I know it isn’t specific to just Linux but I use Linux anyway so my question is,
Is there a way you could use a VPN without them knowing that? Or if they outlaw them is it really just game over?
If they made VPNs illegal I suppose stuff like TOR would follow except TOR is partly funded by the US state department and the US is one of my countries closest allies (one of the five eyes). So surely they wouldn’t shut down something the US funds directly… Would they?
I’ve read very very little about Gemini and other protocols like Gopher, would this be the way forward if they do this? And is that even remotely close to the security and potential anonymity you would receive from a VPN?
The laws are entirely stupid (as in written by people that have no clue).
The ones I see do not make using a VPN illegal, they make it illegal for certain websites to receive traffic from VPNs.
As a website, how am I supposed to know if I am receiving traffic from a VPN?
I have to maintain a database of restricted IP addresses? How do I keep that up-to-date? How do I catch small players? Self-hosted stuff?
And even if I do all that, how do I tell where the actual user is? Because that is exactly what VPNs were designed to hide from me. So, I cannot apply it to residents of a state—I have to refuse VPN connections from the entire world.
It is impossible and pointless. Anybody actually doing anything wrong will get around it easily. So all it accomplishes is reducing the security and increasing the hassle for everybody else.
Dumb. Dumb. Dumb.
Deep-packet inspection exists. They can tell when vpns are being used generally. They kept shutting off my VPN in China ☹️
Does tor and i2p work?
How does that work if the traffic is encrypted?
They can’t read the contents of the traffic but they can tell it’s a VPN
You could buy a webserver outside the country and set up your own VPN software or something. I think there are forms that look like https.
You should probably try to tell at least one person a week to never vote for those people again and try to resist your oppressive state in every way you can without getting yourself in trouble or hurt.
Also try to do anything you can that they don’t want. If the powerful people in your country want something, try to oppose them. Don’t let them just shit on you and get away with it.
You could buy a webserver outside the country and set up your own VPN software or something. I think there are forms that look like https.
Anyone used / got any opinions on Algo?
I’m not the most experienced with this but I’m sure someone could help you.
mullvad has wireguard obfuscation making it harder to detect vpn traffiic
+1 ro this. The obfuscation tunnels traffic through the QUIC protocol used by https/3. Basically, it’s almost impossible to block QUIC without sabotaging the web. This is opposed to traditional VPN connections, which send encrypted (usually AES) packets over UDP, which is much easier to tell is a VPN.
If you go to dark(.)fail, go to Dread forums and head to c/OpSec, one of the top posts has information on how to bypass all Internet censorship. It’s a super in-depth tutorial on bypassing censorship in countires like Russia, China, etc.
You could rent a VPS in a neutral country and use ssh to create a SOCKS proxy to it, then use foxyproxy to add the proxy to firefox/librewolf/whatever and either allowlist certain sites you don’t want your country knowing about or denylist websites you don’t care if your country knows about (especially higher bandwidth sites that aren’t controversial like YouTube).
At that point you’d have plenty of “real” traffic from the unproxied websites and any traffic the rest of your OS is using, and when you access the proxied sites you want to hide it’ll look like you’re using ssh and/or scp.
You could also create a proxy server with a tor connection on the server and use ssh port forwarding to access it locally. The Mullvad browser + foxyproxy would probably be your best bet for using that since it’s basically tor browser without tor.
EDIT: Additionally, if you wanted to proxy an application that doesn’t support SOCKS internally, you can configure proxychains with the proxy and then launch
proxychains applicationname.This, but I’d use separate browsers to keep seperate digital fingerprints. Otherwise your ad trackers would know it’s the exact same person going to site a directly and site b indirectly.
Also worth noting that Facebook has a back door on its mobile app, that keep listening on some port. When you use certain apps with meta code ( could be a newspaper that monetizes with Facebook ads ) or websites with meta code ( same “newspaper”), those apps/websites send your ad tracker id directly to Facebook app through that port. This de-anonimizes the shit out of your “anonymous” ad IDs. Other techniques rely on lots of data points and some degree of guessing, but this ways it’s mercilessly effective and accurate.
Most popular VPNs have some form of obfuscation options in their apps. But if you’re using e.g. raw Wireguard you won’t be able to use their obfuscation function.
