Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing
Following the same legislative and narrative pattern as the EU for “Chat Control”, similar laws and rhetoric are now cropping up in the US. The narrative is “save the children from porn” but the action is censorship, mass surveillance, and the elimination of privacy on the Internet.
As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing—potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction.
Wisconsin’s bill has already passed the State Assembly and is now moving through the Senate. If it becomes law, Wisconsin could become the first state where using a VPN to access certain content is banned. Michigan lawmakers have proposed similar legislation that did not move through its legislature, but among other things, would force internet providers to actively monitor and block VPN connections. And in the UK, officials are calling VPNs "a loophole that needs closing.
https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doingOpen linkView original on lemmy.world
FTFY:
Lawmakers
Want to Ban VPNs—And TheyHave No Idea What They're DoingI know governments work slow but these guys are still trying to figure out if freeing the slaves was a good idea.
Governments barely work at all
Because almost EXACTALLY half of them KNOW that freeing the slaves was a bad idea.
At some point we'll just have to tunnel IP over DNS, and then they can't block traffic without destroying the entire internet. Not that it'll dissuade them.
IPv4 over ICMP echo packets
pingfs: a filesystem backed by ICMP
I see you and raise you this:
IP over Avian Carriers
This method actually has bigger throughput if you need to transfer lot of data.
RTT is just 'a bit' slower than via usual transfer channels.
Now that's something I must try.
"Legislators Want to Ban the Internet"
Well, no, it wouldn't. The bods that make these decisions still live like it's 1950 and dream of an authoritarian future of masters and slaves.
What good is The Google or The AI when you're sipping champagne up an ivory tower or out on the ocean being waited on hand and foot on a gleaming yacht?
It will just be a few approved sites that you are allowed to visit, and just by chance those sites are the ones that pay the goverment the most! Those sites will have records in the approved DNS, that you can not change. Other DNS requests are blocked, along with everything else that isn't approved.
Welcome to:
People's Republic of America
美利坚人们共和国
Long Live Chairman Trump
Maybe he reign a thousand years!
/s
Wisconsin already blocks access to all goverment websites if you use a VPN. I can't even check the garbage collection schedule for my town. I always thought it was this misguided concept that they thought only "hackers" would want to be anonymous. It seems they are really working for the data brokers, who don't want anyone to be anonymous.
Sounds like a good time to deploy a bunch of small raspberry pi vpn nodes at local libraries and other free wifi spots. I don’t know enough about ip to know if they can track you past that first hop
Could it simply be that your VPN puts you in a region which Wisconsin doesn’t want to provide access? So if your current VPN server is in Vancouver, maybe Wisconsin blocks traffic from outside of WI or the US, because why should/would any legit “Vancouver” person need access to Wisconsin data?
Could be a Wisconsin resident away on a trip longer than intended, wants to check schedules before deciding to ask a friend to drag some of their bins to the kerb and back?
What's the benefit to WI in denying them access?
Soooo… screw the network of a bunch of companies I guess, lol. I have to use my work’s VPN while working from home, but the way they set it up I also have to use it while working at the office. This is far from a unique setup over here. If this happens to be the same in Wisconsin I have some bad news for them.
Also schools. My kids state issued laptops use vpns to connect to the schools networks as well as in a true irony limit what sites they can access.
It's actually so limiting it's nearly impossible to print the required assignments on a printer in our home but that's a different rant.
That's basically any modern network. There is no more trivial "inside our network" vs. "outside on the internet". Networks are segmented on a need-to-know principle. You can access some information from the public internet. Some other things can be accessed from the internet, but only on corporate devices, if your user AND device is whitelisted. And then you have one or more VPNs on top of that for more sensitive stuff. Also those VPNs may be "dynamic" in the sense that it may also be dependent on the user, device and authentication method what is currently accessible over that VPN connection.
Sounds like a headline for literally every issue regarding technology.
Porn websites should just start blocking access for any lawmakers that are okay with this legislative garbage.
s/blocking access/releasing the viewing history of/
They might be using onlyfans
As usual. Our government, your government, totally clueless about how the internet works or what it actually is. And with all the money they waste every day, there seems to be no cent left to get some professional who could explain things on a politicians mental level. We've got people who successful teach computers to seniors, maybe politicians should hire some...
I think this is mostly a symptom of the gerontocracy. Most elected officials have not grown up with computers, which is already likely to make them incurious about them. Couple that with being in office so long, likely developing a very high opinion of themselves that they know best. I would guess a significant minority is actively hostile to learning anything about computers, so you can hire any professional to explain stuff with baby talk, it won't work on them. Combine that with the rest of the technologically illiterate politicians just being indifferent, and you get this kind of policy.
