You know perfectly well what blocking VPN access means in common verbiage. I don't understand the motivation of these "hey look my WireGuard connection to home isn't blocked, you guys don't know the true meaning of VPN" comments that inevitably pop up in these discussions. Like come on, this is a tech forum, you're not impressing anyone for knowing the technical definition of VPN and how to set up WireGuard.
It's not so easy to setup. I mean: it's easy but it hits some real world constraints.
Example 1. I run Blockada on my Android phone, so I can block every ad even in apps and I can more or less firewall them (the outside calls). Blockada runs as a local VPN and unfortunately Android allows only one active VPN. So it's either Blockada or Wireguard. I'm with Blockada but I might occasionally want to disable it and enable Wireguard. I never did it yet because:
Example 2. WireGuard does not run everywhere. My little home ARM based server has a Linux kernel with some special driver to manage its hardware (it's pretty common on non-Raspberry ARM devices) and WireGuard does not run on it. It requires a newer kernel that I still cannot upgrade to and maybe I will never be able to. So I don't have anything to VPN to.
I might eventually put online a Raspberry, even an old model 3, as a bastion host on the home end of the VPN, but then it would be something else to care about and to power. It's not worth the mind share and the wattage so far.
Besides the political implications, I think we should try to find an objective taxonomy, it's clear that privacy VPNs and network security VPNs are different products semantically, commercially and legally, even if the same core tech is used.
Possibly the configuration and network topology is different even, making it a technically different product, similar to how a DNS might be either an authorative server for a TLD, an ISP proxy for an end user, a consumer blacklist like pihole, or an industrial blacklist like spamhaus. It would be a non trivial mistake to conflate any pair of those and bring one up in an argument that refers to the other.
Yeah, it's an ignorant and arrogant take on the legal system.
In most places the law is exercised pragmatically, interpreted by presumed intention. That's why legal precedent is important. You likely won't convince any judge being anal about the wording (maybe if the law gets applied for the first time). You can derail anything semantically. Furthermore, despite apparent belief, laws are frequently formulated in such a way that a particular wider term is extended to help interpretation. Eg. "It is prohibited to use a VPN in a way capable and intended to obscure one's physical internet access point identification". (Not a lawyer, not a native speaker, don't get anal with this wording, either.) I very much doubt any legally binding document would even use the term 'VPN' primarily to describe the technical means for anonymization, but rather describe it functionally.
And this is rather an anemic take. The (proposed) UK VPN ban that was recently discussed here have a definition on what exactly is a "VPN" for the purposes of the ban (basically "VPNs generally advertised to normal consumers") but a lot simply shouted "ssh go brr" (and definitely did not read the proposed law). These "let's go techical" thinking never flies with the poeple who makes such legislation, and in (probably unpopular!) opinion we should talk to them in terms that they can understand. Yes, we don't want that law, but having a purist take would probably alienate regular people.
It doesn't really matter that a single person has found a loophole because many, many other people don't have such a luxury, and that's what the lawmakers are aiming for.
I have worked for fintech companies that mandate VPN use as a security measure.
It's going to be interesting when the majority of the UK accesses the internet via VPN because of the increasingly ridiculous hoops that the UK makes them go through, and the government tries to stop them while also allowing VPNs to be used by the tech sector.
I agree, these are two separate legal processes powered by the same technology. But the internet doesn't have any awareness of legality (thankfully) so we're stuck with only the technical meaning.
> The (proposed) UK VPN ban that was recently discussed here have a definition on what exactly is a "VPN" for the purposes of the ban (basically "VPNs generally advertised to normal consumers")
It’s not taking about IPsec tunnels between networkers, or a connection back to your home. It’s talking about surfshark
Maybe, at the moment, because when Surfshark is banned people will learn how to make their own VPN (like I said, it's not hard), or find some other source. And then the government will move to ban that, and we'll go round the loop again.
The point, again, is that the tech is the same, and there's no method for determining what purpose the VPN is being used for.
To flip that though, what about just using those sketchy-ass malware-laden "residential IP" VPN providers and route your traffic through someone else's hacked up VPN running on a Fire TV stick they bought off JimBob for $200?
Tailscale is really not that hard to set up. There's an Apple TV app for it, even. And who doesn't have some friend in another state or country that would like an Apple TV?
Your friends don't find it uneasy that you can be tunneling illegal activities through their internet connection and have the FBI knocking at their door in a few months?
Exactly, I have friends from other countries. Friends I really like, I would not give a VPN access to my internet connection to most of them. They have to be the perfect intersection of technically competent (so that their computer doesn't get turned into a botnet) and fully trustworthy.
I do actually give VPN access to my mother that is not technically competent but I have full access to her computer and locked her down as much as possible
I live a thousand miles from another country. No I don't have friends in another country and I don't even know anyone with friends in another country except immigrants or spouses of immigrants.
How is it out of touch? GP comment makes it sound like the technical know to setup a VPN exit node is this crazily esoteric super weird nerdy thing that no one would expect anyone normal to even know about. Installing an Apple TV app onto an Apple TV and mailing it to a friend requires zero command line usage.
But no, Tailscale did not pay me for this comment. I do happen to know someone that works there though.
Don't bother with these comments. I made a similar reply to yours a few days ago and while most found it useful, a surprising amount of whataboutism occurred - no, Apple TV hardware isn't common, or no, only old people have them, or no, why would you use an Apple TV when [X] can do it cheaper, or no, why not self-host and not be dependent on Apple and Tailscale?
Entirely missing the point that setting up a VPN exit node on your own or someone else's connection is a crazily esoteric super weird nerdy thing outside of communities like HN, and Tailscale on an Apple TV box will not only work but automatically update itself with no intervention on your part, and that the person whose house it is in needs extremely minimal technical skill to do what you tell them to over the phone.
Thanks. With people in their own independent bubbles it's hard to tell, but with a guess at 25 million Apple TVs out there in the wild, I didn't think it was that esoteric, but what do I know.
I'd say that even the idea that you could VPN into your own network and forward all traffic through it is pretty far from the mainstream. Let alone how to actually do it. Most people think of VPN as a way to avoid porn blocks or getting tagged for piracy. But, as you and I both noted, the technical know-how for setting up Tailscale is not that high, and for using it is almost nil. Turn it on, pick an exit node, go. Combine that with a device that's intended as a consumer appliance that makes maintenance a non-issue, and you have a very good solution for the family geek.
