In Russia, they claimed that new measures to block websites are necessary to protect the children online. Of course, they immediately used these new capabilities to block opposition websites and sources critical of the government.
Now, seeing many European governments tirelessly push for these new measures to protect the children, I'm pretty sure that the children are finally going to be safe online.
It is really disheartening to see the sentiment around privacy erode like this. Fifteen or even ten years ago this would have been unanimously and vehemently opposed, but now it is somehow up for debate?
There has been 15 more years of highly motivated psychologists tuning their social media systems to create addiction, time for those who've grown up through this to become adults, foreign interference with democracy etc.
Though I think banning it for children is the wrong approach. Ban the addictive and dangerous features for everyone, adults included — no more infinite scroll, and no more feeds showing content from outside social connections.
They've somehow managed to breed several generations who's only criteria for "computing" is "it just works". All consumption, little-to-no understanding of how stuff works. As long as it does what it does, and it's "free", that's all that matters.
We've had time to witness the damage of a dopamine-doomscroll. I personally know children who've posted too much, and children who've been solicited directly by adults, both to try and meet and for nudes. And we've seen the complete lack of positive action from platforms. Roblox is full of paedophiles and Grok was letting you nudify your classmates just a few months ago. These places aren't suitable for kids.
I don't want a ban on VPNs. That isn't being suggested, just making sure they're also age-checked. But some inconvenience is a price worth considering.
If you are talking about the recent blockades of VPNs, the Russians made it pretty clear that they did not want western information sources inside the country. I am not sure it was ever in the guise of protecting the children
The first law about building technical and legal infrastructure to enable website blocking in Russia in 2012 was passed under the name of children protection. Everything else is an addition.
People from duma (the russian parlament) also publicly stated it would never use it for anything but children protection.
The only (probably) good thing here is that one can at least try to apply Russian experience at circumventing the censorship, where it's currently way more severe, up to the point when entire companies have their workflows disrupted because remote workers can't connect through the VPN (which is blocked). Maybe that will help.
You see, the problem is that all exit points of our VPNs are in Europe. These too can be banned quite easily. Where to will we run next, given that this cancer tends to spread?
You seriously think the government has a clear, honest reasons, as stated?
Companies will be exempt (with remote employees having to identify linking their IP and computer's fingerprint with their real identity), and the next step, after using the law to silencing dissent, will be penalisation.
Yeah. The children are just the excuse. They hate us for our freedome.
Nobody is surprised that Russia resorts to this. They are a potemkin dictatorship. But that the UK is also acting as a dictatorship - now that's interesting.
Non-nationalist parties that have been in power in Europe for so long are shitting their pants at the growing rise of nationalist parties and are absolutely planning to censor the shit out of them.
I'm not even taking a side here and what they are trying to do is obvious.
Somehow the "center"'s answer to the rise of right-wingers is stupid censorship, instead of fighting ideas with better ideas.
Alternatively, the center starts trying to attract right-wing voters by adopting right-wing ideas like anti-immigrant views or "well, we can sacrifice the climate a bit more" positions.
Keir Starmer is from a "left" party but his actions has shown him to be a centrist, Ursula von der Leyen is quite right. Then again, these are European positioning, as someone's said years ago, the European right-wing would be liberal in the US. And with the currently openly racist regime of the USA, even more so!
How is that happening? In the UK fringe nationalist parties are typically given as much airtime on main stream media as the governing parties. They've also setup their own 'news' stations to further spread propaganda. Any notion that they're being censored in the UK is ludicrous. They're pandered to.
It's easy to blame the governments in this - and some of their decisions are idiotic - but most of the blame should go on the tech companies. The fact they think "our ToS says you have to be over 13" or a popup asking "are you over 18" is sufficient while they make billions is a disgrace. They're the reason the governments are sinking to these levels. It's not like they haven't been given every opportunity to do the sensible thing over decades.
I also do not believe that this is primarily aimed at ptotecting children. I think the goal is to counteract the bot-farms that spread disinformation, instigate violence, and so on. Which Russia, by the way, pioneered and scaled up to make a material difference in elections in the West. It is a real problem for which no effective solution has been found.
