Just for clarification. House of Lords amendments do not have to be accepted by the House of Commons and may not make it into law. If you do not agree with an amendment then write to your MP, write to the ministers concerned. If you do not tell them your concerns they will not know. You can ask for an appointment with your MP. You can ask for an appointment with ministers. Better still you can form an advocacy group and lobby.
I've written to my MP several times about this. Each response just repeats the same talking points about safety whilst completely missing the underlying technical issues and consequences.
No, but it does mean that MP's have to make a positive decision to reject it, the proponents of the amendments (who are well financed) will claim anyone who opposes the amendment is pro-pedophile (as happened with the online safety act) which makes it hard to reject.
To stop it now we need a majority of MPs who are willing to take a political risk to reject it.
> House of Lords amendments do not have to be accepted by the House of Commons and may not make it into law
Except the Lords can send back a law indefinitely until the Commons accepts it. There have been cases in which laws were sent back 60 times until what the Lords wanted was added. A house with hereditary posts with infinite veto power.
> If you do not agree with an amendment then write to your MP, write to the ministers concerned. If you do not tell them your concerns they will not know.
It is an utter waste of time. MPs already know about the concerns. They don't care. I wrote to my MP about many of these concerns in the past. You either get ignored, told you are enabling pedos, told there will be protections put in place (ignoring the whole point is that I don't trust the government), or you get a boilerplate reply.
Moreover The vast majority of people (unfortunately this includes people in my own family) have been propagandised to agree with all iffy censorship, monitoring and other spooky nonsense the UK state engages with.
I don't get why the device changes the blame logic.
If child-services knew a parent was constantly watching/leaving around adult-content near children, that'd be considered the parents fault. If a parent lets a kid watch anything they want on TV and the kid watches adult content, it's the parents fault. But if the parent gives the child a phone, and doesn't manage what apps they use or content they watch, now it's the companies fault?
If my younger self, went into a store to buy a bottle of Vodka, before I came of age at 18 here in Germany, it wasn't my parents fault. It was the shop that did not check my license that was liable.
If they sold me beer before I was 16, same situation. Analogous for cigarettes. Or me trying to enter an amusement arcade (with monetary gains possible, not just pinball like things.
So why should "online stores" / "arcades" / "non kid friendly/appropriate venues" be treated differently than brick and mortar ones?
Does big tech help the parents? Can I set the age of the child in the phone user account and then the browser will report the age to the websites and the nice websites will aknowledge it and deny minors to watch adult content?
No big tech and browser makers did not put their hurds of developers to handle this and forced the governments to try more retarded solutions.
This big OSes should have a super easy activation procedure where a parent will enter the birthday of the account user and then the tech should do the magic,/
What are the current solutions for Android and iOS? To buy some apps and give them root permissions and they will filter out webpages or block entire domains ?
I never thought I'd say this, but I now fully approve of social media bans for children, screw under 16s, let's go further no children on the internet full stop. No mobile data plans for under 18s, arrest parents if they are found allowing their children to use a computer with an internet connection at home. Remove the internet from schools.
Then we can get rid of the online safety act, no need to dox adults if we just ban the children.
Then when the government refuses to repeal the OSA, we can then have an open and honest discussion about the real reasons that act exists.
It drives me nuts that local governments in the US continue to use Twitter/X to disseminate communications, despite having perfectly good web sites of their own.
> a ban on social media for users under 16, like Australia. Pretty dramatic change.
Meanwhile the government and official accounts continue to use X even as they're trying to ban it. Mixed messaging.
I think you'd find Govt. account users are over 16.
What I find particularly tragic about all of this legislation (the OSA and now this) is that there are obviously technical people in the room that would advise against this clusterfuck of a direction and they are being ignored by politicians who think the internet is something they can aggressively control.
This will continue to push people towards providers who operate outside UK jurisdiction or providers that care less about UK law and are less trustworthy.
I remain upset that they do this without building the necessary infra. They already assert identity when applying for a passport (and they do this very well). If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped. Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting. Instead we have this status quo of encouraging UK citizens to hand over their identity documents to dubious third-parties or shifting their traffic from the UK externally to avoid these checks.
