People tend to be a lot more reasonable in person, and also if you listen to them first.
I can tell you that isn't entirely true. When they get a lot of messages about the same thing, or better still you meet them in person, they may keep giving you the 'party line response', but they will also be feeding back that there is discontent to the whips.
The UK has a strong tradition of safeguarding privacy while ensuring that appropriate action can be taken against criminals, such as child sexual abusers and terrorists. I firmly believe that privacy and security are not mutually exclusive—we can and must have both. The Investigatory Powers Act governs how and when data can be requested by law enforcement and other relevant agencies. It includes robust safeguards and independent oversight to protect privacy, ensuring that data is accessed only in exceptional cases and only when necessary and proportionate. The suggestion that cybersecurity and access to data by law enforcement are at odds is false. It is possible for online platforms to have strong cybersecurity measures whilst also ensuring that criminal activities can be detected.
Legislation like this does not make children safer, it makes everyone else less safe.
To stop it now we need a majority of MPs who are willing to take a political risk to reject it.
Which isn't going to happen.
Except the Lords can send back a law indefinitely until the Commons accepts it. There have been cases in which laws were sent back 60 times until what the Lords wanted was added. A house with hereditary posts with infinite veto power.
The UK is not democracy. It never was.
It is an utter waste of time. MPs already know about the concerns. They don't care. I wrote to my MP about many of these concerns in the past. You either get ignored, told you are enabling pedos, told there will be protections put in place (ignoring the whole point is that I don't trust the government), or you get a boilerplate reply.
Moreover The vast majority of people (unfortunately this includes people in my own family) have been propagandised to agree with all iffy censorship, monitoring and other spooky nonsense the UK state engages with.
If child-services knew a parent was constantly watching/leaving around adult-content near children, that'd be considered the parents fault. If a parent lets a kid watch anything they want on TV and the kid watches adult content, it's the parents fault. But if the parent gives the child a phone, and doesn't manage what apps they use or content they watch, now it's the companies fault?
If my younger self, went into a store to buy a bottle of Vodka, before I came of age at 18 here in Germany, it wasn't my parents fault. It was the shop that did not check my license that was liable.
If they sold me beer before I was 16, same situation. Analogous for cigarettes. Or me trying to enter an amusement arcade (with monetary gains possible, not just pinball like things.
So why should "online stores" / "arcades" / "non kid friendly/appropriate venues" be treated differently than brick and mortar ones?
Wouldn't that be the same argument?
For example, Apple and Google should provide tools for the parents to set up a device appropriately for a child, much like the shop should not sell alcohol to underage customers. Similarly, content producers should specifically need to label content targeted for children or specially 18+, like the producer of alcohol must warn customers on the label and inform the retailers.
Parents and caretakers need information to make an informed decisions before being able to consume the media themselves. They also need some granular tools on the device to avoid banning them entirely. The burden is shared between creator, distributor and consumer.
We already had laws for this and it makes sense for some type of access control to the open internet. The shocking part is the requirement for everyone to verify ID to multiple public and private institutions, more than once per.
An analogy for the UK now would be needing ID to enter the supermarket (access the internet), ID to look at anything aimed at adults and potentially harmful such as alcohol, chemicals, sugary food, medicine etc. (know "potentially harmful" subjects exist), ID to look at anything lawfully 18+ such as alcohol and cigarettes (view the content), then ID again to make the 18+ purchase from an account needing ID to open.
Except this can only be fair if they carded everyone who buys liquor, not only people who appear young, otherwise it's subjective, and businesses shouldn't be liable if a tall, bearded teen buys vodka, because he looks older than 18.
Of course, in reality, liquor store cashiers are allowed to judge subjectively, but VPN providers won't be allowed to. And they'll probably be asked to share records of registered adults in the future, given the repeated efforts to backdoor encryption in the same UK. This is unlikely to be only about protecting the children.
No big tech and browser makers did not put their hurds of developers to handle this and forced the governments to try more retarded solutions.
This big OSes should have a super easy activation procedure where a parent will enter the birthday of the account user and then the tech should do the magic,/
What are the current solutions for Android and iOS? To buy some apps and give them root permissions and they will filter out webpages or block entire domains ?
This is a hard problem, from about 0 to 18, kids go from being, well, kids, to being expected to be full adults and are expected to be able to deal with every liberty, every temptation that comes with it. There is no single best path to achieve this.
