It doesn’t go as far as this bs does and this law allows copyright holders to skip the government for that. Blocking something on isp level is one thing but this seems to be targeting private DNS and even VPN services, also it is a Reversal of the burden of proof.
Are you sure? Think about it… “AIl VPN and open DNS services must also comply with blocking orders”. A VPN provider can’t legally sell their services in Italy unless they comply. The best part is: since the govt is blocking websites they can also block providers who doesn’t play according to their rules :)
Ever heard about Proton? You can get their services by mailing them money and going through TOR if necessary and you can easily build your own DNS server with a raspberry PI
You can block as much as you want, as long as the internet itself is there you can always use TOR its literally known for working even in China and North Korea. Custom DNS are also a thing and as soon as you connect to a DNS outside of Italy they can do whatever they want, blocking that is basically impossible unless they do the China.
1.1.1.1 for example is cloudflare, they barely block anything.
There is also the google DNS or NextDNS wich is custom. ISP blocks can be easily circumvented by another DNS, wich everyone should have by default because fuck em ISP bitches collecting and selling your data.
Another circumventing is VPNs, you can’t block them, its impossible i work in IT and I’ve yet to encounter a network that is able to block a VPN to outside. And there are free ones, fuck Nordvpn, they are unsecure as hell anyway and just chase money. If you want a VPN that does the trick, use Proton, they work in China (i tested that personally)
Please remember that Italy is a super insignificant market and barely anyone will comply with their BS.
Just because something is “technically” possible doesn’t mean its scalability and costs are a actually considerable option. And i don’t think any ISP would even consider paying for that, they just say its impossible and thats it, otherwise they let the state pay for it, wich would probably result in the same, that its not going to happen.
Btw, I’ve never seen something like that, my VPN worked even in China, and that must mean something…
Just because something is “technically” possible doesn’t mean its scalability and costs are a actually considerable option.
Any mid-range / price firewall solution is capable of effectively blocking most VPN solutions. Both OVPN and Wireguard VPN traffic is trivial to identify as such and block. Here’s an example and another.
Btw, I’ve never seen something like that, my VPN worked even in China, and that must mean something…
China’s great firewall works a little bit differently. They aren’t actively blocking certain kinds of traffic by default because that would mean a large DPI effort they don’t want to undertake. Also if you google a bit about it you’ll find that people’s experiences are mostly “my VPN worked fine for a day/week/month and then it was blocked”. It seems they’ve some IPs and domains blocked and the rest is some kind of machine learning that applies rules as it sees fit, this guy here has a good analysis of it.
As said, I’ve never seen a network that even tried to block any kind of VPN, and i have seen numerous networks… I kinda built them even. Good, i don’t think anyone outside of a clownshow authoritarian circlejerk would even try to do that.
There is however a problem you forgot. VPNs are very very necessary when you work with sensitive data in BtoB, wanna do remote checkup of a server? You better use a fucking VPN or you aint getting in. Wanna help someone over TeamViewer? Thats not much different from a VPN…
And there is still TOR…
China’s great firewall works a little bit differently. They aren’t actively blocking certain kinds of traffic by default because that would mean a large DPI effort they don’t want to undertake. Also if you google a bit about it you’ll find that people’s experiences are mostly “my VPN worked fine for a day/week/month and then it was blocked”. It seems they’ve some IPs and domains blocked and the rest is some kind of machine learning that applies rules as it sees fit, this guy here has a good analysis of it.
As said, I’ve never seen a network that even tried to block any kind of VPN, and i have seen numerous networks… I kinda built them even. Good, i don’t think anyone outside of a clownshow authoritarian circlejerk would even try to do that.
All the serious companies (financial sector) I worked for so far did it, because as I linked is really easy with any cheap firewall solution.
clownshow authoritarian circlejerk
Well… a bank could be considerar that indeed, but you know, security concerns and all.
VPNs are very very necessary when you work with sensitive data in BtoB, wanna do remote checkup of a server? You better use a fucking VPN or you aint getting in.
So what? A company can use a firewall to block VPNs when the target IP isn’t on some whitelist, or the source computer isn’t authorized to use VPNs. On those high security setups at banks and whatnot client machines inside the company network won’t need to touch a VPN to do a “remote checkup of a server” at some cloud provider as the network will be configured to internally route the traffic from all computers / users (backed by SSO/AD credential) to access those resources via a special VPN setup on some router / server.