> by politicians who think the internet is something they can aggressively control
You seem to believe they're wrong. Since they're the ones who come up with the laws of the land, I think it's important to realize that they can and do aggressively control access to the internet in their country. It sucks, but it's the reality.
> If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped.
Far less than all. See Australia, where age restriction is routinely evaded through adult collusion.
> Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting.
The privacy issue would still exist. They can tie your online activity directly to these tokens.
If VPNs require age verification, then people will shift to running a VPN on a cheap VPS. Probably via a popular single-click setup script.
Or people will just get drawn to more seedy providers that do no KYC or have ulterior motives. If I was Russia, I'd consider operating a free VPN or VPS service that MITMs the traffic.
I'm very interested to see how some VPN providers react to this. For a zero logs VPN provider, if such a thing can really exist, how big of a problem is this? Presumably many customers pay with a debit/credit card already so there's some PII on file? Usage remains the same? Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.
Of course, we're sliding quite rapidly down that slippery slope here so I'm sure logging and easier government tracking would be next. The justifications will get weaker and even more lacking in supporting evidence for their implementation.
> Presumably many customers pay with a debit/credit card already so there's some PII on file?
Yes. But I think most of the zero logs providers will remove the identifiable payments details after a certain about of time. e.g. Mullvad have a specific policy relating to what is stored and retention time (I am not affiliated with Mullvad, I just use their service).
I believe a whole host of VPN providers have no real need to comply with this amendment if it passes the Commons.
The providers are structured in a way that makes forcing compliance difficult and have built their whole business model around this. NordVPN is registered in Panama for example and Mullvad lets you send cash in the mail and doesn't store any user details (even a hashed email).
It'll be interesting to see how & who reacts if it does pass.
Yeah, if you're unable to read, I understand reaching such conclusion :) But no, this is about platforms/services:
> Amendment 92 (“Action to Prohibit the Provision of VPN Services to Children in the United Kingdom”) requires VPNs that are “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons” to implement age assurance for UK users.
What societal "harm" is the UK actually trying to reduce with this age verification? It almost feels like the amount of effort they're putting into this is out of balance with the actual harm.
political dissent. Uncomfortable truths. Any speech that does not align with the official narrative.
A Labour MP foolish attended a GB News show and when pushed admitted that the Online Safety Act was also about identifying speech by adults [0].
Sorry about the quality of the link, but the video is there (higher quality is available on X) and its not like the paragon of truth that is the BBC reported on this.
OpenSSH, Tinc, Wireguard and a myriad of other open source tools can also be used as a VPN. One only need a place to connect to and egress from. To me that means VPS/Server providers will also need to do age verification. Most VPS/Server providers also allow configuring reverse DNS. That leaves only CIDR blocks as a way to tell it is not residential. One could also egress from residential elsewhere assuming the friend has spare bandwidth that could be balanced and capped using sch_cake.
Not made clear in this article - this bill will be passed back to the House of Commons to debate/amend before going back to the House of Lords. This was not the final say.
The Commons are even more hungry for pervasive online surveillance than the Lords - at least, while Labour and the Tories are in power.
Reform UK (the party currently leading in the polls by a large margin) is the only party that loudly opposed the draconian measures within the Online Safety Act and promise to repeal it
Hotels are not platforms. No network effects at play. The idea of ban is to push teen DAUs below the critical mass necessary for self sustaining retention and growth.
Sure teens will still figure out a way to access when they really want to, but they won’t be be the same level of peer pressure.
I feel like this is the strongest argument in favor of the bans. I am not sure it will be effective or is the most effective way to go about it. I am curious to see the data that comes out of Australia in a few years.
I really do not think European countries had "free speech" like it is understood in the US.
After WWII you mostly had state run and controlled TV and radio. And some more freedom in the written press but still most countries mandate Legal deposit [0] sometimes since the Middle Ages. Legal deposit is just the granddaddy of what we understand the Internet is in China.
You could really get in trouble easily.
Then mass media were liberalized and put under the control of big corporations in the 1970-80s what gave the illusion of more freedom.
But the WWW really brought the US free speech standards to the entire developed world in the 90-2000s. This is why people under 50 understand "free speech" according to this standard.
The "you get put in jail because of a meme on Facebook" is really a return to normal after a 20 year pause on the Internet. If you don't fight for it, it will never last.