I want to educate my kids about sex, about alcohol, gambling, drugs, I want to teach them that the internet is a source of many good things, and many bad things. I'll make arrangements, determine the suitability of online materials, and will set boundaries together with my partner, thank you.
The failure here is two-sided.
One and the most glaring are the parents who let devices raise their children, this hasn't changed since before home computers were a thing.
Secondly it's a failure of the state for not educating both adults and teenagers on best practices when using online platforms to be safe. If they're interested enough in policing people's web habits, they can spend time and resources on educating the masses. The best time to start doing it was 20 years ago, the second best is now and it could take a decade plus for it to have a meaningful impact.
Also this is important. The UK, like it or not, is a nanny state. They like to use child safety as an excuse to police adult habits, and more important their speech. There's quite a few times they've admitted to this plainly without any ambiguity.
"The Online Safety Act 2023 (the Act) is a new set of laws that protects children and adults online"
https://www.gov.uk/government/publications/online-safety-act...
There's also examples of them being asked directly in interviews and they admit to wanting to police adults speech and content they consume online.
Australia is in a similar predicament and honestly most of the world is rolling towards this, just not as fast as the UK.
The UK unfortunately has incarcerated people for simply lifting cardboard signs saying Free Palestine. They've jailed people for innocuous social media posts on Facebook and other platforms.
I'm not proud of the USA for a lot of reasons, especially lately, but one thing that any and all Americans should be proud of is their Freedom of Speech protected by the First Amendment, it's the most American thing and one of the best aspects of America that other countries should aspire to, and I hope that the jabs Freedom of Speech has taken over the past decade doesn't make it crumble away.
Meanwhile the government and official accounts continue to use X even as they're trying to ban it. Mixed messaging.
Lead proponent of the VPN ban: https://en.wikipedia.org/wiki/John_Nash,_Baron_Nash; he's https://en.wikipedia.org/wiki/Centre_for_Policy_Studies again, the dead hand of Thatcherism.
Then we can get rid of the online safety act, no need to dox adults if we just ban the children.
Then when the government refuses to repeal the OSA, we can then have an open and honest discussion about the real reasons that act exists.
Being sarcastic, but at the same time...
Schools, yes 100%. Likewise mobile data plans.
Home internet? Could work, but I don't know how much time would be needed to transition any "do this on your computer" homework tasks. (Are there any?)
As one extra twist, the UK age-gates a lot of stuff at 16 rather than 18 in a way that is relevant here: back when I was at school myself, an era when writing letters to the editor of a newspaper was the closest most people had to a comments section, I noted the oddity that I was allowed to perform sexual acts at age 16 but wasn't allowed to photograph myself doing those things and couldn't buy videos of those things.
And between 16 and 18, the education choices in the UK are either A-levels, apprenticeships, or volunteering; I think mobile internet could reasonably be considered mandatory by that point in life.
https://en.wikipedia.org/wiki/Education_in_England#Post-16_e...
Now imagine that the local government has a website that can only be changed by contacting a web developer, who takes 1-2 business days to reply. It might not be as bad as that, but I wouldn't be surprised if that's the ballpark.
I think you'd find Govt. account users are over 16.
I remain upset that they do this without building the necessary infra. They already assert identity when applying for a passport (and they do this very well). If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped. Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting. Instead we have this status quo of encouraging UK citizens to hand over their identity documents to dubious third-parties or shifting their traffic from the UK externally to avoid these checks.
You seem to believe they're wrong. Since they're the ones who come up with the laws of the land, I think it's important to realize that they can and do aggressively control access to the internet in their country. It sucks, but it's the reality.
yes but this is like watching someone deal with an ant infestation by stamping on them. They're not solving the issue and unlike the ant analogy, they're making the problem worse.
Far less than all. See Australia, where age restriction is routinely evaded through adult collusion.
The privacy issue would still exist. They can tie your online activity directly to these tokens.
If VPNs require age verification, then people will shift to running a VPN on a cheap VPS. Probably via a popular single-click setup script.
Or people will just get drawn to more seedy providers that do no KYC or have ulterior motives. If I was Russia, I'd consider operating a free VPN or VPS service that MITMs the traffic.
Of course, we're sliding quite rapidly down that slippery slope here so I'm sure logging and easier government tracking would be next. The justifications will get weaker and even more lacking in supporting evidence for their implementation.