Liz Kendall's official job remit is 'Science, Innovation and Technology', yet her understanding of any of them is severely limited, nigh on non-existent.
> Ms Kendall told Nick Ferrari: “I told MPs yesterday I'm going to come back to the House with a statement on the issue of VPNs in July. There are very strong views on both sides of this. For some people, it is about privacy, and it is the ability to use that is really held strongly by people. And for others, they say they should be banned because kids are using them to get around. And so I— the main thing that we've done is we've commissioned additional research on this because I've not been happy with the evidence."
Sounds like they realize there are two sides and no "clear winning argument" in either direction, that's why the additional research is needed. Sounds a bit more nuanced than what I expected based on your snippet.
What is there to research? Yes, VPNs can be used to circumvent geofences (and by extension, regional age restrictions). Yes, attempting to age-restrict VPNs is at odds with strong privacy guarantees. Privacy is a human right, and one which is essential for effective democracy.
"I want to do the thing that gets me the most votes and carries the least political risk".
Note this is not necessarily the wisest thing, or even the thing that objectively solves or mitigates the problem the most. Many such cases...
These people created a law that is catastrophic for privacy, so I don't believe they will be stopped from banning VPN's just because someone claims VPN's are good for privacy.
To put it into perspective he was asked to do the harm review, in which he proved how much more harmful the legal drugs (alcohol and nicotine) are from some of the banned ones (namely cannabis, LSD or Psylocibin).
Famously at the exact same time UK was claiming there was no evidence of the medicinal use of the cannabis, the UK was also the biggest exporter of it, and all was then turned into Sativex, a cannabis based medicine, not approved for use in the UK of course (individual import is allowed).
Interesting is that the husband of one of the very prominent Home Secretary and later Prime Minister is a senior executive in the producet.
I've been using a VPN in the UK on my laptop and phone exclusively for 20 years, and the state has been working with ISPs to make "connection records" for most of that time.
On mobile a VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit. Using the web interface avoids this.
The UK has also moved to force ISPs to block certain bittorrent search engines.
The UK is not shy when it comes to invading your privacy or censoring the Internet.
>The UK is not shy when it comes to invading your privacy or censoring the Internet.
Definitely doesn't shy away from doing it! But one thing I find most irritating is that it seems reluctant to say it proud and loud.
Look at the situation with 4chan and Kiwifarms. They are basically asking to be blocked from the UK and they refuse to. I can't really say why the onus is put on the websites to enact blocks, but my suspicion is the government doesn't like the idea of displaying an official page stating that you are not allowed to see something because the government doesn't want you to.
>the government doesn't like the idea of displaying an official page stating that you are not allowed to see something
They don't even have to do that, the connection can just be left to time out on the client side. This is what they did (and some ISPs still do) for the Internet Archive...
Yes, archive.org is classed as an adult site in the UK.
> On mobile VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit.
I've never had this issue (using Private Internet Access on iOS).
I'm a Brit living abroad, when I visit the UK I use a Tailscale network with an exit node at my home, and yeah this always seems to work for me.
Going the other way around to try and watch British TV I used to find with a normal hosted VPN services could still figure out I wasn't in the country, but now I have a Tailscale exit node at my mum's place in the UK it always works fine.
So I suspect it all comes down to the IP source, probably a residential IP is the best possible case and with commercial VPNs it depends on how hard they work on isolating their IP blocks from known datacentres.
Some context - Birmingham Mail is one of dozens of clickbait-driven publications owned by Reach plc.
They're not a high quality source of news - they've more than decimated their journalism staff and replaced them with 'content' staff who are performance monitored on the number of clicks their articles generate.
Content is syndicated in different accents across their range of papers from the national papers, The Mirror and The Daily Express down into a large number of notionally 'local' outlets.
I'm very much in favour of blocking children from social media - it's an absolutely vile cesspit of cognitive addiction, bullying and social (and potential sexual) abuse. But none of it requires a mass-surveillance network to be put in place.