Starmer, like most leaders in the EU, has an 18% approval rating. He really can't afford free speech for its subjects.
How is age verification and free speech in any case related?
You can solve the problem of age verification without limiting your free speech right. Those two get entangled all the time and it does not make sense.
Every government in the world right now wants to get their hands on the controls and put their thumb on the scales here. Modern social media has proven to be effectively remote control for their citizens, nothing like this kind of power has never existed before and is absolutely irresistible to politicians. Expect them all to be laser focused on this until they're able to seize complete control, no matter how long it takes or how roundabout the path to this is.
Amendment 92 of the bill, added by Lord Nash during it's passage through the Lords says:
> “consumer” means a person acting otherwise than in the course of a business;
> “relevant VPN service” means a service of providing, in the course of a business, to a consumer, a virtual private network for accessing the internet;
It's quite specific wording for a piece of legislation, just VPNs. It excludes businesses but, as written, it wouldn't include network proxies, or remote desktop protocols, or TOR, or web/mobile applications that fetch pages for you, any of which could be used to circumvent the bill. The slippery slope argument could be made that those things would have to be added for this bill to have any meaningful impact, and that would require the amendment to be written in a very non-specific way. I'm not hopeful that the Government would recognise that as overreach (ignoring that the amendment already is).
The government isn't doing any favours for its image by simulatenously trying to ban X, and introducing all of these internet controls. It just fuels the narrative that the government is trying to shut people up and control the spread of certain ideas. Then when you add in that weird "education" game they paid for, Pathways[0], it feels like a very coordinated effort.
Is there yet a low friction way to verify age of UK users that doesn't rely on third party services with questionable privacy implications and exorbitant pricing?
I wonder if any of the law makers are investors in those companies.
How do they define "VPN" in this? If I make a little wireguard mesh and use an aws vm in another country as the exit node for my traffic, would that go under VPN?
Does the house of lords really do anything, though? At best, they can delay decisions, but what power do they really have? Aren't they just a bunch of rich people funded with taxes doing basically nothing?
I mean it's still a Virtual Private network between you and the VPS (which is rented by VPS provider)
So technically if you are from UK, they might come at your VPS provider if they find that you use them as a VPN (law's kinda vague from what I can gather)
Your VPS provider wouldn't really protect your privacy for 4 $ so a snitch.
My point which fucking scares me if I were a UK citizen is that they just have to do it once to scare you to your guts.
Maybe I am paranoid but I couldn't see this shit happen 2-3 years ago & UK is atleast moving at a very dystopian rate and I am not sure if other countries might move in similar direction too if UK experiment turns out to be helpful to the people in power or helps in curbing out protests/real change in any capacity.
I know the law hasn't passed but chances are unless osmething very unlikley happens, its gonna get passed
What's up with democracies trying to imprison their own citizens in such sense, whether digitally or in person. Some countries feel like prisons rather than free land now.
These were the best benefits of democracies over authoritarianism.
I genuinely question with such points if democracy actually just becomes a dual party authoritarianism. Sure people vote but just scare them for real change just once. If a person speaks online, even if they use a VPN, just catch one extreme and scare the moderates from even ever saying something different than what govt says
It’s a lot more difficult to do this anonymously than it is to use a VPN. You almost certainly need to provide payment information and often also identity verification.
then you are not using any vpn service marketed or provided in the UK. if you were to sell access to your VPS to others then you would have to do age verifications on them maybe.
maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
They REALLY want people to become more tech-savvy and to learn how to create their own VPNs using cheap VMs instances from __INSERT_CLOUD_PROVIDER_HERE__, don't they?
Privacy has an age rating now ? Seems a little ironic forcing anyone under 18 away from being able to have extra layers of privacy and in some cases security online.
I think we need to accept that age verification makes the internet safer. What we cannot accept is age verification's use as a mechanism to pry too far into peoples lives. When we can separate age verification from who am I, most people will be happier. What's tricky is who validates age? Your ISP? Your government? Your OS? A thirty party? Who accredits third-parties, and can you trust them? I'm convinced there's a way to solve this do we can keep the internet safe and not intrude massively on peoples privacy.
