Posted by ColinWright 5 days ago
1. Nginx Proxmox LXC container with domains that require digital ID such as X. I can easily add or remove domains to it via Ansible.
2. Mullvad VPN server/client setup on OPNSense
3. OPNSense Firewall rules with aliases from the local lists from step 1
4. Every time I access X or whatever, OPNSense firewall rule redirects that traffic via the Mullvad VPN Gateway bypassing the digital ID enforcement
5. I host Pihole + Unbound recursive DNS so I have full control over my DNS. Recursive DNS uses the 13 root nameserver, I do not use public DNS such as Google or whatever, in fact, they are all blocked.
My data under my control.
Honestly surprised that works given Google loves to hardcode DNS queries using their DNS Resolver into many things (Google TV, Android, etc).
I'm assuming you are using NAT Redirection (Port 53), blocking DNS over TLS - DoT (TCP Port 853), using SNI FIltering to block DNS Over HTTP (DoH). Not sure how you handle Encrypted Client Hello.
My Samsung smartTV has Google DNS hardcoded in it, that is why I do what I do.
No matter if I set my phone DNS to Google, OPNSense NAT redirects any DNS to Piholes only, and since public DNS, DNS-over-TLS and DNS-over-HTTPS are blocked, only Piholes forward it to Unbound. Only Unbound can request DNS and OPNSense enforces that.
Unbound is recursive DNS with is own caching so everything happens localy, surfing the internet is insane fast.
As for the digital ID, the DNS happens locally but the traffic is forward to Mullvad VPN Gateway.
I don't wanna hide my traffic, I just don't wanna this mass survilance on my personal information. My social media accounts are burner, no real name, no photos, minimal apps installed on my GrapheneOS phone and I have a complete normal digital life without sharing my shit haha
Not trying to be facetious, but how do you know you are blocking them all? I thought one of the reasons for using DNS-over-HTTPS was to be able to avoid detection.
Spend 5 minutes on X, Instagram or even worse Snapchat for you to see what these minors are doing. A lot generation, all for likes.
GenZ is so cooked, by the time they reach their 30s, damn.
Gen Alpha being born within the digital and AI world is even more cooked.
And from what I remember of the coverage of the scientists presenting their case in the UK there wasn't enough evidence to say whether it had an impact on children.
Personally I think ipad as babysitter is more to blame, but until the proper studies are done it's all just speculation.
Proper study??
Look around us, kids are talking to ChatGPT instead of running, playing, instead of being kids.
Kids cannot speak and yet have a tablet to interact with, by adulthood those kids are cooked.
Teens at school can't read, they have been using ChatGPT to cheat exams. If somebody tells me that more study is required to prove what is right there in from of our eyes, that somebody is part of the problem, full stop!!
Isn't that a symptom of other things? I'm an elder 'millenial' playing out was already decreasing when all we had was a nes and 4 channels on TV.
Unfortunately now we have to 'protect' kids from the dangers outside. Which necessarily means them spending time inside.
Yes, as adults we now spend loads of time in our places of work on devices but generally in the pursuits of doing productive things.
And while I haven't looked up the stats, I don't feel like it's exceedingly more dangerous for kids to play outside today than it was back in the 00's, 90's, 90's etc. I just feel as though we're more aware of the dangers of what _could_ happen to kids - all of which is a facet of the media/social media pressure and scaremongering.
Plus there are still loads of feral kids allowed to roam around and be little shits anyway.
It's either that or I just consider the internet dead and move on. It's nothing like it was 20 years ago anyway. There are other things to do. Many books to read and places to go. We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
I’ve come to the conclusion the only thing you can really do is leave when you disagree with the direction of your country, but of course not everyone has the ability to do that.
If enough people feel strongly about it to go onto the street and wave placards, that starts getting noticed and has to be acknowledged.
Of course, the UK (and others) have started making protests illegal, because they are doing things that we should feel strongly enough about to go and wave placards at them.
I've had plenty of conversations recently where people say "yeah, but social media is harming kids. Banning it is good". People broadly see the headline "think of the children" and think, "yup, let's protect children".
To me, there's all sorts of downsides - the death of small discussion forums, pushing interesting online experiences out of the reach of teenagers, the creeping surveillance and, worst of all, the complete end of the open internet (when inevitably it doesn't actually work). But most non-tech people just don't see that.
The currently in place age verificaton system is a joke. It's trivial to circumvent them - not just via VPN, but also because there's countless websites that just don't care. The social media ban will bring more of the same - and then they'll have to ban VPNs and bring in website firewalls.
Who wins? The established tech companies, who have big enough legal departments to comply with increasing red tape. How is a new social network going to legitimately compete with Facebook now?
But when I say all this to people I know, they just don't see it. Most people are not tech people.
That often is democracy: what's popular isn't always what's best.
Freedom and liberty should be the foundations of a healthy society. Democracy should be reserved only for those things that must be decided collectively and universally enforced.
What kids do on their phones doesn't even come close. Let parents and vendors decide what their kids and customers can do. I've met plenty of well-adjusted kids who aren't on social media because their parents don't let them.
When they do, they will change their mind (and probably protest loudly that they never wanted it in the first place).
See Brexit for a clear example.
I also think there's more of what I'd call "grassroots British libertarianism" than you'd expect. It's just in tension with Daily Mail-ism, often in the same people. They just don't want onerous rules applied to them.
I'm pretty much at this stage too. The web/internet was a frontier like the Wild West. But those wild days are gone and are never coming back. Cyberspace has been settled.
If they can't be arsed to answer you, then you shouldn't be arsed to vote for them, at least in my opinion.
You cannot travel into the US without providing access to your Social Media accounts. Pretty likely you get denied if you say "I don't have social media".
