And yet, govt will find it's impossible to regulate the creativity of software engineers.
this is the first time in more than a decade that its not tories in charge, and to get there, labour also had to become conservatives
The alternatives are even more power-mad, fundamentally illiberal parties (Reform, Conservatives), equally pearl-clutching ones that will likely continue on the same road as Labour (greens) and unreliable figures that will flip-flop as soon as they are in power (libdems).
What's left? Count Binface, I guess.
Reform are against it https://www.theguardian.com/politics/2025/jul/28/reform-uk-v...
Even the more extreme Restore are against it, and against Digital ID https://www.restorebritain.org.uk/restore_civil_liberties
The Greens are ... well they wanted to amend it in 2024 to include a ban on fake news, but that could turn into a mechanism for censorship.
And Lib/Lab/Con were all for building even more on top of it in 2024: https://www.handleygill.co.uk/handley-gill-blog/general-elec...
There are no 'liberal' parties in the UK.
And yeah, I agree that there is no natural home in UK politics for social liberism. Hence why quipping "they keep voting for this" is just pointless - there are no realistic alternatives, what we have at the moment is the least worst and it's still pretty bad.
If you ban WireGuard using DPI people will start using SSL VPNs.
If you ban SSL you ban the entire internet.
If they ban bog standard VPNs and find out they're still being used, they'll punish the VPN companies.
If the VPN companies create workarounds and avoid the punishment, they'll punish the payment processors.
If the VPN companies start using esoteric workarounds and taking cryptocurrency for payment, then they've mostly won -- most people aren't going to deal with that shit.
All the while, they'll still go after the social media/etc companies for allowing circumvention of age-gating. So the social media companies will crack down on our ability to visit their sites with any sort of privacy.
My point: laws are all imperfect but can still have a huge effect. Pointing out work arounds doesn't change that.
For context, I'm really disturbed by the recent move to punish people seeking privacy instead of the social media companies that are enabling this social media shit. They know who the companies are, since that's who they're going to punish for not age gating. But they'd (I'm talking about US based age-gating pushes as well) rather fuck with our privacy and make our PII more susceptible to data breaches than tell the social media companies to eat shit.
[1] https://mullvad.net/en/help/connecting-to-mullvad-vpn-from-r...
Then we cipherpunks dunk on and make fun of them as we jet by in our cool top-down VPN convertibles! They can be ID cucks while we enjoy all the finer things on the internet!
Liberty and privacy aren't free; it takes sweat off the brow or the blood of sacrifice to preserve or claw back to.
/j or /s
P.S. by the way, is it possible for them to use Hetzner? Don't they need something like credit card?
Anyway, how would they obtain the (let's say) Bitcoin to pay for VPS?
They're not a high quality source of news - they've more than decimated their journalism staff and replaced them with 'content' staff who are performance monitored on the number of clicks their articles generate.
Content is syndicated in different accents across their range of papers from the national papers, The Mirror and The Daily Express down into a large number of notionally 'local' outlets.
So, take it with a pinch of salt.
The link is 100% true in this case.
Or you can simply let free plans only terminate inside their own country. I noticed recently that TunnelBear has done this with their free plans — the "fastest" endpoint, which is the only one that is free, is now a UK endpoint. It still meets the security need anyone might have from a VPN.
I am honestly not that bothered about adult content age gating in principle, and I never really have been. I personally think sexual content is not remotely immoral but that it's reasonable to say the very young shouldn't be able to see it. It's not a freedom of speech issue.
Given the practical impossibility of parental regulation of access to devices when cheap phones and PAYG exist, the problem is the practice of it: how do you do that in a way that is privacy-preserving?
I feel that Apple has coped with this pretty well: they decided I am an adult automatically based on how long I have held an account.
I also think the UK PAYG mobile providers handle this well: they have simply always blocked adult content until you unlock it. I haven't bothered and I have never seen the content wall (except when deliberately testing it) so I believe its boundaries are drawn quite well.
Though I do routinely use one site that might end up blocked over time because it sits right at the boundary of the law's interest. So one day I might need to, I guess. And I have considered what I might need to do about a website for my own photographic work, which sits on the edge of the ofcom rules interest in practice.
We are missing secure anonymous age attestation but I think that will come.
I do think American critics tend to interpret this in terms of the morality and religion battle-zone that riddles US culture and encourages US states to try to police morality in bizarre ways or to extend "porn" rules to things like information about sexuality, gender or sexual health (which would just not happen here because we're actually not really religious or prudes; there is essentially no religion in our politics, which is ironic considering the C of E have seats in the Lords).