I think the creeping invasion of privacy argument is backwards here. What we have today isn’t privacy, it’s abdication. Platforms are externalising risk onto parents and pretending the internet is exempt from the safeguards we accept everywhere else.
Either the tech industry solves this, or governments will. That’s not ideology, it’s capitalism. If we don’t build workable, privacy-preserving primitives, regulation will arrive in the most blunt form possible.
There’s a reasonable middle ground. Identity can be a first-class citizen without being leaked to every website. I don’t need to hand over my name, address, or documents to prove I’m over 18. I need a yes/no assertion.
Imagine the browser exposing a capability like:
> “This site requires age verification. Are you over 18?”
The browser checks via a trusted third party credential and returns a boolean. No DOB. No tracking. No persistent identifier. Just a capability check, much closer to how physical ID works than today’s data-harvesting mess.
As a parent, I already police my kids as best I can, and it’s imperfect. But the offline world has friction and gates: bars check ID, cinemas enforce ratings, shops refuse sales. Those mitigations don’t make parents redundant; they support them.
Online, we’ve chosen to pretend none of that is possible. That’s not a principled privacy stance.
If we don’t design these primitives ourselves, we will get crude, insecure age databases, mandatory uploads of passports, or blanket bans instead. This is the least bad option, not a slippery slope. Collectively we have solved far harder problems.
I don't think it's possible? You could imagine some sort of certificate scheme where the govt issues a thing that says to a 3rd party "we certify this person is 18 but in a way that doesn't reveal who they are". You could also implement that in a way where, even if the 3rd party reports the details of an authorisation to the govt, the govt can't say who was involved in that auth.
But in the latter case, the system is wildly open to abuse coz nobody can detect if every teenager in the country is using Auth Georg's cert. The only way for that to be possible is if the tokens let you psuedonymise Georg at which point it's no longer private.
The answer is to leave this shit to parents. It's not the government's job. It's not the government's business.
Can we somehow get age verification without IDs? Age verification itself is OK as an idea. I’m happy to show ID to buy alcohol at the store… but the store clerk doesn’t take a photo of that ID and store it in logs somewhere forever.
Can we please get a law where kids won’t just take their parents’ IDs and upload them to random places?
You might like the Digital ID scheme. It uses Zero Knowledge Proofs, so that one of your 'IDs' could be a simple 'Is over 18' ZKP, without involving your name or anything other detail. These are not tracked by government or possible to associate with your wider identity. This is one of the examples listed in the framework docs.
> "Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details." (from https://www.gov.uk/guidance/digital-identity )
There's a huge amount of disinformation circulating about the digital ID scheme, and the government's messaging over it has been catastrophically clumsy. Which is a pity, because the system has clearly been designed with civil liberties in mind (ie defensively) and for citizens it's a serious improvement over the current system.
This is very bad news because I have been in contact with low cost providers (lowendtalk) and the community & even they usually end up renting etc. from datacenters and they usually would have name as well
So theoretically, suppose I have a vpn company on A) either such lowend niche providers who might support let's say my mission or we are aligned or B) the hyperscalers or large companies.
Now I am 99% sure that large companies would actually restrict VPN creation usage (something remarkably rare right now but still it's a gone deal now)
And I feel like even with niche lowendbox providers, suppose I am paying 4 euros or something to a provider to get an IP, they are either using hyperscaler themselves (like OVH) or part of a datacenter itself
If a server they own in some capacity runs a vps, can it be considered that they are running a vps and they can get sued by the Safety Act too? If not, then what if this happens one layer above at datacenter and now datacenters might have to comply with them
I haven't read the article but wtf.
Suppose I run a tmate instance (basically allows you to connect one ssh server to another both inside nat), theoretically this is a vpn as well.
I was calling out that they might ban vpn's when online safety act came and I realized that theoretically nothing's stopping them technologically to do so. It's a cat and mouse game but they didn't have a legal reason to do it so much. Now... You have it.
Is the end of total privacy for UK here?
I feel like even privacy oriented VPN's will move out of UK and non privacy oriented (ie. who will accept your id's) will probably have to manage it or use some third party and I am pretty sure that this basically gives govt. even more, they might now look at which IP said something, contact the now compliant VPN and block other truly private, for which user Id used a particular IP at particular time and seek their ID. I don't know how Dystopian UK's gotten but what's stopping a "reasonable cause" or some UK fbi equivalent contacting.
