Banning VPNs

This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children!

As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing­ potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction.

The EFF link explains why this is a terrible idea.

Tags: , , ,

Posted on December 1, 2025 at 7:59 AM39 Comments

Comments

Rontea December 1, 2025 9:15 AM

By demonizing VPNs as tools of subversion, they pave the way for a surveillance-driven internet where privacy is effectively outlawed. Such measures echo the dystopian logic that safety requires submission, and freedom must be sacrificed for control. If enacted, these bans would mark a chilling step toward a society where government oversight of online activity becomes the norm, and personal choice is quietly erased.

Kevin December 1, 2025 9:32 AM

Of course, absent from all these discussions is the fact that “sexual material” has been easily accessible on the internet for over 25 years. Almost everyone I know first saw such content from a young age. Yet, society hasn’t fallen apart? I don’t know anyone who was scarred for life because they saw sexual content at a young age. I’m not saying it isn’t harmful, like it does give unrealistic expectations of sex, but at the same time, it’s not so “harmful to children” that we need to go to such extreme lengths to block it.

Of course, I know it’s all a ruse, an excuse to eventually block VPNs altogether and surveil everything we do online, but I feel like my point isn’t brought up enough.

Let IT Run ITS Natural Course December 1, 2025 10:18 AM

You know what water does? It always finds that POLR.
That’s how people work too. It takes a bit longer but a lot of
smart/intellectuals will then leave the USA for another country
which does not ban the VPNs – simple as that.
I know that not everyone can afford to leave and move
out of the country but perhaps the Revolution will take
care of it for the rest of us?
Government will keep pushing the Boundaries until
the People have had enough – ENOUGH People, that is.

Bruce, please release my previous comment held for moderation,
I need your help my brother. please Sir.
Government is preventing the truth from being seen by the world.
I have been destroyed and they are pretending they don’t hear me.
thank you so much!

https://drive.google.com/drive/folders/16GB5NiUu4Zb07RD6B3ai08qerHbHxJhI?usp=share_link

https://drive.google.com/drive/folders/16GB5NiUu4Zb07RD6B3ai08qerHbHxJhI

Morley December 1, 2025 10:59 AM

Who brought up VPNs as a porn threat? That’s not what they’re known for. I suspect there’s a short line from these bills back to the pro-surveillance source.

I hope “call your senator” still does something these days.

KC December 1, 2025 11:10 AM

25 states currently have age verification laws for adult websites

But I guess Wisconsin would be the first to ban VPN access to adult sites, if the law passes.

Law map: https://action.freespeechcoalition.com/age-verification-resources/state-avs-laws/

State bill tracker: https://action.freespeechcoalition.com/age-verification-bills/

If the law passes, how does this work? Could a site ban VPN use only from Wisconsin? What’s the likelihood any site would ban VPN access entirely?

Robin December 1, 2025 11:14 AM

It is, of course, a terrible idea, brought into play by people who have no idea of the wide variety of use cases for VPNs. Ditto end-to-end encryption.

There does remain the problem of exposing criminal use cases of which drug trafficking, pedophilia, terrorism and people trafficking are the most visible examples. Personnally I’m very skeptical that banning cyber-security measures will help solve those problems but will grotesquely reinforce the surveillance of society.

So it’s a classic trade-off dilemma: how much (and what kind of) liberty and privacy are we willing to give up in order to reduce harms?

Wannabe Techguy December 1, 2025 11:15 AM

Morley, I don’t understand your question. What do you mean by a porn threat?
I use a VPN for changing my IP address and using a secure connection both as to not ID me. I realize of course,it’s not 100%.

Yuri December 1, 2025 11:40 AM

It’s literally how it was done in Russia. Really. Started with child pronography, but once tools are in place, just slowcook the frog…

lurker December 1, 2025 12:05 PM

@Andrew

The right of the people to be secure … [4th Amdt.]

After 250 years the lawyers can’t decide the meaning or application of “unreasonable” or “probable cause”.

Ray Dillinger December 1, 2025 2:01 PM

Well, to get on from there to what I consider the elephant in the room….

Banning the specific set of VPN’s that now exist is actually a damn good idea from a security POV.

The problem is not “Think of the chiiillldren!” The problem is that they are all owned, mostly through simple obfuscations, by Chinese companies and operated from China. And when I say simple obfuscations I mean simple. Just look at the business records to see which companies own which other companies and you’ll quickly trace them all to China.

