How long until the bureaucrats start saying "These unregulated foreign VPNs are a danger to our private data / economy / national security / children"?
I mean, if a jurisdiction is making people's phones spy on them, then it's not much of a stretch to also make those phones not connect to unapproved VPNs, or even to prevent them installing unapproved apps (despite the recent win of the EU supporting sideloading on mobile OSes).
Unless they try to aggressively regulate the sale, import and manufacture (at this point, many hobbyist level homebrew retrocomputers are powerful enough to run a VPN) of general purpose computer devices or aggressively firewall all of the EU and punish anyone using to obscure encrypted data flows through approved protocols, this will of course only stop the people who actually don't have anything to hide. It'll be trivial to work around for anyone actually up to no good
> It'll be trivial to work around for anyone actually up to no good
I never claimed they were motivated to actually stop these crimes.
If the real ultimate goal is to prevent the spreading of "state secrets" (i.e. journalists exposing government malfeasance), or reduce copyright infringement, or limiting the spread of "disinformation", or banning memes that insult public figures, then the government needn't worry about "hobbyist level homebrew retrocomputers". Most people will continue to use mainstream platforms, and most governments mostly care about controlling most people.
Besides, the next step will be to make ISPs deny service to any machine which doesn't have Secure Boot enabled, and which isn't running an "approved" OS, which checks every executable you run. Suddenly your general purpose computing device isn't very useful any more.
If the goal is to create an authoritarian dictatorship, then sure, controlling "most people" is usually enough because you can control the press by sending thugs to their offices.
But your "next step" is far beyond what even China does.
It would kill off any ability for software development. I'm all for being vigilant, but these scenarios are not realistic. As for a general purpose computing device being useful, as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data. After all, we have a long history of using acoustic coupled modems. No, it's not practical for regular users, but if we get subjected to that kind of authoritarianism, it's worth doing for the sake of it.
> But your "next step" is far beyond what even China does.
And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]
Add in the fact that Hollywood wants this (for DRM and blocking torrenting apps) and governments like Australia claiming their laws trump the laws of mathematics[2], and you can almost guarantee that this is going to become mandated as soon as enough Windows 10 users update to Windows 11.
> It would kill off any ability for software development.
Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create. As an interim step, governments may allow devices to access a "legacy" portion of the internet which doesn't require SecureBoot to be enabled, but expect that portion to get smaller and smaller each year.
> as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data.
But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device, and people could do the reverse process when they receive them, but that's a cat-and-mouse game which 99% of people can't or won't play, and governments will win by mandating cryptographic watermarks in any files created.
> And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]
Specific online services doing so is very different from a general ISP ban. A general ISP ban is impossible as long as you have an IO channel of any kind, including projection of text or playing sound. See the end of this comment. SecureBoot in itself also does not in any sense stop general purpose computing of unsigned code.
> Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create.
... and you've just kneecapped your software industry in favour of companies outside of said authoritarian hellhole. Won't happen. The EU has a long history of crazy demand like this being proposed, and they end up dying or getting watered down to nothing because there's nowhere near sufficient support for going as far as you suggest.
> But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device,
Missing the point. If you can play and record sound on an approved device, for example in a call, or transfer text, no matter how filtered, you can use that as a channel for an non-approved device. We used to use heavily filtered low-fidelity audio channels to transfer data, via acoustically coupled modems, after all. Any attempt to filter this just reduces to making it seem more plausibly like acceptable material, e.g. encoding it in speech for example. This is not even a hard problem, though data rates would be low. If a channel can transfer language, it can transfer data.
But we're talking a regime more oppressive than China for this to even be relevant. Even in China today, "normal" VPN tech is sufficient, though a hassle.
I mean, if a jurisdiction is making people's phones spy on them, then it's not much of a stretch to also make those phones not connect to unapproved VPNs, or even to prevent them installing unapproved apps (despite the recent win of the EU supporting sideloading on mobile OSes).