Just for one example; it would be trivial for Apple and Google to put age estimation on my phone, verify it on opening the web browser and provide a zero-knowledge proof of age to websites in a way that does not reveal my identity. All the infrastructure is already there, and it's relatively trivial to turn it on. The downside is that this will only work for people who are older than about 25 because of the uncertainty of face-to-age recognition, but it would be a start.
Another way to do it is for my bank, who know my age already, providing a similar credential that I can feed into the zero-knowledge proof engine on the phone.
This was all done properly for the covid tracking apps, at a time when the phone providers actually wanted to do tracking with anonymity - this is a similar problem, and it's easily cracked by technical means.
And you don't even need zero knowledge proofs if you perform on-device content detection - turn it on for kids, keep it off for adults. Modern phones have more than enough TPU capacity to do this.
But none of the actual implementations I've seen are truly anonymizing, and they all rely on trusting some really dodgy companies with your identity and browsing habits. Yes, the more respectable ones have security and privacy policies that are audited, but will they always? The cynical answer is "no", because history shows that someone will always do something sooner or later if (a) it makes money, and (b) they can get away with it.
Everything I see suggests that the desire for mass surveillance is the driver, and the "protect the children" front on this is a strategem by the people who are really driving this from behind the curtain. There are huge amounts of money to be made by capturing verifiable, blackmailable, personal data, and this is a magic money fountain for those who will be able to mine it.
In more sensible times, we'd run an ad campaign highlighting the dangers and informational campaigns for parents on what to do to prevent your children getting access to social media.
Perfect is impossible, but if its stigmatised then the network effects stop being so punitive to children who have reasonable parents.
it's the 10-80-10 rule: 10% of kids will still access social media, 10% will never... but 80% can be swayed.
They don't want perfection. They want to move things forward, for their definition of forward.
If they ban bog standard VPNs and find out they're still being used, they'll punish the VPN companies.
If the VPN companies create workarounds and avoid the punishment, they'll punish the payment processors.
If the VPN companies start using esoteric workarounds and taking cryptocurrency for payment, then they've mostly won -- most people aren't going to deal with that shit.
All the while, they'll still go after the social media/etc companies for allowing circumvention of age-gating. So the social media companies will crack down on our ability to visit their sites with any sort of privacy.
My point: laws are all imperfect but can still have a huge effect. Pointing out work arounds doesn't change that.
For context, I'm really disturbed by the recent move to punish people seeking privacy instead of the social media companies that are enabling this social media shit. They know who the companies are, since that's who they're going to punish for not age gating. But they'd (I'm talking about US based age-gating pushes as well) rather fuck with our privacy and make our PII more susceptible to data breaches than tell the social media companies to eat shit.
bruhghghbmphf, the VPNs! the VPNs! can't have those! What's that good sir? You say ssh? Do not shh me sir. Oh, SSH... yes, SSH, can't have that! It's elementary, any system which one accesses MUST report to parliament. Personally Identifiable Documents for General Evaluation Of Ne'er-do-wells. We'll call it the P.I.D.G.E.O.N. network.
It's never about the technical capability of the tool. This is a mistake technologists keep making. It's about what the average person thinks it does or uses it to do.
Ban VPNs, an industry of SOCKS5 proxies will boom. Ban those, put the SOCKS5 proxy behind an SSH port-forward, and so on and so forth. Suddenly calling a Kubernetes API puts you in a secret service list somewhere.
At least we get to raise the next generation of IT geeks because they'll have to understand a bunch of networking basics to watch porn, and might get hooked on it. (on IT)
Israel will be making kill on this, they will unleash their free VPNs to the young people like they did to Iran. UK national security will be like Suisse cheese
In a way, the cack-handed way they've gone about this makes me slightly more optimistic. If we must have such a law, please let it be one which:
* Creates a market for privacy tech of several million teenagers
* Wastes police time chasing down social forums which kids are hosting abroad using their pocket money
* Rubs the noses of the securirati in the fact that they've made it easier for terrorists to hide their comms among the thousands of teenage speakeasies
This is not the 80's when comms tech required capital and man-years of engineering. Setting up forums online isn't even a high-school project.
