Method circumventing new laws - SESTA/FOSTA

[mathguy]

As promised I will outline one way website operators and hobbyists can (or will) circumvent the new SESTA/FOSTA laws.

First some background info and technical setup discussion.

What is Protonmail?
Protonmail is a secure email platform which is based in Switzerland. There is no US jurisdiction. The data is entirely encrypted as long as you communicated Proton to Proton account (not to a Google or Yahoo account, for example). ProtonMail cannot give out any details anyway b/c they do not have them. All email is encrypted. Not even ProtonMail can read it (even if they wanted to).

Ok, so what does that have to do with anything? Well, ProtonMail is just the start. There are other secure email services too. Proton is just a good one. But more importantly ProtonMail also offers a solution called ProtonVPN. This is the key element.
There is a totally free version and one that gives you better access to multiple countries (30+) for a very small fee.
You can also use many other VPN services (Hide.Me is a great one).

What is ProtonVPN (or any VPN service such as Hide.Me or Windscribe)?
VPN's secure a virtual private network using your existing connection. Basically it creates an encrypted private network with it's own IP, encrypted data, and so on. Most importantly though by using these VPN services you can choose a country to "originate" from.

How does this help?
A website operator will be able to establish an offshore website allowing anyone who has an IP originating from a particular "country" that is not in the US to connect to the site and use it without having broken a law.

At the very least it won't be harmful to website operators. If *anything* (a big if) it would be the person who chose to use a VPN and claim they came from a different country that broke the rules. However, that's no different than a prostitute today breaking the law by engaging in "commercial sex for sale".

The point is it takes the pressure away from the website operator. The hassle is that it means the community has to become technically capable of this and aware (it's not hard, but it's a small process).

Is it a huge hassle?
Not really. It's a hassle in that the hobby community has to learn to do this; though it's pretty easy from the users end. However, yes, they have to become aware of being able to use these VPN services along with encrypted email systems. So it's a small hassle in that regard.

---

Additional Notes (with a simpler explanation for those who are still confused):

This might be difficult for some of you to understand so let me try to explain it very simply.

1. When you connect to a VPN service, you are creating a special encrypted channel through your router, to the VPN service.
2. The VPN service is allowing you to connect to any of a variety of different VPN country providers (such as Asia, Russia, Netherlands, South America, Swiss, Germany, etc, etc, etc).
3. What happens once connected is that your IP and ALL traffic from your computer will now come from that country you selected a connection to.
4. Your computer will no longer have the IP, or even appear or be traceable to, the IP that your internet provider (TimeWarner, Spectrum, Cox, Verizon, Grande, AT&T, etc) has provided to your router.

You will for all intents and purposes now be a person who is browsing the internet from "Germany" (just as an example - or whatever country you chose).

Your real IP (the one your router gets from your internet provider) will be unknown and untraceable. You will essentially be a person "coming from that country" over the internet.
You will even be able to check this by looking at a site like www.whatismyip.com before connecting to the VPN which will show your routers public IP.
After you connect to the VPN if you visit www.whatismyip.com again you will see a completely different public IP for your router (depending on which country you selected).
It will have nothing to do with your routers IP. You are now, once connected to another country via VPN service, "no longer on your local network". You don't exist there. You exist in the country you are connected to and on that network.

This is just one of various methods to get around the new laws. Like I've said before I don't believe the new laws are even going to affect the "hobby" community in so much as that is not who they are going to go after. They are going to go after really bad trafficking organizations and large criminal enterprises, particularly with ties to human trafficking or minors or child pornography.

-MG

[britttany_love]

OH2 does not allow you to use TOR, VPN, proxy or hidden IP.

[mathguy]

OH2 does not allow you to use TOR, VPN, proxy or hidden IP.

Yes, correct. You are rjght. My post wasn't about OH2. It was about website operators setting up new sites to circumvent the legal issues, which would target them, and how a hobbysist/provider could still connect.

OH2 would also need to do this to stay completely safe, but , once again, I really don't believe places like OH2 (or similar) will be targeted. This would mean they have to remove the Tor and VPN detection algorithm though.

