Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In addition to ad blocking, VPN is becoming a very important feature for modern web browsers. With so many countries blocking websites and websites geoblocking users it becomes necessary to help users circumvent that to access a wide web. This is kind of the whole point of web browsers, give access to world wide web, not local web.

Interestingly, Opera trying to compete with other browsers makes it pursue users interests, while other browsers yet again don't see Opera as competition, ignore users and pursue megacorp interests instead.



That used to be true before it was sold in 2016 to a Chinese conglomerate. As noted above, the Chinese removed VPN apps from the Apple app store, but they left this one. Which means it's compromised.


How does it conclusively mean that?


You cannot legally sell a VPN without lawful intercept capabilities in China. My guess is that if the Chinese authorities have let this VPN pass through the system, it could mean there must be some way for the Chinese authorities to intercept traffic. Of course, this conclusion is not backed by any evidence.


> Interestingly, Opera trying to compete with other browsers makes it pursue users interests

Lol, sure the closed source browser owned by chinese is out there for user's interests! /s


It’s a small jump from blocking websites to blocking popular VPNs. I know two countries which block websites (Russia and Kazakhstan) and they either block or have plans to block VPNs. I don’t see centralized VPN as effective solution for that problem.


How do you block a VPN though? Do you just constantly chase after their IP addresses? I mean Netflix and similar services do try but with not much luck really.


Netflix do it with a good amount of success I thought.

Self hosting a vpn is still beyond the vast majority of consumers and every big player in the market has their ip ranges mapped thoroughly.


You use deep packet inspection to detect and block VPN protocols. Ask the Egyptian gov!


That isn't at all the same problem: Netflix is trying to block being accessed by a VPN, while China/Russia/etc. want to block users from talking to a VPN.


How do you block "talking" to a VPN?


When packets traverse the edge router, IX, cable (landing) station, .. if they're recognised as VPN traffic, then the server's IP (or IP / port) is added to a blacklist, every subsequent packet is dropped.

https://en.wikipedia.org/wiki/Deep_packet_inspection


Yup; this is why VPN over HTTPS is a thing.


HTTPS has whole series of side-channel leaks, which can be exploited to fingerprint the tunnelled protocol: many implementations don't add padding or active probing resistance.

Sizable communications with an uncommon IP can be singled out by netflow analysis.

But yes, it usually works.


You will start with blocking their websites. Then you might want to reverse-engineer it just a little bit (for example to find out which domains they connect to) and block those domains. Usually that's enough to block most of people from using it.


Of course it's not a solution for countries that block VPNs, but most countries that block websites don't do that.


This had me thinking. Since Cloudflare wants to provide free VPN. May be they should collaborate with Firefox and Offer a Browser with Cloudflare VPN / DNS by default?


Mozilla already partnered with ProtonVPN.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: