Reading TFA it seems that use case would be allowed, but would I be a criminal for checking social media on my work PC when connected to the corporate VPN?
> Tor is censorship-resistant
Of course these groups are also shooting themselves in the foot. Tor was invented by the Navy after all and they like spies to go through it because connecting to "totallynotNSA.com" is a great way to get yourself found. But Tor also only works for those purposes if non bad actors make up the majority of traffic
Though that's not the question
[1] - https://github.com/firehol/blocklist-ipsets/blob/master/tor_...
If they ban OpenVPN and WireGuard through what I can only think is something akin to the great firewall of China, then what is the next step, making ssh -D unlawful?
Maybe encryption too? Maybe they need to ban booting Linux and filter access to open source software as well? Running unsigned code? Might as well just shut down the internet.
Sure. Why not? Paid VPNs are cheap to use, and kids are smart.
A kid who already has a computer to use can turn a relatively large amount of electricity into a relatively small amount of crypto, and can do so very informally. It's usually a money-losing operation, but that matters less when a person is (say) 14 and someone else pays the electric bill: Out of sight, out of mind.
After that: Simply use the proceeds to pay for something like Mullvad or AirVPN (they accept crypto payments just fine).
It's been quite a long time since I was 14 and it was a very different world back then, but I don't think I would have had any trouble connecting these dots at that age.
(And indeed, that's how I used to pay for my own VPN service as a grown adult back when using those things was a lot less common. Rather than potentially draw unwanted interest from my bank by making international payments, I'd just mine some crypto to cover the VPN, and pay the electric bill. It wasn't strictly anonymous or untraceable or anything like that, but it did help cover the tracks that I cared about covering.)
Wisconsin is a state that's been looking at banning VPNs[1]. And they also apply laws to "companies commonly known to provide VPN services" - which makes me wonder how far that goes. Because technically I could get a free AWS instance, spin up Tailscale on it, and I have a VPN. Is AWS a VPN company since they certainly host servers that are used for VPNs? Who knows!
[1] https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpn...
What's stopping the kid from obtaining a VPN number and mailing 5 bucks to Mullvad?
Using the corporate VPN for personal purposes, including social media, is generally against corporate policy and is frowned upon (at least officially) in most businesses and organisations. It is also fraught with complications and could lead to disciplinary action or other unpleasant consequences. Just because the policy is not enforced does not mean it won’t be in the future.
If governments start targeting personal VPN's, it is only a matter of time before businesses crack down on unauthorised corporate VPN use as it will increase their risk of legal action stemming from employees’ missteps or misdeeds.
I hope people will start to see these blatant censorship proposals for what they are, but honestly I'm not too optimistic...
The report they link to presents no evidence that the surge was from “teens”.
Practically, it’s also wrong to categorize all popular sites that opted into the geo-block as being social or adult. For example, imgur.com is by all sensible definitions a general purpose image upload site with 3M DAU worldwide. It is as much a “pornography website” as YouTube or Reddit.
I would suggest this article be corrected to instead say “usage surged as netizens sought to avoid online ID checkpoints and mandatory facial recognition”, but that’s bordering on inflammatory in the other direction.
imgur has featured a combination of social media features including accounts, commenting, tagging, upvotes, downvotes, and et cetera for a good number of years.
It hasn't been just a simple image-host for a long time.
Here we're discussing how attacks against privacy are totalitarian and how more and more governments are on their way to become totalitarian regimes, but we don't agree that people having guns is a good defense against a totalitarian government. We talk about police or ICE overreach, but don't talk about what would happen if that overreach expands even more.
But I appreciate you punching down.
Any back doors, crippled encryption, etc, is a way in for their intelligence services. I find it baffling that politicians are so careless with their national sovereignty. It's especially worrying that a lot of populist support for this nonsense is indirectly supported by the before mentioned adversaries. There's a well documented history of especially Russian and Chinese propaganda aimed at supporting fringe populist parties. The agenda with that is complex but it isn't necessarily with friendly intentions.
Both Russia and China have isolated their own populations from the normal internet and effectively their countries run on centralized infrastructure where private VPNs are no longer allowed and traffic is monitored, filtered, and analyzed. Additionally, especially China has long targeted academic and enterprise network security for industrial espionage reasons. Weak government security has caused a few embarrassing situations across especially EU governments (e.g. Germany) with scandals related to over reliance on Chinese technology for telecommunications (huawei) and components for energy, auto motive, etc.
The point here is that those countries calling for this the most are also the most at risk of being compromised like this.
You can add the USA to that list now, who follow the exact same strategy in the EU.
What are those VPNs? Asking for a friend...
Cyber ghost
Private Internet Access
ZenMate
Intego VPN
According to [0] though there are various other sites that roughly align with this list.
[0] https://blog.boycat.io/posts/expressvpn-israeli-ownership-1b...
It supports ECH, which lets you hide which service the client is trying to reach on a multitenant host or CDN. Given that Cloudflare supports ECH, and that it's possible to hide the fact that you're using ECH, that makes it possible to have connections that could actually be using any of a huge number of possible sites without passive spying equipment being able to tell which ones.
It removes a bunch of weak old primitives and options, and should generally be harder to misconfigure in a dangerous way.
Just in case someone will read this without knowing the abbreviations:
PFS = perfect forward secrecy [0]
ECH = Encrypted Client Hello
[0] https://en.wikipedia.org/wiki/Forward_secrecy
[1] https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypt...
2. There is no way any significant number of the people involved in this are thinking that far ahead.
There was a Swiss company[1] selling cryptography gear that turn out to be a CIA front.
godelski•1mo ago
This has been one thing I've liked about how Benn Jordan has been handling the Flock issues. How he shows that the very cameras used to protect children can also be used to harm them. And uses this to walk into the conversation about wider privacy concerns and authoritarian turkey tyranny.
But with the article, we've been using the same rhetoric for decades. There's nothing wrong with it, per se, but we need to iterate on it if we're to communicate these dangers more effectively. Those trying to get that authoritarian control are iterating and they're effective. The dangers are only becoming more real and the current rise in global authoritarianism should make many realize how dangerous it is
spencerflem•1mo ago
If you look at the many “think of the children” arguments from this angle it becomes a lot more consistent
godelski•1mo ago
Take for example the age verification via camera we're seeing be suggested in some places. I can't think of a more endangering technology than putting a camera in every child's bedroom. We know how bad security is and how even making it a lot better still makes this a highly valuable target for these people.
People want control because they're scared. But what they need to be taught is that these people are leveraging that fear to turn those nightmares into reality.
woleium•1mo ago
yareally•1mo ago
gs17•1mo ago
godelski•1mo ago