In China, every company with an Internet connection is required to turn over logfiles and data to the CCP either on a regular schedule, or on request.

So think about all the traffic that flows through VPN’s, including all the traffic people feel that they want enhanced privacy for, and ask yourself what the CCP will want it for and what they will do with it.

Bearing in mind that they have an actively hostile stance on computer security in other nations, rampantly and blatantly indulge in intellectual property theft and industrial espionage, have performed infrastructure attacks in the past, and have on multiple occasions demonstrated their willingness to resort to blackmail and extortion against government and business officials – even against their OWN government and business officials.

They’ll softpedal it, sure. They don’t want people thinking about what they have access to or believing that they’ll use it, so they won’t be obvious about it. But this or that or the other thing, selected to be not specifically traceable to any particular VPN-mediated interaction, can get used, leaked, gifted through anonymous sources to a third party who will use it in some predictable way, used to discover where and how to source blackmail material from other sources, or used internally to plan policy around, say, business deals, international intelligence, or diplomatic initiatives that other people don’t think they have access to. Or to glean technical details of things or see who they’d have to get to in order to steal technical details about things. They can do a hell of a lot without being obvious about what they have or how they use it.

So if someone wants to ban the current set of VPN’s, I would happily support them. If we’re to trust our security to VPN’s we should use trustworthy VPN’s.

What? December 1, 2025 2:26 PM

@Ray

The bill imposes age verification requirements and tries to make it harder to avoid connecting directly with an adult site.

Who owns the popular adult sites?

What if a hostile foreign power bought adult sites that have to verify user identities?

Are you sure your theory of the motivation here makes sense?

This won’t stop the Boogeyman finding out about everyone’s sexual preferences in the long run.

Clive Robinson December 1, 2025 2:34 PM

Due to “held for moderation”

@ Bruce, ALL,

Part 1,

With regards,

“Lawmakers in several US states are contemplating banning VPNs, because…think of the children!”

People have been repeatedly warned for some considerable period that this was going to happen.

And accusations of paranoia aside, due to lack of knowledge and cognitive bias in the general population they fail to recognise reality… So it’s happened.

And a further warning is,

“It’s not going to get better any time soon in fact it will get worse, a lot worse.”

Clive Robinson December 1, 2025 2:36 PM

@ Bruce, ALL,

Part 2,

This is what history tells us over and over will happen again and again…

The reason for it is not “think of the children” and never has been, in fact we know already,

“It will harm way more children than it will ever save”.

Because that is the purpose “to cause harm” because “might is right” in the entitleds minds.

So the question arises,

“What do we do to stop this?”

Before the harm to society becomes overwhelming, which we know from history mostly ends only one way…

Clive Robinson December 1, 2025 2:39 PM

@ Bruce, ALL,

Part 3,

But that is a social issue, and we should all know by now that because technology is agnostic to use it can be used for good or bad, and,

“It’s the directing mind that choses the use, and the later uninvolved observers who decide if the use was good or bad, not those who have been harmed”.

But we should also know that technical advances very very rarely actually solve societies existing issues, they primarily create new issues, that mask the old.

One example of this is “crime”.

Crime involving traditional “physical means” has been dropping in the West and other places world wide. But crime involving new “informational means” has increased rapidly and now way more than exceeds the “physical means” drop in those areas. And worse has spread almost pandemic like to other areas as technology gains a presence.

And it’s not just traditional “physical crimes” translated to “informational crimes”. As ways to exploit the “information means criminal gains” have become available to “launder the proceeds”, so new crime types have evolved rapidly to use the same processes. The most noticeable being “crypto-currency” but there are many others.

Clive Robinson December 1, 2025 2:44 PM

@ Bruce, ALL,

Part 4,

But what appears a near constant is that any technological means implemented to stop such crimes is mostly laughably inadequate, or impossible to make work.

The UK “OfCom” is making a fool of it’s self trying to get out of jurisdiction entities that supply “adult content” or similar banned under UK “Online Safety Act”(OSA) measures put in place by “legal means”.

As is known to many “Microsoft Bing” has a very very large amount of “searchable pornography” and worse, that can be downloaded through it as “thumbnails” or larger, without the person having to go anywhere near the original site via VPN…

Are we saying Microsoft, Google etc have to block their search engines and similar?

