In Russia, they claimed that new measures to block websites are necessary to protect the children online. Of course, they immediately used these new capabilities to block opposition websites and sources critical of the government.
Now, seeing many European governments tirelessly push for these new measures to protect the children, I'm pretty sure that the children are finally going to be safe online.
It is really disheartening to see the sentiment around privacy erode like this. Fifteen or even ten years ago this would have been unanimously and vehemently opposed, but now it is somehow up for debate?
There has been 15 more years of highly motivated psychologists tuning their social media systems to create addiction, time for those who've grown up through this to become adults, foreign interference with democracy etc.
Though I think banning it for children is the wrong approach. Ban the addictive and dangerous features for everyone, adults included — no more infinite scroll, and no more feeds showing content from outside social connections.
> no more feeds showing content from outside social connections
So, kill all news agencies and reporters I guess? or would there be a carve out for incumbents so they can cement their market share? who controls the approval list?
> Every reader, at least from the same city, gets exactly the same content
That alone is a value add people don't realize even as they're losing it: it created a shared reality you and locals inhabited, that you could have a conversation about.
This is far more to do with different people having different definitions for what constitutes a genocide with one very well funded minority group having a large stake in their version being the accepted one.
We've had time to witness the damage of a dopamine-doomscroll. I personally know children who've posted too much, and children who've been solicited directly by adults, both to try and meet and for nudes. And we've seen the complete lack of positive action from platforms. Roblox is full of paedophiles and Grok was letting you nudify your classmates just a few months ago. These places aren't suitable for kids.
I don't want a ban on VPNs. That isn't being suggested, just making sure they're also age-checked. But some inconvenience is a price worth considering.
I love how every harm you listed, is a platform design problem, and your fix touches none of it. A kid bypassing VPN age checks can still doomscroll and Roblox all day on a school wifi with no VPN at all. The only thing you've actually accomplished is stripping privacy and security from every adult who isn't a child abuser, to feel like you did something about the ones who are.
Requiring ID (which is what age gating is) for VPNs is absurd. Given that SSH can act as a proxy service, are you going to require all ssh connections out of the country to be age verified?
I'd be surprised if the law requires much beyond a vague best effort from service providers, but many already block connections from known server hosts and some even VPNs.
An airtight block is not what's required; stopping social media being mainstream for kids is.
Lol, no. Face scans are being bypassed using video games. Meanwhile the data has shown 90%+ porn users are unwilling to do them and switch sites instead (citation: https://pornbiz.com/post/17/the_scam_of_age_verification ). The whole thing has been a complete fiasco in porn.
Maybe they should get the pedos out of the government instead of a foolish attempt at restricting and harming everyone else? It's not ever going to protect or make children safer. It never was.
> But some inconvenience is a price worth considering.
You're trying to frame it as an "inconvenience" and not a blatant attack on the fundamental freedom of expression. I get that social media is bad, but sometimes (often) the cure is worse than the illness.
> I personally know children who've posted too much, and children who've been solicited directly by adults, both to try and meet and for nudes.
... but not in that way.
I personally knew children who'd been solicited directly by adults before there was even an Internet. Including me, if you use the definition of "child" that seems to be popular in this sort of debate (and, by the way, it wasn't a big deal).
They've somehow managed to breed several generations who's only criteria for "computing" is "it just works". All consumption, little-to-no understanding of how stuff works. As long as it does what it does, and it's "free", that's all that matters.
> disheartening to see the sentiment around privacy erode like this
Coders went from being civically active—calling their electeds and showing up to events to defend privacy in the 90s—to being comfortably rich and content with maybe voting in generals. That’s had a direct effect on policy quality.
In terms of political power, programmers are more like yeomen than peasants. Yeomen have power due to their essential skills because if a good fraction of them stopped working the system would collapse. (Whereas if peasants stop working, they just starve.) If a sufficient number of programmers said "We're not going to implement or support privacy-invading systems" the government would have to back down.
If you are talking about the recent blockades of VPNs, the Russians made it pretty clear that they did not want western information sources inside the country. I am not sure it was ever in the guise of protecting the children
The first law about building technical and legal infrastructure to enable website blocking in Russia in 2012 was passed under the name of children protection. Everything else is an addition.
People from duma (the russian parlament) also publicly stated it would never use it for anything but children protection.
The only (probably) good thing here is that one can at least try to apply Russian experience at circumventing the censorship, where it's currently way more severe, up to the point when entire companies have their workflows disrupted because remote workers can't connect through the VPN (which is blocked). Maybe that will help.
You see, the problem is that all exit points of our VPNs are in Europe. These too can be banned quite easily. Where to will we run next, given that this cancer tends to spread?
Change the protocols, I guess? Move to some kind of self-hosted or community-run infrastructure? Because to block all of that (EDIT: to block that reliably, I mean), you will have to block the entire EU network sector, and we're likely not in "V for Vendetta" or full-blown 1984 scenario for this to be possible.
Let me tell you how it has been in Russia during last 15 years. WE saw targeted blocks that apply after cease and desist letters. Later they learned to block outgoing OpenVPN and wireguard for everybody except firms who applied to a special registry. Then they learned to cut Vless and Trojan and blocked all sites behind freaking Cloudflare due to ECH v3.0 enforced. Here also go proxies (specifically for Telegram'm MTProto) and other stuff like Quic.
The point is if they start — they can proceed way further than you can imagine now.
Which will get blocked and go down, like, in no time. That's literally what happened in Russia - Tor is mostly unusable, you can't even bootstrap properly without some "tricks", so to speak.
You seriously think the government has a clear, honest reasons, as stated?
Companies will be exempt (with remote employees having to identify linking their IP and computer's fingerprint with their real identity), and the next step, after using the law to silencing dissent, will be penalisation.
> seeing many European governments tirelessly push for these new measures to protect the children, I'm pretty sure that the children are finally going to be safe online
There is strong, popular will for age gating social media. At the same time, at least in America, there is a deep streak of laziness and nihilism in the tech community that makes it civically useless. When combined, you get politicians getting calls every day to limit social media and little from experts on how.
So you get folks reaching for the first solution on the shelf, and then getting wedded to it. The correct approach is making this the social-media companies’ problem. If they wind up with users under N years old, they get fined. If you want to use social media, you put up with their BS. If not, you’re not affected. Unfortunately, I’ve worked on privacy and technical policy enough to be sceptical that anyone will actually pitch that to their elected. So we get this, instead. (And at the end of the day, I’ll take an imperfect solution over a perfect one that goes nowhere. Though the UK, as usual, seems to have found the worst of the bunch.)
Also the UK arrests people for online posts more than Russia, China or Belarus. It seems clear the gov wants to control all forms of speech and if they could control speech at home they would too further, I have little doubt if they could control your thoughts they would too. They’d be more than delighted to have people wear shock collars that shock wearers as they stray from received though patterns.
Shortly after the Online Safety Act went into operation, there was politically charged/sensitive/opinionated content on X mysteriously disappearing for UK users but nobody else in the world.
Yeah. The children are just the excuse. They hate us for our freedome.
Nobody is surprised that Russia resorts to this. They are a potemkin dictatorship. But that the UK is also acting as a dictatorship - now that's interesting.
Non-nationalist parties that have been in power in Europe for so long are shitting their pants at the growing rise of nationalist parties and are absolutely planning to censor the shit out of them.
I'm not even taking a side here and what they are trying to do is obvious.
Somehow the "center"'s answer to the rise of right-wingers is stupid censorship, instead of fighting ideas with better ideas.
Alternatively, the center starts trying to attract right-wing voters by adopting right-wing ideas like anti-immigrant views or "well, we can sacrifice the climate a bit more" positions.
Keir Starmer is from a "left" party but his actions has shown him to be a centrist, Ursula von der Leyen is quite right. Then again, these are European positioning, as someone's said years ago, the European right-wing would be liberal in the US. And with the currently openly racist regime of the USA, even more so!
They will establish censorship laws to try to stem the tide only to be surprised Pikachu face when inevitably at some point in the future one of these right wingers will win and then use all these things against them. No one ever learns.
How is that happening? In the UK fringe nationalist parties are typically given as much airtime on main stream media as the governing parties. They've also setup their own 'news' stations to further spread propaganda. Any notion that they're being censored in the UK is ludicrous. They're pandered to.
This isn't an axis from freedom to control, with the country sitting at an identifiable point. All of these things are happening, antagonistically, at the same time. Right wing people set up a television station, government cracks down on the internet, courts protect people's rights to express philosophical beliefs, police record "non-crime hate incidents" for things written online. It's all chaotic.
But there’s no evidence that the UK government is going to disproportionately censor right wing parties on the internet either. It’s just a false analysis to link this possible age gating of VPNs with censorship of the political right.
Banning under 16s from social media is de-facto censorship of political views outside of those promulgated by mainstream media, and as the mainstream media in this country tends to be urban-liberal in orientation, this will have an effect. Perhaps the people who set up GB News were prescient to do so.