I don't think American critics should really leap to judge UK rules when you have two dozen different states imposing rule sets that in some cases came first and in many are wholly unworkable.
UK concerns are about child access to extreme material and about sexual exploitation, fundamentally. It's not easy and it's clear some aspects of the legislation are difficult, but accepting criticism from Americans as if the US position is clear, unambiguous and robust is no longer something we should entertain, especially lessons about the morality of free speech from the US administration, given their apparent selective contempt for it.
Most UK citizens do have a credit card anyway (though I in fact do not). It's more than three quarters.
It's not even the only way someone offering a service for what is after all a subscription product could achieve adult verification through existing banking-based mechanisms, because there are also bank mechanisms for making payments through a direct debit, which again you have to be an adult to do in the UK, and everyone can.
KYC processes also work though they are annoying and a VPN provider is inherently not going to want to do it.
But they are going to want to take money and there are these two mechanisms that come with adulthood verification attached.
Apple could do more on this with Wallet — they could let you pay with a virtual debit card that can only be in your wallet if you've passed their adult verification. Would need some card industry support. I am not sure why I can't just associate adulthood with my debit card; that would be a good fix.
Just for one example; it would be trivial for Apple and Google to put age estimation on my phone, verify it on opening the web browser and provide a zero-knowledge proof of age to websites in a way that does not reveal my identity. All the infrastructure is already there, and it's relatively trivial to turn it on. The downside is that this will only work for people who are older than about 25 because of the uncertainty of face-to-age recognition, but it would be a start.
Another way to do it is for my bank, who know my age already, providing a similar credential that I can feed into the zero-knowledge proof engine on the phone.
This was all done properly for the covid tracking apps, at a time when the phone providers actually wanted to do tracking with anonymity - this is a similar problem, and it's easily cracked by technical means.
And you don't even need zero knowledge proofs if you perform on-device content detection - turn it on for kids, keep it off for adults. Modern phones have more than enough TPU capacity to do this.
But none of the actual implementations I've seen are truly anonymizing, and they all rely on trusting some really dodgy companies with your identity and browsing habits. Yes, the more respectable ones have security and privacy policies that are audited, but will they always? The cynical answer is "no", because history shows that someone will always do something sooner or later if (a) it makes money, and (b) they can get away with it.
Everything I see suggests that the desire for mass surveillance is the driver, and the "protect the children" front on this is a strategem by the people who are really driving this from behind the curtain. There are huge amounts of money to be made by capturing verifiable, blackmailable, personal data, and this is a magic money fountain for those who will be able to mine it.
Perfect is impossible, but if its stigmatised then the network effects stop being so punitive to children who have reasonable parents.
it's the 10-80-10 rule: 10% of kids will still access social media, 10% will never... but 80% can be swayed.
They won't be able to block all VPN services, and they don't really care. VPN still works in China. The entire point is to acclimate the public to a system of fear and control. You won't get arrested because you used a VPN, you'll get arrested a few weeks later because your neighbor snitched on you. They can easily enforce these laws without any form of technology.
The simpler explanation suffices. Politicians want to react to a political demand and don’t really care about the implementation details.
There's always a way around, but this direction is concerning.
I'm not in favour of this but I'm acknowledging that if the number of children accessing social media drops significantly because of a VPN ban then they've achieved what they set out to do.
I don't like the salami slice tactics of not including this in previous legislation despite knowing that it would be necessary to enforce the social media ban. There would have been a lot less support if it was presented as a complete package that could be debated in it's whole.
The even more concerning thing is that we've got a far right party that have been leading in the polls for most of the last year.
This is a very dangerous situation.
-Reform UK vows to repeal ‘borderline dystopian’ Online Safety Act https://www.theguardian.com/politics/2025/jul/28/reform-uk-v...
"Block the Introduction of Digital ID." "Repeal the Online Safety Act." https://www.restorebritain.org.uk/restore_civil_liberties
And the left are also being surveilled and censored, e.g pro-palestine / anti-war / anti-capitalist groups, though the strategy used there is less censorship and more often bogging those groups down with infighting about identity issues. What seems more dangerous is letting the increasingly tyrannical centrist establishment, dead set on stagnation and "managed decline", give legitimacy to censorship tools (which will be available to future extreme governments!) rather than fixing things properly.