I feel like even one or two such extreme case of VPN providers would be enough to scare the whole country into check where if you are UK citizen and you talk against UK online, you will be screwed.
Atleast that's the direction I am seeing it heading.
Depending on the instance & how many more such dystopian laws UK adds. It's democracy gets really questionable... and I am not sure what it will be replaced by.
Both parties are kind of aligned in this from what I can tell. Just raise what "reasonable" suspicion to contact means and abuse any laws or create new dystopian laws but online safety act wasn't okay but VPN's provided a way around it.
Now that VPN's themselves are affected. It's kind of gonna wreak havoc imo of any individual privacy.
I am worried what this might mean on tor. Since tor can be considered a vpn, so will UK company sue me if I run a tor instance now?
You are over thinking. This is to enforce age restrictions online which parents are overwhelmingly in favour of.
Make the friction high enough for evading age restrictions and it will stop most kids. Not all but most. Same as most shops stop under age kids buying alcohol and most cinemas enforce age ratings.
If you want to roll your own VPN go ahead.
As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.
jimnotgym|1 month ago
aranw|1 month ago
graemep|1 month ago
To stop it now we need a majority of MPs who are willing to take a political risk to reject it.
zrn900|1 month ago
Except the Lords can send back a law indefinitely until the Commons accepts it. There have been cases in which laws were sent back 60 times until what the Lords wanted was added. A house with hereditary posts with infinite veto power.
The UK is not democracy. It never was.
FrostViper8|1 month ago
It is an utter waste of time. MPs already know about the concerns. They don't care. I wrote to my MP about many of these concerns in the past. You either get ignored, told you are enabling pedos, told there will be protections put in place (ignoring the whole point is that I don't trust the government), or you get a boilerplate reply.
Moreover The vast majority of people (unfortunately this includes people in my own family) have been propagandised to agree with all iffy censorship, monitoring and other spooky nonsense the UK state engages with.
bananasandrice|1 month ago
[deleted]
moritonal|1 month ago
If child-services knew a parent was constantly watching/leaving around adult-content near children, that'd be considered the parents fault. If a parent lets a kid watch anything they want on TV and the kid watches adult content, it's the parents fault. But if the parent gives the child a phone, and doesn't manage what apps they use or content they watch, now it's the companies fault?
sdoering|1 month ago
If my younger self, went into a store to buy a bottle of Vodka, before I came of age at 18 here in Germany, it wasn't my parents fault. It was the shop that did not check my license that was liable.
If they sold me beer before I was 16, same situation. Analogous for cigarettes. Or me trying to enter an amusement arcade (with monetary gains possible, not just pinball like things.
So why should "online stores" / "arcades" / "non kid friendly/appropriate venues" be treated differently than brick and mortar ones?
Wouldn't that be the same argument?
simion314|1 month ago
No big tech and browser makers did not put their hurds of developers to handle this and forced the governments to try more retarded solutions.
This big OSes should have a super easy activation procedure where a parent will enter the birthday of the account user and then the tech should do the magic,/
What are the current solutions for Android and iOS? To buy some apps and give them root permissions and they will filter out webpages or block entire domains ?
u8080|1 month ago
pjc50|1 month ago
Meanwhile the government and official accounts continue to use X even as they're trying to ban it. Mixed messaging.
Lead proponent of the VPN ban: https://en.wikipedia.org/wiki/John_Nash,_Baron_Nash; he's https://en.wikipedia.org/wiki/Centre_for_Policy_Studies again, the dead hand of Thatcherism.
RansomStark|1 month ago
Then we can get rid of the online safety act, no need to dox adults if we just ban the children.
Then when the government refuses to repeal the OSA, we can then have an open and honest discussion about the real reasons that act exists.
Being sarcastic, but at the same time...
valleyer|1 month ago
callamdelaney|1 month ago
chrisjj|1 month ago
I think you'd find Govt. account users are over 16.
