[cedws]

I think us software people tend to think in absolutes. Yes, completely banning VPNs is very difficult. But for a totalitarian government, reducing VPN usage by say 60% is a win. You only have to make it difficult enough for the layman.

[AnthonyMouse]

> I think us software people tend to think in absolutes.

"Software people" have an above-average understanding of probabilities overall. It's politicians who tend to think in absolutes. If you tell them that the effectiveness of something is poor and vastly exceeded by its costs, they say "so you admit that its effectiveness is more than zero". And then people will instead have to say that something doesn't work when they mean it has low effectiveness or an underwater cost-benefit ratio.

Moreover, a lot of things with computers actually are absolutes. You can't backdoor encryption without a massive systemic risk to national security and personal privacy of someone bad getting the keys to everything. You can't allow people to send arbitrary data to each other while preventing them from communicating something you don't want them to -- the same string of bits can have arbitrarily many semantic meanings and that's proven with math, and software can do the math without the user needing to understand it.

And the most important one is this:

> But for a totalitarian government...

A totalitarian government is trying to do something different and illegitimate. Banning VPNs etc. has higher effectiveness as a means for censoring the general population than it does as a means to prevent crimes or limit contraband in a democracy, because criminals will take the required countermeasures when the alternative is being arrested or not getting their fix whereas laymen are less likely to when the alternative is "only" that they don't get to read criticism of the government.

"It works better for totalitarian regimes" is an argument for not doing it.

[coldtea]

>"Software people" have an above-average understanding of probabilities overall. It's politicians who tend to think in absolutes.

If I had a penny for everytime a software person / nerd on HN and elsewhere made an argument that shows little understanding of probabilities and statistics, or perhaps only a theoritical understand that's context dependent (meaning they know the math, but magically forget them when discussing some specific topic), I'd be rich.

>"It works better for totalitarian regimes" is the argument for not doing it

Parent is not justyfing them doing it. They are explaining how little exhaustive their implementation can be, while still being effective for their goals.

[AnthonyMouse]

> If I had a penny for everytime a software person / nerd on HN and elsewhere made an argument that shows little understanding of probabilities and statistics, or perhaps only a theoritical understand that's context dependent (meaning they know the math, but magically forget them when discussing some specific topic), I'd be rich.

If 75% of people in some group are above average then 25% of them still aren't.

> They are explaining how little exhaustive their implementation can be, while still being effective for their goals.

But their goals are different than yours. Or if they're not, you're the baddies.

[coldtea]

>But their goals are different than yours. Or if they're not, you're the baddies

Which is beside the point. Parent (and me explaining what the parent men) aren't approving of the goals of those proposing such laws. Nor are we going into their merits or their evilness, whether pro or against.

We are making a merely technical point about how such a measure doesn't need to be 100% enforced air-tightly to have the desired purpose (again: desired by the governments, not by us).

And we go into this argument because someone dismissed the impact of such measures with the reasoning that since they can't be fully enforced, they're unimportant.

[GeoAtreides]

I'll be honest, I'm struggling to understand how your reply addresses the points made in OP's comment.

OP's points were:

completely banning VPN is difficult

significantly reducing VPN usage is a win for (totalitarian) govs

it's enough to make it difficult for the layman to achieve govs' goal

[AnthonyMouse]

> completely banning VPN is difficult

No one disputes this.

> significantly reducing VPN usage is a win for (totalitarian) govs

But a loss for non-totalitarian countries, and therefore a cost rather than a benefit in the context of US states doing it.

> it's enough to make it difficult for the layman to achieve govs' goal

And I addressed that, but I'll reiterate.

Even ordinary people can bypass VPN blocks with a trivial amount of effort. It's really not that hard, and in fact there is an entire cottage industry dedicated to making it easier, because we don't want totalitarian regimes keeping their population in the dark -- and the people thwarting those blocks are our friends, or often even the US government itself, for actually good reasons for once.

So if you block something that people aren't that interested in seeing, like criticism of the government when that's something that tends to make a lot of people uncomfortable, then blocking people from seeing it has an effectiveness which is a little better than totally negligible. Because some people won't go out of their way even a little bit to see it, and then they don't. (Which is why it's important that we make it absolutely trivially easy for ordinary people to bypass those blocks.)

Whereas if you're trying to block something that people actually want -- drugs, porn, whatever -- it's not going to work because that trivial amount of effort to bypass it is too small to be meaningful in a context where the user is actively seeking it out.

[baranul]

> "It works better for totalitarian regimes" is an argument for not doing it.

The problem is that authoritarianism has been allowed to become attractive to many politicians, because they are allowed to be bought by corporate money, even if it harms their constituents. Rights, freedom, and privacy has become secondary to money and the blind lust for power.

[AnthonyMouse]

That's more of a second order effect but I'm not sure it's wrong.

You have so many twits trying to get away with authoritarian nonsense that they're conditioning people through propaganda to accept authoritarian nonsense. What happens then? More twits trying to get away with authoritarian nonsense.

We need to come up with a better solution to this than the historical norm of things getting so bad that people are finally willing to fight a war over it.

[gjsman-1000]

I keep citing, as an example of this, speed limits.

You can literally break the law by just pushing your foot down harder. It's that easy! Therefore they're pointless.

Or, the TSA. They might have taken away my knife, but putting a rock in a sock and hitting someone in the head is an easy workaround. Therefore it's pointless.

(Arguing that the law is easy to break has no effect on whether the law is a good idea, should exist, or is effective.)

[AnthonyMouse]

> You can literally break the law by just pushing your foot down harder. It's that easy!

How are you distinguishing that from any other law? You can literally break the law against theft by just picking someone's pocket. It's that easy!

But that was never the argument to begin with. They're proposing a law requiring websites to ban users who visit via a VPN. So to begin with we already have a major difference. The people subject to the law (websites) are different than the people who would be trying to circumvent it (users and VPN services).

Meanwhile websites have no actual means to know if someone is using a VPN. There are a zillion VPN services and anyone with an IP address can start one. There is no way for them to comprehensively ban them all. So now what happens? The website bans some VPNs -- they would be doing an incredibly painstaking job if they managed to get three out of every four -- and then the user just tries three or four random VPNs or VPN-equivalents until they find one that works and keeps using that.

At this point you could try to prosecute the website for failing, but then you'd be prosecuting everybody because nobody would actually be able to do it. Whereas if making an attempt is sufficient for compliance then they check their compliance box meanwhile everybody is still bypassing it. Which is why it's useless.

[ACCount37]

TSA really is pointless, and airport "security" in general is an example of what you get when you keep sacrificing real freedom to fight imaginary threats.

If Trump administration was ever serious about reducing government waste, they should have dismantled the TSA.

[JustExAWS]

Are you really unaware of how often plane hijackings use to occur?

[AnthonyMouse]

Plane hijackings used to occur because the SOP was to not resist and try to negotiate with the hijackers for the safe release of the passengers.

After 9/11 the assumption has to be that they're going to fly the plane into a building and kill everyone, so now if you try to hijack a plane all the passengers and crew are going to beat you to death with their fists and shoelaces like their life depends on it, which makes it a lot harder to hijack a plane. The TSA has approximately nothing to do with that.

[netsharc]

TSA is security theater, but I think checks are still necessary. Otherwise people can bring C4 onto planes, blow themselves (and the plane) up in the air, and freak a lot of "Western civilization" out.

The liquids ban really is bullshit though, it's to prevent a fictional movie plot using a bomb mixed up using binary liquids...

[InsideOutSanta]

What is the purpose of blowing up a plane in the air when you can blow up something on the ground and achieve much more damage?

[AnthonyMouse]

Binary explosives aren't fictional. They'll make just as much of a hole in the plane as C4.

The liquids ban is bullshit because you can have arbitrarily many small bottles of liquid and an arbitrarily large empty bucket to mix them in once you're inside. And because blowing up a plane isn't any more of a problem than blowing up a subway car or a highrise hotel lobby but it's ridiculous and infeasible to stripsearch everyone who goes into a high population density area.

[raw_anon_1111]

Yes and how well is that going to work if people can get guns on board? Flight 94 they had knives.

[AnthonyMouse]

Guns are trash on a plane. The use of a firearm is to be able to incapacitate someone from far enough away that they can't counterattack. Planes are densely packed with people. You'd have people surrounding and disarming you long before you could get control of the plane. How many shots do you expect to get off when anyone you're not currently aiming at can put their hands on the gun while someone else grabs your other arm to pull you in the opposite direction and a third person comes up behind you and kicks you between the legs?

Also notice that even if you somehow managed to kill everyone on the plane, you'd then be left with just a plane full of terrorists for the government to blow out of the sky. And if all you wanted was to kill a bunch of random people then being on a plane has nothing to do with it.

[fn-mote]

Eyeballing the data [1], it looks like total fatalities in the low 1000s, and roughly 20 hijackings per year 1980-2000. Let's value each human fatality at $1M, and - lacking any knowledge about the subject - cargo also at $1M/incident.

That's about $1B in human life loss and $20M/year in cargo.

The 2025 budget for ths TSA was over $10B, so we're spending 10x the loss to prevent it. Value each human life at $10M? Then the total value of lives lost over a 20 year span is about one year of TSA spending.

[1]: https://ourworldindata.org/data-insights/airline-hijackings-...

[JustExAWS]

You’re completely ignoring the knock on economic effects of lower confidence in flight safety, liability and the not so hypothetical ability of someone to take over a plane and use it to attack ground targets.