Yes. But I think most of the zero logs providers will remove the identifiable payments details after a certain about of time. e.g. Mullvad have a specific policy relating to what is stored and retention time (I am not affiliated with Mullvad, I just use their service).
https://mullvad.net/en/help/no-logging-data-policy#payments
> Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.
Or you can use Tor. I will just use a VPN that lets me pay with Monero or some other crypto currency. None of this will stop savvy people.
No problem there. Once a user is old enough, he stays old enough.
The providers are structured in a way that makes forcing compliance difficult and have built their whole business model around this. NordVPN is registered in Panama for example and Mullvad lets you send cash in the mail and doesn't store any user details (even a hashed email).
It'll be interesting to see how & who reacts if it does pass.
Obscura ....
"Terms and the relationship between you and Obscura shall be governed by the laws of the State of New York"
Yeah, erm.
Now more than ever, trusting a US jurisdiction VPN provider ? No thanks !
Surely they can simply buy that direct ... at least until the Govt. requires ISP to blacklist.
And presumably also a '--webcam-to-use-for-identity'
> Amendment 92 (“Action to Prohibit the Provision of VPN Services to Children in the United Kingdom”) requires VPNs that are “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons” to implement age assurance for UK users.
this will be interesting to watch i just wish i weren't caught in the net.
A Labour MP foolish attended a GB News show and when pushed admitted that the Online Safety Act was also about identifying speech by adults [0].
Sorry about the quality of the link, but the video is there (higher quality is available on X) and its not like the paragon of truth that is the BBC reported on this.
https://europeanconservative.com/articles/news/uk-government...
No, this age verification is not against that.
https://www.gov.uk/government/publications/online-safety-act...
Harmful accurate info is allowed, note.
Reform UK (the party currently leading in the polls by a large margin) is the only party that loudly opposed the draconian measures within the Online Safety Act and promise to repeal it
Sure teens will still figure out a way to access when they really want to, but they won’t be be the same level of peer pressure.
I feel like this is the strongest argument in favor of the bans. I am not sure it will be effective or is the most effective way to go about it. I am curious to see the data that comes out of Australia in a few years.
UK and Germany weren't ever good in this department but now worst than ever.
US supposedly good but I wouldn't risk it in practice.
Australia I hear is also quite bad.
Canada and NZ I don't know.
I expect Denmark and Sweden to have somewhat weak free speech laws too.
Norway and Finland I expect to be good.
France I expect to be just slightly better than Germany.
Netherlands and Switzerland, I have no idea.
Czech Republic I think has strong protections.
Italy and Spain and Ireland, I heard mixed reports about.
Poland, Greece, Slovenia, Portugal and other unnamed countries I don't know at all.
In Germany, for example, you can say almost anything you want and no-one will give a hoot. If you're truly interested, here's some background for Germany in particular https://www.deutschland.de/en/topic/politics/freedom-of-expr...
And reporters without borders has a world press freedom index that ranks the US on place... 57 - behind most of Europe. https://rsf.org/en/index
After WWII you mostly had state run and controlled TV and radio. And some more freedom in the written press but still most countries mandate Legal deposit [0] sometimes since the Middle Ages. Legal deposit is just the granddaddy of what we understand the Internet is in China. You could really get in trouble easily.
Then mass media were liberalized and put under the control of big corporations in the 1970-80s what gave the illusion of more freedom.
But the WWW really brought the US free speech standards to the entire developed world in the 90-2000s. This is why people under 50 understand "free speech" according to this standard.
The "you get put in jail because of a meme on Facebook" is really a return to normal after a 20 year pause on the Internet. If you don't fight for it, it will never last.
Starmer, like most leaders in the EU, has an 18% approval rating. He really can't afford free speech for its subjects.
You can solve the problem of age verification without limiting your free speech right. Those two get entangled all the time and it does not make sense.
Therefore, in practice, anonymity is the only way to safely express oneself in public. Privacy is the true bastion of the freedom of ideas. This is naturally lost when the means to communicate privately are stripped from us, when every word we've ever said is recorded and tied to our identity. Age verification could possibly theoretically be implemented in a way that does not immediately infringe upon privacy, but you surely know that there is no world in which it will ever be implemented in such a way.
Not to mention the opaque mess that's Reform UK financing.
It's quite specific wording for a piece of legislation, just VPNs. It excludes businesses but, as written, it wouldn't include network proxies, or remote desktop protocols, or TOR, or web/mobile applications that fetch pages for you, any of which could be used to circumvent the bill. The slippery slope argument could be made that those things would have to be added for this bill to have any meaningful impact, and that would require the amendment to be written in a very non-specific way. I'm not hopeful that the Government would recognise that as overreach (ignoring that the amendment already is).
