The internet kicked off the week the way that many of us often feel like doing: by refusing to go to work. An outage at Amazon Web Services rendered huge portions of the internet unavailable on Monday morning, with sites and services including Snapchat, Fortnite, Venmo, the PlayStation Network and, predictably, Amazon, unavailable for a short period of time.

The outage began shortly after midnight PT, and took Amazon around 3.5 hours to fully resolve. Social networks and streaming services were among the 1,000-plus companies affected, and critical services such as online banking were also taken down. You’ll likely find most sites and services functioning as usual this morning, but some knock-on effects will probably be seen throughout the day.

AWS, a cloud services provider owned by Amazon, props up huge portions of the internet. So when it went down, it took many of the services we know and love with it. As with the Fastly and Crowdstrike outages over the past few years, the AWS outage shows just how much of the internet relies on the same infrastructure — and how quickly our access to the sites and services we rely on can be revoked when something goes wrong. The reliance on a small number of big companies to underpin the web is akin to putting all of our eggs in a tiny handful of baskets. 

When it works, it’s great, but only one small thing needs to go wrong for the internet to come to its knees in a matter of minutes.

How widespread was the AWS outage?

Just after midnight PT on October 20, AWS first registered an issue on its service status page, saying it was «investigating increased error rates and latencies for multiple AWS services in the US-EAST-1 Region.» Around 2 a.m. PT, it said it had identified a potential root cause of the issue, and within half an hour, it had started applying mitigations that were resulting in significant signs of recovery. 

«The underlying DNS issue has been fully mitigated, and most AWS Service operations are succeeding normally now,» AWS said at 3.35 a.m. PT. The company didn’t respond to request for further comment beyond pointing us back to the AWS health dashboard.

Around the time that AWS says it first began noticing error rates, Downdetector saw reports begin to spike across many online services, including banks, airlines and phone carriers. As AWS resolved the issue, some of these reports saw a drop off, whereas others have yet to return to normal. (Disclosure: Downdetector is owned by the same parent company as CNET, Ziff Davis.)

Around 4 a.m. PT, Reddit was still down, while services including Ring, Verizon and YouTube were still seeing a significant number of reported issues. Reddit finally came back online around 4.30 a.m. PT, according to its status page, which was then verified by us.

In total, Downdetector saw over 6.5 million reports, with 1.4 million coming from the US, 800,000 from the UK and the rest largely spread across Australia, Japan, the Netherlands, Germany and France. Over 1,000 companies in total have been affected, Downdetector added.

«This kind of outage, where a foundational internet service brings down a large swathe of online services, only happens a handful of times in a year,» Daniel Ramirez, Downdetector by Ookla’s director of product told CNET. «They probably are becoming slightly more frequent as companies are encouraged to completely rely on cloud services and their data architectures are designed to make the most out of a particular cloud platform.»

What caused the AWS Outage?

AWS hasn’t shared full details about what caused the internet to fall off a cliff this morning. The likelihood is that now it’s deployed a fix, its next step will be to investigate what went wrong.

So far it’s attributed the outage to a «DNS issue.» DNS stands for the Domain Name System and refers to the service that translates human-readable internet addresses (for example, CNET.com) into machine-readable IP addresses that connects browsers with websites.

When a DNS error occurs, the translation process cannot take place, interrupting the connection. DNS errors are common are common internet roadblocks, but usually happen on small scale, affecting individual sites or services. But because the use of AWS is so widespread, a DNS error can have equally widespread results.

According to Amazon, the issue is geographically rooted in its US-EAST-1 region, which refers to an area of North Virginia where many of its data centers are based. It’s a significant location for Amazon, as well as many other internet companies, and it props up services spanning the US and Europe.

«The lesson here is resilience,» said Luke Kehoe, industry analyst at Ookla. «Many organizations still concentrate critical workloads in a single cloud region. Distributing critical apps and data across multiple regions and availability zones can materially reduce the blast radius of future incidents.»

Was the AWS Outage caused by a cyberattack?

DNS issues can be caused by malicious actors, but there’s no evidence at this stage to say that this is the case for the AWS outage.

Technical faults can, however, pave the way for hackers to look for and exploit vulnerabilities when companies’ backs are turned and defenses are down, according to Marijus Briedis, CTO at NordVPN. «This is a cybersecurity issue as much as a technical one,» he said in a statement. «True online security isn’t only about keeping hackers out, it’s also about ensuring you can stay connected and protected when systems fail.»

In the hours ahead, people should look out for scammers hoping to take advantage of people’s awareness of the outage, added Briedis. You should be extra wary of phishing attacks and emails telling you to change your password to protect your account.

On Sept. 11, Michigan representatives proposed an internet content ban bill unlike any of the others we’ve seen: This particularly far-reaching legislation would ban not only many types of online content, but also the ability to legally use any VPN.

