Lawmakers want to ban VPNs and have no idea what they're doing
88 comments
·November 14, 2025txrx0000
pksebben
It is the objective, it's always been the objective. The worst part is that I bet these people don't even think of themselves as authoritarian so much as they stumble into it through a combination of selfishness, ignorance, and complete disregard for ethics. They like money and power, more information means more of both, darn the torpedos, tap the lines, hit the gas and all of a sudden it's oops all facism.
b00ty4breakfast
The goal is controling the flow of information online. "protecting the children" may or may not be a sincere concern but ultimately censorship is what is desired here.
duxup
I think putting parents in control is the right path, but will reveal a sad fact.
Many parents aren't taking time to be in control, and no amount of legislation will fix that.
Jordan-117
Or the sadder fact that it's not actually about protecting kids.
null
null
lukashoff
> And even if it isn't, this level of stupidity is harmful.
How much more proof do we need that we're speedrunning the authoritarianism and frankly we're already somewhat authoritarian, it's just pluralism for now. Wait until the elites eat each other and only one dictator is left.
cornonthecobra
I'm reminded of efforts in the 1990s to ban strong encryption in email and websites because governments tried to tell us it was used by drug dealers and pedos to do their nefarious activities.
Yes, governments really did want to force us to use HTTPS with only broken/weak crypto.
Same propaganda, different buzzwords.
dreamcompiler
seanhunter
Yes and https://en.wikipedia.org/wiki/Bernstein_v._United_States
Notice that in those cases DJB was represented by the eff, so they have been involved in this issue for a very long time.
add-sub-mul-div
In hindsight, they really misjudged how comfortable pedos would be with discussing their affairs in plaintext email.
jsmo
just the rich, well-connected ones with friends in high places right?
Havoc
Stuff like this really reminds me how nobody is actually in control. Entire countries are just going where ever the rivers takes them with those supposed in charge not knowing any better and often worse than the rest and functionally being so clueless they’re passengers too
throw7
Wisconsin "porn" websites will just move out of Wisconsin.
The bill reads like you would think from someone who's been talking with the ceo of an age verification company. The bill gives the website two options: use a _commercial_ age verification product tied to gov't id checking, or "digitize" the web user's gov't id.
nijave
Holding out for government IdP that can return verified but anonymous data (like age)--like a JWT that has no identifier besides an age claim.
Seems highly unlikely it would ever happen (at least in the U.S.) but seems like it'd solve a decent amount of verification problems. With a JWT, the IdP wouldn't even necessarily need to know the recipient since the validity could be verified by the consuming party using asymmetric crypto.
stavros
You don't need to burn books if you can just ban access to them!
rileymat2
"Here's what happens if VPNs get blocked: everyone has to verify their age by submitting government IDs, biometric data, or credit card information directly to websites—without any encryption or privacy protection."
Can someone explain how this is true? Even if there is not a VPN, there should be https encryption and privacy protection.
stavros
They mean "no privacy protection from the website", presumably. Websites getting compromised and leaking IDs is a big deal, now that we've decided that websites should be seeing our IDs.
joquarky
My guess is that this data isn't secure even at rest, as the constant flow of data breaches has shown.
codedokode
It's funny how democratic countries copy whatever laws authoritarian regimes passed, but with a 5-year lag.
pjc50
This sort of thing turns up very regularly in US politics, from the Comstock Laws to the Communications Decency Act. The late 90s even had a requirement to use easily breakable encryption (48-bit RSA) which big tech companies generally obeyed. And a worse proposal (the "clipper chip") which was never deployed.
Authoritarianism is not limited by your birthplace, it can turn up anywhere. And when it does people are often really enthusiastic about it.
wseqyrku
Could be more serious than that, maybe it's not a lag. Maybe they are becoming.
tim333
The Great Firewall dates from 2003 and we still don't have a Great British Firewall so the lag seems longer.