[0]: https://www.theguardian.com/politics/2026/jan/25/ai-generate...
I wonder if any of the law makers are investors in those companies.
Surely three-letter agencies, "unknown creators" of chatcontrol proposals in the EU and other state psychopaths care very much about the children!
No, they don't.
Mass surveillance and the leverage coming from that is the goal itself.
Make them shut it all down like Iran and show who they really are.
So technically if you are from UK, they might come at your VPS provider if they find that you use them as a VPN (law's kinda vague from what I can gather)
Your VPS provider wouldn't really protect your privacy for 4 $ so a snitch.
My point which fucking scares me if I were a UK citizen is that they just have to do it once to scare you to your guts.
Maybe I am paranoid but I couldn't see this shit happen 2-3 years ago & UK is atleast moving at a very dystopian rate and I am not sure if other countries might move in similar direction too if UK experiment turns out to be helpful to the people in power or helps in curbing out protests/real change in any capacity.
I know the law hasn't passed but chances are unless osmething very unlikley happens, its gonna get passed
What's up with democracies trying to imprison their own citizens in such sense, whether digitally or in person. Some countries feel like prisons rather than free land now.
These were the best benefits of democracies over authoritarianism.
I genuinely question with such points if democracy actually just becomes a dual party authoritarianism. Sure people vote but just scare them for real change just once. If a person speaks online, even if they use a VPN, just catch one extreme and scare the moderates from even ever saying something different than what govt says
Say it with me, 2+2=5 (1984 reference)
maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
[0] maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
Irrelevent. See:
must apply the child VPN prohibition to the provider of any relevant VPN service which is, or is likely to be—
(i) offered or marketed to *persons in the* United Kingdom;
(ii) provided to a significant number of persons
It always did. https://www.keygreer.net/family-law-faqs/what-rights-do-chil...
Either the tech industry solves this, or governments will. That’s not ideology, it’s capitalism. If we don’t build workable, privacy-preserving primitives, regulation will arrive in the most blunt form possible.
There’s a reasonable middle ground. Identity can be a first-class citizen without being leaked to every website. I don’t need to hand over my name, address, or documents to prove I’m over 18. I need a yes/no assertion.
Imagine the browser exposing a capability like:
> “This site requires age verification. Are you over 18?”
The browser checks via a trusted third party credential and returns a boolean. No DOB. No tracking. No persistent identifier. Just a capability check, much closer to how physical ID works than today’s data-harvesting mess.
As a parent, I already police my kids as best I can, and it’s imperfect. But the offline world has friction and gates: bars check ID, cinemas enforce ratings, shops refuse sales. Those mitigations don’t make parents redundant; they support them.
Online, we’ve chosen to pretend none of that is possible. That’s not a principled privacy stance.
If we don’t design these primitives ourselves, we will get crude, insecure age databases, mandatory uploads of passports, or blanket bans instead. This is the least bad option, not a slippery slope. Collectively we have solved far harder problems.
Then you will be rich. Because no-one else has found a way to keep your age private whilst disclosing it.
But in the latter case, the system is wildly open to abuse coz nobody can detect if every teenager in the country is using Auth Georg's cert. The only way for that to be possible is if the tokens let you psuedonymise Georg at which point it's no longer private.
The answer is to leave this shit to parents. It's not the government's job. It's not the government's business.
See Australia. Many parents helped their children evade the ban.
https://www.crikey.com.au/2025/12/04/social-media-ban-parent...
Can we please get a law where kids won’t just take their parents’ IDs and upload them to random places?
> "Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details." (from https://www.gov.uk/guidance/digital-identity )
There's a huge amount of disinformation circulating about the digital ID scheme, and the government's messaging over it has been catastrophically clumsy. Which is a pity, because the system has clearly been designed with civil liberties in mind (ie defensively) and for citizens it's a serious improvement over the current system.
Furthermore, if implementers are going to be required to verify users per-session rather than only once during signup, such a measure would end up killing desktop Linux (if not desktop PCs as a whole) by making it impossible for any non-locked-down platform to access the vast majority of the web.
I can't imagine how that would operate, esp. given we're told this ID will not be a digital ID card you can "show".
