Prominent backbench MP Sarah Champion launched a campaign against VPNs previously, saying: “My new clause 54 would require the Secretary of State to publish, within six months of the Bill’s passage, a report on the effect of VPN use on Ofcom’s ability to enforce the requirements under clause 112.
"If VPNs cause significant issues, the Government must identify those issues and find solutions, rather than avoiding difficult problems.” And the Labour Party said there were “gaps” in the bill that needed to be amended.
I don’t think it’s even possible to get rid of VPNs without outright banning encryption. If I set up a VPN that uses an obscure port and the traffic is encrypted, how are they going to know it’s even a VPN?
Attached below is a Wireshark trace I obtained by sniffing my own network traffic.
I want to draw your attention to this part in particular:
Underneath “User Datagram Protocol”, you can see the words “OpenVPN Protocol”. So anyone who sniffs my traffic on the wire can see exactly the same thing that I can. While they can’t read the contents of the payload, they can tell that it’s OpenVPN traffic because the headers are not encrypted. So if a router wanted to block OpenVPN traffic, all they would have to do is drop this packet. It’s a similar story for Wireguard packets. An attacker can read the unencrypted headers and learn
You’re using the default port though, are you not? If the source port were not 1194, a port associated with openvpn, would wireshark still identify this as openvpn traffic?
Wireshark can’t but there are other methods, such as checking for the known OpenVPN protocol opcodes in the headers:
They’re going to know it’s VPN fairly easily because it’s fairly obvious what you’re doing when all or most of your traffic is encrypted and is directed at one or two addresses. Even more obvious if those one or two addresses happen to belong to known VPN or VPS providers or something.
Traffic patterns. There’s always ways to tell.