Comment by protocolture a day ago
GEOIP providers often sell a database of known VPN/Proxy endpoints. They take the approach of shoot first, ask questions later. Using one of these databases bans a lot of legitimate ip addresses that have seen been the source of known VPN or proxy traffic.
Its not perfect ofc, but its not meant to be. Its usually just used as a safety blanket for geoblocked intellectual property, like netflix.
I connect to my residential ISP in the USA via VPN all the time and have never had issues with being blocked for VPN use.
Maybe they mean commercial VPN providers that run on the cloud?
You know perfectly well what blocking VPN access means in common verbiage. I don't understand the motivation of these "hey look my WireGuard connection to home isn't blocked, you guys don't know the true meaning of VPN" comments that inevitably pop up in these discussions. Like come on, this is a tech forum, you're not impressing anyone for knowing the technical definition of VPN and how to set up WireGuard.
Here's me making a similar argument a month or so ago
https://news.ycombinator.com/item?id=45926849
Besides the political implications, I think we should try to find an objective taxonomy, it's clear that privacy VPNs and network security VPNs are different products semantically, commercially and legally, even if the same core tech is used.
Possibly the configuration and network topology is different even, making it a technically different product, similar to how a DNS might be either an authorative server for a TLD, an ISP proxy for an end user, a consumer blacklist like pihole, or an industrial blacklist like spamhaus. It would be a non trivial mistake to conflate any pair of those and bring one up in an argument that refers to the other.
The exhausting "well actually" masks a corrosive argument, that if you can't enforce the rules in a rigid and rigorous fashion, the rule is fiat.
It's not that he doesn't know the difference. He's making the argument that since there's no _technical_ difference there can be no legal difference.
Yeah, it's an ignorant and arrogant take on the legal system.
In most places the law is exercised pragmatically, interpreted by presumed intention. That's why legal precedent is important. You likely won't convince any judge being anal about the wording (maybe if the law gets applied for the first time). You can derail anything semantically. Furthermore, despite apparent belief, laws are frequently formulated in such a way that a particular wider term is extended to help interpretation. Eg. "It is prohibited to use a VPN in a way capable and intended to obscure one's physical internet access point identification". (Not a lawyer, not a native speaker, don't get anal with this wording, either.) I very much doubt any legally binding document would even use the term 'VPN' primarily to describe the technical means for anonymization, but rather describe it functionally.
And this is rather an anemic take. The (proposed) UK VPN ban that was recently discussed here have a definition on what exactly is a "VPN" for the purposes of the ban (basically "VPNs generally advertised to normal consumers") but a lot simply shouted "ssh go brr" (and definitely did not read the proposed law). These "let's go techical" thinking never flies with the poeple who makes such legislation, and in (probably unpopular!) opinion we should talk to them in terms that they can understand. Yes, we don't want that law, but having a purist take would probably alienate regular people.
It doesn't really matter that a single person has found a loophole because many, many other people don't have such a luxury, and that's what the lawmakers are aiming for.
Tailscale is really not that hard to set up. There's an Apple TV app for it, even. And who doesn't have some friend in another state or country that would like an Apple TV?
I am concerned that this comment reads like an advert, it's completely unnecessary and out of touch.
>I connect to my residential ISP in the USA via VPN all the time and have never had issues with being blocked for VPN use.
Bit of a non sequitur, you would have to outline your entire usage pattern to even submit that as N=1.
GEOIP providers dont sit on your home network. They do accept data from third parties, and are themselves (likely) subscribed to other IP addressing lists. Mostly they are a data aggregator, and its garbage in > garbage out.
If someone, say netflix, but other services participate, flag you as having an inconsistent location, they may forward those details on and you can get added to one of these lists. You might see ip bans at various content providers.
But the implementation is so slapshod that you can just as likely, poison a single ip in a CGNAT pool, and have it take over a month for anyone to act on it, where some other users on your same ISP might experience the issue.
These things can also be weighted by usage, larger amounts of traffic are more interesting because it can represent a pool of more users, or more IP infringement per user.
You can also get hit from poor IP reputation, hosting a webserver with a proxy or php reverse shell, or a hundred other things.
(Also, larger ISPs might deal with a GEOIP provider selling lists of VPN users that include their IP address space, legally, rather than just going through the process of getting the list updated normally. This means the GEOIP providers can get skittish around some ISPs and might just not include them in lists)
There is even a single company in the unique position to actually tell where exactly(-ish, considering CGNAT exists) where an IP address is located: Google. They do use the "enhanced location" data on Android devices to pinpoint where an IP is, so a single Android device can actually change fings for Google (and YouTube).
https://ipinfo.io/what-is-my-ip
Here’s one database to check.
For low-volume stuff you can always get a non-expiring 4G/5G bundle eSIM and tunnel through that. Because 4G/5G roaming always tunnels traffic through the home country, and then emerges from CGNAT so it can't be identified as foreign traffic.
But those data packages are expensive and not available with each wanted origin country. Also you need hardware on your side. But it is an option, just saying.