PurpleRamen|1 month ago
Quarrelsome|1 month ago
I remain upset that they do this without building the necessary infra. They already assert identity when applying for a passport (and they do this very well). If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped. Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting. Instead we have this status quo of encouraging UK citizens to hand over their identity documents to dubious third-parties or shifting their traffic from the UK externally to avoid these checks.
embedding-shape|1 month ago
You seem to believe they're wrong. Since they're the ones who come up with the laws of the land, I think it's important to realize that they can and do aggressively control access to the internet in their country. It sucks, but it's the reality.
chrisjj|1 month ago
Far less than all. See Australia, where age restriction is routinely evaded through adult collusion.
FrostViper8|1 month ago
The privacy issue would still exist. They can tie your online activity directly to these tokens.
iamcalledrob|1 month ago
If VPNs require age verification, then people will shift to running a VPN on a cheap VPS. Probably via a popular single-click setup script.
Or people will just get drawn to more seedy providers that do no KYC or have ulterior motives. If I was Russia, I'd consider operating a free VPN or VPS service that MITMs the traffic.
uh_uh|1 month ago
wlkr|1 month ago
Of course, we're sliding quite rapidly down that slippery slope here so I'm sure logging and easier government tracking would be next. The justifications will get weaker and even more lacking in supporting evidence for their implementation.
FrostViper8|1 month ago
Yes. But I think most of the zero logs providers will remove the identifiable payments details after a certain about of time. e.g. Mullvad have a specific policy relating to what is stored and retention time (I am not affiliated with Mullvad, I just use their service).
https://mullvad.net/en/help/no-logging-data-policy#payments
> Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.
Or you can use Tor. I will just use a VPN that lets me pay with Monero or some other crypto currency. None of this will stop savvy people.
c0n5pir4cy|1 month ago
The providers are structured in a way that makes forcing compliance difficult and have built their whole business model around this. NordVPN is registered in Panama for example and Mullvad lets you send cash in the mail and doesn't store any user details (even a hashed email).
It'll be interesting to see how & who reacts if it does pass.
fartfeatures|1 month ago
chrisjj|1 month ago
Surely they can simply buy that direct ... at least until the Govt. requires ISP to blacklist.
londons_explore|1 month ago
And presumably also a '--webcam-to-use-for-identity'
embedding-shape|1 month ago
> Amendment 92 (“Action to Prohibit the Provision of VPN Services to Children in the United Kingdom”) requires VPNs that are “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons” to implement age assurance for UK users.
elcapitan|1 month ago
unglaublich|1 month ago
RansomStark|1 month ago
A Labour MP foolish attended a GB News show and when pushed admitted that the Online Safety Act was also about identifying speech by adults [0].
Sorry about the quality of the link, but the video is there (higher quality is available on X) and its not like the paragon of truth that is the BBC reported on this.
https://europeanconservative.com/articles/news/uk-government...
jacquesm|1 month ago
chrisjj|1 month ago
https://www.gov.uk/government/publications/online-safety-act...
Harmful accurate info is allowed, note.
pjc50|1 month ago
Bender|1 month ago
alexmorley|1 month ago
cbeach|1 month ago
Reform UK (the party currently leading in the polls by a large margin) is the only party that loudly opposed the draconian measures within the Online Safety Act and promise to repeal it
uxhacker|1 month ago
pfisherman|1 month ago
Sure teens will still figure out a way to access when they really want to, but they won’t be be the same level of peer pressure.
I feel like this is the strongest argument in favor of the bans. I am not sure it will be effective or is the most effective way to go about it. I am curious to see the data that comes out of Australia in a few years.
Havoc|1 month ago
https://members.parliament.uk/FindYourMP
pi3rre|1 month ago
giacomoforte|1 month ago
UK and Germany weren't ever good in this department but now worst than ever.
US supposedly good but I wouldn't risk it in practice.
Australia I hear is also quite bad.
Canada and NZ I don't know.
I expect Denmark and Sweden to have somewhat weak free speech laws too.
Norway and Finland I expect to be good.
France I expect to be just slightly better than Germany.
Netherlands and Switzerland, I have no idea.
Czech Republic I think has strong protections.
Italy and Spain and Ireland, I heard mixed reports about.
Poland, Greece, Slovenia, Portugal and other unnamed countries I don't know at all.
akie|1 month ago
In Germany, for example, you can say almost anything you want and no-one will give a hoot. If you're truly interested, here's some background for Germany in particular https://www.deutschland.de/en/topic/politics/freedom-of-expr...
