Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I feel like a VPN ban might be difficult to enforce due to corporate usage of the same technology


I doubt they try to ban them, but I could absolutely see them push an age verification requirement for "personal" VPNs that allow you to get an out-of-state IP address since it "illegally circumvents state laws". So you can have a VPN, but if you are in Utah the exit node must also be in Utah. Corporate VPNs wouldn't be a problem legally because they already verify your identify for state tax purposes so there's nothing more for corporate to do.

Bonus: while your every access to porn is being logged for the state, they can log your VPN use too just in case there is anything relevant for law enforcement to care about.


> I could absolutely see them push an age verification requirement for "personal" VPNs that allow you to get an out-of-state IP address

The VPN provider knows the user is in Utah and connecting to Pornhub, so there might be an argument for knowingly facilitating circumvention. No clue if that's something that they can prosecute, though. I'd be de-nexussing Utah were I running a VPN company.


How would a law like that be enforced if none of the VPN's personnel or physical assets are in Utah or if they're entirely outside the US?


I think they think they can just block them on a case-by-case basis, but that is harder than they think it is because IP bans will get most of AWS, and therefore the Internet blocked, and then the only option is an HTTPS MITM proxy, which would then break any site with cert pinning.

Past options that don't work anymore include SNI inspection (replaced with ESNI/ECH, but wasn't hard to circumvent; say you want good.com when you're doing SNI, say you want evil.com when sending a Host: header), and DNS blocks (but now DNS-over-HTTPS is a thing, so as difficult to control at the state level; would require a court to compel in-state DNS-over-HTTPS providers to publish fake facts, which violates federal law; but irrelevant because AWS, Cloudflare, and Google don't have any assets of value in Utah).

I'd say it's basically impossible to ban VPNs. If it happens, you'll see random VPN employees detained/arrested while on vacation or something like that, unless the news cycle blows over. China can do it, because they can just kill tech execs that won't cooperate, but we typically don't do that in the US.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: