
Pakistan bans VPNs - molecule
http://tribune.com.pk/story/240736/virtual-watchdog-internet-users-banned-from-browsing-privately-for-security-reasons/
======
reginaldo
The goal of the Pakistani government seems to be the complete obliteration of
all private communications. But the only way to do that is by banning all
communication.

With the ban on VPNs, steganographic[1] techniques that make encrypted traffic
look like regular traffic will become more and more common. The troubling
thing is the fact that these techniques are somewhat hungry for bandwidth.

[1] <http://en.wikipedia.org/wiki/Steganography>

~~~
omouse
Psh, you can still spread messages person to person, you know, in _REAL LIFE_.
It's sad how we're all tied to the Internet and try to make it the first and
foremost way in which we communicate.

~~~
lallysingh
Most governments only go to controlling online activity _after_ controlling
real-life activity. I don't know about Pakistan specifically, but typically
the domestic "security" organizations are rather adept at tracking down groups
who organize in meatspace.

------
emilsedgh
In Iran, in the days we had protests, they dropped all encrypted connections
as well. That makes internet simply unusable. I hope this would never come to
Iran, although I believe it will. Soon.

~~~
qq66
What about the possibility of encrypted traffic that doesn't look encrypted?
Perhaps "Liking" public Facebook status updates such that the first letter of
each status liked, in chronological order, is the datastream.

~~~
derwiki
While not encrypted, Iodine (<http://code.kryo.se/iodine/>) does a similar
thing by putting data payload in DNS requests/responses.

------
gilgad13
To do this, wouldn't they have to effectively block SSL and SSH connections as
well? SSL is used in OpenVPN and some Cisco implementations. And we all know
that you can tunnel any port over ssh.

Or is the plan that the punishment for stepping outside the lines be enough to
keep people from experimenting with these technologies?

~~~
pavel_lishin
From the article, it sounds more like Pakistan has banned all encryption than
VPNs specifically - VPNs were just one example cited.

~~~
kijin
Hmm, that would mean no Gmail for anyone in Pakistan. Any service that uses
SSL for logins would also become unusable if SSL was banned.

I don't see any mention of a wholesale ban on encryption, only the use of
encryption for privacy purposes. So, port 443 might still be open. It's still
pretty easy to distinguish between HTTPS traffic and VPN traffic, though.

~~~
pavel_lishin
Well, the article said:

> Authority prohibited usage of all such mechanisms including encrypted
> virtual private networks (EVPNs) which conceal communication to the extent
> that prohibits monitoring.

They sure can't monitor your email if you're using SSL, so I'd wager that yes,
if you have gmail and live in Pakistan, now would be a great time to back it
all up.

~~~
pohl
_They sure can't monitor your email if you're using SSL..._

That would have been my gut feeling until I saw this yesterday:

<http://news.ycombinator.com/item?id=2938516>

------
mhlakhani
They're doing this under the pre-text of monitoring all internet usage so that
they can 'search traffic for terrorist communication'.

At my university, students are required to browse through an authenticated
proxy (which we have to sign in to using our university IDs), which logs our
browsing history. This is done so that they can comply with the PTA's
requirement that an ISP should be able to provide browsing history of all
users for the last 45 days upon request.

Never mind that it's trivial to get around that proxy, all it actually does is
mess up most stuff like Windows updates, gaming, etc.

------
77ko
SSL works in most ISP's in Pakistan, though anti-state and very bad for the
children websites like the Rolling Stones are blocked. Nice, Pakistani
friendly sites like redtube or child porn remain unblocked of course.

VPN's work too, so far. I'm on one right now. As to why - the filtration
system the government is using is so brain dead - there is basically one
Juniper router and a couple of Cisco routers (last time I looked) - through
which the entire country's traffic is routed.

Using a VPN makes web browsing much faster, with no annoying "waiting" moments
- which I presume is the routers locking up under massive load.

The day VPN's are blocked is going to be a sad day indeed. I am going to
explore for alternatives to VPN's. Way back in the days of super slow dial up
I used these services which would take a link and email the page or entire
site to you depending on the command you sent, in a zip file.

------
77ko
Besides censorship, another reason is the local telephone monopoly, PTCL is
trying to shut off all voice gateways into Pakistan, which are causing it to
lose money and are hard to tap into as they are routed over VPN's to a local
gateway connected to a bunch of landlines or cellphones which connects the
local call.

Though of course they could just tap into the local last mile...

------
praptak
If Pakistani government can easily spy on the communications of their
citizens, so can other organizations. Israel, India, Iran, to name a few of
them.

~~~
panacea
"to name a few of them."

I'm guessing the extended set contains countries with names that don't start
with "I"?

------
thethimble
This does nothing to stop people who are intent on communicating privately
(SSL, SSH, public key encrypted messages, etc.) and everything to hamper
internet progress in Pakistan.

Why would a tech company even consider spreading/outsourcing to Pakistan after
this?

~~~
noarchy
For the same reason that they spread, for example, to China? If they think
there is money to be made, you can't underestimate the concessions that a
company will make to the local government.

------
jasonjei
Apple obviously uses VPN in its non-Cupertino locations, presumably too with
its production lines in China. I know that China allows the use of VPN for
businesses with a legitimate need. Even though Pakistan was never an ideal
location for doing business anyway, they've essentially banned any technical
business from conducting operations in Pakistan.

~~~
77ko
They are asking companies and banks etc. to register their VPN's with the
govt.

Basically, if you're a multinational or a large local corporation you get to
use VPN's. Private citizens need not apply.

~~~
toyg
More red tape, exactly what businesses need! <sarcasm>

Even multinationals don't enjoy having to spend extra resources to keep track
of such arbitrary requirements. Will they need to register only the IP of
their VPN gateways, or also the client IPs? Will they need to specify the type
of software they use? What are the chances that they'll also be asked for
certificates, so that spooks can snoop anyway?

If I have a website running on servers in Jamaica, selling paper planes, and I
use SSL because it's the right thing to do, will Pakistani customers be able
to buy anything from me? Obviously I haven't registered with the Pakistani
government, chances are that I don't even know what Pakistan is!

This is unbelievable.

(On the other hand, it's a wet dream for the likes of RIAA...)

------
sturadnidge
I am not sure this is that much more disturbing than the British Government
even thinking about restricting the use of social media apps during times of
civil disobedience. And this is extremely disturbing.

How can any global company now do business in Pakistan? Surely there is some
kind of back door in there.

~~~
77ko
There is, businesses can 'register' their vpn's and continue using them.

------
mkup
OpenVPN sessions look like SSL traffic to the eavesdropper. So there's a good
reason to use OpenVPN in Pakistan. They'll have to ban SSL at the state level
as well.

------
lurkinggrue
On the plus side: It's much easier to steal credit cards there.

~~~
77ko
You are assuming people have credit cards here. Some do, yes, nut over 99%
don't.

------
maeon3
I'm not sure how banning VPN's is going to stop the terrorists. Don't they use
cellphones to coordinate their strikes? You would have to stop the internet
and all forms of communication to slow them down, and then still you wouldn't
slow them down much. We gotta get "Right to bear encryption" next to "Right to
bear arms" in the constitution/bill of rights.

~~~
Estragon
Americans don't have a monopoly on using bogeymen to justify unpopular and
stupid policies.

------
rorrr
So no more online banking? Everyone's accounts are in danger.

