definitely see the EU, UK and US collaborating on something like this.
However, if I was running a foreign site not subject to UK law or other privacy law, with UK visitors, and I was a ruthless businessperson, I'd definitely implement this verification thing in order to collect and store a photo of every visitor.
Not if it means that you don't get any visitors
If you wanted to do this for some reason you'd just do it across the board and say it was for age verification. The reason nobody does it is because people are (rightfully) not okay with this nonsense.
This isn't about illegal sites?
I don't think many people object to blacklisting known sources of child pornography etc.
The fact is you now have to verify your identity (name and photo id) in the UK to access an adult subreddit.
Nobody has ever objected to blocking access to those sites. Most people think the justice system in any developed country is much too lax on people that operate those sites and create its content.
This is a red herring for authoritarian tyrants in the UK to get more control over their population, which is all they're ever looking for.
What kind of photo ID does the UK have? I didn't think there was any kind of national ID if you didn't drive?
We don't have national photo ID, but you do need it in order to vote, rent, buy a house, or have a bank account; several of those processes include mandatory immigration status checks too.
It's a stupid equilibrium.
Passport
provisional license, passport, etc.
You need to be able to shut down websites and apps which do not implement age verification.
Right, anything that doesn't cooperate with the ID verification is defacto illegal in the UK's eyes?
1 reply →
So, wikipedia?
2 replies →
Doesn't make any sense, it's in Netflix's interest to prevent this, but it's the opposite for porn sites.
Porn sites don't have any interest in keeping this law either. Nobody with a functioning brain thinks you should have to upload your government ID to a website to browse content, no matter what that content is.
That's what OP said. Netflix and its customers have opposing interests. The customers want to use VPNs, whereas Netflix doesn't want to allow VPNs. The customers don't care about following anti-piracy laws, whereas Netflix wants to enforce them.
The situation is the opposite for age verification laws. In this case, both porn sites and their customers have aligned interests. Both sides want to allow VPNs. Both sides want to abolish age verification laws, and if that is not possible, to circumvent them.
Only a little bit of legislation would be needed to change incentives around though
How so?
1 reply →
> One tweak to the rules and all of a sudden not only do porn sites have to verify the age of their UK visitors but also anyone connecting from something other than a residential ISP.
That would be quite the overreach as those endpoints are no longer under the UK jurisdiction and there is no way for a website to tell if the user connecting through them is or is not in the UK.
I don't know. A lot of countries in the Middle East block all sorts of stuff and yet VPN usage is ubiquitous, but the governments appear to turn a blind eye. Like "we've done our bit and made the law." So it remains to be seen how far they'll go with this.
A lot of countries in the Middle East throw gay people off the roofs of buildings as punishment, let's assume for the sake of argument that anything we do that moves us closer to the Middle East is the wrong thing to do.
I don't know that "a lot" of countries in the Middle East are regularly throwing gay people off buildings, but I agree with your second point that we shouldn't look at their censorship as an example of something great to follow.
I would add that from my experience with the Gulf, at least, the ME has created one of the gayest places on Earth. The separation between genders has led to a disproportionate number of women and men semi-openly sleeping with their own gender in a kind of "don't ask, don't tell" way.
It feels like the "punish them for being gay" is used, like the poster below you mentions, as a way to turn the screws on you when they need something to use against you for another reason.
It's probably more a matter of, "let everyone engage in illegal activities, which we can then use to turn the screws on them if they ever need to."
This is a ubiquitous tactic at the highest level of law enforcement.
That is what the UK has been doing and is doing, along with most if not all Governments. One just has to take a look at UK's 2003 Communication Act. It can be selectively enforced against you if they do not like you.
>For at least the last ten years Netflix et al have been well aware of which AS numbers / IP netblocks correspond to people sat at home in front of the TV, and which correspond to servers in a rack somewhere (including those hosting VPN endpoints.)
If the vpn endpoint is in Rome or New York City, how will the UK government force that non-British vpn service and that non-British porn site to verify the age of anyone using it?
It's easy enough to get a list of IP addresses from those vpn services and just block them if you're Netflix, but to force compliance on anyone traversing the tunnel is another thing entirely. The UK government would have an easier time banning vpns outright.
International treaties.
These can be wildly effective at such matters. I'm sure most countries can come to some understanding with the UK on the matter; be that foreign aid, trade concessions, assistance with their own law enforcement, or perhaps acknowledgement/support on the international stage.
There’s also P2P VPN services which pretty much make it impossible to block
"All VPN services must also perform age verification." Done.
All this will do is put UK-based VPN businesses, if that's not already an oxymoron, out of business.
The UK can't tell a company in Cyprus or Switzerland to do anything unless they're ready to tell the SAS to put their boots on.
> but also anyone connecting from something other than a residential ISP
It's up to service provider to implement such involved checks. Not sure about e.g. Netflix allocating resources to implementing this, clearly resulting in customer loss.
I expect service providers to cut corners to both comply with local laws and not frighten customers away.
Does IPV6 change this dynamic at all?
It's conceivable that a VPN provider could change the V6 IP on their server every hour for the rest of time and still get unique addresses.
If the VPN server only has an IPV6 address and no V4 address, can they connect to the target website?
IP addresses are routed in aggregate groups using BGP. The groups are called Autonomous Systems and are handed out to ISPs. Your home ISP has a bunch. The ISP that hosts your virtual server has some too. You can see the one you’re connecting from right now with tools like https://bgp.tools and https://bgp.he.net.
The number of these systems scales in a reasonably tractable way — on the order of the number of ISPs and physical Internet infrastructure around which traffic needs to be routed.
As well as making aggregate routing possible you can use the ISP’s registration details see what location (or legal jurisdiction) a whole chunk of address space has. Hopping around IP addresses will give you unique ones every five minutes but they’ll all still be inside 2001:123::/32 from AS1234 aka Apathetic Onion’s Finest Habidashery and Internet Connections LLC, Delaware, USA.
I don't think the incentive structure is there for porn sites to start blocking VPNs the way Netflix does. And legislation requiring them to would be pretty toothless since the only mechanism they rely on to enforce the rules is making local ISPs block the offending sites.
Maybe time to start a second, parallel version of the internet. Something with mesh networks.
https://dn42.network/ - don't actually use dn42 since many participants won't be fans of your high-traffic idea, but make a new network with a similar design. (You may get some of the same people to participate in both networks)
Netflix in fact works better on a VPN for me . Maybe they made it that way.
is TOR an answer to this ?
>is TOR an answer to this ?
I've found Tor is mostly useful for reading, not participating. Exit nodes get blocked from registering on most sites. One workaround is to register at a café or library then use the account over Tor, but sometimes even if you're being civil (see my comment history for a a pretty good picture of the style of discussions I have anonymously) sometimes you'll wake up to find the account nuked.
Tor exit nodes are the _first_ thing they ban! If your origin is not from within one of the top residential ISPs then you can expect to be selected for enhanced screening.
But what if 50% of the adult population starts using it?
1 reply →
I heard on here I think (but can't confirm) that renting a cheap server in a data centre and sticking your own tailscale on it is the best way to go.
It is incredibly easy to tell if someone is using TOR. It would be banned before VPNs
Not if you are using bridges
1 reply →
how?
Only if you want your traffic to flow through NSA-backed honeypots and get caught up in a dragnet.
I mean, it's probably the case that traditional VPNs are also dragnets to some degree, but TOR is a confirmed NSA dragnet.
[flagged]
I think you may have misunderstood what "socialists" means (or accidentally written it instead of a different word which wouldn't be so out of place in that sentence?).
For rules introduced by Conservatives?
Hey, not sure if this is bad HN ethiquette (probably is) but I haven't found any other option to contact you. I posted the list you asked about in another thread about a week ago.
https://news.ycombinator.com/item?id=44637624
1 reply →
1. Conservatives and Labour have an equally disastrous role in the current mess and have mostly overplayed their differences. 2. Particularly in the UK, the law is one thing. The application another. In practice, Keir Starmer, just yesterday, was claiming that there was no censorship in the UK, they were "just safeguarding children from suicide" (by censoring videos of protesters outside the Britannia hotel in Canary Wharf :o) )
Huh?