Also, just an FYI OH2 can only make "best guesses" about if an IP comes from a VPN, TOR, etc... It does this by using software that tries to determine the IP origin along with heuristics that would suggest the origin of the IP from a questionable place, or block of known bad IPs, countries, etc.

At any rate my post was mainly about how new websites, or even an updated OH2 site (without the Tor/Onion/VPN spammer and country IP heuristics detection), could completely bulletproof themselves against the new laws. There are other ways too, this is just one method I've described.

Oh, and can still leave the Tor and VPN heuristics detection in place for questionable IP ranges, known spammers, countries we don't wish to interact with, etc... but you would need to make it less strict. Then just let the VPN connecters know which countries have approved IP ranges.

[TR1955]

I've never been able to access this site from overseas. I asked CK about this once and he said, "system securithy blocks IPs commonly used by spammers, scammers and jammers. Most of which are overseas of course."

I've used hide.me, but with a US proxy as a workaround. But that's the opposite of what mathguy's suggested. hide.me won't work with an overseas proxy.

[redmoney]

One site that has legally persisted through the legal bs has marketed itself as a social networking site. Some rules are no explicit photos, no menu or rates, no reviews, etc. The only review system it has just states whether an individual is safe or not. When contacting another person you can private message them for info and then proceed as regular from there. There are sections for members to talk about hobby related things, but anything that violates the rules gets removed by the community.
It's the world's oldest profession and nobody is going to stop it.

[coitusmaximus]

OH2 does not allow you to use TOR, VPN, proxy or hidden IP.

I always use a VPN - no issues here! What I haven't tried is routing through another countries servers...

FWIW, I use a paid VPN service as well, perhaps that helps keep me away from blocked lists.

[mathguy]

I've never been able to access this site from overseas. I asked CK about this once and he said, "system securithy blocks IPs commonly used by spammers, scammers and jammers. Most of which are overseas of course."

I've used hide.me, but with a US proxy as a workaround. But that's the opposite of what mathguy's suggested. hide.me won't work with an overseas proxy.

Yep, TR1955 that's correct. This site (OH2) uses software that tries to determine if an IP is "safe". There are a few ways to do that. One way is to create a list of IP ranges that are simply blocked by adding them to a "blocked IP database" the software/router is using. Another way, in addition to the previous (you might do both), is the software can also inspect the IP, determine the country origin, and decide if it's from a "safe" location. It can do it simply by just blocking *anything* from, say, "North Korea" or it could be more sophisticated where it will allow certain legitimate ones from that location but other ones will be known blocks of IP's that are part of "Dark Web" or scammer or hacker sites in which it will reject the connection.

It's done to block from spammers, scammers, or countries that have lots of malware, hacking, and so on. It is also one way you can employ to help combat against people creating multiple fake accounts.

The method I described is a totally new approach for the entire hobby.
It's not a way to do it right *now* (i.e. currently on OH2). No. Rather, it's an entire paradigm shift the entire hobby community would need to make.

OH2 would have to change policies regarding Tor/VPN heuristic detection for what I described to work properly. This is just a way the whole U.S. community, including OH2 (if they ended up choosing to eventually), could get around any new laws.

I think my message got misconstrued. So let me clear it up once again:

1. This was not a way that any of you (hobbyist or provider), right now, can do this method. And definitely not for this site (as of now).

2. This was a description of how the whole community could work and change in introducing new websites and how hobbyist's and providers could connect to those sites.

So, in simple summary (in the "new" hobby world, using my method it would work like this):

1. New site comes online
2. Site is offshore (obviously)
3. Site only allows connections from non-US customers (checks their IP origination)
4. US customers connect to any of a number of VPN services in a country of their choosing which makes their IP traffic come from that country
5. US customer, now connected to a virtual network, with a virtual IP, in another country, can now easily connect to the site
6. The site is not breaking any laws b/c it only allows non-US connections

I hope this helps clear it up some. It's not something you can do now. Don't try (it won't work now, especially not with OH2)
It was a way to bring about a discussion and talks on circumventing the new laws.
It would only apply to building new websites or websites (such as OH2) which change their policy about VPN detection.