My home network is all under Mullvad for a few months now, and I've noticed that recently a lot of pages block it. I just get a 403 error and I need to disable it to access. Honestly I expect this to happen more and more, which is BS.
Is it due to geo-blocking?
I have noticed that some sites would load my local language version even if I point out original site. E.g. southpark.cc.com would stubbornly redirect to southpark.de no matter how you tried to trick it. And, of course, some content on some sites would also report that is is unavailable in my region.
No, I actually use an exit on my country for that reason.
Keep in mind that a lot of webpages block traffic from datacenters, as they are trying to protect themselves from AI scrappers. I recently had an issue with OpenAI making thousands of requests to one of my servers.
OpenAI is the leach that keeps on leaching
ah yes, every time they want to do something abhorrent, they cry "its for the children!" to immediately try and silence any critics.
There's a genocide going on. It's not the porn degenerates, it's the moral religious people. Don't push this garbage onto children. At least wait until they're 25 and their brain is fully developed before you teach them that women are the problem, that little boys should be fondled by grown men, and that it's OK to commit a genocide against the people who pray to a different sky wizards than you.
.............really hoping this comment is dripping with sarcasm.
It's not sarcasm, it's cynicism.
Why? Do you identify as a witch burner, a hospital bomber, or someone that pushes gays off roofs, or something?
But it's true, and not even exaustive
If I understood it correctly, per that legislation and given how the technology works, adult sites would have to block everybody coming to them from a known VPN exit point, not matter where the user actually is (because a site can't really tell were a user actually is when they're behind a VPN) to comply with it, meaning that it would impact everybody everywhere in the World using a VPN.
De facto Wisconcin's legilslature is trying to imposed their will not only on those who live in Wisconsin, not only on those who live anywhere in the US but on those who live anywhere in World.
Aaaaaaand I can switch to residential proxies, I can still appear from wherever the fuck I want.
You. Can't. Stop. This.
All this will do is cause actual criminals to hide it better, that is it.
Theoretically the sites would have to block all IP addresses of all cloud providers, including massive ones such as Amazon AWS and Microsoft Azure, because people in Wisconsin can just run VPN Server software - which is side of the VPN were the network connections exit the encrypted tunnel and enter the Internet - in a container or virtual machine inside one those to have their own personal (or shared with whomever they want) VPN.
Similarly they would have to block all exit IPs of most companies because somebody in Winsconsin might be using the VPN of the company remotelly go to their company network and via that network access those sites and which point the connection will probably appear as originating from one of the company's routers because of NAT.
The way the VPN technology works, theoretically every single IP address on the internet might be an exit point of a VPN which is being used by somebody in Winsconsin to access one of those sites, since one can even run VPN Server software on a mobile phone or Raspberry Pi.
Theoreticaly those sites have to block every single IP address which might directly or indirectly be used that way.
This law is completelly insane.
Ok, so don’t use a vpn, just go to a proxy running in another country that is connected to a vpn?
Or.. They ban VPNs and overnight the VPN providers start offering cheap VPS services that can run a self-managed VPN over them, or proxies, or tor exit nodes, or Wireguard/Tailscale exit nodes, or.. .
You can't ban people running private servers and routing encrypted data through them unless you want to shut down 90% of the internet.
these people deserve a big FUCK YOU to the face, in front of an audience.
They understand what they're doing. They're treating the problem as a black box - they want to decide what you can do in the field where they are strong, making laws and rules as the (in their piss cockroach opinion) dominant apes in the crowd. They are breaking the technical possibility for you to avoid that. They don't see a problem with breaking it for everyone, because if some use they need as well is broken so, they can make an exception for themselves, it's in the domain of making rules too, and they can make punishments so gruesome that nobody will bother except for mafia and law enforcement, just like with heroine.
And the answer doesn't lie in protecting VPNs or making technical means to avoid them further, by using plentiful possible information channels in the standards comprising the Internet. The answer lies in dipping them face into their own shit and saying "don't do that again or I will kill you". Because it's a social, not technical, problem. It can be reduced to unauthorized people telling you what to do and you obeying.
Republicans, defending a pedophile as president, should get a full swing of a bat in the teeth every single time they say anything "... for the children"
well, ultimately too many lawmakers, elected or not are "let them eat cake" people. Living in their own world, uncaring and unknowing about things they rule over. Too many are likely there for their own hubris, thinking how they are so excellent that they must deserve to be there and maybe to line their own pockets. Though obviously there are some that are genuinely competent, otherwise the whole thing would come crashing down too fast, but they are most likely quite suppressed in favor of the pieces of shit that care only about their own interests.