Most VPN companies won't implement age verification, because their purpose is privacy. This is really an attempt to ban VPNs. This won't be popular when 70% of the population uses VPNs.
This is not to stop children from doing that. This is primarily to deanonymise as many people as possible, before the next steps come into force (scanning all files and messages on the every Internet - connected devices, hardware attestation of all the internet - connected devices, etc)
So when the citizens inevitably start protesting against the oppression, it's easier to subdue them.
Every corporate I know of, uses VPNs. Especially when workers connect from home. Is the UK government really interested in going up against the majority of their business partners...?
There is lots in the article that suggests they want to ban them for minors though. How the hell is that supposed to work without at a minimum a severe curtailment of VPNs in general?
So no, not a ban for all. A ban for minors, and a severe curtailment in general. The parent post might not be 100% accurate, but it's close.
What if I use a VPS instead? What if it's a virtual private VPS wholely in memory? What if it's a pool of VPS boxes shared by me and a network of people?
There's always a way around, but this direction is concerning.
They're banking on the number of kids using that mechanism to bypass the ban being small.
I'm not in favour of this but I'm acknowledging that if the number of children accessing social media drops significantly because of a VPN ban then they've achieved what they set out to do.
I don't like the salami slice tactics of not including this in previous legislation despite knowing that it would be necessary to enforce the social media ban. There would have been a lot less support if it was presented as a complete package that could be debated in it's whole.
There are few things more exciting, in relationship to attempting to restrict access to (data) communications, than a government which thinks geeks won't find ways around such. Now sit back, relax, and let's wait for the next generation of encrypted channels solution development.
This isn't something that can be defeated like this. You are right, there will be ways around this. But we also have to be honest: being able to buy "off the shelf", two click VPN solution for 5$ already puts you into "geek" category. Relatively speaking.
If they ban the commercial providers, payment processors will be the first to enforce it. And Google and Apple will throw the 1-Click solutions out of their app store for users from those countries immediately. And with that the topic is effectively dead even for most "geeks". At this point the goal is already pretty much achieved, most people are cutoff and under heavier surveillance. Next comes the group that know what a server is, how to rent one, what OpenVPN or Wireguard are. But many of the most used websites already make your life difficult if your IP is from such a range.
It goes on. At each step you can argue "there is still a way, as long as you got networking with other countries". Absolutely correct, but at each step the group who knows how and is willing to invest the energy shrinks. And the intended goal will likely already be achieved at the mentioned phase 1 above. The fact that some people still find ways isn't really a gotcha in this matter.
And at some point they will criminalize it. Does it matter that they are unlikely to catch you? Is it worth the risk? And if so, what if you catch strays for it from an unrelated matter. Ultimately they will simply target the devs that help build easy solution for the less tech-savy.
One big reason why you want to keep a bunch of nerds tunneling out around anyway is that you keep useful, defusing attitudes like that floating around. Aka "It's not that bad, there are still ways around it, haha, those idiots".
The beauty of VPNs is that you do not need to have a presence in the UK to make or sell one. And there's a huge amount of money in it.
The law is very bad at dealing with such realities, see also piracy and drugs. The last time I checked TPB is still accessible in the UK with only DoH.
Oh, they're in motion already. There are other countries that tried to ban VPNs for decades now, that sparked multiple great avenues of development.
It's exciting to think I'll become a dissident like my parents, just because I don't want a slimy, rightwing, greasy friends of Epstein and other known abusers to ID and surveil me.
Perhaps then you could at least vaguely understand the desire of people to avoid having slimy, rightwing, greasy friends of Epstein and other known abusers to ID and surveil their children.
I definitely see both sides of this argument but to pretend the answers here are obvious just means people aren’t being serious. Serious harm is being caused to children and just because that’s a known cliche doesn’t make it not a real concern people have.
This will be interesting to follow. I dont see how this can be fully enforced. Maybe for iOS and other platform where app distribution is highly restricted, but on linux, windows and even macOS i can use mullvad, sending cash in an envelope without ever revealing my identity.