-MG

[mathguy]

OH2 does not allow you to use TOR, VPN, proxy or hidden IP.

I always use a VPN - no issues here! What I haven't tried is routing through another countries servers...

FWIW, I use a paid VPN service as well, perhaps that helps keep me away from blocked lists.

Coitumaximus, yes, that's what I was saying in my other posts.
It's not the paid VPN that allows you to connect. However, that probably doesn't hurt because then your VPN service let's you connect to "premium" VPN servers/connectors in good quality countries.
The totally free VPN's usually just pick a location at random or only give you a few to select from (and the selection are low quality or objectionable locations and IP block ranges).

Again, the detection which OH2 does is not foolproof; nor is it even meant to block ALL Tor or VPN.

What it does is try to determine if the IP is from a block of IP's which is known to have a heavy use of hackers, malware, viruses, scammers, etc...

It uses some simple algorithms, heuristics, and databases to do this. It's not perfect though. You can definitely connect to OH2 with VPN or Tor depending on the IP or country you have been allocated or connected to. It just depends. That still doesn't fix or do what I described above though.

The website operators needs to institute policies that only allow non-U.S. visitors and then the hobby users use VPN/Tor to connect via another country through an encrypted tunnel. But the issue is the website operators need to set this up, put the disclaimers up, the TOS, the technology to check the IP, or at least a banner saying you agree you are not from the US, etc... The users are not the problem. The users have always been breaking the law. Always.

The problem with SESTA/FOSTA is it attacks the website owners and makes what they do "criminal" and takes away the "safe harbor" package (which is a huge freedom of speech issue but that's for another time). So the websites need to institute these policies and technology I described above and then the community users need to use VPN or Tor to make sure they are coming from another country (not the US).

Everyone please read my prior post, just above this one. This is not something you can do right now anyway. Not the way I described. This is something that website operators and the hobby community users would need to adopt as new sites emerge.

My point was really about the web proprietors. It's to protect them. They need to put up disclaimers as well as TOS that each user has to agree to and they need to do an IP check and not allow any U.S. originated IP's to connect. By doing this the website operator is in compliance. They are not allowing anyone to connect that is not outside the U.S. It's the website operators that are voluntarily going down for fear of being targeted. I don't think they will be. As I've said many times. It's not the governments focus. However, that method I described is one way they can circumvent it.

Now, that said, are the users possibly "breaking a law" by pretending to come from another country? Well, maybe. That's hard to say how that would play out in court. However, all the users, hobbyist and provider alike have been "breaking the law" for a decade plus with ANY of these sites by engaging in "commercial sex".

It's the website operators that got hit by the new SESTA/FOSTA laws (and indirectly that affects all sex workers). So, I'm just saying this method would protect them. Which protects the sites. If the sites are protected then the sex workers are protected.

[AmbreeAustin]

Yep, TR1955 that's correct. This site (OH2) uses software that tries to determine if an IP is "safe". There are a few ways to do that. One way is to create a list of IP ranges that are simply blocked by adding them to a "blocked IP database" the software/router is using. Another way, in addition to the previous (you might do both), is the software can also inspect the IP, determine the country origin, and decide if it's from a "safe" location. It can do it simply by just blocking *anything* from, say, "North Korea" or it could be more sophisticated where it will allow certain legitimate ones from that location but other ones will be known blocks of IP's that are part of "Dark Web" or scammer or hacker sites in which it will reject the connection.

It's done to block from spammers, scammers, or countries that have lots of malware, hacking, and so on. It is also one way you can employ to help combat against people creating multiple fake accounts.

The method I described is a totally new approach for the entire hobby.
It's not a way to do it right *now* (i.e. currently on OH2). No. Rather, it's an entire paradigm shift the entire hobby community would need to make.

OH2 would have to change policies regarding Tor/VPN heuristic detection for what I described to work properly. This is just a way the whole U.S. community, including OH2 (if they ended up choosing to eventually), could get around any new laws.