They COULD have consulted people who know about this, considered extensively if its good idea to do this or not and maybe even explain themselves why its necessary without resorting to propaganda and lies, such as how this is to "save the children". But they do not, because they dont care and they dont have to care.
thank gosh uBlock lets me block images, since lemmy/piefed don't.
You can do whatever you want on i2p. Nobody knows who you are.
Next on the list for a ban. They came for my neighbors ID, and I said nothing, then they came for my neighbors VPN, and an I did nothing, and now they are coming for me on I2P, and there is no one left to speak for me...
I thought L2P was just for torrents. How do I use it with my internet connection? Does it cost money?
I2P is for whatever people put on it. It's all the Internet services that already can exist, specifically behind a piece of software such as i2pd for example. It's free, just setup i2p software on a computer. Then you can make some local services visible to it, for example a web server.
So, I won't be able to VPN into my university's network right?
They'd have to exclude sanctioned VPN traffic, or the entire financial system doesn't work at all.
or pretty much all remote IT work.
illegal VPNs just need to set the Evil Bit, so legit traffic and be properly allowed
Hey, I have a GREAT idea. Let's ban cryptography. Then the cards will all be on the table. Fair and just!
If this passes I will simply add Wisconsin to my growing list of banned US states from accessing my website. That's assuming it's not already on there.
My IT experience is fading fast so can anyone explain this bit?
I'm running a Digital Ocean droplet on the other side of the Pond with my own, static IP. How could a site detect I'm using a VPN? Imgur blocks me if it's on. How do they know?!
Generally, they know you're using a VPN because of where your traffic is coming from.
They probably block Digital Ocean's IP pool as a whole as it's often a hub for cybercrime and it would only affect a fraction of users.
The thing is, VPNs won’t protect your privacy much. Browser fingerprinting technology has achieved its goal. True anonymity online is damn near impossible now.
VPNs are able to help circumvent authoritarian bullshit by making the traffic appear to come from somewhere else. So states that implement laws banning what is essentially protected speech aren’t able to really be effective in their efforts because the people that live there just route their traffic outside the state the have it all bounced back in. Banning VPNs would help them censor anything they consider porn.
That’s the real danger. A teenager jerking off is not the concern. It’s the excuse.
I wonder, what if we end run this with the cheap GPUs about to hit the market once the AI bubbles pop? Just set up a bunch of Remote Desktop instances people log in to pull shit up on and stream that to the browser. When they disconnect, nuke the container and pull the instance up again, route everything again. It’s basically Netflix of a remote session. And if they ban that, it would invoke the wrath of some incredibly powerful industries.
All because naked people are scary.
except for traffic that does not come from a web browser at all. like API calls to download linux ISOs.
Linux distros are incredibly dangerous for children. They teach them they have options. It’s incredibly dangerous. We much protect them. For the
childrenshareholdersGiven that the only way for those websites to block VPN traffic is to block the IP addresses of all known VPN exit points, what you would see is first the commercial VPN providers regularly rotating those IP addresses of their VPN server exit points, and second people simply setting up their own VPN servers software in rented VPS machines in cloud providers anywhere in the World to run their own personal VPN.
You don't really need a full blown remote session, just a VPN server in a machine (physical or virtual) with an IP address which isn't yet blocked by such a site.
Now, the sites might try and block this by only allowing in connections from blocks of addresses which are known to belong to ISPs (which would theoretically only be direct connections from individuals, so not using a VPN), but that's way less reliable than merelly lists of IP addresses of the VPN servers of big providers, plus it would block thing such as the entirety of Amazon AWS.
They don’t care if it’s reliable. Timmy saw boobs!
There are lots of companies selling data, just one of them is a list of known VPN IP addresses. Updated every X days. Just plug that into your service and it gets a lot harder, but still not impossible, to use with a VPN.
Ok, so basically when your computer uses a VPN it just connects to a VPN server over the Internet using an encrypted TCP/IP or UDP/IP connection. On your computer side all your connections to the Internet just get shoved into that encrypted tunel instead of going directly into the whole wide world from your own network connection - so nobody but that server sees those connections - whilst on the VPN server side they're recieved from that encrypted tunel and then exit to the whole wide world from that VPN server as if they're connections initiated by that server not by your own machine, so to the whole world they look like connections coming from the VPN server machine.