As other posters have pointed out, the mainstream media in the UK give Reform an incredibly easy time. Their leader is openly corrupt, but this barely merits a mention. Do you really think Keir Starmer is thrilled by the idea of young people getting their impression of him from current mainstream media reports? This just isn’t a plausible analysis.
(Also, it’s worth noting that the Conservatives support the same policy, and Reform support the principle while opposing the means.)
It's easy to blame the governments in this - and some of their decisions are idiotic - but most of the blame should go on the tech companies. The fact they think "our ToS says you have to be over 13" or a popup asking "are you over 18" is sufficient while they make billions is a disgrace. They're the reason the governments are sinking to these levels. It's not like they haven't been given every opportunity to do the sensible thing over decades.
I also do not believe that this is primarily aimed at ptotecting children. I think the goal is to counteract the bot-farms that spread disinformation, instigate violence, and so on. Which Russia, by the way, pioneered and scaled up to make a material difference in elections in the West. It is a real problem for which no effective solution has been found.
> Ms Kendall told Nick Ferrari: “I told MPs yesterday I'm going to come back to the House with a statement on the issue of VPNs in July. There are very strong views on both sides of this. For some people, it is about privacy, and it is the ability to use that is really held strongly by people. And for others, they say they should be banned because kids are using them to get around. And so I— the main thing that we've done is we've commissioned additional research on this because I've not been happy with the evidence."
Sounds like they realize there are two sides and no "clear winning argument" in either direction, that's why the additional research is needed. Sounds a bit more nuanced than what I expected based on your snippet.
What is there to research? Yes, VPNs can be used to circumvent geofences (and by extension, regional age restrictions). Yes, attempting to age-restrict VPNs is at odds with strong privacy guarantees. Privacy is a human right, and one which is essential for effective democracy.
The trade-offs and how many people care and about what specifically.
E.g., you say "Privacy is a human right", so why is it that half the websites I visit ask for permission to share details of how I use those sites with more corporate "trusted partners" than there were students and staff combined in my secondary school? I'm all on board with just banning this kind of analytics, but there's a lot of people who are more angry with the EU for forcing companies to at least ask for permission before they sell your data to all those analytics firms.
> E.g., you say "Privacy is a human right", so why is it that half the websites I visit ask for permission to share details of how I use those sites with more corporate "trusted partners" than there were students and staff combined in my secondary school?
Because capitalism itself is the enemy.
And information assymmetry is a potent tool, as is constant and persistent surveillance. All of these enable extracting more money.
Are there ways of doing age gating while preserving privacy? For whom? How many people need that kind of privacy, would it impact lots of (say) teens seeking help or is this about whistleblowers? Are many under 18s using VPNs for porn? Or have they just shifted to other platforms anyway? If we implemented it “perfectly” would it even do the thing we wanted?
What are the actual numbers here? If there’s lots of fuss about vpns but actually while there’s been a big jump in use it’s not under 18s anyway it wouldn’t help.
> Privacy is a human right, and one which is essential for effective democracy.
And does this get broken enough for age gating something? We age gate alcohol to reasonable success, sometimes that involves showing id.
I’m not arguing for age gating here but I do think understanding the tradeoffs may require more evidence.
For example the vast majority of the UK residents is against the ongoing support and complicity of the UK in the genocide of Palestinians, to which the government orchestrated the whole operation to turn the protest into act of terrorism (!).
"I want to do the thing that gets me the most votes and carries the least political risk".
Note this is not necessarily the wisest thing, or even the thing that objectively solves or mitigates the problem the most. Many such cases...
These people created a law that is catastrophic for privacy, so I don't believe they will be stopped from banning VPN's just because someone claims VPN's are good for privacy.
To put it into perspective he was asked to do the harm review, in which he proved how much more harmful the legal drugs (alcohol and nicotine) are from some of the banned ones (namely cannabis, LSD or Psylocibin).
Famously at the exact same time UK was claiming there was no evidence of the medicinal use of the cannabis, the UK was also the biggest exporter of it, and all was then turned into Sativex, a cannabis based medicine, not approved for use in the UK of course (individual import is allowed).
Interesting is that the husband of one of the very prominent Home Secretary and later Prime Minister is a senior executive in the producet.
If your argument is that a group is conspiring to establish policy in a country, the idea that it's happening in many, many countries means the threshold for evidence is now much higher, since the group should be able to have much more control.
It's as much of a "conspiracy theory" as ordinary monetary corruption worldwide: There doesn't need to be any connection or conspiracy between politicians who take bribes, just like there doesn't need to be any connection or conspiracy between politicians who push for more surveillance and control over others.
Oh yes like Indonesia, Malaysia and Turkey. If it is happening worldwide, it is less likely to be a coordinated scheme and more likely coming to the same conclusions based on current research.
Edit because I'm getting limited:
This isn't exactly something old that has been going on for decades in its current form and the usage has increased especially since the lockdowns. Nations have also been copying each other for centuries, you don't need a secret group coordinating for it with a singular ulterior motive.
Oh yes sorry, Western countries and dictatorships.
But sure, all governments suddenly woke up at the exact same time, give or take a few months, and realized that social media should be banned for kids.
I think they all wanted to control internet access since the arab spring, but they didn't have a good wedge. Now the data around harm to children is widely available, they all have the same excuse they can use at the same time.
Or maybe different people respond similarly to the same incentives.
For decades companies like Facebook have been saying you just have to let us groom children, there's no way to have this tech and not groom children. Now the predictable consequences of that are arriving: the tech industry is being turned off, because it grooms children.
And when I say groom children, I'm talking about actual child predators, not the transphobic nonsense point.
I've been using a VPN in the UK on my laptop and phone exclusively for 20 years, and the state has been working with ISPs to make "connection records" for most of that time.
On mobile a VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit. Using the web interface avoids this.
The UK has also moved to force ISPs to block certain bittorrent search engines.
The UK is not shy when it comes to invading your privacy or censoring the Internet.
>The UK is not shy when it comes to invading your privacy or censoring the Internet.
Definitely doesn't shy away from doing it! But one thing I find most irritating is that it seems reluctant to say it proud and loud.
Look at the situation with 4chan and Kiwifarms. They are basically asking to be blocked from the UK and they refuse to. I can't really say why the onus is put on the websites to enact blocks, but my suspicion is the government doesn't like the idea of displaying an official page stating that you are not allowed to see something because the government doesn't want you to.
>the government doesn't like the idea of displaying an official page stating that you are not allowed to see something
They don't even have to do that, the connection can just be left to time out on the client side. This is what they did (and some ISPs still do) for the Internet Archive...
Yes, archive.org is classed as an adult site in the UK.
> On mobile VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit.
I've never had this issue (using Private Internet Access on iOS).
I'm a Brit living abroad, when I visit the UK I use a Tailscale network with an exit node at my home, and yeah this always seems to work for me.
Going the other way around to try and watch British TV I used to find with a normal hosted VPN services could still figure out I wasn't in the country, but now I have a Tailscale exit node at my mum's place in the UK it always works fine.
So I suspect it all comes down to the IP source, probably a residential IP is the best possible case and with commercial VPNs it depends on how hard they work on isolating their IP blocks from known datacentres.
Commercial VPNs publish their exit nodes IPs online. There are services like ipinfo.io which can accurately determine if you are using a known VPN service.
Some context - Birmingham Mail is one of dozens of clickbait-driven publications owned by Reach plc.
They're not a high quality source of news - they've more than decimated their journalism staff and replaced them with 'content' staff who are performance monitored on the number of clicks their articles generate.
Content is syndicated in different accents across their range of papers from the national papers, The Mirror and The Daily Express down into a large number of notionally 'local' outlets.
I'm very much in favour of blocking children from social media - it's an absolutely vile cesspit of cognitive addiction, bullying and social (and potential sexual) abuse. But none of it requires a mass-surveillance network to be put in place.
Just for one example; it would be trivial for Apple and Google to put age estimation on my phone, verify it on opening the web browser and provide a zero-knowledge proof of age to websites in a way that does not reveal my identity. All the infrastructure is already there, and it's relatively trivial to turn it on. The downside is that this will only work for people who are older than about 25 because of the uncertainty of face-to-age recognition, but it would be a start.
Another way to do it is for my bank, who know my age already, providing a similar credential that I can feed into the zero-knowledge proof engine on the phone.
This was all done properly for the covid tracking apps, at a time when the phone providers actually wanted to do tracking with anonymity - this is a similar problem, and it's easily cracked by technical means.
And you don't even need zero knowledge proofs if you perform on-device content detection - turn it on for kids, keep it off for adults. Modern phones have more than enough TPU capacity to do this.
But none of the actual implementations I've seen are truly anonymizing, and they all rely on trusting some really dodgy companies with your identity and browsing habits. Yes, the more respectable ones have security and privacy policies that are audited, but will they always? The cynical answer is "no", because history shows that someone will always do something sooner or later if (a) it makes money, and (b) they can get away with it.
Everything I see suggests that the desire for mass surveillance is the driver, and the "protect the children" front on this is a strategem by the people who are really driving this from behind the curtain. There are huge amounts of money to be made by capturing verifiable, blackmailable, personal data, and this is a magic money fountain for those who will be able to mine it.
