Wisconsin VPN bill is 'going to be a disaster for everyone,' says online privacy nonprofit
Wisconsin VPN bill is 'going to be a disaster for everyone,' says online privacy nonprofit
Due to the UK's Online Safety Act implemented earlier this year, accessing my Bluesky DM's now means I need to allow a third-party service to scan my face, ID, or bank card. Understandably, that gives me the willies. So I can either simply never look at my messages again, whip out the likeness of Norman Reedus, OR I can log on via a VPN. However, the days of this vastly preferable third option may be numbered.
US states Wisconsin and Michigan have already proposed VPN crackdown bills aiming to close off this workaround—and the UK may be looking to follow suit. Online privacy nonprofit the Electronic Frontier Foundation recently criticised this strategy, taking aim at Wisconsin's bill in particular, saying that blocking the use of VPNs is "going to be a disaster for everyone."
I do wonder how they're going to even try to enforce this. VPNs aren't exactly blockable without a great firewall type apparatus. If they block major providers then you can just setup your own, and if they block VPN protocols outright then it ranges from ineffective to outright destroying the internet. I just don't really get how this is going to work practically. Which is good... hopefully it doesn't pass though.
I could see them using it a law they only enforce when they want to target someone.
The major providers have "no logging" policies. They generate no data linking your payment information to your activity, so they have no data to turn over if requested. Your activity is traceable from the sites you visit back to the VPN's endpoint, but the no-logging policy prevents further tracing back to you.
Any VPN you setup on your own is going to be tied to you just as closely as a facial scan, ID, or bank card.
It depends on how the law is implemented.
If simply connecting to a VPN is illegal, then your ISP could rat you out. They can't tell what you are doing, but they can see a bunch of encrypted traffic between you and a VPN server.
As apex32 pointed out, it isn't about logging, it's about your ISP either ratting you out or outright blocking the domains and IP blocks of major providers and that's why I said you can setup your own. Ofc even hosting one yourself your ISP can probably still determine you're using a VPN through traffic analysis even if you're using TCP 443 to blend in but it makes it harder.
The way I understand it, any company wanting to do business in the state would have to block access to their services from (anonymous?) VPN providers. That means IP blocks for PIA, mollivard, etc will be blacklisted by companies. There are already blocklists of IPs for VPN providers that many corporate web filters use (yes, they are terrible and inaccurate).
Yes, you would probably be able to fire up a VPS from a no-name provider and get through. However,
It seems like a "great firewall" is where all this will lead. Projects like xray-core may become important to a lot more people in the future.