I’m sure I’d be preaching to the choir if I told you that it’s time for us to immigrate from übercorp owned social media and services. All of you have done so, so that’s not the point of this post. Even though we are on these new platforms, the fediverse is still sensitive to requests from governmental bodies and organizations. Lemmy.zip has already blocked UK users and Lemmy.world will almost certainly do the same. Due to the size of Matrix’s biggest homeserver matrix.org, the admins of said homeserver are beginning to follow the OSA and have already raised their minimum age to 18+. And instances who don’t follow the Act could be subjected to insurmountable paperwork and even blocked from the UK, Australia and other countries enacting these outrageous laws soon.
Blocking UK users to avoid this is almost a necessity, and as Labour is attempting to get lawmakers to outlaw VPNs, we could be seeing the equivalent of the UK Great Firewall soon. However, it will take significant amounts of time, money and paperwork to outlaw VPNs and to get ISPs to block sites and protocols. This is where federated and open source platforms have an advantage, without being shackled by bureaucracy they are able to quickly adapt. But this is not sustainable, and eventually the UK will become even more overreaching in order to gain more control over people’s Internet usage.
Darknets such as Tor, I2P and Yggdrasil are a potential solution, however they have multiple issues. Tor is slow and has a reputation of being used by pedophiles and drug traffickers. I2P is scattered in implementation and cannot handle high load. Yggdrasil is alpha software and requires IPv6, which in many countries is simply not possible to use. Whilst these darknets are extremely resistant to censorship from other countries, with the only way to fully dismantle them would be to shutoff all access to the Internet, they still are not capable of handling modern Internet usage.
We might need new completely independent mediums seperate from the Internet to avoid this. Physical bluetooth mesh networks or other technology is an example. Maybe even a new version of dial-up. All I know is that governments will not stop here. I might seem like I’m overreacting here, but we need to be prepared for what is coming.
CORRECTION: I was told by a peer that Yggdrasil peers must have IPv6, however one does not need an IPv6 enabled network to use it, they just need an IPv6 operating system/device, which virtually every modern operating system including Windows and Linux does. Yggdrasil is actually Beta software.
Seriously. The reason CSAM merchants and drug dealers use Tor is because it actually protects their privacy successfully. Whereas, if you’re using a VPN or whatever cobbled-together solution, the feds just have a hearty laugh about it, send a subpoena by email or use some automated system that’s even more streamlined, and then come and find you.
Tor is not bulletproof; they regularly run operations where they take down some big illegal thing on the dark web. But they have to do an operation for it, and if there were any solution that was any better, that thing would be even more infested with illegal material than “the dark web” is. That’s just how it works. And listening to the newspapers when they tell you that it’s a sign you need to stay away from those actually-effective solutions because “terrorism!” or whatever is a pretty foolish idea.
I dont think most people need a security model that is fed proof. Thats a pretty extreme level of privacy and most people would break it by yappign about their life to much.
Well, but we’re talking about how to prepare for the future where it does need to be fed proof. At some point, I think pretty soon from now in some places, it’s going to become necessary to either break the rules of the internet in ways that can actually get you in trouble, or accept that you have to do things like upload your ID to all these places, agree not to access certain types of content the government doesn’t want you looking at, not say certain political things on social media or else you’re going on a list, things like that.
I think option A is probably better and it probably makes sense to start to think about, how are we going to do that and not have the expanded-and-mission-creeped version of ICE showing up at your door for it to give you a citation or worse, a year from now.
Right now, yes, a VPN is fine. But that’s only true for as long as the government doesn’t strongly dislike anything that you are doing.
That tends to be more due to bad opsec than Tor itself, though.
Yeah. As far as I know, there are some theoretical state-actor attacks, but nothing that anyone’s ever been able to make work in practice. Compromising something else is just always easier.
It was literally designed by professional spies to be resistant against state intelligence agencies. It was originally made by US intelligence for secret communication with their assets, and only released to the public when they realized they needed a bunch of additional traffic on the network that the US intelligence traffic can blend in with. At least as of the Snowden leaks (which showed NSA compromise of huge amounts of the internet including most HTTPS traffic), they hadn’t figured out a way to undo it for their own spying purposes, either.
Not all VPNs store enough user info for feds to be able to find anything useful on their servers.
I’ve literally never in my life heard of “this person was doing (whatever), but they were behind a VPN, so we had to do (whatever elaborate sting operation) instead of compromising the VPN.” I’ve heard that many times about Tor.
It’s possible that no one’s ever done something significant enough to make the feds interested from behind a VPN, just always used Tor, but I feel like it is unlikely. I feel like it’s more likely that they either have the ability to force the VPN companies to comply with some legal structures that give them the info they need, or else just wiretap the pipes going in and out of the VPN servers and can sort things out pretty straightforwardly if they really start to care about it.
VPNs are certainly useful; they make it a lot more difficult for non-law-enforcement people to know what you’re up to, which is a significant gain, and they are faster and generally more convenient than using Tor. But if you’re actually concerned about the government, I would use Tor 100% of the time over a VPN.