How would that work? The UK can presumably ban Mullvad from operating in the UK, but I don't see how it can prevent outbound connections to Mullvad servers elsewhere, short of implementing a nation-wide firewall like China or Iran. And even in those places the firewall is pourous and routinely circumvented.
There is very little doubt that we need to find a way to update our relationship with social media. The evidence of their harm in current form is overwhelming.
However, using this reason to induce censorship rules, word by word matching Russia/China playbook is making the goal less achievable if anything.
Doesn't the UK already have geo-targeted age verification infrastructure in place? A website or app could require the user to submit a live video of themselves quaffing a local beer.
No. It has laws that websites must follow to serve content in the UK. It’s up to the websites to do the age verification themselves, and the majority use third party ID verification services. Reddit used an American company to do it,
While I do support restricting social media to younger minds, the way they go about it, and the collateral damage that will result is unacceptable. For about 500ms I thought I might have found the "one thing" I agree with this government, but nope... I'm considering whether it's time to leave the UK. There is an air of hostility here towards... well everything.
Where would you go to then? European countries, Australia and American states already have implemented or are keen to implement ID requirements/tracking for websites.
So the UK government finally admits that age-sniffing is just an attempt to censor people. How evil.
People need to look at the UK government much more so than the US government in ADDITION. Everyone knows how the USA serves the superrich only these days, but the UK government is kind of polite on the outside, but pure evil on the inside.
And then UK residents are going to discover the "power" of government which will require age verification for renting a VPS or VDS or any other kind of cloud infrastructure, tied directly to your passport/ID, because "many families are desperate for this to happen and I listen particularly to bereaved families that say the longer we delay this, the more children are put at risk".
/j or /s
P.S. by the way, is it possible for them to use Hetzner? Don't they need something like credit card?
Perhaps it'll work like dodgy boxes/firesticks, where you have a handful of people who individually set up their own service then charge a fee for access.
Funny how quickly "won't someone think of the children" turns into mandatory government ID for private services, banning necessary and secure (and encrypted) communications systems, and locking children out of access to the de facto communication systems of the modern era.
This is a privacy nightmare on all fronts and a horrible limit on freedom of speech. These kids will be learning how to drive a car, yet unable to contact their extended family over Messenger or follow news on Twitter. For everyone else, it means no anonymity or secrecy which has a chilling effect on free speech at a time when fascism is growing within democratic countries and dissidents are being imprisoned or murdered.
Yes, there are some really big problems with social media, but keeping children away from it doesn't fix the problems - it just leaves them for the rest of us to deal with. Let's fix the root of the problem, starting with the recommendation algorithms that inherently polarize people by building echo chambers around them and pushing divisive content all in the name of "engagement".
That's because the tech industry never made any attempt. It's like you blocked all the good options, now you get the worst one because it's one you can't block.
Don't panic. These debates are nothing new. Encryption and obfuscation tech comes up every ten years or so. People scream and, in the end, nothing changes.
One upon a time, encryption math was regulated as a munition and the act of sharing open source software was tantamount to weapon smuggling. Once upon a time, VPNs were being banned by credit card companies. Part of the rise of bitcoin was the idea that you would need it for services like VPNs that credit card companies refused to service. Today, VPNs are openly advertised as piracy tools for getting around media geo-restrictions. Once upon a time, ISPs throttled torrents and so torrents become encrypted. Once upon a time DNS was to be poisoned in order to block filesharing websites (see COICA and PROTECT IP acts). All those efforts also came to nothing. These too will die.
Just moved back to the UK after many years away, and it's creepy here. Doing the elderly under terror legislation, some crazy kangaroo court antics, a frankly sinister approach to "online safety". VPNs?
The even more concerning thing is that we've got a far right party that have been leading in the polls for most of the last year.
UK government has been talking about digital ID for a while now. The existing verification methods are too vulnerable to cheating (fake beards, fake ID, borrow dad's credit card, etc...), so the logical next step is direct government ID numbers. The goal is to link all online activity to a unique identifier to make it easier to punish dissent.
