Order was amended, that’s not longer the case. If you copy+paste an order saying that, say, Chiquita can’t do business in Brazil any more you’d also attach such conditions, that Brazilian companies are forbidden from circumventing the ban by making business with Chiquita outside of Brazil. So it’s more of a “oh that part doesn’t make sense in this case” situation, not “let me come up with something extraordinary to make things worse”.
Blocking things without outlawing VPN access is quite easy: Tell ISPs to take twitter off their DNS servers, with infrastructure the size of twitter you can also blackhole their whole IP range so they’re unreachable even if you use a non-brazilian DNS server.
Blocking VPNs? Well you could tell VPNs that they’re ISPs and also need to block twitter for their Brazilian customers. That’d actually make sense. Wouldn’t affect the likes of tor at all.
with infrastructure the size of twitter you can also blackhole their whole IP range
Just one note, services the size of Twitter typically use cloud infrastructure so if you block that indiscriminately you risk blocking a lot of unrelated stuff.
Their load balancers are at least bound to have dedicated addresses, maybe IP range was a bit overzealous.
In any case it’s not going to be an issue of blocking port 80 on one IP and finding out that it serves five hundred semi-unrelated domains. Unrelated short of all using the same wordpress or whatnot hoster, that is.
short of all using the same wordpress or whatnot hoster, that is.
That’s the thing, that’s common practice. It’s basically a given nowadays for shared web hosting to use one IP for a few dozen websites, or for a service to leverage a load/geo-balancer with 20 IPs into a CDN serving static assets for thousands of domains.
Order was amended, that’s not longer the case. If you copy+paste an order saying that, say, Chiquita can’t do business in Brazil any more you’d also attach such conditions, that Brazilian companies are forbidden from circumventing the ban by making business with Chiquita outside of Brazil. So it’s more of a “oh that part doesn’t make sense in this case” situation, not “let me come up with something extraordinary to make things worse”.
Blocking things without outlawing VPN access is quite easy: Tell ISPs to take twitter off their DNS servers, with infrastructure the size of twitter you can also blackhole their whole IP range so they’re unreachable even if you use a non-brazilian DNS server.
Blocking VPNs? Well you could tell VPNs that they’re ISPs and also need to block twitter for their Brazilian customers. That’d actually make sense. Wouldn’t affect the likes of tor at all.
Just one note, services the size of Twitter typically use cloud infrastructure so if you block that indiscriminately you risk blocking a lot of unrelated stuff.
Their load balancers are at least bound to have dedicated addresses, maybe IP range was a bit overzealous.
In any case it’s not going to be an issue of blocking port 80 on one IP and finding out that it serves five hundred semi-unrelated domains. Unrelated short of all using the same wordpress or whatnot hoster, that is.
That’s the thing, that’s common practice. It’s basically a given nowadays for shared web hosting to use one IP for a few dozen websites, or for a service to leverage a load/geo-balancer with 20 IPs into a CDN serving static assets for thousands of domains.