In more sensible times, we'd run an ad campaign highlighting the dangers and informational campaigns for parents on what to do to prevent your children getting access to social media.
Perfect is impossible, but if its stigmatised then the network effects stop being so punitive to children who have reasonable parents.
it's the 10-80-10 rule: 10% of kids will still access social media, 10% will never... but 80% can be swayed.
At least we get to raise the next generation of IT geeks because they'll have to understand a bunch of networking basics to watch porn, and might get hooked on it. (on IT)
Israel will be making kill on this, they will unleash their free VPNs to the young people like they did to Iran. UK national security will be like Suisse cheese
In a way, the cack-handed way they've gone about this makes me slightly more optimistic. If we must have such a law, please let it be one which:
* Creates a market for privacy tech of several million teenagers
* Wastes police time chasing down social forums which kids are hosting abroad using their pocket money
* Rubs the noses of the securirati in the fact that they've made it easier for terrorists to hide their comms among the thousands of teenage speakeasies
This is not the 80's when comms tech required capital and man-years of engineering. Setting up forums online isn't even a high-school project.
The vast majority of children cannot and do not buy and pay for VPNs and use them to evade anything. The second that governments said "We intend to ban VPNs" they gave away the game as to what their actual intent was, and it wasn't "for the children"
bruhghghbmphf, the VPNs! the VPNs! can't have those! What's that good sir? You say ssh? Do not shh me sir. Oh, SSH... yes, SSH, can't have that! It's elementary, any system which one accesses MUST report to parliament. Personally Identifiable Documents for General Evaluation Of Ne'er-do-wells. We'll call it the P.I.D.G.E.O.N. network.
It's never about the technical capability of the tool. This is a mistake technologists keep making. It's about what the average person thinks it does or uses it to do.
Ban VPNs, an industry of SOCKS5 proxies will boom. Ban those, put the SOCKS5 proxy behind an SSH port-forward, and so on and so forth. Suddenly calling a Kubernetes API puts you in a secret service list somewhere.
They don't want perfection. They want to move things forward, for their definition of forward.
If they ban bog standard VPNs and find out they're still being used, they'll punish the VPN companies.
If the VPN companies create workarounds and avoid the punishment, they'll punish the payment processors.
If the VPN companies start using esoteric workarounds and taking cryptocurrency for payment, then they've mostly won -- most people aren't going to deal with that shit.
All the while, they'll still go after the social media/etc companies for allowing circumvention of age-gating. So the social media companies will crack down on our ability to visit their sites with any sort of privacy.
My point: laws are all imperfect but can still have a huge effect. Pointing out work arounds doesn't change that.
For context, I'm really disturbed by the recent move to punish people seeking privacy instead of the social media companies that are enabling this social media shit. They know who the companies are, since that's who they're going to punish for not age gating. But they'd (I'm talking about US based age-gating pushes as well) rather fuck with our privacy and make our PII more susceptible to data breaches than tell the social media companies to eat shit.
Mullvad already does all of the things you mentioned. Cryptocurrency payments with no KYC, and many anti-censorship [1] methods. Moreover, their mobile and desktop apps apply heuristics to find combinations of anti-censorship measures that work automatically. It's very user friendly (all the user needs to do is press on connect). So, the blocking attempts are still pointless because large, prominent providers already make all these bypass methods very user friendly.
I'm curious what GCHQ make of all this. Increased VPN usage will reduce their visibility into internet traffic. They can try to force VPN providers to implement ID checks but if the provider is overseas it's not so easy to get that information.
Not to mention that this will be used as an opportunity by state actors to harvest info on UK citizens via hostile VPN services.
I'm pretty busy and behind the times a bit on this one. What is a practical method to avoid such a ban? I'm not in the UK, but there seems to be a general anti-privacy movement that is sweeping the globe.
What can we do when such a law comes to our country?
- Route all traffic via tor, then connect to a VPN from Tor?
Most VPN companies won't implement age verification, because their purpose is privacy. This is really an attempt to ban VPNs. This won't be popular when 70% of the population uses VPNs.
Most VPN providers are purely profit-driven enterprises, they don't give a shit about privacy. There are only a handful that would turn away UK business instead of requiring ID.
This is not to stop children from doing that. This is primarily to deanonymise as many people as possible, before the next steps come into force (scanning all files and messages on the every Internet - connected devices, hardware attestation of all the internet - connected devices, etc)
So when the citizens inevitably start protesting against the oppression, it's easier to subdue them.
Every corporate I know of, uses VPNs. Especially when workers connect from home. Is the UK government really interested in going up against the majority of their business partners...?
There is lots in the article that suggests they want to ban them for minors though. How the hell is that supposed to work without at a minimum a severe curtailment of VPNs in general?
So no, not a ban for all. A ban for minors, and a severe curtailment in general. The parent post might not be 100% accurate, but it's close.
Too many people are seeing this like engineers and not like bureaucrats.
They won't be able to block all VPN services, and they don't really care. VPN still works in China. The entire point is to acclimate the public to a system of fear and control. You won't get arrested because you used a VPN, you'll get arrested a few weeks later because your neighbor snitched on you. They can easily enforce these laws without any form of technology.
There are few things more exciting, in relationship to attempting to restrict access to (data) communications, than a government which thinks geeks won't find ways around such. Now sit back, relax, and let's wait for the next generation of encrypted channels solution development.
This isn't something that can be defeated like this. You are right, there will be ways around this. But we also have to be honest: being able to buy "off the shelf", two click VPN solution for 5$ already puts you into "geek" category. Relatively speaking.
If they ban the commercial providers, payment processors will be the first to enforce it. And Google and Apple will throw the 1-Click solutions out of their app store for users from those countries immediately. And with that the topic is effectively dead even for most "geeks". At this point the goal is already pretty much achieved, most people are cutoff and under heavier surveillance. Next comes the group that know what a server is, how to rent one, what OpenVPN or Wireguard are. But many of the most used websites already make your life difficult if your IP is from such a range.
It goes on. At each step you can argue "there is still a way, as long as you got networking with other countries". Absolutely correct, but at each step the group who knows how and is willing to invest the energy shrinks. And the intended goal will likely already be achieved at the mentioned phase 1 above. The fact that some people still find ways isn't really a gotcha in this matter.
And at some point they will criminalize it. Does it matter that they are unlikely to catch you? Is it worth the risk? And if so, what if you catch strays for it from an unrelated matter. Ultimately they will simply target the devs that help build easy solution for the less tech-savy.
One big reason why you want to keep a bunch of nerds tunneling out around anyway is that you keep useful, defusing attitudes like that floating around. Aka "It's not that bad, there are still ways around it, haha, those idiots".
> being able to buy "off the shelf", two click VPN solution for 5$ already puts you into "geek" category
I’m not sure that’s true anymore. I discovered recently my 70 year old, very technology-averse, parents are using a VPN (much to my initial concern). I think it’s for viewing football matches, or so they can watch iPlayer when they travel. They’re advertised on buses, etc. They’re pretty common these days.
That said I think you’re right that a block at the App Store level etc is enough to cut usage significantly.
The beauty of VPNs is that you do not need to have a presence in the UK to make or sell one. And there's a huge amount of money in it.
The law is very bad at dealing with such realities, see also piracy and drugs. The last time I checked TPB is still accessible in the UK with only DoH.
Oh, they're in motion already. There are other countries that tried to ban VPNs for decades now, that sparked multiple great avenues of development.
It's exciting to think I'll become a dissident like my parents, just because I don't want a slimy, rightwing, greasy friends of Epstein and other known abusers to ID and surveil me.
Perhaps then you could at least vaguely understand the desire of people to avoid having slimy, rightwing, greasy friends of Epstein and other known abusers to ID and surveil their children.
I definitely see both sides of this argument but to pretend the answers here are obvious just means people aren’t being serious. Serious harm is being caused to children and just because that’s a known cliche doesn’t make it not a real concern people have.
The slimy, rightwing, greasy friends of Epstein own all the main political parties, the UK's mainstream media, most of the social networks, and have their fingers in the NHS.
The UK hasn't been quick to deal with Epstein's associates and has a long history of either ignoring or losing critical evidence in CSA cases associated with politicians and public figures.
With that background, mandatory ID makes it easier, not harder, for abusers to act with impunity and/or official protection.
Look, the excuse is being made that kids are exposed to harms in online places, in general.
Most famously in Roblox (that's now fixed on Roblox side first with age banding, now by sharding it into three parts), and then in socials -- but the impact of, say, Instagram where kids are preyed upon because the algorithms are promoting them to preying populace, and where Meta openly runs experiments with their mental health, knowingly pushing them into harms way, is vastly different from, say, Coverstar.
Impact of abuse from Meta is well documented already, yet Meta is not punished.
Kids are being radicalised by being fed toxic content, and it's also well known.
Elon Musk's X was knowingly producing CSAM and non consensual nude images of real people and it took a tremendous amount of time for _anything_ to happen - and I don't see Musk on the dock yet?
