• TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      48
      ·
      edit-2
      9 months ago

      Its literally a violation of the EU human rights agreement…

      Is it? In Portugal there have been a similar law for years and nobody cares apparently. It isn’t as wide as the Italian one, it just says ISPs are required to block access to websites a govt. entity lists.

      Also no company will comply with that shitshows ridiculous orders.

      Are you sure? Think about it… “All VPN and open DNS services must also comply with blocking orders”. A VPN provider can’t legally sell their services in Italy unless they comply. The best part is: since the govt is blocking websites they can also block providers who doesn’t play according to their rules :)

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          10
          ·
          9 months ago

          VPNs are extremely easy to detect and block. You need to do deep packet inspection but it can be done if they’re willing to pay for it.

          This is what it’s going to come down to, whether ISPs will be willing to eat the costs for all the blocking.

            • TCB13@lemmy.world
              link
              fedilink
              English
              arrow-up
              10
              ·
              9 months ago

              Just because something is “technically” possible doesn’t mean its scalability and costs are a actually considerable option.

              Any mid-range / price firewall solution is capable of effectively blocking most VPN solutions. Both OVPN and Wireguard VPN traffic is trivial to identify as such and block. Here’s an example and another.

              Btw, I’ve never seen something like that, my VPN worked even in China, and that must mean something…

              China’s great firewall works a little bit differently. They aren’t actively blocking certain kinds of traffic by default because that would mean a large DPI effort they don’t want to undertake. Also if you google a bit about it you’ll find that people’s experiences are mostly “my VPN worked fine for a day/week/month and then it was blocked”. It seems they’ve some IPs and domains blocked and the rest is some kind of machine learning that applies rules as it sees fit, this guy here has a good analysis of it.

                • TCB13@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  ·
                  9 months ago

                  As said, I’ve never seen a network that even tried to block any kind of VPN, and i have seen numerous networks… I kinda built them even. Good, i don’t think anyone outside of a clownshow authoritarian circlejerk would even try to do that.

                  All the serious companies (financial sector) I worked for so far did it, because as I linked is really easy with any cheap firewall solution.

                  clownshow authoritarian circlejerk

                  Well… a bank could be considerar that indeed, but you know, security concerns and all.

                  VPNs are very very necessary when you work with sensitive data in BtoB, wanna do remote checkup of a server? You better use a fucking VPN or you aint getting in.

                  So what? A company can use a firewall to block VPNs when the target IP isn’t on some whitelist, or the source computer isn’t authorized to use VPNs. On those high security setups at banks and whatnot client machines inside the company network won’t need to touch a VPN to do a “remote checkup of a server” at some cloud provider as the network will be configured to internally route the traffic from all computers / users (backed by SSO/AD credential) to access those resources via a special VPN setup on some router / server.

                  Wanna help someone over TeamViewer? Thats not much different from a VPN…

                  Fortinet and WatchGuard can both distinguish a VPN from TeamViewer. They can actually do much more than that, even TeamViewer from RDP or VNC is just a couple of clicks on their UIs.

        • TCB13@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I agree with you, but still the portuguese law is equally a violation of the EU human rights agreement.

            • TCB13@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              9 months ago

              Kind of, the law doesn’t actually say that it only applies to ISPs… technically speaking the Portuguese law could be applicable and enforced with a VPN provider is a court decided to do so. The legislation is kind of written in a vague way that may apply to more than just ISPs. So far they only pressured ISPs to block websites.

                • TCB13@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  edit-2
                  9 months ago

                  but the processes are so fucking long that getting something blocked takes time, our ISPs fight almost every time (…) The only actual option to get something out of the internet is to find the server and shut it down.

                  Not the case at all around here (Portugal), the blocks are quick and ISPs don’t even complain, they simply comply. What the law says is that there’s a govt entity called IGAC that is allowed to ask ISPs to block a website (domain name) as long as the website is flagged as containing / hosting piracy or other form of copyright infringement. The only requirement is that IGAC has to notify the website owner asking to remove the content prior blocking. After 48 if the website is still hosting said content then IGAC will ask the ISPs to block it.

                  Since this is all DNS based one can, obviously, set their DNS servers as Google or Cloudflare and bypass the block. Now the problem is that this is all fun and games until someone in the govt decides to go against Cloudflare and other DNS providers, the law would allow them to easily do it the way its written.