On Sept. 11, Michigan representatives proposed an internet content ban bill unlike any of the others we’ve seen: This particularly far-reaching legislation would ban not only many types of online content, but also the ability to legally use any VPN.

The bill, called the Anticorruption of Public Morals Act and advanced by six Republican representatives, would ban a wide variety of adult content online, ranging from ASMR and adult manga to AI content and any depiction of transgender people. It also seeks to ban all use of VPNs, foreign or US-produced. 

Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.

VPNs (virtual private networks) are suites of software often used as workarounds to avoid similar bans that have passed in states like Texas, Louisiana and Mississippi, as well as the UK. They can be purchased with subscriptions or downloaded, and are built into some browsers and Wi-Fi routers as well.

But Michigan’s bill would charge internet service providers with detecting and blocking VPN use, as well as banning the sale of VPNs in the state. Associated fines would be up to $500,000.

What the ban could mean for VPNs

Unlike some laws banning access to adult content, this Michigan bill is comprehensive. It applies to all residents of Michigan, adults or children, targets an extensive range of content and includes language that could ban not only VPNs but any method of bypassing internet filters or restrictions. 

That could spell trouble for VPN owners and other internet users who leverage these tools to improve their privacy, protect their identities online, prevent ISPs from gathering data about them or increase their device safety when browsing on public Wi-Fi.

Read more: CNET Survey: 47% of Americans Use VPNs for Privacy. That Number Could Rise. Here’s Why

Bills like these could have unintended side effects. John Perrino, senior policy and advocacy expert at the nonprofit Internet Society, mentioned to CNET that adult content laws like this could interfere with what kind of music people can stream, the sexual health forums and articles they can access and even important news involving sexual topics that they may want to read. «Additionally, state age verification laws are difficult for smaller services to comply with, hurting competition and an open internet,» John added.

The Anticorruption of Public Morals Act has not passed the Michigan House of Representatives committee nor been voted on by the Michigan Senate, and it’s not clear how much support the bill currently has beyond the six Republican representatives who have proposed it. As we’ve seen with state legislation in the past, sometimes bills like these can serve as templates for other representatives who may want to propose similar laws in their own states.

Could VPNs still get around bans like these?

That’s a complex question that this bill doesn’t really address. When I asked NordVPN how easy it would be track VPN use, privacy advocate Laura Tyrylyte explained, «From a technical standpoint, ISPs can attempt to distinguish VPN traffic using deep packet inspection, or they can block known VPN IP addresses. However, deploying them effectively requires big investments and ongoing maintenance, making large-scale VPN blocking both costly and complex.»

Also, VPNs have ways around deep packet inspection and other methods. CNET senior editor Moe Long mentioned obfuscation like NordWhisper, a counter to DPI that attempts to make VPN traffic look like normal web traffic so it’s harder to detect.

There are also no-log features offered by many VPNs to guarantee they don’t keep a record of your activity, and no-log audits from third parties like Deloitte that, well, try to guarantee the guarantee. There are even server tricks VPNs can use like RAM-only servers that automatically erase data each time they’re rebooted or shut down.

If you’re seriously concerned about your data privacy, you can look for features like these in a VPN and see if they are right for you. Changes like these, even on the state level, are one reason we pay close attention to how specific VPNs work during our testing, and make sure to recommend the right VPNs for the job, from speedy browsing to privacy while traveling.

Correction, Oct. 9: An earlier version of this story incorrectly stated how RAM-only servers work. RAM-only servers run on volatile memory and are wiped of data when they are rebooted or shut down.

The internet kicked off the week the way that many of us often feel like doing: by refusing to go to work. An outage at Amazon Web Services (AWS) rendered huge portions of the internet unavailable on Monday morning, with sites and services including Snapchat, Fortnite, Venmo, the PlayStation Network and, predictably, Amazon, unavailable for a short period of time.

AWS is a cloud services provider owned by Amazon that props up huge portions of the internet. As with the Fastly and Crowdstrike outages over the past few years, the AWS outage shows just how much of the internet relies on the same infrastructure — and how quickly our access to the sites and services we rely on can be revoked when something goes wrong.

Just after midnight PT on October 20, AWS first registered an issue on its service status page, saying it was «investigating increased error rates and latencies for multiple AWS services in the US-EAST-1 Region.» Around 2 a.m. PT, it said it had identified a potential root cause of the issue, and within half an hour, it had started applying mitigations that were resulting in significant signs of recovery. 

«The underlying DNS issue has been fully mitigated, and most AWS Service operations are succeeding normally now,» AWS said at 3.35 a.m. PT. The company didn’t respond to request for further comment beyond pointing us back to the AWS health dashboard.

Around the time that AWS says it first began noticing error rates, Downdetector saw reports begin to spike across many online services, including banks, airlines and phone carriers. As AWS resolved the issue, some of these reports saw a drop off, whereas others have yet to return to normal. (Disclosure: Downdetector is owned by the same parent company as CNET, Ziff Davis.)

Around 4 a.m. PT, Reddit was still down, while services including Verizon and YouTube were still seeing a significant number of reported issues.