It’s not some theoretical topic, it’s the reality for China, Russia, Iran. They do block commonly used VPN protocols, so people now use VPN with obfuscations. Some work, some doesn’t, some stop working as time goes. So when people say “Ha-ha, I’ll just use VPN”, it will help you for some time but the trend is they will make it a problem for you, better start preparing before it happened.
Steganography is extremely far from undetectable, unfortunately. And trivial to find out once you know its there; if we ever allow a framework to be put in place to intercept communication at a large scale, it will be the inverse of the cat and mouse game we have with encryption : very hard to improve, very easy to detect.
And I’m aware of the many funky things we did. At some point people tunneled DNS queries through HTTPS, to get through wifi captive portal that only allowed HTTPS traffic until authenticated.
Just to be clear, I’m aware of the issues of detecting stealth data, and even detecting encryption against seemingly random data. It’s kinda fascinating to detect the difference, too; some people have looked into that. But the point is, if you’ve already agreed on “banning encrypted communication that can’t be listened to easily”, you can basically just say “this is gibberish, decrypt it or get to jail”. I also know that this sounds insane and throw away the “innocent until proven guilty” principle, but we’re slowly creeping toward a world where our device scans all our document and communication to notify of issues to a central authority, where black box in large networks are already present, and so on.
It’s been slowly creeping toward that. Finding way to hide traffic on public networks can only go so far if the listener can just stop you if it detect what looks like encrypted content.
And, since this is kind of a heated discussion, I’ll reiterate: it would be batshit crazy to go this way. But I would have found batshit crazy to have our own devices spy on us and report suspicious activities to third parties years ago, and yet here we are.
You can probably block companies offering public VPN services.
But good luck blocking VPN in general.
It’s not some theoretical topic, it’s the reality for China, Russia, Iran. They do block commonly used VPN protocols, so people now use VPN with obfuscations. Some work, some doesn’t, some stop working as time goes. So when people say “Ha-ha, I’ll just use VPN”, it will help you for some time but the trend is they will make it a problem for you, better start preparing before it happened.
Anything encrypted is blocked. Boom, done.
Is it stupid? Yes. Never stopped lawmakers.
How do you know if something is encrypted?
https://en.wikipedia.org/wiki/Subliminal_channel https://en.wikipedia.org/wiki/Steganography
Or for more practical implementations: https://blog.frost.kiwi/ssh-over-https-tunneling/ (granted, this one uses normal looking encryption to hide hide maybe unwanted encypted traffic) https://nurdletech.com/linux-notes/ssh/via-http.html
Steganography is extremely far from undetectable, unfortunately. And trivial to find out once you know its there; if we ever allow a framework to be put in place to intercept communication at a large scale, it will be the inverse of the cat and mouse game we have with encryption : very hard to improve, very easy to detect.
And I’m aware of the many funky things we did. At some point people tunneled DNS queries through HTTPS, to get through wifi captive portal that only allowed HTTPS traffic until authenticated.
Just to be clear, I’m aware of the issues of detecting stealth data, and even detecting encryption against seemingly random data. It’s kinda fascinating to detect the difference, too; some people have looked into that. But the point is, if you’ve already agreed on “banning encrypted communication that can’t be listened to easily”, you can basically just say “this is gibberish, decrypt it or get to jail”. I also know that this sounds insane and throw away the “innocent until proven guilty” principle, but we’re slowly creeping toward a world where our device scans all our document and communication to notify of issues to a central authority, where black box in large networks are already present, and so on.
It’s been slowly creeping toward that. Finding way to hide traffic on public networks can only go so far if the listener can just stop you if it detect what looks like encrypted content.
And, since this is kind of a heated discussion, I’ll reiterate: it would be batshit crazy to go this way. But I would have found batshit crazy to have our own devices spy on us and report suspicious activities to third parties years ago, and yet here we are.
I knew HTTP would make a return without its brother TLS someday!
There several sites I visit I have to fight with cause of VPN blocking.
That isn’t blocking VPNs, it’s blocking requests from data centers. Important distinction