And reporters without borders has a world press freedom index that ranks the US on place... 57 - behind most of Europe. https://rsf.org/en/index
sunshine-o|1 month ago
After WWII you mostly had state run and controlled TV and radio. And some more freedom in the written press but still most countries mandate Legal deposit [0] sometimes since the Middle Ages. Legal deposit is just the granddaddy of what we understand the Internet is in China. You could really get in trouble easily.
Then mass media were liberalized and put under the control of big corporations in the 1970-80s what gave the illusion of more freedom.
But the WWW really brought the US free speech standards to the entire developed world in the 90-2000s. This is why people under 50 understand "free speech" according to this standard.
The "you get put in jail because of a meme on Facebook" is really a return to normal after a 20 year pause on the Internet. If you don't fight for it, it will never last.
Starmer, like most leaders in the EU, has an 18% approval rating. He really can't afford free speech for its subjects.
- [0] https://en.wikipedia.org/wiki/Legal_deposit
notTooFarGone|1 month ago
You can solve the problem of age verification without limiting your free speech right. Those two get entangled all the time and it does not make sense.
throw__away7391|1 month ago
pnut|1 month ago
pieshop|1 month ago
It's quite specific wording for a piece of legislation, just VPNs. It excludes businesses but, as written, it wouldn't include network proxies, or remote desktop protocols, or TOR, or web/mobile applications that fetch pages for you, any of which could be used to circumvent the bill. The slippery slope argument could be made that those things would have to be added for this bill to have any meaningful impact, and that would require the amendment to be written in a very non-specific way. I'm not hopeful that the Government would recognise that as overreach (ignoring that the amendment already is).
cedws|1 month ago
[0]: https://www.theguardian.com/politics/2026/jan/25/ai-generate...
Palmik|1 month ago
I wonder if any of the law makers are investors in those companies.
dmantis|1 month ago
Surely three-letter agencies, "unknown creators" of chatcontrol proposals in the EU and other state psychopaths care very much about the children!
No, they don't.
Mass surveillance and the leverage coming from that is the goal itself.
sureglymop|1 month ago
unknown|1 month ago
[deleted]
fmajid|1 month ago
Certified|1 month ago
hiprob|1 month ago
crest|1 month ago
chrisjj|1 month ago
thefz|1 month ago
Imustaskforhelp|1 month ago
So technically if you are from UK, they might come at your VPS provider if they find that you use them as a VPN (law's kinda vague from what I can gather)
Your VPS provider wouldn't really protect your privacy for 4 $ so a snitch.
My point which fucking scares me if I were a UK citizen is that they just have to do it once to scare you to your guts.
Maybe I am paranoid but I couldn't see this shit happen 2-3 years ago & UK is atleast moving at a very dystopian rate and I am not sure if other countries might move in similar direction too if UK experiment turns out to be helpful to the people in power or helps in curbing out protests/real change in any capacity.
I know the law hasn't passed but chances are unless osmething very unlikley happens, its gonna get passed
What's up with democracies trying to imprison their own citizens in such sense, whether digitally or in person. Some countries feel like prisons rather than free land now.
These were the best benefits of democracies over authoritarianism.
I genuinely question with such points if democracy actually just becomes a dual party authoritarianism. Sure people vote but just scare them for real change just once. If a person speaks online, even if they use a VPN, just catch one extreme and scare the moderates from even ever saying something different than what govt says
Say it with me, 2+2=5 (1984 reference)
chatmasta|1 month ago
embedding-shape|1 month ago
afiori|1 month ago
maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
captain_coffee|1 month ago
hexbin010|1 month ago
bilekas|1 month ago
chrisjj|1 month ago
It always did. https://www.keygreer.net/family-law-faqs/what-rights-do-chil...
ed_blackburn|1 month ago
ed_blackburn|1 month ago
Either the tech industry solves this, or governments will. That’s not ideology, it’s capitalism. If we don’t build workable, privacy-preserving primitives, regulation will arrive in the most blunt form possible.
There’s a reasonable middle ground. Identity can be a first-class citizen without being leaked to every website. I don’t need to hand over my name, address, or documents to prove I’m over 18. I need a yes/no assertion.