Dave9k
UK ISPs block around 1500+ domains through High Court orders and police make 12k+ arrests a year for online speech. You don’t need a formal firewall when the effect is the same in practice.
bamboozled
It's not funny, it fucking sucks.
pissmeself
[dead]
skeledrew
And cue the rise of self-hosted VPNs. 1 click to get a VPS instance, install VPN software, and make a connection. Automatically destroy the instance with another click or after a certain amount of time.
txrx0000
If this keeps going, they will ban self-hosting next: only government-approved hosts allowed.
We can't just rely on technological solutions because you can't out-tech the law at scale. People need to actually understand that the government is very close to having the tools needed for a stable technocratic authoritarian regime here in the US and all around the world. It might not happen immediately even if they have the tools, but once the tools are built, that future becomes almost unavoidable.
joquarky
Seems like a raspberry pi hidden at a library, restaurant, or anywhere with wifi would thwart this.
null
skeledrew
I feel like that'd take a level of surveillance that's technically unsustainable. But then again, sustainability isn't a consideration when it stands in the way of "better" control.
haxiomic
AI is the perfect low cost tool to enable that. Plantir knows this and has been making strategic moves to build this
Seems quite achievable and sustainable to me
Every human carries dense compute and sensors with them. If they don't they stand out while still surrounded by dense compute and sensors held by others at all times
Not nice to think about but it is the reality we are moving towards – vote accordingly
superkuh
When the ban happens it'll be really easy to implement without requiring only government approved hosts or any such distributed measures requiring enforcement. Certificate Authorities.
There are just a handful of corporations get to decide which websites are visitable every 90 days. Put a bit of legal pressure on the corporate certificate authorities and there's instant centralized control of effectively the entire web thanks to corporate browser HTTPS-only defaults and HTTP/3 not being able to use self-signed certs for public websites.
Crontab
I've been considering doing that, because it seems a lot of VPN owned IP addresses are being flagged.
txrx0000
Consider SoftEther, which is VPN over Ethernet wrapped in HTTPS. It's open-source. It has a server discovery site called VPNGate. You can host a server to let somebody else use, then use a server soneone else is hosting.
We're really only missing a few things before there's decentralized VPN over HTTPS that anyone in the world can host and use, and it would be resistant to all DPI firewalls. First, a user-friendly mobile client. Second, a way to broadcast and discover server lists in a sparse and decentralized manner, similar to BitTorrent (or we may be able to make use of the BT protocol as is), and we'd have to build such auto-discovery and broadcasting into the client. Third, make each client automatically host a temporary server and broadcast its IP to the public server lists when in use.
suslik
Using this tech, all the CP traffic would detectably flow towards my ip, right? I’m sure I’m not the only one who would find this worrisome.
pona-a
As someone born in a post‑Soviet country with rather many odd digital laws--including one requiring that any use of encryption be registered with the department of commerce and the secret service (meaning no TLS unless you get a permit)--I can clearly see the endgame of similar proposals.
These laws aren’t meant to be followed. Their text is deliberately vague, and their demands are impossible by design. They aren't foolish, or at least their ignorance isn't needed to explain the system's broader function. They are meant to serve as a Chekhov's gun that may or may not fire over your head, depending solely on whether the people holding it decide like you.
In peaceful times, they fade into the background, surfacing only when it’s convenient to blackmail some company for cash or favors. In times of crisis, they declare a never-ending war on extremism, sin, and treason, fought against an inexhaustible supply of targets to take down in front of their higher‑ups, farming promotions, contracts for DPI software, and jobs updating its filters.
Historically, such controls were limited by the motivation and competence of the arms dealers, usually taking the form of DNS or IP blocks easily bypassed with proxies. With modern DPI, it's entire protocols going dark. Even so, those able to learn easily find a way around them. The people who suffer most are seniors, unable even to call family across the border without a neighbor's help, and their relatives forced into using least trustworthy messengers (such as Botim, from the creators of ToTok, a known UAE intel operation [0]) thinking they're the only way to stay in touch, not knowing how or wanting to use mainstream IM over a VPNs that may or may not live another month.