AirTran for instance went out of business because of one crash. If someone blew up a United plane, I can guarantee you that Delta would increase the security before you got on their flights to instill confidence on passengers.

And people act as if airport security and the TSA measures are unique to the US. My wife and I just got into a position where the stars aligned for us to fly a lot post Covid. But during that time the three countries that we have flown out of - London, Costa Rica and Mexico all have the basic same security measure with the slight difference that you can bring liquids on board from LHR because they have newer scanners that supposedly detect explosives.

And it’s not just airlines. We also had to go through the same type of security to get on the “Chunnel” from London to France.

The only thing that is really theatre is taking off your shoes in the US.

[antonkochubey]

The current VSL (value of a statistical life) is approximately $13.1 million, a figure that varies by agency. For example, the Department of Transportation (DOT) uses $13.7 million for its safety standards.

[idiotsecant]

Barely ever? I don't see any evidence to suggest that the TSA has any level of effectiveness in preventing them, either.

[Filligree]

What prevents them is the reinforced cockpit door, and the passengers’ knowledge that they’ll die if they don’t stop the hijackers.

The TSA just happened to be made ac the same time as that changed.

[raw_anon_1111]

Guns? If you don’t have security. It’s a lot easier to overpower someone with knives than guns

[ACCount37]

And are you aware of what exactly has changed?

One notable change is: reinforced cockpit doors that can't be forced open from the outside easily. Good luck hijacking with that.

But another notable change is that plane crews and passengers all understand now that plane hijacking is a life or death situation, and would fight hijackers to the bitter end.

Which is what happened on the very day of 9/11, on Flight 93.

[JustExAWS]

With reinforced doors - pilots still come out to use the restroom. Flight attendants usually just block the aisle. People will fight back in the case of knives. But how much fighting back dk you think is going to happen if people have guns?

How long do you think it’s going to be before a pilot opens the door if a hijacker starts shooting people?

Airport security is by far not just in America with the only exception in my experience is that other airports don’t make you take your shoes off and some allow liquids in carryon

[InsideOutSanta]

If people think the plane is about to be flown into a skyscraper, I'm not sure a gun will stop them. There are hundreds of people on a plane and at most twenty rounds in a gun. The math isn't in the terrorist's favor.

There also isn't room to get away from angry passengers. They're probably going to overwhelm terrorists with guns relatively quickly.

[triceratops]

Why would they have guns? Even pre-TSA airports used metal detectors.

[thaumasiotes]

Your examples are unlike each other.

What stops people from speeding more than they already do is enforcement. The law isn't doing anything.

But the TSA isn't a law. The TSA is, notionally, the enforcement. And it doesn't do anything either.

So the TSA really is pointless. If you drive around at 30 mph over the limit, you're going to get a ticket, and this traffic cop presence stops people from speeding "too much". If you smuggle explosives onto an airplane, you may die in the crash, but that would have happened regardless of the TSA. The TSA hasn't added any value.

[brookst]

The examples are similar in that they demonstrate that reducing probability is a reasonable goal, and it is a mistake to say anything imperfect is useless.

Your take on TSA seems to be in the imperfect=useless camp. There are good ROI, efficiency, and philosophical reasons to want to abolish TSA, but it seems naive to say there is zero value and their mere existence has not deterred anyone.

[maxbond]

I think the problem with these examples is that they conflate instrumental goals with terminal goals.

People speed to get to a destination faster or to relieve their frustration on the road (street racers notwithstanding). If the cost of speeding increases they'll speed much less, because they're more interested in their terminal goal. There's a lot of elasticity here.

Attacking a plane is a terminal goal for terrorists. If it gets harder, they'll do it somewhat less or pursue softer targets. But there's much less elasticity here. So it's less clear that more security measures will result in fewer deaths.

That doesn't imply the TSA is useless but I think it might be clarifying to the discussion.

[thaumasiotes]

> There are good ROI, efficiency, and philosophical reasons to want to abolish TSA, but it seems naive to say there is zero value and their mere existence has not deterred anyone.

Are you familiar with the TSA's measured efficiency? It's not naive at all to say that, below a certain detection threshold, the deterrence value is zero.

Compare https://www.loweringthebar.net/2015/06/tsa-successfully-pass... .

You'll notice that what I actually said was "[the TSA doesn't] do anything", which is accurate in a context of accident prevention. I didn't call them imperfect. I called them useless directly. It isn't the case that they do some good work and some bad work. They don't do anything that is useful in any degree.

[adgjlsfhk1]

the problem with TSA is that their effectiveness is near 0. every time there have been tests, ~3/4ths of bombs/guns go straight through. you'd get better accuracy out of a monkey pointing at whoever happens to have a banana in their bag