I think my message got misconstrued. So let me clear it up once again:

1. This was not a way that any of you (hobbyist or provider), right now, can do this method. And definitely not for this site (as of now).

2. This was a description of how the whole community could work and change in introducing new websites and how hobbyist's and providers could connect to those sites.

So, in simple summary (in the "new" hobby world, using my method it would work like this):

1. New site comes online
2. Site is offshore (obviously)
3. Site only allows connections from non-US customers (checks their IP origination)
4. US customers connect to any of a number of VPN services in a country of their choosing which makes their IP traffic come from that country
5. US customer, now connected to a virtual network, with a virtual IP, in another country, can now easily connect to the site
6. The site is not breaking any laws b/c it only allows non-US connections

I hope this helps clear it up some. It's not something you can do now. Don't try (it won't work now, especially not with OH2)
It was a way to bring about a discussion and talks on circumventing the new laws.
It would only apply to building new websites or websites (such as OH2) which change their policy about VPN detection.

-MG

God you freaking turn me on

[SimplyEcstatic]

Just one tiny correction, a VPN does not make your real IP address untraceable or unidentifiable. It just takes additional effort to follow the trail to your IP address. It is a very important detail that kind of nullifies the purpose of this should a federal agency actually be targeting you specifically.

[SimplyEcstatic]

Also to be clear with encryption, encrypted data does not mean it can never be decrypted and yes proton mail can decrypt data just like any other encryption service can decrypt their own data. They purely claim not to be able to because the process and idea itself is too complex for the general public to be expected to fully comprehend and it would be an international dilemma if they did such a thing without federal (or some comparable entity in other nations) involvement. The accounts literally decrypt the data upon receiving it which means each account has its own decryption formula. They claim they cannot decrypt it although it is literally decrypted constantly and was programmed by somebody in the company. If you do not believe me, then take a look at real world examples. Sony was hacked just a couple of years ago and a ton of ‘encrypted’ data was accessed and stolen including credit cards and personal information. When iCloud took a huge hit for celebrity photos, security was loopholed simply by gaining access to a person’s account which is the same as gaining access to the decryption code through much simpler means (I bet this makes some people rethink their password choices). Did you know one of the ways that China mimicks American companies and replicates products is by accessing and decrypting secure data from companies in the US? If simply encrypting data and using a VPN meant you were entirely secure and invisible, there would be no more hacking and the FBI/CIA would be almost entirely useless since most criminals would just go this route. I am not trying to alarm anybody, and VPNs are still awesome since I doubt any of us are committing crimes on a scale that would draw attention from federal agencies. I do however want you to be informed and be aware the information in this thread is not entirely accurate and absolutely do not create a website in violation of these laws using these means as your only security while inside the US. If it were this simple then so many websites would not have removed large portions of content and other websites would not have shut down and ceased to exist. I apologize for coming at your thread, it is a situation that could lead someone down the wrong path so I had to provide additional information.

[ck1942]

Folks, there's way many misconceptions about VPNs TORs proxies, etc. out there.

Here's my take:

If your IP shows banned or blocked on oh2, likely you are using a TOR, VPN, proxy or hidden IP in your browser and many are blocked due to spammers and jammers associated with those IPs. Use a clear cell or ISP signal to avoid the IP issues.

As far as VPNs go, they really don't hide much of anything except the content of your traffic. If you happen to be using an unprotected wi-fi at Starbux, you are still exposed.

And, when you consider that your hardware (iPhone) is almost always tracking where you explore on the 'net, plus marks your GPS location ... worse, if you are using Chrome, Firefox, Safari, Edge, those browsers are notorious for know where and when you are, much as your cell carrier does the same.

So, fwiw, the VPM hides only the content of your message.

What you really really need to do for basic protection of your hardware and software:

If you hobby, as all here obviously do, use a hobby hardware that is totally separate from your personal hardware. And, for added basic separation protection, your personal cell service should be from a carrier that is NOT your hobby carrier.

