After Wisconsin finds out how to reliably filter vpn, they can then teach Netflix and Akamai how to do it.
Last time I checked modestly reliable geoblocking existed, and completely unreliable vpn blocking.
A friend told me that when he comes across a site for which Nordvpn is blocked, he just changes IP. Latest the third one always works, even on YouTube (he is all about privacy).
You don't have to reliably block something to make a law against it. Murder is illegal despite the government not figuring out how to reliably stop people from murdering each other.
So many people miss this in such discussions. Like that Australian politician’s “the laws of physics are all very well, but the laws of Australia are the only ones we care about” which was widely ridiculed in technical circles that did not grasp its truth: that law is all about declaring physically-possible actions illicit.
However, to address your specific chosen example, one could argue a difference from murder, if they say “your site must block these traffic sources or you’re in trouble”: one could argue (it’s not at all cut and dried) that it’s like saying that venues are liable for the murders committed at them, rather than the murderer.
You misunderstand. When they "ban VPNs", it's not that the VPN police will be patrolling your neighborhood trying to catch you using Mulvad or whatever. Instead, the AG will send a letter to the VPN provider, threatening to prosecute them for selling an illegal service. And they will comply and shut down. Once the commercial services are gone, it won't matter that you could hide your own VPN usage in a practical sense, because 1 in 100 people have the resources, technical expertise, and time to set up their own VPN server offshore. Furthermore, it may be cost prohibitive... I'm spending $3/month or so. I can't spend $250/month on this. And if I could, it will just break more often, I won't get the 99% uptime I usually get either.
Something that's extraordinarily low effort will become exceedingly high effort, and this will achieve their goals.
The text we are discussing says:
"It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN."
That's what I was discussing. Not sure where AG and vpn providers come in.
It is a cat and mouse game, it is whether the service provider do or not. I remember AWS WAF can block VPN ages ago, according to this announcement, it is 2020.
It’s different if you have influence over the network, like a government might. I spend a lot of time in China, and they’ve done a good job of blocking VPNs in recent years, including my personal WireGuard connection to my home network. Not that any technical solution is impossible to bypass, but a motivated state government could make VPN use difficult if it wasn’t for the whole Constitution thing.
Lots of sites do in fact block VPNs successfully. How? Well they could just sign up for NordVPN and see which IPs they use directly. Its not rocket science.
I do have a bit of experience with managing WAFs for large online gaming providers and I can tell you it's not a solved problem. Netflix would also love to hear how I guess.
Even if you somehow manage to enumerate the Nordvpn IPs - a thing of which Nordvpn probably thought in their threat model - then you still have thousands of other providers.
Last time I checked modestly reliable geoblocking existed, and completely unreliable vpn blocking.
A friend told me that when he comes across a site for which Nordvpn is blocked, he just changes IP. Latest the third one always works, even on YouTube (he is all about privacy).