Nations with nation-wide firewalls can try and block VPN by blocking the actual encrypted network connections to VPN servers (there are ways to recognize those, but there also ways to disguise them), but for websites to block them (which is what this legislation demands) the websites have to block the actual VPN servers since the websites can only see connections to them which seem to originate in those servers, not traffic elsewhere on the Internet such as the encrypted connections from VPN customers to VPN servers.
Now, there are lists of the IP addresses of the exit points of VPN providers (generally the VPN server internet address), which are the IP addresses were the traffic of somebody using that VPN enters the Internet, so to try to comply with this legislation those sites would start by blocking all traffic from any of those IP addresses - remember those websites don't know were the traffic coming from a VPN server to that website really comes from, so they can't tell traffic from people in Wisconsin using that VPN server from traffic from people elsewhere using it, hence have to block everything from it to catch everybody from Winsonsin.
This would affect everybody anywhere in the World using those exit points of those VPN providers.
Then there's the problem that the legislation applies to all VPNs, not just commercial VPN providers serving retail customers, meaning that the websites would also theoretically have to block VPN servers from business VPNs (and given how the networks of many large companies work, that might mean blocking the entire company) as well as things like schools using VPNs and, even more entertaining, VPNs set up by individuals by, for example, renting a Virtual Private Server or physical server and installing a Linux there running their own VPN server software or even installing the VPN server software on something like Amazon AWS or Microsoft Azure, which means they might have to block every single IP address of any provider of servers space anywhere in the World (as any Wisconsian could, theoretically, over the Internet rent a cheap VPS in, say, Malasia, and install a Linux with running the VPN server software in it) as well as of all AWS and Azure servers since again any Wisconsian could theoretically run VPN server software hosted in one of those providers.
The whole things is insane as fuck and would have some trully fucked up implications for any website that tried to comply, as well as for anybody anywhere in the world using VPNs who might want to access such sites.
Anyone know how to get started with Tor?
TOR Wikipedia page - explains the key concepts and gives a link to the website so you can download the Tor Browser.
Tails (Amnesiac OS) Wikipedia page - If you want the real Fort Knox solution to browsing something or sending something without anyone finding out. It's more of a process than downloading Tor Browser, but probably the most secure option possible for browsing the web. (The OS runs everything through the TOR network, is only retained in RAM, and wipes the RAM clean during shutdown)
How secure is something like Orbot? I like the idea of connecting to Tor while still using my preferred browser.
It's a half-measure, kind of like using a VPN. The problem with using your preferred browser is that it's not designed to prevent any identifying leaks, so you could be fingerprinted at basically any time and your efforts will have been for nothing. Also, if you're using an insecure OS (like the version of android that comes preinstalled with your phone), that'll prevent its effectiveness full stop.
For situations like those, you aren't really using Orbot (or any VPN-esque solution) for genuine privacy. Those tools are useful for Utility (circumventing region blocks, ISP filters, IP blocks, so on), and Plausible Deniability (Piracy, usually through torrenting). If what you seek falls into those two categories, good for you, but true privacy has to be achieved through something like Tails or a secure OS with Tor Browser, sorry.
Think of the billionaires!
Don't worry once this bites them in the ass by exposing something they have said is bad they will get themselves an exception.
Good luck with enforcing that, websites are likely to block access from Wisconsin. Isp's in Wisconsin will just block vpns or not do anything at all. If the whole world banned vpns then we'd just all use the next work around.
How the fuck do they plan on monitoring VPN traffic? Isn't the whole point of a good privacy-oriented VPN is that they don't log traffic? How can they monitor something that doesn't exist?
It's not the logs or the data which they would be monitoring with an encrypted no-logs VPN. What they would be monitoring, presumably, would be the fact that you are using a VPN at all. That's also what they would be trying to block. They might try to block it by interfering with access to certain ports or blocking certain IP addresses, but there would be limits. Even China can't stop all VPN traffic to get around its firewalls.
That's not what the article summary is saying, though. To clarify my question, I'm referring to this part:
How are they going to enforce that? Assuming the VPN provider is doing their due-diligence, they have no way of knowing what kind of traffic is going through a privacy-based VPN when someone uses one.
They intend to make the websites enforce it.
This basically means that either you will not be allowed to use VPN at all (so your ISP would be monitoring connections to known VPN entry points) or that when you're investigated for some other crime, if they find you used VPN to access certain things (by analyzing your devices) you will get additional charges. Depends on what the "certain content" will be.
Wow, they're really grasping at straws now, aren't they? Banning VPNs in the name of protecting children is just another way to censor the internet and infringe on our privacy.
Was wondering how long it would be until they did this.