The Register, in a recent article, has basically admitted the opposite to the title of my post. “No current plans” is a euphemism for saying that they are looking into doing this and the best way to implement it.
I have to admit that this news has made me nervous. For me, using a VPN is a mandatory part of my toolkit in making my use of the internet more private and safe. It encrypts all our traffic and protects any personal and financial data that we have to transmit, as part of daily life - paying bills, banking etc.
I would really appreciate your thoughts on this news. Am I really just being a bit too paranoid or “are they really out to get us”?
Now to the question. I expect they will be looking into the feasibility of banning commercial VPNs but as private ones are used to access the networks of businesses, or maybe even governmental organisations, by employees, MPs, etc. a complete ban of the technology is unlikely. In the event that commercial VPNs are banned there are ways around that. However, circumvention requires some technical knowledge which, currently, the bulk of the population does not possess. I won’t go into details here but there is enough information out there for those who wish to learn. However things play out, strap in it’s going to be a rough ride.
It seems to me that the UK started a trend with Brexit of shooting themselves in the foot, and is now successively trying all the remaining limbs available to see if that works better or fixes any of the other problems caused by limb shooting.
The reason why privacy is a bigger topic in Europe than in other areas of the world is that it has suffered several autocratic dictatorships in the past century, showing how dangerous collection and misuse of personal information and restriction of freedom of information can be.
De-anonymisation of the Web through misguided age checks, VPN bans, criminalising victims of domestic violence – I sincerely hope UK voters will not tolerate such pernicious and ill-informed legislation much longer and show politicians in other countries what negative consequences this will have.
I understand that part of this came from an – in its spirit quite laudable – attempt to reign in suicide forums run by despicable individuals who are making money by deliberately driving people with mental health issues into terrible decisions, but these measures are utterly ineffective and sacrifice freedom of information and online privacy for nothing, while neglecting necessary investments in education and prevention.
I hope it will at the very least lead to increased tech literacy in the population. The more people understand VPNs, TOR, DNS queries, end to end encryption, ad blockers and online privacy, the better, and the more resistance this will face.
I use a vpn but, what I don’t really understand is how to check how “detectable” it is. There are a lot of “proxy checkers” but, I don’t know if any of them really work. It would be helpful to know if my VPN was really managing to disguise my location and net traffic effectively.
Obviously a number of countries have already implemented such bans but, I don’t know how they have managed to achieve this?
I think it might be necessary to try to second guess what measures the government might introduce next? If we just wait and see, there may not be time to take counter measures.
But, perhaps the UK government are not tech savvy enough themselves to implement a nationwide vpn ban effectively?
Type “my ip address” into a search engine when not using the VPN. Go to one of the sites in the results. Take note of the reported IP address. This should match the one in your router settings. Then do the same with the VPN up. The IP address should be different if the VPN is working. The site will probably also give other information such as what location your new IP address is in. If you are using the VPN to circumvent the UK OSA then make sure you pick a server in another country in the VPN settings.
Your ISP will see that you are using a VPN but won’t see what sites you are visiting. As long as VPNs remain legal in the UK this is OK. If ban is enacted then they are likely to block VPN access via DNS so the recursive resolver method I showed you earlier might help with this. I’ve had a strong cider so that’s the best I can do right now
One more thing. Use a reputable, paid VPN e.g. Proton or Mullvad. If you’re using a free one then they are definitely recording and selling everything. It might be worth considering using the e OS Advanced Privacy feature instead of a VPN, depending on your threat model. This routes over Tor and costs no money. Just don’t use it when logging into anything using real personal identifying information.
I didn’t reply last night because I had had a glass of wine
But, thanks very much for your reply.
I will do what you suggested, definitely and test what ip is detected with and without the vpn. I think this aspect works though. I use Mullvad, much of the time using a french server because I travel to France quite often anyway so am really there, some of the time. I started doing this, primarily because I was worried that the UK government might force my email provider (protonmail) to pull out of the UK or cease providing encryption to UK customers like with Apple. I use protonmail and it’s email aliasing service to ensure that all email accounts I use have a different address. And I can delete addresses no longer in use (to prevent spam) so, I really don’t want to lose access.
I use both mullvad vpn and their browser, plus the daita and multi-hop settings, and ad blocking. Mullvad use obfuscation by default, as well. And the pi-hole as well.
All this, I have set up over time, with the goal of protecting my internet use from prying eyes, and thereby my personal data. My primary aim was to not be hacked as a result of my own internet activity.
But, I am now starting to wonder if all of this might end up having been a pointless exercise and a waste of time. And that is also why I don’t mind writing about it quite specifically here.
We now seem to have a government in the UK who is quite happy to put every UK resident at great risk of data theft, scams and hacking, just so that they exert the maximum control possible over the population, by knowing everything about us.
You may think my concerns are a bit exaggerated but, I pay close attention to the news and remember some time ago, that the UK government was talking about developing their own (home grown) AI model to take over many lower level functions involved in running the country. For this to work effectively, they would need as much data as possible on the UK population, to train it with. It has not been talked about very much since but, I think it is partly why I wonder if this online safety bill is much more about facilitating data gathering than child safety. And I am not sure how safe a parent could make the internet for use by a child, if vpn’s were banned completely. But, no one mentions that. Every coin has 2 sides!
I am now starting to try to think through how such a ban might be implemented. For example, would every UK website would have to have incorporated into it, code to detect that a user was using a vpn and block their access? Or (from the governments point of view) would there be an easier and more discrete way to achieve this? I don’t know how long it took China to develop their national firewall? Perhaps the UK government might get China’s agreement to use their technology to implement the same thing here? They have just agreed to China having a massive new embassy in London, bigger than any that other countries have there. I am having problems posting a link but, it can be found on the uk bbc news site with a uk vpn server.
These are just my initial thoughts. Apart from how on earth I might use the internet safely without any encryption or a vpn. I have already massively reduced my internet use but, daily living is almost impossible without any at all.
Not a bit of it. The UK government (and the one before them) are either staggeringly incompetent around internet matters, or they see 1984 as an blueprint rather than a warning. If the first, they may eventually see sense. If the second, don’t give up with all of the things you are doing. That’s what they want you to do. As you go to France often, I assume you are comfortable with the language. This will give you easier access to the french forum posts for Yunohost. Yunohost, a french project, is well worth looking at because it lets you self host a lot of services such as email, search, messaging, etc. This will protect you from some prying eyes by replacing some public services you may currently be using. It makes it easy to do without having to get into the details of being a sysadmin for the various services. I stopped using /e/ online services and replaced the bits I wanted with Yunohost. You can run it on a machine in your home or on a VPS hosted anywhere in the world.
I have downloaded yunohost and will be installing it on a raspberry pi 5. I will let you know how I get on. It does look ideal. Some people have said that the Mullvad VPN doesn’t work on it but, they are old posts so, I will try it out anyway.
When set up, you just access it as any other website. There shouldn’t be any problem accessing it through a VPN tunnel. I have my own domain and the Yunohost server is in the DMZ. This was the recommended way of doing it when I started years ago. The point is for it to be available on the WAN side. Maybe they recommend something else now, and that might cause problems accessing it via VPN. You can also add a private VPN server to it which will give you access to your LAN when away, which is very useful. Let me know if you have problems and I’ll try to help if possible.