But, since the above is unlikely, at least use different browsers on hobby vs personal hardware, to make it more difficult for browser/IP tracking.

Some of the most simple and most basic DON'Ts!

Do not have multiple FaceBook, LinkedIn, etc. social accounts. These providers are keen to glean your info and send you "possible friedt" notices. The social media will also send your profile to others, suggesting possible friends.

If you don't believe me, check your more recent FB friend suggestions and see how far out those connections really are.

Wait! ^^^^ remember when you check FB that site now grabs more data about you.

The very most basic is keep your hobbying and your personal lives separate. If you are out and about with personal buds, do not expose your hobby phone or hobby screen to check messages or updates on hobby life. Do not howdy any hobby person if you see them in public.

Common sense rules.

Cover your basics, and if you really feel "authorities" are possibly checking up on you, check up on yourself -- google your personal data from time to time and your hobby data from time to time.

^^^ But if you want to make sure that

Edge/Chrome/Google/Firefox/FaceBook/LinkedIn et al are ot tracking you,

do your checks from your public library hardware, not your personal or hobby hardware.

ijs

[Crock]

Just one tiny correction, a VPN does not make your real IP address untraceable or unidentifiable. It just takes additional effort to follow the trail to your IP address. It is a very important detail that kind of nullifies the purpose of this should a federal agency actually be targeting you specifically.

Folks, there's way many misconceptions about VPNs TORs proxies, etc. out there.

Here's my take:

As far as VPNs go, they really don't hide much of anything except the content of your traffic. If you happen to be using an unprotected wi-fi at Starbux, you are still exposed.

Sorry, but you guys are wrong about this. If you are using a reputable VPN that doesn't keep logs, your real IP is not identifiable from the far side (they can't track it back to you if they don't already know who you are).

There are other ways of identifying you (using so-called "browser fingerprints"), but there are some simple precautions you can take to eliminate those concerns (such as blocking scripts and using a dedicated browser in incognito mode for hobby browsing).

And if they're already targeting you for some reason, then don't worry about the VPN because you're already screwed.

[SimplyEcstatic]

Sorry, but you guys are wrong about this. If you are using a reputable VPN that doesn't keep logs, your real IP is not identifiable from the far side (they can't track it back to you if they don't already know who you are).

There are other ways of identifying you (using so-called "browser fingerprints"), but there are some simple precautions you can take to eliminate those concerns (such as blocking scripts and using a dedicated browser in incognito mode for hobby browsing).

And if they're already targeting you for some reason, then don't worry about the VPN because you're already screwed.

I can tell you feel pretty strong about that but what I stated is entirely accurate. Your IP address is not just a fart in the wind just because you used a reputable VPN or proxy or any other variation of the sort. Incognito mode doesn’t protect you from the law either. These things will keep you safe from somebody who isn’t well versed in the digital world but that is about it. I find it interesting some people think they have the world of crime figured out, please contact all the crime syndicates to let them know you can keep them protected from the law by hiding behind VPNs, I’m sure they will be quite ecstatic and provide you with enormous amounts of cash. Don’t forget to reach out to everyone in China that has their internet locked down to let them know you have the key to their freedom with just a few clicks.

You can get people into serious legal trouble by spreading misinformation should they decide to believe you and follow it. If VPN hid you perfectly then it wouldn’t matter if the law was targeting you, you essentially contradicted yourself in your own statement.

[Crock]

I can tell you feel pretty strong about that but what I stated is entirely accurate.

What you originally stated is not accurate. What you are saying now is accurate only because you're using vague terms. If you are a bit more precise in your speech, you'll be helpful to everyone.

If someone is looking for you from the distant end (from a website) and you're using a VPN, they will not be able to track you down using your IP address. The VPN prevents that (assuming they don't keep logs).

If someone is looking for you from the distant end and you're using a VPN, they will not be able to track you down using your browser fingerprint if you use incognito mode and block scripts.

If someone already knows who you are and wants to know what you're doing, none of this matters. Your data can be intercepted in many different ways at that point.