Btw technically they can’t really outlaw VPNs as a whole, only commercial/“privacy” VPNs. They couldn’t really tell if you’re e.g. using your friend’s PC as a VPN to access their LAN, since it’s a residential IP. Unless they’re looking for Wireguard packets, but that seems like an unlikely law since it’d piss off a lot of businesses that use VPNs to let their workers access the company intranet at home.
There are VPNs that operate in stealth mode so they don’t look like VPN traffic as they’re being used.
Still illegal, but not detectable. No riskier than being a political activist antagonistic to the state.
Say you rented a server at Amazon and ran your own VPN server software on it. Not that hard. The server could expose an HTTPS endpoint.
VPN software on your laptop connects to that.
From the network level, it appears you spend a lot of time connected to the same random website, hosted on some IP not owned by a VPN company.
It wouldn’t stand up to traffic pattern analysis:
- VPN traffic tend to have very uniform traffic pattern
- Most VPN traffic runs on UDP, not TCP
- All VPN protocols that I’m aware of have characteristic handshake patterns, even wireguards extremely fast 1-RTT handshake.
- HTTPS traffic is very bursts and TCP retransmission patterns look very distinct.
But then I doubt an ISP would run deep traffic pattern analysis on all traffic. So you’d probably be fine.
But yeah, setting up your own VPN server on some random 1-core/2 GB RAM server is extremely easy.
Until the “whitelist” principle is implemented for the network—you’re fine. You’ll be able to use stealth protocols, whose traffic is practically indistinguishable from regular HTTPS traffic to any website.
You might ask:
But won’t the internet censor notice that suspiciously large amounts of traffic are going to a single IP and block it?
you’d be right, but only in the case where your server is configured incorrectly. nothing stops you from finding a hosting provider whose subnet contains YouTube caching servers and disguise your traffic as coming from there. then, to the censor, everything will look natural, since traffic is indeed going to YouTube.
Once you have your own proxy server, you can create proxy chains to well-known services like Mullvad, IVPN, Proton, etc. Your intermediate server won’t see the traffic, so your privacy will be just as strong as when using these popular services directly—except with slightly higher ping.
You might say: what if they introduce those very whitelists, allowing access only to IPs within your country of residence? Like in North Korea?
I’ll answer: first, it’s unlikely to happen overnight, as it would be a fatal blow to the country’s economy. Second, even with whitelists, there are ways around them. In Russia, many people rent Russian CDNs (content delivery networks that reduce ping to services) and use them as an intermediate layer between a foreign server and themselves.
Why can’t the censor block them? Because large companies use them—so blocking these CDNs would also break taxi services, banks, and many other services included in the whitelist.
So it’s not that bad. The main thing is to have the will to fight for your rights, for your freedom. And methods, one way or another, will remain even under the strictest regimes :)
I don’t see how any modern country could do it. It would close off all cloud things.
They could pass laws that made VPNs nearly useless (mandatory logging and law enforcement access), or could pass laws that made it nearly impossible to make money from running a VPN service (make VPNs liable for any “damages” they “facilitated”).
Not exactly since your VPN could be in a country that doesn’t give a shit about the laws in your country .
Yeah, I think they have ways to block payments. Could use crypto though. Would make them much less profitable, since less people would want to go through those hoops. I guess countries like China does pretty intense DPI, and starts throttling and blocking connections that just exhibit suspicious-looking patterns, not to mention blocking every known VPN, Tor bridge, etc.
ok. good point.
Greetings Englishman!
They use connections to known VPNs as reported by the infrastructure that handles your requests. Use doh and a https proxy then connect to your vpn of choice.
Tor and the Snowflake projects have a lot of work they do on that fight
P2P tunnelling could be a thing, but obv there are issues with having a stranger’s traffic coming out of your home network range. I guess they can’t really lock out all traffic from AWS and Azure, so cloud data centres are an option.
P2P tunnelling could be a thing
it is!
Firstly, it depends on how illegal it is. Is it illegal like you shouldn’t do it and we will try to block you? Or is it illegal like if we catch you do it, you can get arrested or worse?
Scenario A:
- just try shit out, try different VPNs. Some of them provide certain obfuscation. You can see if they work. If they don’t work, you’ve got some more dedicated VPNs such as Tor with all kinds of Tor bridges (obfs4, snowflake, etc) Or psiphon
Scenario B:
- The risk is real and you might consider not doing it at all, but if you do, obfs4 is the only thing I can recommend, Psiphon is easily detectable (it’s just good at bypassing blocks)