There are ways to automatically block almost all kids on socials. Take away DMs and comments on the posts from all unverified users and kids suddenly will be much safer. All that can be done today.
The greasy friends of Epstein are running this shitshow, they're in the government (most famously PM of the UK knowingly appointed a longtime Epstein friend as the UK ambassador for the US), they've been covering Jimmy Saville abuses in the BBC, Police forces, the past government, which receives financial incentives from some of these companies to push things exactly the way they want.
Most severe harm to children is caused with the tacit approval of the government and media.
Sneaky access to the socials is not this.
Oh, and you know what? Receipts show it's Meta behind this weird, sudden push for age checks. Meta and their $2B.
So you already know something's off, or at least you should.
This will be interesting to follow. I dont see how this can be fully enforced. Maybe for iOS and other platform where app distribution is highly restricted, but on linux, windows and even macOS i can use mullvad, sending cash in an envelope without ever revealing my identity.
How would that work? The UK can presumably ban Mullvad from operating in the UK, but I don't see how it can prevent outbound connections to Mullvad servers elsewhere, short of implementing a nation-wide firewall like China or Iran. And even in those places the firewall is pourous and routinely circumvented.
What if I use a VPS instead? What if it's a virtual private VPS wholely in memory? What if it's a pool of VPS boxes shared by me and a network of people?
There's always a way around, but this direction is concerning.
They're banking on the number of kids using that mechanism to bypass the ban being small.
I'm not in favour of this but I'm acknowledging that if the number of children accessing social media drops significantly because of a VPN ban then they've achieved what they set out to do.
I don't like the salami slice tactics of not including this in previous legislation despite knowing that it would be necessary to enforce the social media ban. There would have been a lot less support if it was presented as a complete package that could be debated in it's whole.
Doesn't the UK already have geo-targeted age verification infrastructure in place? A website or app could require the user to submit a live video of themselves quaffing a local beer.
No. It has laws that websites must follow to serve content in the UK. It’s up to the websites to do the age verification themselves, and the majority use third party ID verification services. Reddit used an American company to do it,
While I do support restricting social media to younger minds, the way they go about it, and the collateral damage that will result is unacceptable. For about 500ms I thought I might have found the "one thing" I agree with this government, but nope... I'm considering whether it's time to leave the UK. There is an air of hostility here towards... well everything.
Where would you go to then? European countries, Australia and American states already have implemented or are keen to implement ID requirements/tracking for websites.
Funny how quickly "won't someone think of the children" turns into mandatory government ID for private services, banning necessary and secure (and encrypted) communications systems, and locking children out of access to the de facto communication systems of the modern era.
This is a privacy nightmare on all fronts and a horrible limit on freedom of speech. These kids will be learning how to drive a car, yet unable to contact their extended family over Messenger or follow news on Twitter. For everyone else, it means no anonymity or secrecy which has a chilling effect on free speech at a time when fascism is growing within democratic countries and dissidents are being imprisoned or murdered.
Yes, there are some really big problems with social media, but keeping children away from it doesn't fix the problems - it just leaves them for the rest of us to deal with. Let's fix the root of the problem, starting with the recommendation algorithms that inherently polarize people by building echo chambers around them and pushing divisive content all in the name of "engagement".
That's because the tech industry never made any attempt. It's like you blocked all the good options, now you get the worst one because it's one you can't block.
And then UK residents are going to discover the "power" of government which will require age verification for renting a VPS or VDS or any other kind of cloud infrastructure, tied directly to your passport/ID, because "many families are desperate for this to happen and I listen particularly to bereaved families that say the longer we delay this, the more children are put at risk".
/j or /s
P.S. by the way, is it possible for them to use Hetzner? Don't they need something like credit card?
Perhaps it'll work like dodgy boxes/firesticks, where you have a handful of people who individually set up their own service then charge a fee for access.
So the UK government finally admits that age-sniffing is just an attempt to censor people. How evil.
People need to look at the UK government much more so than the US government in ADDITION. Everyone knows how the USA serves the superrich only these days, but the UK government is kind of polite on the outside, but pure evil on the inside.
There is very little doubt that we need to find a way to update our relationship with social media. The evidence of their harm in current form is overwhelming.
However, using this reason to induce censorship rules, word by word matching Russia/China playbook is making the goal less achievable if anything.
Just moved back to the UK after many years away, and it's creepy here. Doing the elderly under terror legislation, some crazy kangaroo court antics, a frankly sinister approach to "online safety". VPNs?
The even more concerning thing is that we've got a far right party that have been leading in the polls for most of the last year.
Where is the evidence for that? Though I grant they may get into power and suddenly change their mind, at the moment those parties are against digital dystopia, most likely because the centrist parties are most interested in using those tools to silence criticism of current immigration policy and other failings.
And the left are also being surveilled and censored, e.g pro-palestine / anti-war / anti-capitalist groups, though the strategy used there is less censorship and more often bogging those groups down with infighting about identity issues. What seems more dangerous is letting the increasingly tyrannical centrist establishment, dead set on stagnation and "managed decline", give legitimacy to censorship tools (which will be available to future extreme governments!) rather than fixing things properly.
Don't panic. These debates are nothing new. Encryption and obfuscation tech comes up every ten years or so. People scream and, in the end, nothing changes.
One upon a time, encryption math was regulated as a munition and the act of sharing open source software was tantamount to weapon smuggling. Once upon a time, VPNs were being banned by credit card companies. Part of the rise of bitcoin was the idea that you would need it for services like VPNs that credit card companies refused to service. Today, VPNs are openly advertised as piracy tools for getting around media geo-restrictions. Once upon a time, ISPs throttled torrents and so torrents become encrypted. Once upon a time DNS was to be poisoned in order to block filesharing websites (see COICA and PROTECT IP acts). All those efforts also came to nothing. These too will die.
UK government has been talking about digital ID for a while now. The existing verification methods are too vulnerable to cheating (fake beards, fake ID, borrow dad's credit card, etc...), so the logical next step is direct government ID numbers. The goal is to link all online activity to a unique identifier to make it easier to punish dissent.
Baffling how easy companies like Meta have it with politicians. Fuck them all, I'm leaving for the woods. It's been fun with tech but now it's just so painful,
The article below sharply summarizes why all this is a dystopian surveillance setup:
> how, precisely, do you stop a fourteen-year-old from opening Instagram without first checking the age of the forty-year-old?
> You don’t. You can’t. So everyone gets carded. Britain is lifting the system wholesale from Australia, where a computer first scans your face and guesses your age from your cheekbones, then, failing that, surveils you to death, studies your browsing habits and the hours you keep, and then, when the algorithm throws up its hands, simply demands your passport.
Exactly. A little at a time. First it's adult sites, because if you need to show ID to buy alcohol, shouldn't you need ID to buy pornography? Once that's accepted, expand the sphere of control to non-adult sites too by redefining everything as 16+.
The alternatives are even more power-mad, fundamentally illiberal parties (Reform, Conservatives), equally pearl-clutching ones that will likely continue on the same road as Labour (greens) and unreliable figures that will flip-flop as soon as they are in power (libdems).
Reform and Restore will say anything to get into power, and then they will turn into ultraconservatives. See also: council tax in pretty much all sizeable councils they got to control, which they promised to keep fixed and then raised immediately after getting in. Their instincts are traditional ultra-right.
And yeah, I agree that there is no natural home in UK politics for social liberism. Hence why quipping "they keep voting for this" is just pointless - there are no realistic alternatives, what we have at the moment is the least worst and it's still pretty bad.
FWIW you can age-gate VPNs the same way you can age-gate anything else that is paid for: just don't let people who haven't got credit cards (not debit cards) sign up.
Or you can simply let free plans only terminate inside their own country. I noticed recently that TunnelBear has done this with their free plans — the "fastest" endpoint, which is the only one that is free, is now a UK endpoint. It still meets the security need anyone might have from a VPN.
I am honestly not that bothered about adult content age gating in principle, and I never really have been. I personally think sexual content is not remotely immoral but that it's reasonable to say the very young shouldn't be able to see it. It's not a freedom of speech issue.
Given the practical impossibility of parental regulation of access to devices when cheap phones and PAYG exist, the problem is the practice of it: how do you do that in a way that is privacy-preserving?
I feel that Apple has coped with this pretty well: they decided I am an adult automatically based on how long I have held an account.
I also think the UK PAYG mobile providers handle this well: they have simply always blocked adult content until you unlock it. I haven't bothered and I have never seen the content wall (except when deliberately testing it) so I believe its boundaries are drawn quite well.
Though I do routinely use one site that might end up blocked over time because it sits right at the boundary of the law's interest. So one day I might need to, I guess. And I have considered what I might need to do about a website for my own photographic work, which sits on the edge of the ofcom rules interest in practice.
We are missing secure anonymous age attestation but I think that will come.
I do think American critics tend to interpret this in terms of the morality and religion battle-zone that riddles US culture and encourages US states to try to police morality in bizarre ways or to extend "porn" rules to things like information about sexuality, gender or sexual health (which would just not happen here because we're actually not really religious or prudes; there is essentially no religion in our politics, which is ironic considering the C of E have seats in the Lords).
