(no title)

I'd be concerned there about the combination of "loggable" with "practically everyone breaks the law every day" (the latter is generally true in many countries, but not always in ways that are easy to record). You can get away with it but if you ever displease someone, then the consequences could show up suddenly then.

> every single person I know has and actively uses a VPN

I do know people who use no circumvention methods: some are simply not sufficiently familiar with technologies (including older people, who seem to think that something is wrong with their phones), for others it is a mix of regular shying away from technologies and being worried that it draws the government's attention. And then there are those who appear to genuinely support the censorship (or whatever else the government does). I also hear of people switching to local services as the regular ones are blocked.

Anecdotal data is of little use to determine the extent though, and trustworthy statistical data may be hard to come by, but if you somewhat trust the Levada Center, their polls indicate that YouTube's Russian audience halved following the blocking, among other things. [0]

> WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation.

For both IPsec and WireGuard, I have both heard of the blocks [1] and observed those myself, particularly to servers across the border (which were otherwise available; there is a chance that I misconfigured something back then, but I recall it working fine with local servers). For IPsec, I have also observed blocks within the country (and RKN lifting those on request, confirming an intentional blocking that way, twice; also confirmed that those were for IPsec packets in particular, not any UDP). But possibly it does not affect all the foreign subnets: as with a recent blackout [2], when quite a few were affected, but not all of them.

[0] https://www.levada.ru/2025/04/24/polzovanie-internetom-sotsi...

[1] One of the recently seen public mentions is at https://blog.nommy.moe/blog/exotic-mesh-vpn/

[2] https://github.com/net4people/bbs/issues/490

> WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation.

Good for you. I have a few machines around the world (a truly geo-distributed homelab lol), and my node on a residental connection in Russia (north-west, no clue about other regions) has pretty spotty vanilla Wireguard connectivity to the rest of the world - it works now and then, but packets are dropped every other day. My traffic patterns are unusual compared to usual browsing (mostly database replication), and something seem to trigger DPI now and then. Fortunately, wrapping it in the simplest Shadowsocks setup seems to be working fine at the moment.

But yeah, can confirm, VPNs are ubiquitous and work reasonably well for everyone I know who still lives there. Although I think all decent VPN providers have measures against traffic analysis nowadays, as plain Wireguard is not exactly reliable.

> I think us software people tend to think in absolutes.

"Software people" have an above-average understanding of probabilities overall. It's politicians who tend to think in absolutes. If you tell them that the effectiveness of something is poor and vastly exceeded by its costs, they say "so you admit that its effectiveness is more than zero". And then people will instead have to say that something doesn't work when they mean it has low effectiveness or an underwater cost-benefit ratio.

Moreover, a lot of things with computers actually are absolutes. You can't backdoor encryption without a massive systemic risk to national security and personal privacy of someone bad getting the keys to everything. You can't allow people to send arbitrary data to each other while preventing them from communicating something you don't want them to -- the same string of bits can have arbitrarily many semantic meanings and that's proven with math, and software can do the math without the user needing to understand it.

And the most important one is this:

> But for a totalitarian government...

A totalitarian government is trying to do something different and illegitimate. Banning VPNs etc. has higher effectiveness as a means for censoring the general population than it does as a means to prevent crimes or limit contraband in a democracy, because criminals will take the required countermeasures when the alternative is being arrested or not getting their fix whereas laymen are less likely to when the alternative is "only" that they don't get to read criticism of the government.

"It works better for totalitarian regimes" is an argument for not doing it.

I keep citing, as an example of this, speed limits.

You can literally break the law by just pushing your foot down harder. It's that easy! Therefore they're pointless.

Or, the TSA. They might have taken away my knife, but putting a rock in a sock and hitting someone in the head is an easy workaround. Therefore it's pointless.

(Arguing that the law is easy to break has no effect on whether the law is a good idea, should exist, or is effective.)

Take a look at the tools Chinese people use to evade the national firewall. They're extremely sophisticated, and need to advance all the time because the GFW constantly becomes more sophisticated. There are a lot of encryption technologies that the government also allows to work until they block them at a critical moment. All of the VPNs you've ever heard of in some advertisement on YouTube or whatever are easily and totally blocked in China.

Governments can make evading their censorship very difficult, painful, and risky, if they want to. It can have a huge impact.

Technically it's easy to come around restrictions (for example, where I live, RT.com is fully censored "to protect me").

But from a lawmaker perspective, the topic is not technical.

The question, at the end, is about the enforcement of the punishments that go with circumvention; and in some places there is punishment even when you are "just" trying to circumvent these restrictions.

It's easy to break-in into someone's place. What prevents you from doing it, is the punishment (and potentially ethics), not the physical barrier.

The thing is, you're still breaking the original law, which is "you must prove your age to access this content."

Using a VPN, or any other technical workaround you can think of, doesn't negate that the law in your state says you must prove your age to access the content.