Wanna help someone over TeamViewer? Thats not much different from a VPN…
Fortinet and WatchGuard can both distinguish a VPN from TeamViewer. They can actually do much more than that, even TeamViewer from RDP or VNC is just a couple of clicks on their UIs.
The systems im used to are used in hospitals and banks as well, they are rather a setup of closed off Mashines that can only communicate internally and a second system that gets necessary data outside, the inner circles don’t get internet at all in these setups and they aren’t connected to the outside circle, they are closed off completely. The outside communication builds on a VPN (or sometimes a physical fiber cable) to get to the necessary network (outside databases, or servers that stand in another building/facility for example) where they do their business, the computers in that circle aren’t standalone Mashines, they just start a Virtual Mashine on a server. Incoming traffic goes through a filter that is strictly white-list for all traffic, but you can’t do that as a isp (you cant do your method as a isp either) outgoing traffic is also white-list only. (yes we are assholes and block people from using Facebook at work)
Its just impossible to even start a VPN from these systems unless you have administrator privileges, so im not used to your way of doing it. Maybe some day i need to learn about that more, as things get more and more connected the systems im used too aren’t up to standard anymore it seems. I still like the airgap for safety.
Its just impossible to even start a VPN from these systems unless you have administrator privileges, so im not used to your way of doing it.
That’s also the policy for the majority of the machines/users but there are a few that do have admin privileges like IT teams and whatnot and even if they manage to install a VPN solution (the app would most likely get blocked by endpoint security either way) they couldn’t communicate to the outside because the firewalls, as I described, are all set to block VPN traffic. Except for those situations I specified above.
The bottom line is: distrust everything, everyone and anything. Even if you can ensure nobody can install a VPN application on their computers, assume someone might get around that and add proper firewall checks and blocks as well.
Isn’t the Portuguese one just saying they block stuff on isp level when the government orders them (or rather a court does) (btw i edited my first reply)
Kind of, the law doesn’t actually say that it only applies to ISPs… technically speaking the Portuguese law could be applicable and enforced with a VPN provider is a court decided to do so. The legislation is kind of written in a vague way that may apply to more than just ISPs. So far they only pressured ISPs to block websites.
Yeah thats the same game in Germany, but the processes are so fucking long that getting something blocked takes time, our ISPs fight almost every time and when something gets blocked its at max an hour until they have a new domain that isn’t blocked.
The wording is vague but Noone dares to try and court a VPN service over that bs or tries to fight google or cloudflare.
The only actual option to get something out of the internet is to find the server and shut it down.
but the processes are so fucking long that getting something blocked takes time, our ISPs fight almost every time (…) The only actual option to get something out of the internet is to find the server and shut it down.
Not the case at all around here (Portugal), the blocks are quick and ISPs don’t even complain, they simply comply. What the law says is that there’s a govt entity called IGAC that is allowed to ask ISPs to block a website (domain name) as long as the website is flagged as containing / hosting piracy or other form of copyright infringement. The only requirement is that IGAC has to notify the website owner asking to remove the content prior blocking. After 48 if the website is still hosting said content then IGAC will ask the ISPs to block it.
Since this is all DNS based one can, obviously, set their DNS servers as Google or Cloudflare and bypass the block. Now the problem is that this is all fun and games until someone in the govt decides to go against Cloudflare and other DNS providers, the law would allow them to easily do it the way its written.
That’s some authoritarian shitshow right there. But i think its not a violation of EU laws or agreements.
😂 😂 😂 well the irony is that this is the kind of “authoritarian shitshow” we got by electing the left. That and a tax on digital storage (flash drives, disks etc) because they might be used to hold piracy. Even phones are taxed.
Since this is all DNS based one can, obviously, set their DNS servers as Google or Cloudflare and bypass the block. Now the problem is that this is all fun and games until someone in the govt decides to go against Cloudflare and other DNS providers, the law would allow them to easily do it the way its written.
I mean if even one of those just shuts down service in or for Portugal the entire Internet is fucked instantly. AWS, Cloudflare and Google(rather Alphabet, the cooperation behind Google) are the literal spine of the internet. If you decide to go against them you dig your own grave and take the whole economy with you. Like cloudflare alone shoulders around 80% of the web.
I mean if even one of those just shuts down service in or for Portugal the entire Internet is fucked instantly.