I don't think American critics should really leap to judge UK rules when you have two dozen different states imposing rule sets that in some cases came first and in many are wholly unworkable.
UK concerns are about child access to extreme material and about sexual exploitation, fundamentally. It's not easy and it's clear some aspects of the legislation are difficult, but accepting criticism from Americans as if the US position is clear, unambiguous and robust is no longer something we should entertain, especially lessons about the morality of free speech from the US administration, given their apparent selective contempt for it.
You're straw-manning there. Every adult citizen isn't forced to have a VPN or view porn.
Most UK citizens do have a credit card anyway (though I in fact do not). It's more than three quarters.
It's not even the only way someone offering a service for what is after all a subscription product could achieve adult verification through existing banking-based mechanisms, because there are also bank mechanisms for making payments through a direct debit, which again you have to be an adult to do in the UK, and everyone can.
KYC processes also work though they are annoying and a VPN provider is inherently not going to want to do it.
But they are going to want to take money and there are these two mechanisms that come with adulthood verification attached.
Apple could do more on this with Wallet — they could let you pay with a virtual debit card that can only be in your wallet if you've passed their adult verification. Would need some card industry support. I am not sure why I can't just associate adulthood with my debit card; that would be a good fix.
"legal parent/guardian is responsible for the child"
if a parent faced fine or jail for a child having access to the internet you can be sure 90% of the children wouldn't have internet access
I'm no defender of the big social/media sites but I don't see why it's their fault/problem if a minor has internet access when they aren't supposed to
This all feels like the opposite goal of knowing everyone who is online everywhere
Because it's not how you'd make the law, you'd wouldn't go to service by service and make it their problem, you'd make it the adult responsible for the child's problem
what if instead of this age gate or whatever government is doing, what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
remove all "reasonable step" shield to hide behind. for example, a shopkeeper can't say they took "reasonable steps" if they sell alcohol to a child so why should a website be any different? if we are going to the absurdity of age-gating VPNs, at least lets make it so that there is an incentive for children to self-report
The end result will be the same. If you face a 10k liability for serving the wrong customer, you end up needing to ID your customers.
If the government isn't going to provide that service you end up with private companies verifying identity and the data security issues that entails.
If you want to shift the responsibility of protecting children away from parents, then you end up in a situation where third parties need to be able to differentiate between a child and an adult. I haven't yet seen a proposal that doesn't entail someone - government or private enterprise - getting access to identifiable information.
Of course, you could have something like a signed certificate, so the identity verifier doesn't see who you are patronizing, and the identity seeking business only gets to see your age, but it still has privacy issues.
You've needed to do that for at least ten years. Mobile internet either requires a contract, or an ID check before you get a sim (pay and go)
Anyone providing internets is liable for what the users are doing. The way you got out of that is responding to legal requests. (originally mostly copyright)
This is the frustrating thing, we have effective and relatively uncontroversial age gated network (mobile data) already. and it worked.
I don’t think that would have worked. Parents buy phones for their kids since the kids can’t buy them. What would the choices be? Give them a phone or not give them a phone. I don’t think society is ready for that kind of choice anymore.
> what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
All of these proposals probably sound good to people who think the Venn diagram of sites they use and sites covered by these laws are two separate circles.
They probably sound a lot less good when you realize the law covers site like YouTube. The Australian law (which they said they’re modeling this after) also includes social news sites like Reddit.
If they passed a law like this extending to VPN services then you’d have to hand over your ID to use a VPN.
Usually people realize how bad these proposals are once they realize it might impact their internet use, too.
Sure! With my kids it's meant not buying them internet-enabled devices (or disabling the internet access, eg smart TVs), only having 1 family computer in a shared space, and managing my own local network. There also aren't screens in the house through the week.
On the flip side, I let them read whatever they want, including things that are upsetting or that other parents would say aren't appropriate, and I talk to them about what they've read.
Overall, I think these policies have meant more thoughtful media consumption, and more time outside and with friends. I'm not enough of a fool to think our rules are enforced at friends' houses, but we've chosen to live in a community that's largely on the same page.
None of this stuff is easy, but as a parent, it's the job.
I expect them to give a shit, yeah. Just like they should care about what they read or watch, or who they hang out with.
Don't let your kids have an internet-connected phone, or keep it locked down so they don't have parasitic apps preying on their pre-frontal immaturity until they're old enough to handle it.
All of this needs to be done intentionally, of course, or it will feel like the kids are being punished. But I can't emphasize this enough... it's our job as parents to raise our kids.
> big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
HIPAA has been super effective this way. As we all know, American companies don’t give two shits about user privacy or even security. But wave the HIPAA flag and everyone starts caring real hard and taking extremely cumbersome steps to comply with patient privacy.
Very simple: Each HIPAA violation comes with a financial penalty for the business and personal penalty for every person involved in the leak. Very effective.
I agree the threat is there but I've never seen anyone actually punished for HIPAA violations and my data have been involved in several hospital and insurance breaches.
There's not even a test for HIPAA compliance, so you can't legally prove you were ever compliant in the first place, other than you did what you thought was right. People love to use the term "HIPAA-compliant" but it's technically not a thing.
From my understanding, HIPAA mostly just says that you need to have policies in place for various things, such as rotating passwords or encrypting data, but it doesn't go into explicit detail about what all must be IN those policies, or how you enforce them.
> It's not possible to prevent a person (of any age) from reaching a specific website if they are determined enough. Full stop.
right, and that reveals the absurdity of this "age gate", doesn't it?
because I am sure giving every UK national their very own unicorn would also poll very well but that doesn't mean that's what a functional democracy should be prioritizing
just because a majority of the public supports
because doing so is not possible
yes and we do fine companies that sell alcohol and drugs to children.
lets give everyone an incentive to report companies that allow or encourage children to use these websites.
the children, the parents, bystanders, the employees and contractors of these websites, everyone should get paid from the fines these social media companies would need to pay out for every infraction.
I think GBP 10k per incidence is actually pretty cheap
considering the alternative is life in prison for the CEO and the board
starting with cash incentives all the way to prison terms for the CEO and the board
Now, seeing many European governments tirelessly push for these new measures to protect the children, I'm pretty sure that the children are finally going to be safe online.
Though I think banning it for children is the wrong approach. Ban the addictive and dangerous features for everyone, adults included — no more infinite scroll, and no more feeds showing content from outside social connections.
So, kill all news agencies and reporters I guess? or would there be a carve out for incumbents so they can cement their market share? who controls the approval list?
That alone is a value add people don't realize even as they're losing it: it created a shared reality you and locals inhabited, that you could have a conversation about.
Except this has nothing to do with social media nor with children nor with addiction.
We've had time to witness the damage of a dopamine-doomscroll. I personally know children who've posted too much, and children who've been solicited directly by adults, both to try and meet and for nudes. And we've seen the complete lack of positive action from platforms. Roblox is full of paedophiles and Grok was letting you nudify your classmates just a few months ago. These places aren't suitable for kids.
I don't want a ban on VPNs. That isn't being suggested, just making sure they're also age-checked. But some inconvenience is a price worth considering.
I'd be surprised if the law requires much beyond a vague best effort from service providers, but many already block connections from known server hosts and some even VPNs.
An airtight block is not what's required; stopping social media being mainstream for kids is.
I'm trying to discuss this in good faith but that wasn't even an argument. A bland accusation wearing a tin foil hat.
You could argue the benefit to children in repealing it.
You're trying to frame it as an "inconvenience" and not a blatant attack on the fundamental freedom of expression. I get that social media is bad, but sometimes (often) the cure is worse than the illness.
Sure, whatever. Maybe in some ways.
> I personally know children who've posted too much, and children who've been solicited directly by adults, both to try and meet and for nudes.
... but not in that way.
I personally knew children who'd been solicited directly by adults before there was even an Internet. Including me, if you use the definition of "child" that seems to be popular in this sort of debate (and, by the way, it wasn't a big deal).
We did not shut down the world because of it.
Coders went from being civically active—calling their electeds and showing up to events to defend privacy in the 90s—to being comfortably rich and content with maybe voting in generals. That’s had a direct effect on policy quality.
H.L. Mencken
People from duma (the russian parlament) also publicly stated it would never use it for anything but children protection.
It used to be "don't give your name to anyone online" and now it's "hand it over when you're told".
It would be similar to Radio Free Europe which was broadcast to the former Soviet States.
The point is if they start — they can proceed way further than you can imagine now.
Companies will be exempt (with remote employees having to identify linking their IP and computer's fingerprint with their real identity), and the next step, after using the law to silencing dissent, will be penalisation.
There is strong, popular will for age gating social media. At the same time, at least in America, there is a deep streak of laziness and nihilism in the tech community that makes it civically useless. When combined, you get politicians getting calls every day to limit social media and little from experts on how.
