upvote

points

by sigio8 hours ago |
comments
upvoteby darkwater7 hours ago|
next
[-]
They are planning to also block VPN providers during football matches, see https://www.techradar.com/vpn/vpn-privacy-security/la-liga-w...
reply
upvoteby Mordisquitos7 hours ago|
parent|
next
[-]
They are not "planning" to block VPNs. A technologically illiterate judge has ordered it, but there are no plans nor mechanisms to enforce it.
reply
upvoteby darkwater6 hours ago|
parent|
next
[-]
The exact same stupid mechanism they are already using. Forcing ISPs to blackhole whole subnets if they belong to the VPN provider ASN(s).
reply
upvoteby chrismustcode7 hours ago|
parent|
prev|
[-]
If they can block IPs of cloudflare what extra mechanisms would be needed to block VPN IPs?
reply
upvoteby chmod7757 hours ago|
parent|
next
[-]
The only viable way to even get most of them is to shut down internet access entirely. It's not a realistic solution, unlike blocking a few well known IP ranges belonging to a large corp like Cloudflare.

And even if you managed to get them all beforehand, some VPN providers will adapt and keep some servers in reserve, putting them online just as you managed to block the previous ones. Getting around internet censorship is a large chunk of their business, and some are really good at it.

reply
upvoteby echoangle4 hours ago|
parent|
[-]
You don’t really need to block all, you just need to annoy the users enough that paying is easier. And I think there are enough games to use up the IP reserve pretty quickly and getting new ones every time is pretty annoying.
reply
upvoteby chmod7751 hours ago|
parent|
[-]
I can provision a new VPS in about 5s of active work. I'd probably fully automate spinning up new servers and failing over because automatically detecting which got blocked is trivial. Bonus points if you use providers that let you attach multiple IPs to each VPS for cheap. Use some censorship resistant decentralized protocols to provide the next couple IPs to your client software and you're good.

And then they still need to monitor hundreds of VPN providers for whether they have new IPs, which is not neccssarily as easy as just grabbing a list of them. Once they have some, they then need to forward them to the ISPs and ask for them to be blocked. Their process is significantly less friendly to automation.

No country ever won this fight short of total shutdown/disconnects.

reply
upvoteby mr-wendel6 hours ago|
parent|
prev|
[-]
It's a game. The VPN marketplace is huge so it's wack-a-mole.

Big companies don't hide their VPN ASNs. Obscure, for sure, but getting a good list isn't hard. Usually they get blocked.

Smaller companies may pass under the radar, and have higher tolerance for risky strategies.

The fringe providers are the problem. They aggressively change IP ranges, front-vs-obscure ownership, and play dirty. Shady folks will resell residential ranges. End-users often get tainted goods.

... and you still have the collateral damage game when VPNs host infra with big cloud providers vs colofarms vs self-host, etc.

reply
upvoteby prmoustache7 hours ago|
parent|
prev|
next
[-]
When talking about VPNs, it doesn't have to mean "third party VPN". You can host your own on any VPN service outside of Spain.
reply
upvoteby darkwater6 hours ago|
parent|
[-]
Yes, but that's not something many can do easily. Also already having to use a VPN is not the "right" solution. The right so solution is to beat some sense inside some politician's head, and force them to write and approve laws that don't let stupid (or conniving) judges pass orders like this one we are talking about.
reply
upvoteby prmoustache6 hours ago|
parent|
next
[-]
I agree it is not the right solution.

But anyone who is pulling docker images in a sunday afternoon while the rest of the country is glued to their screen to watch a football game or enjoying a sunny sunday outside having beers and tapas and what not should be capable of setting up wireguard.

reply
upvoteby marginalia_nu6 hours ago|
parent|
prev|
next
[-]
Given the context of the HN audience, it's probably something you can do.
reply
upvoteby msh4 hours ago|
parent|
prev|
[-]
It takes very light technical skills to deploy algo
reply
upvoteby ufocia7 hours ago|
parent|
prev|
[-]
"A _Sanish_ Court has ordered NordVPN and Proton VPN to block IPs transmitting illegal football streams" [emphasis added], that is inspain.
reply
upvoteby skgsergio7 hours ago|
prev|
next
[-]
Alternate DNS doesn't help, they block at IP level.

Yes, they block IPs belonging to CDNs (CF including R2, BunnyCDN, CDN77, Fastly, Alibaba, Akamai even)...

reply
upvoteby gred3 hours ago|
prev|
next
[-]
> run your systems outside of Spain

So much for digital sovereignty :-)

reply
upvoteby littlecranky676 hours ago|
prev|
[-]
It is not a DNS based block, but on the IP level. Once I knew what caused the issue, I figured I use one of my Hetzner vServers as an exit node in tailscale.

But come on, this can't be true. I wonder how many other people in IT wasted hours on issues and tickets to find out it is due to a football match taking place. Admittedly, chances are low, as football matches are usually outside of office hours.

reply