How hard is it to really ban VPN's technically without going full "North Korea" with the tech of today!? Turns out, actually really hard. How do we know ? Well, the world's biggest surveillance state in China has been trying for a long time and despite some advances, to this day they struggle. Let us have a little walk along "VPN ban lane". 1/

1. The easy way : Ban VPN's on app stores and forbid VPN providers to offer their services in your country. That is probably one of the more successful routes. As most internet users are technically not very well versed, use often mobile devices with "walled gardens" ( like iPhones ) and are often more interested in comfort than learning new skills, banning commercial VPN's for consumers at this level actually is quite effective. China does it and it works more or less. You have to accept some level of "black market", but if you build a good perimeter in the App Store and get manufacturers to forbid side loading, you are definitely limiting the access for a big part of your population. You can maybe also get the providers on board like Apple to maybe do constant surveillance no the device itself. But that needs serious buy-in from them and probably pushes the economical pull of most countries beyond what the suppliers would accept. China is trying on that front, but is not there yet. Maybe the US could enforce it through its market power. 2/

2. Ban IP ranges of known VPN providers: This is the second most effective measure. As most commercial VPN providers only sit on a limited range of IP addresses, it is possible to try to limit your citizens devices from connecting to those, especially if they are in foreign countries. You would need some sort of national firewall for it. It comes with a price tag and the VPN providers might change and expand their IP ranges, but maybe eventually they figure out that the squeeze is not worth the juice and you win. But most likely it will turn into a game of whack-a-mole. 3/

3. Ban VPN protocols on your network: Now we are getting quite technical and something the Chinese have worked on for many years. Deep Packet Inspection baby, plus traffic fingerprinting, end point probing...the whole shebang. It's fun, costly and technically challenging. You need a pretty sophisticated online traffic monitoring system. Sure, AI might increasingly help you out. But then there is also a lot of encrypted traffic ( TLS mainly ) on the web, which those pesky VPN's can try to hide in. Puts a lot strain also you might drop "legit" traffic at times. It also needs an incredibly promiscuous national legal framework. So, also start to rewrite basic laws. 4/

4. Bring your own network protocol : Now we are talking. The nuclear option from the future. Establish your own internet protocol, that is incompatible with the rest of the world, making most VPN services useless ( goodbye TCP/IP ). Think single gauge and wide gauge railways. Just have dedicated national gateways that only accept data packages they can clearly inspect and identify before they "translate" them to your proprietary protocol stack. Nothing goes past that. You might also tank your economy and it isolates yourself from the world in the process but hey ho. For 90% of all the countries this is not feasible ( technically and economically ), though, swing for the fences. Even the Chinese have not managed that yet. 5/

5. Get everyone on board, ban hosting and using VPNs network wide, even beyond your borders: Talk to your friends and partners abroad. Get everyone to agree that on privately hosted VPS systems in 2/3rds of the world, nobody is allowed to host VPN Servers. The hosting providers need to enforce it. The manufacturers of OS's also get on board. Constant monitoring of devices and whole IT infrastructures required. Not just your phone. EVERYTHING, all the time. Build legal framework to outlaw encrypted network traffic all together. The technical requirements are immense and this is a surveillance fever dream, but probably too far away from reality in our world of today. 6/

Of course, I have left out some niche scenarios and you can mix and match the above scenarios to fine tune your approach. But China tried a lot of this and somehow could not make it stick. Though their aim was mainly to keep the masses off it, which worked, and then just whack the occasional violator with a range of punishments, just to "send a message". But has it stopped Chinese citizens from "climbing over the wall", no. It did not. But it "corralled" the problem. 7/

So, what's the moral of this post ? I guess many users also in the west bet on the circumstance that their governments could not infringe heavily on their online usage. They surrendered themselves to comfortable solutions for their digital devices that ultimately created pain points that can be easily exploited. Technical advancements were celebrated for the cost of having a more open "architecture". That is how you end up with an iPhone. The open source scene was often belittled as "backward" nerds, that stand in the way of the "cool progress" that the sleek companies promised. Maybe for the future we should all think about how we want our digital infrastructure to be designed. Rant over...