I read a comment where you mentioned that the ISP is able to know when
someone is using a VPN partly because the ISP knows that the packets are going
to the VPN’s server. But then, how is it possible that so many people in China
or the UAE use VPNs? In fact, the ISPs in those countries actually block the
VPN’s websites. If they know that the packets are going to the VPN’s server,
then why don’t they prevent the packets from being sent over there in the first
place?
In this excerpt from
Answercast #56, I look at the difficulties in using VPN services from
countries that want to block these services.
Become a Patron of Ask Leo! and go ad-free!
VPN services
It’s interesting. My gut reaction to this is that what’s really happening is
a glorified game of whack-a-mole. So, what it means is that the VPN services
are basically changing the IP addresses of their servers on a semi-regular
basis.
Many standard VPN services, the ones that don’t play this game, they can’t
be used from those countries. This applies to both VPN services and proxy
services.
Jumping servers
There’s a big market in… I don’t want to say “market”… there’s a big
organized effort to provide proxy servers to people who are in countries behind
these kinds of firewalls.
The way that they do that is provide proxy services, provide VPN services,
on a large number of different servers whose IP addresses effectively change.
Once these other countries determine that this server is being used as a VPN
and they block that server… well, the server side knows that happens so they
fire up another server on a different IP address or they move the server to a
different IP address. That way, that new IP address is not blocked.
People in those countries can use the server for a while until that country
says, “Oh, well here’s another VPN service on a new IP address. We’ll block
that IP address.” And then the process starts all over again.
It’s a “game”
Like I say, that’s why I call it a game of whack-a-mole. It’s a game of cat
and mouse. It’s a game where basically you keep changing IP addresses every
time your IP address gets blocked.
People in those countries that are trying to use these services have a
really hard problem. They need to be able to know what to connect to and
there are various techniques that people are using to get the information about
what today’s proxy settings are. But by and large, that’s what it takes.
VPN’s can be blocked
You’re absolutely right; a VPN service that is on a specific IP address can
absolutely be blocked and typically is blocked. But what happens is
that VPN and proxy servers are out there on changing IP addresses; IP addresses
that change as soon as they’re blocked, giving people that are in those
countries an opportunity (at least for awhile, until the IP address gets
blocked) to connect out to the rest of the internet.
It’s an interesting problem and it’s a difficult problem. It’s a problem
that has both pros and cons to it.
Political arguments
Governments on the inside feel that they have the right to “protect” (so to
speak) the people in their countries. On the other hand, political activists
and so forth believe strongly that it’s important that information be able
to flow freely in both directions across those kinds of firewalls.
So, it’s like I said, it’s an interesting problem. It’s a game of cat and
mouse. It’s definitely not simple.
Ultimately, you’re right. Standard VPNs will be blocked, but the ones that
are designed specifically to circumvent this kind of blocking really only
circumvent it for a short period of time and then the game starts over
again.
End of Answercast 56 Back to – Audio
Segment
Ultrasurf is popular with people in firewalled countries. And they now publish UltraVPN. They are apparently blocked in some countries though, because they provide true internet anonymity. Check them out on http://www.ultrasurf.us., and they’re free.
Information – not spam.