Yes, but what if the govt just politely tells them “look, we’ve a law about piracy and we think you should block websites at the DNS level like our ISPs are doing”. Do you think Google / Cloudflare will fight it? They already have mechanisms for that in place for parental controls etc. so… the effort of adding a block list for a country shouldn’t be a big deal.
But they don’t want to comply, that’s the point, they don’t need to fight because nobody dares to even suggest something ridiculous like that, and yes they would go to court over that just so their lawyers have something to work on its peanuts for them and they absolutely don’t want anyone to interfere with their stuff.
Its not a big deal from a technical perspective, but for them its a big issue with their beliefs, especially for cloudflare.
And then there are still all the custom DNS that can just go around that all.
It doesn’t go as far as this bs does and this law allows copyright holders to skip the government for that. Blocking something on isp level is one thing but this seems to be targeting private DNS and even VPN services, also it is a Reversal of the burden of proof.
Ever heard about Proton? You can get their services by mailing them money and going through TOR if necessary and you can easily build your own DNS server with a raspberry PI
You can block as much as you want, as long as the internet itself is there you can always use TOR its literally known for working even in China and North Korea. Custom DNS are also a thing and as soon as you connect to a DNS outside of Italy they can do whatever they want, blocking that is basically impossible unless they do the China.
1.1.1.1 for example is cloudflare, they barely block anything. There is also the google DNS or NextDNS wich is custom. ISP blocks can be easily circumvented by another DNS, wich everyone should have by default because fuck em ISP bitches collecting and selling your data.
Another circumventing is VPNs, you can’t block them, its impossible i work in IT and I’ve yet to encounter a network that is able to block a VPN to outside. And there are free ones, fuck Nordvpn, they are unsecure as hell anyway and just chase money. If you want a VPN that does the trick, use Proton, they work in China (i tested that personally)
Please remember that Italy is a super insignificant market and barely anyone will comply with their BS.
VPNs are extremely easy to detect and block. You need to do deep packet inspection but it can be done if they’re willing to pay for it.
This is what it’s going to come down to, whether ISPs will be willing to eat the costs for all the blocking.
Just because something is “technically” possible doesn’t mean its scalability and costs are a actually considerable option. And i don’t think any ISP would even consider paying for that, they just say its impossible and thats it, otherwise they let the state pay for it, wich would probably result in the same, that its not going to happen.
Btw, I’ve never seen something like that, my VPN worked even in China, and that must mean something…
Any mid-range / price firewall solution is capable of effectively blocking most VPN solutions. Both OVPN and Wireguard VPN traffic is trivial to identify as such and block. Here’s an example and another.
China’s great firewall works a little bit differently. They aren’t actively blocking certain kinds of traffic by default because that would mean a large DPI effort they don’t want to undertake. Also if you google a bit about it you’ll find that people’s experiences are mostly “my VPN worked fine for a day/week/month and then it was blocked”. It seems they’ve some IPs and domains blocked and the rest is some kind of machine learning that applies rules as it sees fit, this guy here has a good analysis of it.
As said, I’ve never seen a network that even tried to block any kind of VPN, and i have seen numerous networks… I kinda built them even. Good, i don’t think anyone outside of a clownshow authoritarian circlejerk would even try to do that.
There is however a problem you forgot. VPNs are very very necessary when you work with sensitive data in BtoB, wanna do remote checkup of a server? You better use a fucking VPN or you aint getting in. Wanna help someone over TeamViewer? Thats not much different from a VPN…
And there is still TOR…
Interesting. Well it was some years ago.
All the serious companies (financial sector) I worked for so far did it, because as I linked is really easy with any cheap firewall solution.
Well… a bank could be considerar that indeed, but you know, security concerns and all.
So what? A company can use a firewall to block VPNs when the target IP isn’t on some whitelist, or the source computer isn’t authorized to use VPNs. On those high security setups at banks and whatnot client machines inside the company network won’t need to touch a VPN to do a “remote checkup of a server” at some cloud provider as the network will be configured to internally route the traffic from all computers / users (backed by SSO/AD credential) to access those resources via a special VPN setup on some router / server.
Fortinet and WatchGuard can both distinguish a VPN from TeamViewer. They can actually do much more than that, even TeamViewer from RDP or VNC is just a couple of clicks on their UIs.
The systems im used to are used in hospitals and banks as well, they are rather a setup of closed off Mashines that can only communicate internally and a second system that gets necessary data outside, the inner circles don’t get internet at all in these setups and they aren’t connected to the outside circle, they are closed off completely. The outside communication builds on a VPN (or sometimes a physical fiber cable) to get to the necessary network (outside databases, or servers that stand in another building/facility for example) where they do their business, the computers in that circle aren’t standalone Mashines, they just start a Virtual Mashine on a server. Incoming traffic goes through a filter that is strictly white-list for all traffic, but you can’t do that as a isp (you cant do your method as a isp either) outgoing traffic is also white-list only. (yes we are assholes and block people from using Facebook at work)
Its just impossible to even start a VPN from these systems unless you have administrator privileges, so im not used to your way of doing it. Maybe some day i need to learn about that more, as things get more and more connected the systems im used too aren’t up to standard anymore it seems. I still like the airgap for safety.
That’s also the policy for the majority of the machines/users but there are a few that do have admin privileges like IT teams and whatnot and even if they manage to install a VPN solution (the app would most likely get blocked by endpoint security either way) they couldn’t communicate to the outside because the firewalls, as I described, are all set to block VPN traffic. Except for those situations I specified above.
The bottom line is: distrust everything, everyone and anything. Even if you can ensure nobody can install a VPN application on their computers, assume someone might get around that and add proper firewall checks and blocks as well.
I agree with you, but still the portuguese law is equally a violation of the EU human rights agreement.
Isn’t the Portuguese one just saying they block stuff on isp level when the government orders them (or rather a court does) (btw i edited my first reply)
Kind of, the law doesn’t actually say that it only applies to ISPs… technically speaking the Portuguese law could be applicable and enforced with a VPN provider is a court decided to do so. The legislation is kind of written in a vague way that may apply to more than just ISPs. So far they only pressured ISPs to block websites.
Yeah thats the same game in Germany, but the processes are so fucking long that getting something blocked takes time, our ISPs fight almost every time and when something gets blocked its at max an hour until they have a new domain that isn’t blocked.
The wording is vague but Noone dares to try and court a VPN service over that bs or tries to fight google or cloudflare.
The only actual option to get something out of the internet is to find the server and shut it down.
Not the case at all around here (Portugal), the blocks are quick and ISPs don’t even complain, they simply comply. What the law says is that there’s a govt entity called IGAC that is allowed to ask ISPs to block a website (domain name) as long as the website is flagged as containing / hosting piracy or other form of copyright infringement. The only requirement is that IGAC has to notify the website owner asking to remove the content prior blocking. After 48 if the website is still hosting said content then IGAC will ask the ISPs to block it.
Since this is all DNS based one can, obviously, set their DNS servers as Google or Cloudflare and bypass the block. Now the problem is that this is all fun and games until someone in the govt decides to go against Cloudflare and other DNS providers, the law would allow them to easily do it the way its written.
That’s some authoritarian shitshow right there. But i think its not a violation of EU laws or agreements.
😂 😂 😂 well the irony is that this is the kind of “authoritarian shitshow” we got by electing the left. That and a tax on digital storage (flash drives, disks etc) because they might be used to hold piracy. Even phones are taxed.
We have that tax in Germany as well, its completely ridiculous and a audacity that this shit exists.
I mean if even one of those just shuts down service in or for Portugal the entire Internet is fucked instantly. AWS, Cloudflare and Google(rather Alphabet, the cooperation behind Google) are the literal spine of the internet. If you decide to go against them you dig your own grave and take the whole economy with you. Like cloudflare alone shoulders around 80% of the web.
Yes, but what if the govt just politely tells them “look, we’ve a law about piracy and we think you should block websites at the DNS level like our ISPs are doing”. Do you think Google / Cloudflare will fight it? They already have mechanisms for that in place for parental controls etc. so… the effort of adding a block list for a country shouldn’t be a big deal.
But they don’t want to comply, that’s the point, they don’t need to fight because nobody dares to even suggest something ridiculous like that, and yes they would go to court over that just so their lawyers have something to work on its peanuts for them and they absolutely don’t want anyone to interfere with their stuff.
Its not a big deal from a technical perspective, but for them its a big issue with their beliefs, especially for cloudflare.
And then there are still all the custom DNS that can just go around that all.