> how, precisely, do you stop a fourteen-year-old from opening Instagram without first checking the age of the forty-year-old?
> You don’t. You can’t. So everyone gets carded. Britain is lifting the system wholesale from Australia, where a computer first scans your face and guesses your age from your cheekbones, then, failing that, surveils you to death, studies your browsing habits and the hours you keep, and then, when the algorithm throws up its hands, simply demands your passport.
https://reclaimthenet.org/starmers-social-media-ban-surveill...
Exactly. A little at a time. First it's adult sites, because if you need to show ID to buy alcohol, shouldn't you need ID to buy pornography? Once that's accepted, expand the sphere of control to non-adult sites too by redefining everything as 16+.
remove all "reasonable step" shield to hide behind. for example, a shopkeeper can't say they took "reasonable steps" if they sell alcohol to a child so why should a website be any different? if we are going to the absurdity of age-gating VPNs, at least lets make it so that there is an incentive for children to self-report
Now, seeing many European governments tirelessly push for these new measures to protect the children, I'm pretty sure that the children are finally going to be safe online.
Ah, yes, the existing research doesn't agree with our biases, so let's fund new "research" that does.
On mobile a VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit. Using the web interface avoids this.
The UK has also moved to force ISPs to block certain bittorrent search engines.
The UK is not shy when it comes to invading your privacy or censoring the Internet.
* Creates a market for privacy tech of several million teenagers
* Wastes police time chasing down social forums which kids are hosting abroad using their pocket money
* Rubs the noses of the securirati in the fact that they've made it easier for terrorists to hide their comms among the thousands of teenage speakeasies
This is not the 80's when comms tech required capital and man-years of engineering. Setting up forums online isn't even a high-school project.
The "loicense m8" memes are getting less and less funny ...
2. Children start using VPNs to bypass the ban
3. Age-gate VPNs
4. Repeat steps 2-3
Truly a masterful plan.
Not to mention that this will be used as an opportunity by state actors to harvest info on UK citizens via hostile VPN services.
What can we do when such a law comes to our country?
- Route all traffic via tor, then connect to a VPN from Tor?
- Finally learn I2P?
- Something else?
No one can be a true Atheist and not also be an Anarchist, and no one can be a true Anarchist and not also be an Atheist [all Scotsmen aside here :^)].
Apostates and criminals are synonymous.
This is a privacy nightmare on all fronts and a horrible limit on freedom of speech. These kids will be learning how to drive a car, yet unable to contact their extended family over Messenger or follow news on Twitter. For everyone else, it means no anonymity or secrecy which has a chilling effect on free speech at a time when fascism is growing within democratic countries and dissidents are being imprisoned or murdered.
Yes, there are some really big problems with social media, but keeping children away from it doesn't fix the problems - it just leaves them for the rest of us to deal with. Let's fix the root of the problem, starting with the recommendation algorithms that inherently polarize people by building echo chambers around them and pushing divisive content all in the name of "engagement".
People need to look at the UK government much more so than the US government in ADDITION. Everyone knows how the USA serves the superrich only these days, but the UK government is kind of polite on the outside, but pure evil on the inside.
However, using this reason to induce censorship rules, word by word matching Russia/China playbook is making the goal less achievable if anything.
https://www.lighthousereports.com/investigation/blair-and-th...
https://institute.global/insights/politics-and-governance/di...
One upon a time, encryption math was regulated as a munition and the act of sharing open source software was tantamount to weapon smuggling. Once upon a time, VPNs were being banned by credit card companies. Part of the rise of bitcoin was the idea that you would need it for services like VPNs that credit card companies refused to service. Today, VPNs are openly advertised as piracy tools for getting around media geo-restrictions. Once upon a time, ISPs throttled torrents and so torrents become encrypted. Once upon a time DNS was to be poisoned in order to block filesharing websites (see COICA and PROTECT IP acts). All those efforts also came to nothing. These too will die.
all this because they refuse to make the law just
"legal parent/guardian is responsible for the child"
if a parent faced fine or jail for a child having access to the internet you can be sure 90% of the children wouldn't have internet access
I'm no defender of the big social/media sites but I don't see why it's their fault/problem if a minor has internet access when they aren't supposed to
This all feels like the opposite goal of knowing everyone who is online everywhere
Because it's not how you'd make the law, you'd wouldn't go to service by service and make it their problem, you'd make it the adult responsible for the child's problem