Imagine the browser exposing a capability like:
> “This site requires age verification. Are you over 18?”
The browser checks via a trusted third party credential and returns a boolean. No DOB. No tracking. No persistent identifier. Just a capability check, much closer to how physical ID works than today’s data-harvesting mess.
As a parent, I already police my kids as best I can, and it’s imperfect. But the offline world has friction and gates: bars check ID, cinemas enforce ratings, shops refuse sales. Those mitigations don’t make parents redundant; they support them.
Online, we’ve chosen to pretend none of that is possible. That’s not a principled privacy stance.
If we don’t design these primitives ourselves, we will get crude, insecure age databases, mandatory uploads of passports, or blanket bans instead. This is the least bad option, not a slippery slope. Collectively we have solved far harder problems.
chrisjj|1 month ago
Then you will be rich. Because no-one else has found a way to keep your age private whilst disclosing it.
bjackman|1 month ago
But in the latter case, the system is wildly open to abuse coz nobody can detect if every teenager in the country is using Auth Georg's cert. The only way for that to be possible is if the tokens let you psuedonymise Georg at which point it's no longer private.
The answer is to leave this shit to parents. It's not the government's job. It's not the government's business.
unknown|1 month ago
[deleted]
laserbeam|1 month ago
Can we please get a law where kids won’t just take their parents’ IDs and upload them to random places?
squidbeak|1 month ago
> "Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details." (from https://www.gov.uk/guidance/digital-identity )
There's a huge amount of disinformation circulating about the digital ID scheme, and the government's messaging over it has been catastrophically clumsy. Which is a pity, because the system has clearly been designed with civil liberties in mind (ie defensively) and for citizens it's a serious improvement over the current system.
Imustaskforhelp|1 month ago
So theoretically, suppose I have a vpn company on A) either such lowend niche providers who might support let's say my mission or we are aligned or B) the hyperscalers or large companies.
Now I am 99% sure that large companies would actually restrict VPN creation usage (something remarkably rare right now but still it's a gone deal now)
And I feel like even with niche lowendbox providers, suppose I am paying 4 euros or something to a provider to get an IP, they are either using hyperscaler themselves (like OVH) or part of a datacenter itself
If a server they own in some capacity runs a vps, can it be considered that they are running a vps and they can get sued by the Safety Act too? If not, then what if this happens one layer above at datacenter and now datacenters might have to comply with them
I haven't read the article but wtf.
Suppose I run a tmate instance (basically allows you to connect one ssh server to another both inside nat), theoretically this is a vpn as well.
I was calling out that they might ban vpn's when online safety act came and I realized that theoretically nothing's stopping them technologically to do so. It's a cat and mouse game but they didn't have a legal reason to do it so much. Now... You have it.
Is the end of total privacy for UK here?
I feel like even privacy oriented VPN's will move out of UK and non privacy oriented (ie. who will accept your id's) will probably have to manage it or use some third party and I am pretty sure that this basically gives govt. even more, they might now look at which IP said something, contact the now compliant VPN and block other truly private, for which user Id used a particular IP at particular time and seek their ID. I don't know how Dystopian UK's gotten but what's stopping a "reasonable cause" or some UK fbi equivalent contacting.
I feel like even one or two such extreme case of VPN providers would be enough to scare the whole country into check where if you are UK citizen and you talk against UK online, you will be screwed.
Atleast that's the direction I am seeing it heading.
Depending on the instance & how many more such dystopian laws UK adds. It's democracy gets really questionable... and I am not sure what it will be replaced by.
Both parties are kind of aligned in this from what I can tell. Just raise what "reasonable" suspicion to contact means and abuse any laws or create new dystopian laws but online safety act wasn't okay but VPN's provided a way around it.
Now that VPN's themselves are affected. It's kind of gonna wreak havoc imo of any individual privacy.
I am worried what this might mean on tor. Since tor can be considered a vpn, so will UK company sue me if I run a tor instance now?
phatfish|1 month ago
Make the friction high enough for evading age restrictions and it will stop most kids. Not all but most. Same as most shops stop under age kids buying alcohol and most cinemas enforce age ratings.
If you want to roll your own VPN go ahead.
As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.