So you get folks reaching for the first solution on the shelf, and then getting wedded to it. The correct approach is making this the social-media companies’ problem. If they wind up with users under N years old, they get fined. If you want to use social media, you put up with their BS. If not, you’re not affected. Unfortunately, I’ve worked on privacy and technical policy enough to be sceptical that anyone will actually pitch that to their elected. So we get this, instead. (And at the end of the day, I’ll take an imperfect solution over a perfect one that goes nowhere. Though the UK, as usual, seems to have found the worst of the bunch.)
Shortly after the Online Safety Act went into operation, there was politically charged/sensitive/opinionated content on X mysteriously disappearing for UK users but nobody else in the world.
car culture < childhood
This isn't a cynically curated viewpoint. It's some* of what we have and what that cost.
* we also have trespassing culture & stranger-danger culture. we ruined roaming and the childhood development it nurtured.
Can you imagine bringing up cars in this thread?
I believe you. I'm likely older than you, so there were even fewer cars when I was a kid. I'm confident my utopia was even better than yours.
Between then and now we have a gradient of loss. My kids grew up under 24/7 adulting and had nowhere to go.
Yes but this has nothing to do with cars. What are you even protecting kids from anyway?
Nobody is surprised that Russia resorts to this. They are a potemkin dictatorship. But that the UK is also acting as a dictatorship - now that's interesting.
VPN banning is part of the same compulsion for control that made London a global leader (in surveillance of people not suspected of a crime).
ref: https://www.usnews.com/news/cities/articles/2020-08-14/the-t...
I'm not even taking a side here and what they are trying to do is obvious.
Alternatively, the center starts trying to attract right-wing voters by adopting right-wing ideas like anti-immigrant views or "well, we can sacrifice the climate a bit more" positions.
Keir Starmer is from a "left" party but his actions has shown him to be a centrist, Ursula von der Leyen is quite right. Then again, these are European positioning, as someone's said years ago, the European right-wing would be liberal in the US. And with the currently openly racist regime of the USA, even more so!
(Also, it’s worth noting that the Conservatives support the same policy, and Reform support the principle while opposing the means.)
Ah, yes, the existing research doesn't agree with our biases, so let's fund new "research" that does.
> Ms Kendall told Nick Ferrari: “I told MPs yesterday I'm going to come back to the House with a statement on the issue of VPNs in July. There are very strong views on both sides of this. For some people, it is about privacy, and it is the ability to use that is really held strongly by people. And for others, they say they should be banned because kids are using them to get around. And so I— the main thing that we've done is we've commissioned additional research on this because I've not been happy with the evidence."
Sounds like they realize there are two sides and no "clear winning argument" in either direction, that's why the additional research is needed. Sounds a bit more nuanced than what I expected based on your snippet.
The trade-offs and how many people care and about what specifically.
E.g., you say "Privacy is a human right", so why is it that half the websites I visit ask for permission to share details of how I use those sites with more corporate "trusted partners" than there were students and staff combined in my secondary school? I'm all on board with just banning this kind of analytics, but there's a lot of people who are more angry with the EU for forcing companies to at least ask for permission before they sell your data to all those analytics firms.
Because capitalism itself is the enemy.
And information assymmetry is a potent tool, as is constant and persistent surveillance. All of these enable extracting more money.
Most of this end-stage crapitalism was warned by Adam Smith, and then by Marx.
And what did economists do? Fucking ignore it. Or named it trickle down.
So, yeah. When the capitalists control the government, you get all the abuses written about it for the last 300 years. And it fucking shows.
Computation and copyright was just dropping helicopter loads of gasoline on the already terrible fire.
What are the actual numbers here? If there’s lots of fuss about vpns but actually while there’s been a big jump in use it’s not under 18s anyway it wouldn’t help.
> Privacy is a human right, and one which is essential for effective democracy.
And does this get broken enough for age gating something? We age gate alcohol to reasonable success, sometimes that involves showing id.
I’m not arguing for age gating here but I do think understanding the tradeoffs may require more evidence.
For example the vast majority of the UK residents is against the ongoing support and complicity of the UK in the genocide of Palestinians, to which the government orchestrated the whole operation to turn the protest into act of terrorism (!).
Etc.
Probably how they can best attach a license to VPN use like they're doing with TV.
Ummm what??? lolll
if they don't want their kids using vpn... why would banning vpn for everyone and requiring ID verification be the answer? LOLLLL
That sounds like they need to control their kids
"it's hard" ...
"WHY DID YOU HAVE KIDS THEN?!?!?!"
Quite often, people in power don’t want to hear the truth, they want to hear their own words/views parroted back to them.
Famously at the exact same time UK was claiming there was no evidence of the medicinal use of the cannabis, the UK was also the biggest exporter of it, and all was then turned into Sativex, a cannabis based medicine, not approved for use in the UK of course (individual import is allowed).
Interesting is that the husband of one of the very prominent Home Secretary and later Prime Minister is a senior executive in the producet.
Of course there's no suggestion of the financial interest of them in keeping a monopoly. See also: https://leftfootforward.org/2021/04/revealed-uk-is-the-world...
[0] https://en.wikipedia.org/wiki/David_Nutt#Dismissal
It's pathetic how they use sobbing families to push it through, similar tactic like before Iraq invasion.
same players behind the scenes.
This is happening worldwide: https://en.wikipedia.org/wiki/Online_age_verification_laws_b...
Apparently if countries all put an age limit on tobacco it must mean there is a secret group coordinating for it for ulterior reasons.
The fact that you think there's no such group is simply insane.
I mean, the very agenda of their upcoming conference was on the front page of HackerNews a few days ago...
Edit because I'm getting limited:
This isn't exactly something old that has been going on for decades in its current form and the usage has increased especially since the lockdowns. Nations have also been copying each other for centuries, you don't need a secret group coordinating for it with a singular ulterior motive.
But sure, all governments suddenly woke up at the exact same time, give or take a few months, and realized that social media should be banned for kids.
For decades companies like Facebook have been saying you just have to let us groom children, there's no way to have this tech and not groom children. Now the predictable consequences of that are arriving: the tech industry is being turned off, because it grooms children.
And when I say groom children, I'm talking about actual child predators, not the transphobic nonsense point.
On mobile a VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit. Using the web interface avoids this.
The UK has also moved to force ISPs to block certain bittorrent search engines.
The UK is not shy when it comes to invading your privacy or censoring the Internet.
Definitely doesn't shy away from doing it! But one thing I find most irritating is that it seems reluctant to say it proud and loud.
Look at the situation with 4chan and Kiwifarms. They are basically asking to be blocked from the UK and they refuse to. I can't really say why the onus is put on the websites to enact blocks, but my suspicion is the government doesn't like the idea of displaying an official page stating that you are not allowed to see something because the government doesn't want you to.
They don't even have to do that, the connection can just be left to time out on the client side. This is what they did (and some ISPs still do) for the Internet Archive...
Yes, archive.org is classed as an adult site in the UK.
Browsing with a VPN is a frustrating experience. They are abused by many of their users which leads to circular capture checks and straight blocks.
It seems like your VPN setup has a leak, or the real location is obtained otherwise through the operating system (locale setting or GPS).
I would be surprised if your locale leaked on GrapheneOS for example.
https://www.geocomply.com/
I've never had this issue (using Private Internet Access on iOS).
Going the other way around to try and watch British TV I used to find with a normal hosted VPN services could still figure out I wasn't in the country, but now I have a Tailscale exit node at my mum's place in the UK it always works fine.
So I suspect it all comes down to the IP source, probably a residential IP is the best possible case and with commercial VPNs it depends on how hard they work on isolating their IP blocks from known datacentres.
You would need to get your sim card out of your phone and use wifi or buy one of them foreign esim
For vpns I actually found that websites that block vpns for some reasons are worse at detecting commercial vpns than when you deploy your own on vps
---
Also I forgot about other things. When my phone for some unknown reason had its region set as GB, I had British ads in YouTube music
They're not a high quality source of news - they've more than decimated their journalism staff and replaced them with 'content' staff who are performance monitored on the number of clicks their articles generate.
Content is syndicated in different accents across their range of papers from the national papers, The Mirror and The Daily Express down into a large number of notionally 'local' outlets.
So, take it with a pinch of salt.
Just for one example; it would be trivial for Apple and Google to put age estimation on my phone, verify it on opening the web browser and provide a zero-knowledge proof of age to websites in a way that does not reveal my identity. All the infrastructure is already there, and it's relatively trivial to turn it on. The downside is that this will only work for people who are older than about 25 because of the uncertainty of face-to-age recognition, but it would be a start.
Another way to do it is for my bank, who know my age already, providing a similar credential that I can feed into the zero-knowledge proof engine on the phone.
This was all done properly for the covid tracking apps, at a time when the phone providers actually wanted to do tracking with anonymity - this is a similar problem, and it's easily cracked by technical means.
And you don't even need zero knowledge proofs if you perform on-device content detection - turn it on for kids, keep it off for adults. Modern phones have more than enough TPU capacity to do this.
But none of the actual implementations I've seen are truly anonymizing, and they all rely on trusting some really dodgy companies with your identity and browsing habits. Yes, the more respectable ones have security and privacy policies that are audited, but will they always? The cynical answer is "no", because history shows that someone will always do something sooner or later if (a) it makes money, and (b) they can get away with it.