Clive Robinson December 1, 2025 2:51 PM

@ Bruce, ALL,

Part 6,

I can tell you right now it’s going to fail and I can say how but that I will save for another post.

Also as I’ve pointed out in the past “Client Side Scanning” is easy to bypass. Worse for the “might is right” crowd, trying to stop people bypassing it will render any personal technology not just ineffective to use, but not practical to use. And it’s not something AI is going to be able to solve on coming “AI Winter” or not.

I’ve actually detailed why in the past on this blog all people have to do is go back and read it.

In effect all these technical measures can and will be bypassed, and there is no way the authorities can actually stop it happening without “killing technology”.

Yes authorities might get 7/10ths of the population to comply but the other 3/10ths to varying degrees will give it “two fingers”. And Corporations on seeing “profit impinged” will fight back and the under resourced authorities no matter how much they think their “might is right” will find that their “might” is insufficient in a global environment.

Speaking of which don’t forget the latest bit of stupidity,

Canadian data order risks blowing a hole in EU sovereignty

A Canadian court has ordered French cloud provider OVHcloud to hand over customer data stored in Europe, potentially undermining the provider’s claims about digital sovereignty protections.

According to documents seen by The Register, the Royal Canadian Mounted Police (RCMP) issued a Production Order in April 2024 demanding subscriber and account data linked to four IP addresses on OVH servers in France, the UK, and Australia as part of a criminal investigation.

https://www.theregister.com/2025/11/27/canada_court_ovh/

And these are just a couple of things that have hit the trade and MSM press in the past few days.

Me December 1, 2025 4:49 PM

This is crazy because it’s akin to banning roads or cars, because bank robbers might use them to get away…

Also, some of the anti-VPN laws are so broad they might actually ban SSH or other protocols technically…. Imagine it being illegal to manage a web server or anything else in the cloud from some states…

Snarki, child of Loki December 1, 2025 5:42 PM

Okay, this might be a naive question, but HOW can a website operator tell that a connection is coming from a VPN?

Because the VPN is typically between some remote user and a VPN provider, that then sends the request onward to its destination.

So, are sites supposed to have a “global list of all VPN providers”? (good luck with that). Yeah, places like Russia and China will scan all internet traffic searching for VPN connections, but hard to see a scheme like that surviving 4th Amendment challenges.

(I have a list of VPN providers they can use, it’s 0.0.0.0/0)

lurker December 1, 2025 6:18 PM

@Clive Robinson
re: Canada “demanding subscriber and account data linked to four IP addresses on OVH servers in France, the UK, and Australia”

They should have the last two through five eyes, only the paperwork might be a bit messy to get it into court. But this argument is as old as the internet. There is one possible solution: abolish the nation-state.

Dave December 1, 2025 8:37 PM

The site seems to be permanently down but if it’s the proposal I’ve seen before they’re not banning VPNs, they’re banning the use of VPNs to access material they disagree with, which is essentially the same as banning any access (with or without VPNs) to material they disagree with.

So it’s actually a censorship thing, not “banning VPNs”, which both makes it much easier to shoot down the EFF’s argument (“they’ve got it wrong, we’re not doing that at all”) and a lot harder to fight.

KC December 1, 2025 11:34 PM

@ Dave
‘ … and a lot harder to fight’

Free Speech Coalition, Inc. v. Paxton (June 2025) is the US Supreme Court case that allows states to require that p-rn sites verify viewer age.

To square this, Justice Thomas framed age verification as an incidental burden deserving intermediate scrutiny because “adults have no First Amendment right to avoid age verification.”

In the dissenting opinion, Justice Kagan argues:

The First Amendment prevents making speech hard, as well as banning it outright … The critical question, then, is whether the State can show that it has limited no more adult speech than is necessary.

Do you think the proposed Wisconsin law may have more grounds on which to be argued?

ResearcherZero December 2, 2025 12:36 AM

When a fire or flood takes out part of communications infrastructure, how will people route around the network failures without using a VPN if they have limited technical knowledge?

If legislators really wanted to protect the children they would address how the police treat children and how the police handle cases of crimes committed against children. They would also address how children are treated in the courts by the prosecutorial services.

Resolution of crimes against children have the lowest rate of all crimes handled by police. There is no national tracking of kidnapping and child assault statistics and no dedicated task force for dealing with violent and repeated physical attack or kidnapping of children.