If wherever you are your votes still matter, please fight this nonsense. Make no mistake, your enemies are still more ridiculous than Voltaire could hope they'd be, but organizing against or simply living through a regime constantly chewing on the internet's wires is going to be a significantly greater inconvenience than taking _real_ action now.
conartist6
Isn't it Wisconsin law that lets the Governor change any numeric digits in a law while it's on his or her desk?
One of the most bizarre legal opinions I've ever heard of, but if they used any digits in the writing of the law those are up for grabs. Law makes a 30 day window or something? The governor can just change it to a million days with a stroke of the pen and then sign the edit into law with the same pen!
gizmo686
> Isn't it Wisconsin law that lets the Governor change any numeric digits in a law while it's on his or her desk?
Pretty close.
> (b) If the governor approves and signs the bill, the bill shall become law. Appropriation bills may be approved in whole or in part by the governor, and the part approved shall become law.
> (c) In approving an appropriation bill in part, the governor may not create a new word by rejecting individual letters in the words of the enrolled bill, and may not create a new sentence by combining parts of 2 or more sentences of the enrolled bill
https://docs.legis.wisconsin.gov/constitution/wi_unannotated
The big limitation here is that it is limited to appropriations. Further, the constitution goes out of its way to try and prevent creative vetoing.
Unfortunately, the court decided that numbers are not words.
As a result, the governor changed "for the 2023–24 school year and the 2024–25 school year" to "for 2023–2425"
https://statecourtreport.org/our-work/analysis-opinion/wisco...
stavros
May not reject individual letters? You know that's there because someone did it before.
nwellinghoff
What if it’s a “thirty day” window? Safe?
conartist6
Yes, my understanding is that only digits are meaningless per the supreme court's ruling there
create-username
Why ban VPNs when you can freely force social networks like HN to tie nickname registration to an state issued digital ID certificate to guarantee freedom of speech and legal accountability?
https://old.reddit.com/r/XGramatikInsights/comments/1ovd88s/...
tim333
Because you can't freely force social networks like HN to tie nicknames to a state IDs. Just because some politician said that doesn't make it so.
stavros
You can, though. That's what laws are.
null
tamimio
Not just social media, expect ANY app to be able to “verify” you through the new apple digital ID (android wallet soon I assume), the “verification is simple and seamless!!”, and add few Alegria drawings explaining why providing your ID helps defeating the “bad evil guys!!” and you are good to go.
throw-the-towel
And also to defeat AI slopbots!
imtringued
To this day I have no clue what the point of this idea is. Forcing you to use an ID on the internet is the real world equivalent of making everyone you interact with take a photo of your ID. It's completely nonsensical.
Considering that most crimes require people to be physically present at the crime scene, it also doesn't seem to be a functioning deterrent at all in the real world.
Most of the bad behaviour is concentrated in "seedy" places, where you usually have to go out of your way to interact with that place. A real name policy doesn't change the nature of the place at all.
If anything, the places that would be most affected are the ones where people are roleplaying or pretending to be something other than "themselves". E.g. gay or transgender people, furries, MMO/MUD/MUSH players, streamers, etc which overall seem to be exceedingly harmless.
There is also the blatantly obvious problem that this only works on people who are risk averse to begin with. So it will basically have no effect on actual perpetrators, who see some risk vs reward tradeoff for their bad behaviour.
pjc50
Republican lawmakers, in this case.
A device-side IP filter locked behind a password that parents can configure in the device's settings would be much more effective and easier to implement than censoring the Internet. This should be the default solution, yet it's never brought up for whatever reason.
Not to mention these online content censorship laws for kids are wrong in principle because parents are supposed to be in control of how they raise each of their own kids, not the government or other people.
And these laws make authoritarian surveillance and control much easier. It's hard to not see this as the main objective at this point. And even if it isn't, this level of stupidity is harmful.