upvote

points

by Mordisquitos7 hours ago |
comments
upvoteby darkwater6 hours ago|
next
[-]
The exact same stupid mechanism they are already using. Forcing ISPs to blackhole whole subnets if they belong to the VPN provider ASN(s).
reply
upvoteby chrismustcode7 hours ago|
prev|
[-]
If they can block IPs of cloudflare what extra mechanisms would be needed to block VPN IPs?
reply
upvoteby chmod7757 hours ago|
parent|
next
[-]
The only viable way to even get most of them is to shut down internet access entirely. It's not a realistic solution, unlike blocking a few well known IP ranges belonging to a large corp like Cloudflare.

And even if you managed to get them all beforehand, some VPN providers will adapt and keep some servers in reserve, putting them online just as you managed to block the previous ones. Getting around internet censorship is a large chunk of their business, and some are really good at it.

reply
upvoteby echoangle4 hours ago|
parent|
[-]
You don’t really need to block all, you just need to annoy the users enough that paying is easier. And I think there are enough games to use up the IP reserve pretty quickly and getting new ones every time is pretty annoying.
reply
upvoteby chmod7751 hours ago|
parent|
[-]
I can provision a new VPS in about 5s of active work. I'd probably fully automate spinning up new servers and failing over because automatically detecting which got blocked is trivial. Bonus points if you use providers that let you attach multiple IPs to each VPS for cheap. Use some censorship resistant decentralized protocols to provide the next couple IPs to your client software and you're good.

And then they still need to monitor hundreds of VPN providers for whether they have new IPs, which is not neccssarily as easy as just grabbing a list of them. Once they have some, they then need to forward them to the ISPs and ask for them to be blocked. Their process is significantly less friendly to automation.

No country ever won this fight short of total shutdown/disconnects.

reply
upvoteby mr-wendel6 hours ago|
parent|
prev|
[-]
It's a game. The VPN marketplace is huge so it's wack-a-mole.

Big companies don't hide their VPN ASNs. Obscure, for sure, but getting a good list isn't hard. Usually they get blocked.

Smaller companies may pass under the radar, and have higher tolerance for risky strategies.

The fringe providers are the problem. They aggressively change IP ranges, front-vs-obscure ownership, and play dirty. Shady folks will resell residential ranges. End-users often get tainted goods.

... and you still have the collateral damage game when VPNs host infra with big cloud providers vs colofarms vs self-host, etc.

reply