view the rest of the comments
Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
How do they detect it?
Are we talking commercial VPN like Nord or Proton? What about something like Tailscale to connect to your home network?
Sure, they could block based on your VPN provider, but they're probably also using Deep Packet Inspection .
The ELI5 verson: It's possible to just "watch" your traffic and notice that it's not the "normal" https traffic (which is the most common traffic) . This can be done by finger printing the request itself or just watching the amount of traffic. For example if you "visit" a website, but upload and download 3 megabytes of data and it takes 15 minutes to send/receive that data... well, that looks suspicious... and depending on the country, you may have some people knocking on your door.
VPN and any other encrypted app traffic has telltale signals. You might not be able to decode the content, but you can see who is talking to who, how often, how long, how much data, etc.
My firewall, Palo Alto, and my dns service, Cisco umbrella, has no problem identifying people using VPNs on my networks.
I wonder if someone could set up some form of tunneling through much more mundane traffic, perhaps even entirely over a legitimate encrypted service through a regular browser interface (like the browser interface for services like Discord or slack or MS Teams or FB Messenger or Zoom or Google Chat/Meet) where you can just literally chat with a bot you've set up, and instruct the bot to do things on its end, and then forward the results through file sending in that service. From the outside it should look like encrypted chat with a popular service over that https connection.
Things like that have existed. There are Reddit communities that are flooded with obfuscated comments that are used for communicating with bots. There’s probably one in the fediverse by now.