The bill, called the Anticorruption of Public Morals Act and advanced by six Republican representatives, would ban a wide variety of adult content online, ranging from ASMR and adult manga to AI content and any depiction of transgender people. It also seeks to ban all use of VPNs, foreign or US-produced. 

Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.

VPNs (virtual private networks) are suites of software often used as workarounds to avoid similar bans that have passed in states like Texas, Louisiana and Mississippi, as well as the UK. They can be purchased with subscriptions or downloaded, and are built into some browsers and Wi-Fi routers as well.

But Michigan’s bill would charge internet service providers with detecting and blocking VPN use, as well as banning the sale of VPNs in the state. Associated fines would be up to $500,000.

What the ban could mean for VPNs

Unlike some laws banning access to adult content, this Michigan bill is comprehensive. It applies to all residents of Michigan, adults or children, targets an extensive range of content and includes language that could ban not only VPNs but any method of bypassing internet filters or restrictions. 

That could spell trouble for VPN owners and other internet users who leverage these tools to improve their privacy, protect their identities online, prevent ISPs from gathering data about them or increase their device safety when browsing on public Wi-Fi.

Read more: CNET Survey: 47% of Americans Use VPNs for Privacy. That Number Could Rise. Here’s Why

Bills like these could have unintended side effects. John Perrino, senior policy and advocacy expert at the nonprofit Internet Society, mentioned to CNET that adult content laws like this could interfere with what kind of music people can stream, the sexual health forums and articles they can access and even important news involving sexual topics that they may want to read. «Additionally, state age verification laws are difficult for smaller services to comply with, hurting competition and an open internet,» John added.

The Anticorruption of Public Morals Act has not passed the Michigan House of Representatives committee nor been voted on by the Michigan Senate, and it’s not clear how much support the bill currently has beyond the six Republican representatives who have proposed it. As we’ve seen with state legislation in the past, sometimes bills like these can serve as templates for other representatives who may want to propose similar laws in their own states.

Could VPNs still get around bans like these?

That’s a complex question that this bill doesn’t really address. When I asked NordVPN how easy it would be track VPN use, privacy advocate Laura Tyrylyte explained, «From a technical standpoint, ISPs can attempt to distinguish VPN traffic using deep packet inspection, or they can block known VPN IP addresses. However, deploying them effectively requires big investments and ongoing maintenance, making large-scale VPN blocking both costly and complex.»

Also, VPNs have ways around deep packet inspection and other methods. CNET senior editor Moe Long mentioned obfuscation like NordWhisper, a counter to DPI that attempts to make VPN traffic look like normal web traffic so it’s harder to detect.

There are also no-log features offered by many VPNs to guarantee they don’t keep a record of your activity, and no-log audits from third parties like Deloitte that, well, try to guarantee the guarantee. There are even server tricks VPNs can use like RAM-only servers that automatically erase data each time they’re rebooted or shut down.

If you’re seriously concerned about your data privacy, you can look for features like these in a VPN and see if they are right for you. Changes like these, even on the state level, are one reason we pay close attention to how specific VPNs work during our testing, and make sure to recommend the right VPNs for the job, from speedy browsing to privacy while traveling.

Correction, Oct. 9: An earlier version of this story incorrectly stated how RAM-only servers work. RAM-only servers run on volatile memory and are wiped of data when they are rebooted or shut down.

The internet kicked off the week the way that many of us often feel like doing: by refusing to go to work. An outage at Amazon Web Services (AWS) rendered huge portions of the internet unavailable on Monday morning, with sites and services including Snapchat, Fortnite, Venmo, the PlayStation Network and, predictably, Amazon, unavailable for a short period of time.

AWS is a cloud services provider owned by Amazon that props up huge portions of the internet. As with the Fastly and Crowdstrike outages over the past few years, the AWS outage shows just how much of the internet relies on the same infrastructure — and how quickly our access to the sites and services we rely on can be revoked when something goes wrong.

Just after midnight PT on October 20, AWS first registered an issue on its service status page, saying it was «investigating increased error rates and latencies for multiple AWS services in the US-EAST-1 Region.» Around 2 a.m. PT, it said it had identified a potential root cause of the issue, and within half an hour, it had started applying mitigations that were resulting in significant signs of recovery. 

«The underlying DNS issue has been fully mitigated, and most AWS Service operations are succeeding normally now,» AWS said at 3.35 a.m. PT. The company didn’t respond to request for further comment beyond pointing us back to the AWS health dashboard.

Around the time that AWS says it first began noticing error rates, Downdetector saw reports begin to spike across many online services, including banks, airlines and phone carriers. As AWS resolved the issue, some of these reports saw a drop off, whereas others have yet to return to normal. (Disclosure: Downdetector is owned by the same parent company as CNET, Ziff Davis.)

Around 4 a.m. PT, Reddit was still down, while services including Verizon and YouTube were still seeing a significant number of reported issues.