This is clearly about censorship and surveillance, otherwise they would be demanding action to address the backlog of unresolved cases involving violent assault and abuse of children. Hence the inclusion of subjects of conversation and identity verification.

They legislators would also demand the release of case files from historic crimes committed against children, with redactions of the names of victims, rather than talking about VPNs.

In response to the growing number of data centers these politicians are playing games to pretend they are looking out for the community – while taking money from large tech firms.

‘https://www.jsonline.com/story/news/local/wisconsin/2025/09/19/how-many-data-centers-does-wisconsin-have-and-where-are-they/86197370007/

How will rural communities receive warnings about fires or floods without public radio?

https://www.usnewsdeserts.com/states/wisconsin/#1536357227273-1fcd2118-6dc6

Politicians in Wisconsin should restore funding to legal services and local journalism.
https://www.medill.northwestern.edu/news/2025/news-deserts-hit-new-high-and-50-million-have-limited-access-to-local-news-study-finds.html

Rural communities in Wisconsin cannot find legal representation and have no local media.
https://www.news.iastate.edu/news/more-half-rural-counties-are-legal-deserts-isu-study-finds

ResearcherZero December 2, 2025 12:47 AM

@KC

Legislators are limiting freedom of speech and access to legal representation, making their communities far less safe, less informed and violating their fundamental legal rights. This is taking place while huge data centers are gobbling up local resources and real-estate.

Robin December 2, 2025 2:47 AM

@Snarki:
“HOW can a website operator tell that a connection is coming from a VPN?”

At least by looking at traffic patterns from the servers receiving the VPN. I use Proton VPN which I reckon to be one of the best. According to their website they have almost 17,000 servers across 127 countries but even so, with over 1 million users some servers are going to see very heavy traffic. Cloudfare (apparently) does VPN checks; no doubt readers here who are better informed than me can give a better answer.

But my personal experience is that some sites still reject VPN connections, some more effectively than others. It seems that there are fewer than a couple of years ago when a few banks (!!), utility service websites, the BBC, etc were quite the pain in the neck.

ResearcherZero December 2, 2025 3:26 AM

Another matter legislators could concern themselves with rather than VPNs is industrial pollutants, now that regulations have been relaxed to speed up their development and use.

PFAS gas (f-gas) is a refrigerant widely used inside data centers. These chemicals bio-accumulate inside living organisms and the quantities of these compounds are bio-magnified in the environment, at levels depending on the particular version and properties of the corresponding chemical compound. Once they enter the food chain they cannot be removed.

The development and review of new PFAS chemicals has now been relaxed by the Trump administration to speed up their use by data centers and industry. The EPA does not require reporting of use of PFAS by data centers or conduct testing on air and water pollution from these facilities. They have already done damage by the time they are detected in the body.

PFAS in solid and aqueous form, and PFAA precursors can be very difficult to remove entirely from wastewater streams. Fast tracking approvals for new pesticides and herbicides containing PFAS will increase the entry of these compounds into drinking water and the food supply chain, and subsequent accumulation of these compounds within human and animal populations. PFAS has a range of harmful effects on adults and children and is passed on through the placental wall to developing infants. The amplification of PFAS contamination increases as it moves up the food chain.

‘https://www.wired.com/story/the-trump-administrations-data-center-push-could-open-the-door-for-new-forever-chemicals/

There has been been a noticeable increase of PFAS found in drinking water water supplies.
https://www.ijpr.org/npr-news/2025-11-30/more-cities-are-seeing-pfas-pollution-in-drinking-water-heres-what-louisville-found

tfb December 2, 2025 4:21 AM

What I want to understand is how ‘banning VPNs’ or ‘banning good encryption’ differs from ‘banning general-purpose computers’? I mean, I could write, in say JavaScript or Python, a userland program which builds an encrypted connection between two endpoints with one of them forwarding the traffic elsewhere perhaps.

That’s not a VPN only in the sense that it’s not been hooked into the IP stack of the machine.

Same goes for encrypted messaging.

These proposed laws are a bit like banning bits of mathematics.

Robin December 2, 2025 4:54 AM

@tfb:
It’s for this reason, amongst others, that criminal use cases will always find a way around ignorant restrictions. It’s for this reason, amongst others, that the whole plan is crazy, drawn up by people who don’t understand what they are doing.