You might be able to get more trust by the government assigning a third party to audit the systems to make sure they are working as advertised, and not being abused, but you would still get people being paranoid that either the third party could be corrupted to pretend that things are okay, or that a future government would just fire them and have the system changed to track everyone anyway.
No matter what you do, you will never convince a subset of people that a system that can potentially be used to track everyone won't be abused in that way. Unfortunately, those people are most likely correct. This is why we can't have nice things :(
For the record, I thing it would be great to be able to have a trusted government issued digital ID for some purposes. I especially think it would be great to have an officially issued digital ID that could be used to sign electronic documents. My partner and I moved home recently, and it was not easy signing and exchanging legal documents electronically.
So theoretically, suppose I have a vpn company on A) either such lowend niche providers who might support let's say my mission or we are aligned or B) the hyperscalers or large companies.
Now I am 99% sure that large companies would actually restrict VPN creation usage (something remarkably rare right now but still it's a gone deal now)
And I feel like even with niche lowendbox providers, suppose I am paying 4 euros or something to a provider to get an IP, they are either using hyperscaler themselves (like OVH) or part of a datacenter itself
If a server they own in some capacity runs a vps, can it be considered that they are running a vps and they can get sued by the Safety Act too? If not, then what if this happens one layer above at datacenter and now datacenters might have to comply with them
I haven't read the article but wtf.
Suppose I run a tmate instance (basically allows you to connect one ssh server to another both inside nat), theoretically this is a vpn as well.
I was calling out that they might ban vpn's when online safety act came and I realized that theoretically nothing's stopping them technologically to do so. It's a cat and mouse game but they didn't have a legal reason to do it so much. Now... You have it.
Is the end of total privacy for UK here?
I feel like even privacy oriented VPN's will move out of UK and non privacy oriented (ie. who will accept your id's) will probably have to manage it or use some third party and I am pretty sure that this basically gives govt. even more, they might now look at which IP said something, contact the now compliant VPN and block other truly private, for which user Id used a particular IP at particular time and seek their ID. I don't know how Dystopian UK's gotten but what's stopping a "reasonable cause" or some UK fbi equivalent contacting.
I feel like even one or two such extreme case of VPN providers would be enough to scare the whole country into check where if you are UK citizen and you talk against UK online, you will be screwed.
Atleast that's the direction I am seeing it heading.
Depending on the instance & how many more such dystopian laws UK adds. It's democracy gets really questionable... and I am not sure what it will be replaced by.
Both parties are kind of aligned in this from what I can tell. Just raise what "reasonable" suspicion to contact means and abuse any laws or create new dystopian laws but online safety act wasn't okay but VPN's provided a way around it.
Now that VPN's themselves are affected. It's kind of gonna wreak havoc imo of any individual privacy.
I am worried what this might mean on tor. Since tor can be considered a vpn, so will UK company sue me if I run a tor instance now?
Make the friction high enough for evading age restrictions and it will stop most kids. Not all but most. Same as most shops stop under age kids buying alcohol and most cinemas enforce age ratings.
If you want to roll your own VPN go ahead.
As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.
I understand what you mean but still, one has to realize that all the grievances happening in US (esp with Greenland) feels like something trying to distract from the Epstein files (Me and my cousin literally talked about this yesterday and these were almost his words not mine)
Epstein files pressure got dialed up to 11 because of internet, was it not.
If however the internet keyboard warriors weren't there or just the people who were aware from the internet (I mean I can't attest for you but I was reaware of epstein files from internet)
Also yeah, Take the example of Nepal whose almost authoritarian esque govt. was literally toppled by internet protestors to get an anti corrupt person in power.
Internet & anonymity still has power and to just give it up to a govt. would still have massive massive consequences man.
If this law passes, anonymity & privacy is fundamentally ended in UK.
> If you want to roll your own VPN go ahead.
If my VPN would have an IP be arranged via a VPS they will just come knocking to my VPS
Russians actually use a Russia VPS to connect to VPN but they are getting locked down. (Source: I saw some russian person in a forum doing exactly this)
if we are comparing UK to Russia on a reasonable amount, then that would speak mountains too and we can move our conversation from there.
Edit: perhaps I feel like I was also overthinking it a year back when I was worried about VPN's block (I have written it in Hackernews you can go read) and I figured that with something like UK, the tech wouldn't be enough to be uncensorable and we are still off to govt laws and I was worried about exactly this happening.
I didn't want to be right then and I don't want to be right now but I am just telling what I have a reasonable enough suspicion of something happening in future.