You can also recreate a smaller network and enjoy it as a silo, disconnected from the Internet, at times.
There's no need to be off the grid 24/7 to feel the relief.
It's deeply relaxing to pull the (Internet) plug (I do, literally, physically remove one ethernet cable from a switch right underneath my monitor and I've then got several machines happily communicating only on the LAN: no more Internet).
Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them (I bought a 3D printer for that: I had many things I needed to fix and I knew I'd be able to fix them properly by printing adequate parts). No need for the Internet to model, slice and 3D print.
Such an activity does feel like the computing of yore: it takes me back to a time when it was me and a 8-bit machine. Creating stuff "by code" (which now take physical form at home, which 11-years old me would have find utterly mindboggling btw).
> There are other things to do. Many books to read and places to go.
And hobbies. As a kid from the eighties I love cars from the late 80s/very early 90s: not much electronics, not spying on you. Sure they're a bit of gaz guzzlers but then half the fun is fixing stuff on them and the other half is talking about them with other enthusiasts: there's no need to drive 10 000 kilometers a year with those.
When you take time to disconnect a bit from the Internet, then I'd say when you're online (like I'm now) it all feels way more tolerable.
No need to go full luddite IMO but YMMV.
> Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them
Isn't California proposing to put you in jail for having a 3D printer without an internet connection to tattle on you and killswitch your printer if some unaccountable internet service decides you're printing something "bad"?
:sigh:
I wrap the outbound sock5 traffic in mTLS, so it should look "normal" to anyone packet sniffing (not obvious proxy/VPN traffic), even though stealthiness isn't part of the threat model at the moment.
There's a decent legal ethical argument that LLM output isn't copyrightable, and for me a "one shot vibe code" definitely _isn't_ "your creative work", so the copyright that open source licenses rely on probably doesn't exist there.
I wonder if a new category of "non copyrighted shared source code" needs to exist for people who use Gan AUI to create genuinely useful software which would ne a net positive to society if shared, but that doesn't risk murkying the waters and undermining the copyright basis that licenses like GPL and Apache and BSD and MIT rely on?
All "open source" licenses rely on copyright. If copyright did not exist, GPL and BSD and MIT (and all the other software license options, open and commercial) would be unenforceable.
(I'm less convinced that you seem to be about whether there arte any good reasons for copyright. I believe real "creative people" like authors and musicians and artists and film makers _should_ have a legally enforceable monopoly to control use of and to generate income from their creative work. That shouldn't be "Micky Mouse" effectively eternal control, but there should in my opinion be some legally protected "ownership" that a creator has where they can prevent other people copying/recreating/misusing/profiting from their creation. Whether this should ever have applied to softwares something for a more nuances discussion t6hat a website comment section...)
However, there's no compunction to publish the generated code, even if it's public domain.
We end up in a strange nega-OSS world where all code can be used by anyone for any reason, if you can get your hands on it.
I was more talking about the weird space we're getting into where code is completely open, because it was generated and cannot have any copyright protection, but also unpublished, and so effectively proprietary. The opposite of OSS, where code is available but protected by copyright-based licenses.
If the government blocks Mullvad then I’ll just switch to Wireguard on a Helsinki based VPS via Hetzner.
I used to run my own mail server back until about 2014 or 2015, end even then it was practically impossible to reliably send mail to any of the major email providers from and ip address from Linda/AWS/Hetzner/DigitalOcean et al. I'm pretty sure porn sites and unmoderated web forum type thing that have lawyers advising them will soon be blocking not just UK ip addresses, but the bulk of the easy to identify VPN services and VPS providers.
-- John Gilmore (probably https://quoteinvestigator.com/2021/07/12/censor/)
There are companies that have gotten very good at virtual border control while selling stuff to e. g. the chinese and russians that are allegedly in talks with the UK govt.
https://psyonik.tech/posts/a-guide-for-wireguard-vpn-setup-w...
For this particular use case, I would probably suggest something like OVH/Scaleway as they have nodes in France so physical distance between UK and "somewhere else" is low which will affect latency. If you're willing to wait longer and go further, I recommend Infomaniak (Switzerland - they have nodes in Geneva I think/Zurich). Hetzner (a crow favorite) hasn't been that good for me while I was in the UK, I was getting dropped packets even after switching a few VPSes, but might've just been something temporary.
VPNs are trivial to ban, the IP space is well known, Wireguard is easily to fingerprint and block.
It will be a cat and mouse game, if the government looses this they'll simply make it illegal to be caught using a VPN including Tor. Which is on the table.
The only way this changes is a less crap party, but almost all including Reform are in favour of more censorship.
https://www.theguardian.com/politics/2025/jul/28/reform-uk-v...
https://www.msn.com/en-gb/news/uknews/reform-pledges-to-scra...
https://www.independent.co.uk/news/uk/home-news/nigel-farage...
Zia Yusuf : "... criticised sections of the legislation that allow ministers to direct regulator Ofcom to modify its rules setting out how companies can comply with requirements to crack down on illegal or harmful content, saying it was “the sort of thing that I think (Chinese president) Xi Jinping himself would blush at the concept of”."
And the more radical Restore say this:
Good luck, it will probably impossible as admins fed up with AI scraper bots increasingly choose to outright blanket ban anything not being a residential or business line. There's a reason why there are so many "ethically sourced proxies" aka people installing software on their smart TVs and whatnot that comes with an "monetization SDK" by one of the numerous VPN providers. That's the dirty secret behind a lot of the "bypass youtube/netflix/whatever region lock" VPNs.
In the end, both are deceived. The customer thinks there are no ethical issues attached to their VPN provider, the ones whose IP addresses get abused don't even know what's going on.