Clive Robinson December 2, 2025 6:29 AM

@ Privacy, ALL,

You raise an interesting geo-political issue with,

“The problem, IMHO is that legislators, as are many Americans, are undereducated.”

The real question is the lack of education by lack of resources or choice, and in both cases who is driving it.

It was once pointed out that,

“With education comes knowledge, which then drives out opinion with fact.”

A semi-joke version of which is,

“Don’t let facts get in the way of your rhetoric.”

Some that do not need to be named because their malignant behaviours are obvious to those outside of the USA do not want knowledge to be widespread.

Because it makes their cognitive biases easier to enforce on the unknowing.

One that has always made me face-palm is the notion that a workforce are an unnecessary cost that steals profit.

It’s a neo-con / Chicago School thinking process, taught to MBA’s all over the place…

The thing is, it should be obvious that you can only make profit if you have customers to buy/rent your goods. At the end of the day those customers have to come from somewhere and they have to have excess resources to buy or rent. If the workforce has all been “outsourced” in one way or another, they have no excess resources to buy or rent with.

Thus it’s a mental attitude akin to shooting yourself in the foot shortly before trying to run a marathon…

But it is “oh so common” as a view point in the USA…

But it gets worse, if you have all the money in the world then nobody else is making the goods you might wish to buy or rent. So your standard of living nose-dives regardless of wealth, and with it your health and much else besides.

But hey, for some idiots as long as they have “status” they care not a jot about how short, brutish, and painful their existence…

Such a mentality should have been removed by evolutionary pressure, but we still have it, and it’s getting more than noticeably worse.

Montecarlo December 2, 2025 8:42 AM

The goal of this bill is for web site operators to be able to determine whether a visitor is an adult or a minor. This would also be the goal of any web site targeting minors. Anonymity provides protection to vulnerable individuals, including minors. Obviously, this is anathema to any government, because a secure populace has less need of governance.

tfb December 2, 2025 10:51 AM

@Robin, others

This is what worries me about all this. As I’ve pointed out elsewhere, you can get fully-fledged programming environments that run on phones (there is, at least, a Python IDE for iOS). Given one of those you can download from wherever, or write and male available (please) an implementation, say, of an encrypted messaging system. Such a thing may not be secure against someone who can attack your phone: see below.

The bad people, the people who we want to protect the children from, will have these things. So will the spies, so will the criminals.

To go after these people you need to compromise their devices: fine, so do the work you’re paid to do then, security services..

What’s happening is that politicians with educational qualifications which were appropriate in the late 18th century (‘PPE: the easy bits of three bullshit-ridden subjects’) are being advised by security services who are acting in very bad faith because they can’t be bothered actually doing the boring and difficult work they need to do: attacking endpoints.

Clive Robinson December 2, 2025 12:48 PM

@ tfb, Robin, ALL,

With regards,

“… can’t be bothered actually doing the boring and difficult work they need to do: attacking endpoints.”

They don’t need to put much effort in.

Most consumer and commercial OS’s are full of vulnerabilities, and if they are not getting a driver with vulnerabilities in it is not to hard.

But why even do that, they know they’ve lost the battle over “End to End Encryption”(E2EE) back long before the Trumper was in the first time and getting his boys to talk about “back doors”.

I’ve pointed out when “Secure Messaging Apps” first came out that NONE of them gave you security in reality and why (end run attacks to UI).

Some may remember the mess Apple got into with “Client Side Scanning”(CSS) not that long ago and the nonsense Apple and Google got up to their necks in with C19 beaconing etc built into the OS.

Well the new game on the block courtesy of Microsoft is AI with access to every App etc’s UI that then gets sent to your “cloud account” that you now have to have not just for your convenience but for Microsoft to harvest all your Personal and Private Information. In part because that is what they planed to do from day one, and in part because there is no other way they are going to make money out of their comparatively minimal AI over investment (search this site for “Bedazzle, Beguile, Bewitch, Befriend, and Betray” the MS business plan to see more on this).

So you be to be aware,

“Any program, app or interpreted script etc you run on your device will have the ‘plaintext’ sent to the likes of Apple, Google, Microsoft”

So as I’ve said for at least half a decade if not longer,

“You need to get the security ‘end point’ off of your device entirely”

I’ve even detailed here in the past in some depth how to use a “One Time Pad” and “Code Book” to do this as well as make “enciphered traffic” appear to an observer to be just boring ‘plain text’ and with caution fully deniable.