Everything I see suggests that the desire for mass surveillance is the driver, and the "protect the children" front on this is a strategem by the people who are really driving this from behind the curtain. There are huge amounts of money to be made by capturing verifiable, blackmailable, personal data, and this is a magic money fountain for those who will be able to mine it.
Perfect is impossible, but if its stigmatised then the network effects stop being so punitive to children who have reasonable parents.
it's the 10-80-10 rule: 10% of kids will still access social media, 10% will never... but 80% can be swayed.
* Creates a market for privacy tech of several million teenagers
* Wastes police time chasing down social forums which kids are hosting abroad using their pocket money
* Rubs the noses of the securirati in the fact that they've made it easier for terrorists to hide their comms among the thousands of teenage speakeasies
This is not the 80's when comms tech required capital and man-years of engineering. Setting up forums online isn't even a high-school project.
If you ban WireGuard using DPI people will start using SSL VPNs.
If you ban SSL you ban the entire internet.
If they ban bog standard VPNs and find out they're still being used, they'll punish the VPN companies.
If the VPN companies create workarounds and avoid the punishment, they'll punish the payment processors.
If the VPN companies start using esoteric workarounds and taking cryptocurrency for payment, then they've mostly won -- most people aren't going to deal with that shit.
All the while, they'll still go after the social media/etc companies for allowing circumvention of age-gating. So the social media companies will crack down on our ability to visit their sites with any sort of privacy.
My point: laws are all imperfect but can still have a huge effect. Pointing out work arounds doesn't change that.
For context, I'm really disturbed by the recent move to punish people seeking privacy instead of the social media companies that are enabling this social media shit. They know who the companies are, since that's who they're going to punish for not age gating. But they'd (I'm talking about US based age-gating pushes as well) rather fuck with our privacy and make our PII more susceptible to data breaches than tell the social media companies to eat shit.
[1] https://mullvad.net/en/help/connecting-to-mullvad-vpn-from-r...
Not to mention that this will be used as an opportunity by state actors to harvest info on UK citizens via hostile VPN services.
What can we do when such a law comes to our country?
- Route all traffic via tor, then connect to a VPN from Tor?
- Finally learn I2P?
- Something else?
https://www.rte.ie/brainstorm/2024/0119/1217560-section-31-b...
To be honest, unfortunately, I'm not really sure about this one.
They will when it's law. Their purpose is most likely either snake oil, or bypassing geo restricctions on netflix or sports.
So when the citizens inevitably start protesting against the oppression, it's easier to subdue them.
So no, not a ban for all. A ban for minors, and a severe curtailment in general. The parent post might not be 100% accurate, but it's close.
The "loicense m8" memes are getting less and less funny ...
They won't be able to block all VPN services, and they don't really care. VPN still works in China. The entire point is to acclimate the public to a system of fear and control. You won't get arrested because you used a VPN, you'll get arrested a few weeks later because your neighbor snitched on you. They can easily enforce these laws without any form of technology.
The simpler explanation suffices. Politicians want to react to a political demand and don’t really care about the implementation details.
2. Children start using VPNs to bypass the ban
3. Age-gate VPNs
4. Repeat steps 2-3
Truly a masterful plan.
1. Ban something
2. People bypass the ban
3. Ban however they're bypassing the ban
4. Goto 2
If they ban the commercial providers, payment processors will be the first to enforce it. And Google and Apple will throw the 1-Click solutions out of their app store for users from those countries immediately. And with that the topic is effectively dead even for most "geeks". At this point the goal is already pretty much achieved, most people are cutoff and under heavier surveillance. Next comes the group that know what a server is, how to rent one, what OpenVPN or Wireguard are. But many of the most used websites already make your life difficult if your IP is from such a range.
It goes on. At each step you can argue "there is still a way, as long as you got networking with other countries". Absolutely correct, but at each step the group who knows how and is willing to invest the energy shrinks. And the intended goal will likely already be achieved at the mentioned phase 1 above. The fact that some people still find ways isn't really a gotcha in this matter.
And at some point they will criminalize it. Does it matter that they are unlikely to catch you? Is it worth the risk? And if so, what if you catch strays for it from an unrelated matter. Ultimately they will simply target the devs that help build easy solution for the less tech-savy.
One big reason why you want to keep a bunch of nerds tunneling out around anyway is that you keep useful, defusing attitudes like that floating around. Aka "It's not that bad, there are still ways around it, haha, those idiots".
I’m not sure that’s true anymore. I discovered recently my 70 year old, very technology-averse, parents are using a VPN (much to my initial concern). I think it’s for viewing football matches, or so they can watch iPlayer when they travel. They’re advertised on buses, etc. They’re pretty common these days.
That said I think you’re right that a block at the App Store level etc is enough to cut usage significantly.
The law is very bad at dealing with such realities, see also piracy and drugs. The last time I checked TPB is still accessible in the UK with only DoH.
It's exciting to think I'll become a dissident like my parents, just because I don't want a slimy, rightwing, greasy friends of Epstein and other known abusers to ID and surveil me.
I definitely see both sides of this argument but to pretend the answers here are obvious just means people aren’t being serious. Serious harm is being caused to children and just because that’s a known cliche doesn’t make it not a real concern people have.
The UK hasn't been quick to deal with Epstein's associates and has a long history of either ignoring or losing critical evidence in CSA cases associated with politicians and public figures.
With that background, mandatory ID makes it easier, not harder, for abusers to act with impunity and/or official protection.
Most famously in Roblox (that's now fixed on Roblox side first with age banding, now by sharding it into three parts), and then in socials -- but the impact of, say, Instagram where kids are preyed upon because the algorithms are promoting them to preying populace, and where Meta openly runs experiments with their mental health, knowingly pushing them into harms way, is vastly different from, say, Coverstar.
Impact of abuse from Meta is well documented already, yet Meta is not punished. Kids are being radicalised by being fed toxic content, and it's also well known. Elon Musk's X was knowingly producing CSAM and non consensual nude images of real people and it took a tremendous amount of time for _anything_ to happen - and I don't see Musk on the dock yet?
There are ways to automatically block almost all kids on socials. Take away DMs and comments on the posts from all unverified users and kids suddenly will be much safer. All that can be done today.
The greasy friends of Epstein are running this shitshow, they're in the government (most famously PM of the UK knowingly appointed a longtime Epstein friend as the UK ambassador for the US), they've been covering Jimmy Saville abuses in the BBC, Police forces, the past government, which receives financial incentives from some of these companies to push things exactly the way they want.
Most severe harm to children is caused with the tacit approval of the government and media.
Sneaky access to the socials is not this.
Oh, and you know what? Receipts show it's Meta behind this weird, sudden push for age checks. Meta and their $2B.
So you already know something's off, or at least you should.
There's always a way around, but this direction is concerning.
I'm not in favour of this but I'm acknowledging that if the number of children accessing social media drops significantly because of a VPN ban then they've achieved what they set out to do.
I don't like the salami slice tactics of not including this in previous legislation despite knowing that it would be necessary to enforce the social media ban. There would have been a lot less support if it was presented as a complete package that could be debated in it's whole.
This is a privacy nightmare on all fronts and a horrible limit on freedom of speech. These kids will be learning how to drive a car, yet unable to contact their extended family over Messenger or follow news on Twitter. For everyone else, it means no anonymity or secrecy which has a chilling effect on free speech at a time when fascism is growing within democratic countries and dissidents are being imprisoned or murdered.
Yes, there are some really big problems with social media, but keeping children away from it doesn't fix the problems - it just leaves them for the rest of us to deal with. Let's fix the root of the problem, starting with the recommendation algorithms that inherently polarize people by building echo chambers around them and pushing divisive content all in the name of "engagement".
/j or /s
P.S. by the way, is it possible for them to use Hetzner? Don't they need something like credit card?
People need to look at the UK government much more so than the US government in ADDITION. Everyone knows how the USA serves the superrich only these days, but the UK government is kind of polite on the outside, but pure evil on the inside.
However, using this reason to induce censorship rules, word by word matching Russia/China playbook is making the goal less achievable if anything.
The even more concerning thing is that we've got a far right party that have been leading in the polls for most of the last year.
This is a very dangerous situation.
-Reform UK vows to repeal ‘borderline dystopian’ Online Safety Act https://www.theguardian.com/politics/2025/jul/28/reform-uk-v...
"Block the Introduction of Digital ID." "Repeal the Online Safety Act." https://www.restorebritain.org.uk/restore_civil_liberties
And the left are also being surveilled and censored, e.g pro-palestine / anti-war / anti-capitalist groups, though the strategy used there is less censorship and more often bogging those groups down with infighting about identity issues. What seems more dangerous is letting the increasingly tyrannical centrist establishment, dead set on stagnation and "managed decline", give legitimacy to censorship tools (which will be available to future extreme governments!) rather than fixing things properly.