States require proof of age to purchase alcohol. You can ask someone who is of age to buy it for you, that doesn't make it legal for you to have it.

re: SSH - I once heard that in China they can throttle SSH speed so it's usable for terminal work, but not for copying files or browsing web.

TLS and SSH obscure the exact data, not the usage pattern.

Every country that has slid into North Korea style total control begins with a "it won't happen here. And it'd stop before it gets that bad."

It's not just a VPN ban, the word VPN in the context means proxy, and you can setup a proxy with something as basic as a SSH command.

It's basically a restriction on communication, i.e. the government decides who you're allowed to talk to, not just a privacy issue.

> there are still several prerequisite institutions that need to be destroyed before the US could reliably enforce a VPN ban.

Ah, the "institutions." I didn't think about those. Very convincing.

Don’t exaggerate the level of control required. For all that things are bad and getting worse, Russia has not reached the North Korea percolation point where every facet of government control is tied to every other one. (Neither has Russia reached a NK-style total war economy, partly through bureaucratic dysfunction and partly by design; but I digress.) The things that it does are still pretty modular and don’t require $YOURCOUNTRY becoming Russia in its entirety. Hell, London had more outdoor surveillance than Moscow until after Covid. As far as Internet censorship, here’s what the playbook was:

1. Have a dysfunctional court system. (Not a powerless one, mind you; it’s enough that it basically never rule against the government. It would probably even be enough if it never ruled against any of the following.)

2. Mandate page-level blocks of “information harmful to the health and development of children” (I wish I were joking) for consumer ISPs, by court order; of course, that means IP or at least hostname/SNI blocks for TLS-protected websites, we can’t help that now can we. The year is 2012.

3. Gradually expand the scope throughout the following steps. (After couple of particularly obnoxious opposition websites and against an unavoidable background of prostitution and illegal gambling, the next victim, in 2015, was piracy including pirate libraries. Which is why I find the notion of LibGen or Sci-Hub being Russian soft power so risible, and the outrage against Cloudflare not being in the moderation business so naïve.)

4. Make sure the court orders are for specific pieces of content not websites (as they must be if you don’t want the system to be circumventable by trivial hostname hopping), meaning the enforcement agency can find a particularly vague order and gradually start using it for whatever. Doesn’t hurt that the newly-blocked website’s owner will be faced with a concluded case in which they don’t even have standing.

5. Ramp up enforcement against ISPs.

6. Use preexisting lawful intercept infra at ISPs to ramp up enforcement even further. Have them run through the agency-provided daily blacklist, fine the offenders. Any other probe you can get connected to the ISP will work too.

7. Offer ISPs a choice (wink, wink) of routing their traffic through agency-controlled, friendly-contractor-made DPI boxes they will need to buy, promising to release them from some liability. (First draft published 2016, signed into law 2019.)

8. Mandate the boxes.

9. It is now 2021 or so and you’ve won, legally and organizationally speaking, the rest is a simple matter of programming to filter out VPN protocols, WhatsApp calls and such. Pass additional laws mandating blocks of “promotion” of block evasion if you wish, but the whole legal basis thing is a pretence at this point. For instance, you can de facto block YouTube absent any legal order by simply having the DPI boxes make it very slow, a capability not mentioned in any law whatsoever, then cheerfully announce that in the national press.

See how very easy it is? How each legal or technical capability logically follows from very real deficiencies of the preceding ones so even a reasonable court would be disinclined to rule against them? Understand now why I’m furious when reasonable people on this forum defend the desires of their—mostly good and decent!—governments to control the Internet?

(See also how most of this happened before “Russia bad” became the prevailing sentiment, and how most of it went largely unnoticed in the EU and US, aside from a couple of reputable-but-fringe orgs like RSF to whom very few listen because they cry wolf so much? The ECtHR didn’t even get to the cases, IIRC, before the trap snapped shut and Russia was drummed out of the Council of Europe to widespread cheering, making the matter de facto moot.)

You know that road. You know exactly where it ends.

> Especially with this strongly pro-American, strongly pro-privacy admin

lol

"pro-privacy" and "pro-cop" are diametrically opposed, and Republicans pick "pro-cop" every time. And "pro-American" doesn't mean anything; it's a marketing term.

> Supreme Justices on the watch.

Have you been keeping up with their rulings? The Roberts court is completely spineless. They do whatever the administration wants and justify it post-hoc. In their shadow docket rulings, they don't even bother with justifications.

Tell me another joke..

> The mobile internet gets cut locally and temporarily when the Ukraine attacks Russian cities trying to terrorize population.

It’s hard to feel sympathetic when Russian bombs have been “accidentally” hitting Ukrainian civilians since day 1 of the war.

Has the war been affecting civilian life in Russia much? I hear Ukraine has been targeting the Russian power grid lately.

The name is Ukraine. There is no “the”.