They won’t give, up so you as the “first party” have to make all electronic communications, not just secure but safe against second party betrayal.

Oh and likewise stop those “third party business records” that Apple, Google, Meta, Microsoft and all “Service Providers” not just keep and supply to the US Government but sell to quite unpleasant others like Palantir and data brokers around the world to avoid privacy legislation

VIrtual Privatenot Actual Private December 3, 2025 2:57 AM

How is using a VPN good for protecting your privacy on the internet- like trusting some third party with all your internet traffic as opposed to just your ISP?

Robin December 3, 2025 4:01 AM

@VIrtual Privatenot Actual Private:

“How is using a VPN good for protecting your privacy on the internet- like trusting some third party with all your internet traffic as opposed to just your ISP?”

You are right that it boils down to just a matter of trust, and it’s true that trust boils down to how much concrete information – or (more or less) reliable guesswork – one has about the ISP and the VPN provider.

I think I have a pretty good ISP, but their reason for existence is making profit; it is legally based in a country which can demand logs on pain of penalties; it is probably as secure as any other ISP, but in the end how secure is that? OTOH my VPN provider is a non-profit based in Switzerland, with open source software and a policy of no logs and based around personnel of very high educational level. And it is widely recommended on – sort of – independent reviews.

For the moment I am a punk who feels lucky.

Clive Robinson December 3, 2025 5:36 AM

@ @ VIrtual Privatenot…, ALL,

You ask the question,

“How is using a VPN good for protecting your privacy on the internet- like trusting some third party with all your internet traffic as opposed to just your ISP?”

The simple answer is you are not seeing the number of degrees of freedom.

You can predict the motion of a single arm pendulum just by simple observation, but not so a two arm pendulum.

Now consider a quantity of steel that you can make into either a rod or a chain.

If you throw down a rod you can by simple observation of one end predict fairly accurately where the other end is.

Now consider a chain thrown down and you can only see one link at one end, can you by simple observation of that link make a prediction of where the link on the other end of the chain is and what direction it’s pointing to?

The answer is “NO” because there are to many degrees of freedom in the chain[1].

It’s this idea that Tor and Mix Nets use as a “first principle” in their design.

[1] If you look at the joining of a link to the next link you have a degree of freedom for each dimension. And you have one less joining of links than there are links. Thus whilst the result is fully deterministic in that you can measure each links position after the event, the degrees of freedom take any prediction quickly through chaotic of one or two degrees of freedom to the randomness of many degrees of freedom.

ResearcherZero December 5, 2025 6:47 PM

@VIrtual Privatenot Actual Private, ALL

The main benefit of a VPN is in reducing the ability of an ISP or adversary to see the contents of your internet traffic and making it more difficult to profile your behavior.

VPNs held by encrypting your web traffic and preventing your ISP from seeing your DNS requests. This reduces the ability to detect your internet usage habits. VPNs may also include features to block some common advertising delivery and tracking techniques.

For instance, a VPN will stop advertising from detecting your real IP address, which would help to prevent spyware like Predator being delivered to your device. An ad-blocker would help accomplish the same task by blocking most advertising from appearing on webpages.

Spyware can be delivered through other means, so a VPN would be one part among a number of precautions to mitigate malware delivery. Phishing attempts can deliver malware and spyware through messages or email. Watering hole attacks that use fake/compromised sites or malicious software updates and installers can be another vector to deceive users into believing they are safely visiting a regular website they frequent, or updating software.

VPNs, ad-blockers, security software and updating and system hardening can reduce risk. ALL risk cannot be prevented as a sufficiently resourced adversary may be able to intercept network traffic and inject malicious packets, downgrade security of connections, capture traffic and deliver malicious payloads to a target. Given the advantage of such an adversary’s positioning they can build a picture of your web usage, device details and software, providing them an insight into how your devices can be attacked and compromised.

VPNs, ad-blockers and security software will help to reduce an attackers ability to profile you, however a more sophisticated actor like a nation-state adversary may have discovered vulnerabilities within security software or a zero-day that can slip past any defenses, or by other means which are numerous and many. Still, by reducing your attack surface and using secure credentials, it will reduce the likelihood that your devices and accounts will be compromised. A VPN will reduce the ability of a third-party to spy on your habits.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.