[1] https://godissent.com
One upon a time, encryption math was regulated as a munition and the act of sharing open source software was tantamount to weapon smuggling. Once upon a time, VPNs were being banned by credit card companies. Part of the rise of bitcoin was the idea that you would need it for services like VPNs that credit card companies refused to service. Today, VPNs are openly advertised as piracy tools for getting around media geo-restrictions. Once upon a time, ISPs throttled torrents and so torrents become encrypted. Once upon a time DNS was to be poisoned in order to block filesharing websites (see COICA and PROTECT IP acts). All those efforts also came to nothing. These too will die.
https://www.lighthousereports.com/investigation/blair-and-th...
https://institute.global/insights/politics-and-governance/di...
> how, precisely, do you stop a fourteen-year-old from opening Instagram without first checking the age of the forty-year-old?
> You don’t. You can’t. So everyone gets carded. Britain is lifting the system wholesale from Australia, where a computer first scans your face and guesses your age from your cheekbones, then, failing that, surveils you to death, studies your browsing habits and the hours you keep, and then, when the algorithm throws up its hands, simply demands your passport.
https://reclaimthenet.org/starmers-social-media-ban-surveill...
Exactly. A little at a time. First it's adult sites, because if you need to show ID to buy alcohol, shouldn't you need ID to buy pornography? Once that's accepted, expand the sphere of control to non-adult sites too by redefining everything as 16+.
And yet, govt will find it's impossible to regulate the creativity of software engineers.
this is the first time in more than a decade that its not tories in charge, and to get there, labour also had to become conservatives
The alternatives are even more power-mad, fundamentally illiberal parties (Reform, Conservatives), equally pearl-clutching ones that will likely continue on the same road as Labour (greens) and unreliable figures that will flip-flop as soon as they are in power (libdems).
What's left? Count Binface, I guess.
Reform are against it https://www.theguardian.com/politics/2025/jul/28/reform-uk-v...
Even the more extreme Restore are against it, and against Digital ID https://www.restorebritain.org.uk/restore_civil_liberties
The Greens are ... well they wanted to amend it in 2024 to include a ban on fake news, but that could turn into a mechanism for censorship.
And Lib/Lab/Con were all for building even more on top of it in 2024: https://www.handleygill.co.uk/handley-gill-blog/general-elec...
There are no 'liberal' parties in the UK.
And yeah, I agree that there is no natural home in UK politics for social liberism. Hence why quipping "they keep voting for this" is just pointless - there are no realistic alternatives, what we have at the moment is the least worst and it's still pretty bad.
Or you can simply let free plans only terminate inside their own country. I noticed recently that TunnelBear has done this with their free plans — the "fastest" endpoint, which is the only one that is free, is now a UK endpoint. It still meets the security need anyone might have from a VPN.
I am honestly not that bothered about adult content age gating in principle, and I never really have been. I personally think sexual content is not remotely immoral but that it's reasonable to say the very young shouldn't be able to see it. It's not a freedom of speech issue.
Given the practical impossibility of parental regulation of access to devices when cheap phones and PAYG exist, the problem is the practice of it: how do you do that in a way that is privacy-preserving?
I feel that Apple has coped with this pretty well: they decided I am an adult automatically based on how long I have held an account.
I also think the UK PAYG mobile providers handle this well: they have simply always blocked adult content until you unlock it. I haven't bothered and I have never seen the content wall (except when deliberately testing it) so I believe its boundaries are drawn quite well.
Though I do routinely use one site that might end up blocked over time because it sits right at the boundary of the law's interest. So one day I might need to, I guess. And I have considered what I might need to do about a website for my own photographic work, which sits on the edge of the ofcom rules interest in practice.
We are missing secure anonymous age attestation but I think that will come.
I do think American critics tend to interpret this in terms of the morality and religion battle-zone that riddles US culture and encourages US states to try to police morality in bizarre ways or to extend "porn" rules to things like information about sexuality, gender or sexual health (which would just not happen here because we're actually not really religious or prudes; there is essentially no religion in our politics, which is ironic considering the C of E have seats in the Lords).
I don't think American critics should really leap to judge UK rules when you have two dozen different states imposing rule sets that in some cases came first and in many are wholly unworkable.
UK concerns are about child access to extreme material and about sexual exploitation, fundamentally. It's not easy and it's clear some aspects of the legislation are difficult, but accepting criticism from Americans as if the US position is clear, unambiguous and robust is no longer something we should entertain, especially lessons about the morality of free speech from the US administration, given their apparent selective contempt for it.
Most UK citizens do have a credit card anyway (though I in fact do not). It's more than three quarters.
It's not even the only way someone offering a service for what is after all a subscription product could achieve adult verification through existing banking-based mechanisms, because there are also bank mechanisms for making payments through a direct debit, which again you have to be an adult to do in the UK, and everyone can.
KYC processes also work though they are annoying and a VPN provider is inherently not going to want to do it.
But they are going to want to take money and there are these two mechanisms that come with adulthood verification attached.
Apple could do more on this with Wallet — they could let you pay with a virtual debit card that can only be in your wallet if you've passed their adult verification. Would need some card industry support. I am not sure why I can't just associate adulthood with my debit card; that would be a good fix.
all this because they refuse to make the law just
"legal parent/guardian is responsible for the child"
if a parent faced fine or jail for a child having access to the internet you can be sure 90% of the children wouldn't have internet access
I'm no defender of the big social/media sites but I don't see why it's their fault/problem if a minor has internet access when they aren't supposed to
This all feels like the opposite goal of knowing everyone who is online everywhere
Because it's not how you'd make the law, you'd wouldn't go to service by service and make it their problem, you'd make it the adult responsible for the child's problem
remove all "reasonable step" shield to hide behind. for example, a shopkeeper can't say they took "reasonable steps" if they sell alcohol to a child so why should a website be any different? if we are going to the absurdity of age-gating VPNs, at least lets make it so that there is an incentive for children to self-report
If the government isn't going to provide that service you end up with private companies verifying identity and the data security issues that entails.
If you want to shift the responsibility of protecting children away from parents, then you end up in a situation where third parties need to be able to differentiate between a child and an adult. I haven't yet seen a proposal that doesn't entail someone - government or private enterprise - getting access to identifiable information.
Of course, you could have something like a signed certificate, so the identity verifier doesn't see who you are patronizing, and the identity seeking business only gets to see your age, but it still has privacy issues.
California's Digital Age Assurance Act
It’s basically parental controls standardized.
You've needed to do that for at least ten years. Mobile internet either requires a contract, or an ID check before you get a sim (pay and go)
Anyone providing internets is liable for what the users are doing. The way you got out of that is responding to legal requests. (originally mostly copyright)
This is the frustrating thing, we have effective and relatively uncontroversial age gated network (mobile data) already. and it worked.
but now they've done and fucked it up with OSA.
Plenty of ways to get it done.
You have to phone them up/log in and request the block to be removed.
All of these proposals probably sound good to people who think the Venn diagram of sites they use and sites covered by these laws are two separate circles.
They probably sound a lot less good when you realize the law covers site like YouTube. The Australian law (which they said they’re modeling this after) also includes social news sites like Reddit.
If they passed a law like this extending to VPN services then you’d have to hand over your ID to use a VPN.
Usually people realize how bad these proposals are once they realize it might impact their internet use, too.
On the flip side, I let them read whatever they want, including things that are upsetting or that other parents would say aren't appropriate, and I talk to them about what they've read.
Overall, I think these policies have meant more thoughtful media consumption, and more time outside and with friends. I'm not enough of a fool to think our rules are enforced at friends' houses, but we've chosen to live in a community that's largely on the same page.
None of this stuff is easy, but as a parent, it's the job.
The social media companies could have done the socially responsible thing a decade ago and avoided all this.
Don't let your kids have an internet-connected phone, or keep it locked down so they don't have parasitic apps preying on their pre-frontal immaturity until they're old enough to handle it.
All of this needs to be done intentionally, of course, or it will feel like the kids are being punished. But I can't emphasize this enough... it's our job as parents to raise our kids.
HIPAA has been super effective this way. As we all know, American companies don’t give two shits about user privacy or even security. But wave the HIPAA flag and everyone starts caring real hard and taking extremely cumbersome steps to comply with patient privacy.
Very simple: Each HIPAA violation comes with a financial penalty for the business and personal penalty for every person involved in the leak. Very effective.
From my understanding, HIPAA mostly just says that you need to have policies in place for various things, such as rotating passwords or encrypting data, but it doesn't go into explicit detail about what all must be IN those policies, or how you enforce them.
It's not possible to prevent a person (of any age) from reaching a specific website if they are determined enough. Full stop.
right, and that reveals the absurdity of this "age gate", doesn't it? because I am sure giving every UK national their very own unicorn would also poll very well but that doesn't mean that's what a functional democracy should be prioritizing just because a majority of the public supports because doing so is not possible
lets give everyone an incentive to report companies that allow or encourage children to use these websites. the children, the parents, bystanders, the employees and contractors of these websites, everyone should get paid from the fines these social media companies would need to pay out for every infraction. I think GBP 10k per incidence is actually pretty cheap considering the alternative is life in prison for the CEO and the board starting with cash incentives all the way to prison terms for the CEO and the board