Baffling how easy companies like Meta have it with politicians. Fuck them all, I'm leaving for the woods. It's been fun with tech but now it's just so painful,
The article below sharply summarizes why all this is a dystopian surveillance setup:
> how, precisely, do you stop a fourteen-year-old from opening Instagram without first checking the age of the forty-year-old?
> You don’t. You can’t. So everyone gets carded. Britain is lifting the system wholesale from Australia, where a computer first scans your face and guesses your age from your cheekbones, then, failing that, surveils you to death, studies your browsing habits and the hours you keep, and then, when the algorithm throws up its hands, simply demands your passport.
Exactly. A little at a time. First it's adult sites, because if you need to show ID to buy alcohol, shouldn't you need ID to buy pornography? Once that's accepted, expand the sphere of control to non-adult sites too by redefining everything as 16+.
The alternatives are even more power-mad, fundamentally illiberal parties (Reform, Conservatives), equally pearl-clutching ones that will likely continue on the same road as Labour (greens) and unreliable figures that will flip-flop as soon as they are in power (libdems).
FWIW you can age-gate VPNs the same way you can age-gate anything else that is paid for: just don't let people who haven't got credit cards (not debit cards) sign up.
Or you can simply let free plans only terminate inside their own country. I noticed recently that TunnelBear has done this with their free plans — the "fastest" endpoint, which is the only one that is free, is now a UK endpoint. It still meets the security need anyone might have from a VPN.
I am honestly not that bothered about adult content age gating in principle, and I never really have been. I personally think sexual content is not remotely immoral but that it's reasonable to say the very young shouldn't be able to see it. It's not a freedom of speech issue.
Given the practical impossibility of parental regulation of access to devices when cheap phones and PAYG exist, the problem is the practice of it: how do you do that in a way that is privacy-preserving?
I feel that Apple has coped with this pretty well: they decided I am an adult automatically based on how long I have held an account.
I also think the UK PAYG mobile providers handle this well: they have simply always blocked adult content until you unlock it. I haven't bothered and I have never seen the content wall (except when deliberately testing it) so I believe its boundaries are drawn quite well.
Though I do routinely use one site that might end up blocked over time because it sits right at the boundary of the law's interest. So one day I might need to, I guess. And I have considered what I might need to do about a website for my own photographic work, which sits on the edge of the ofcom rules interest in practice.
We are missing secure anonymous age attestation but I think that will come.
I do think American critics tend to interpret this in terms of the morality and religion battle-zone that riddles US culture and encourages US states to try to police morality in bizarre ways or to extend "porn" rules to things like information about sexuality, gender or sexual health (which would just not happen here because we're actually not really religious or prudes; there is essentially no religion in our politics, which is ironic considering the C of E have seats in the Lords).
I don't think American critics should really leap to judge UK rules when you have two dozen different states imposing rule sets that in some cases came first and in many are wholly unworkable.
UK concerns are about child access to extreme material and about sexual exploitation, fundamentally. It's not easy and it's clear some aspects of the legislation are difficult, but accepting criticism from Americans as if the US position is clear, unambiguous and robust is no longer something we should entertain, especially lessons about the morality of free speech from the US administration, given their apparent selective contempt for it.
You're straw-manning there. Every adult citizen isn't forced to have a VPN or view porn.
Most UK citizens do have a credit card anyway (though I in fact do not). It's more than three quarters.
It's not even the only way someone offering a service for what is after all a subscription product could achieve adult verification through existing banking-based mechanisms, because there are also bank mechanisms for making payments through a direct debit, which again you have to be an adult to do in the UK, and everyone can.
KYC processes also work though they are annoying and a VPN provider is inherently not going to want to do it.
But they are going to want to take money and there are these two mechanisms that come with adulthood verification attached.
Apple could do more on this with Wallet — they could let you pay with a virtual debit card that can only be in your wallet if you've passed their adult verification. Would need some card industry support. I am not sure why I can't just associate adulthood with my debit card; that would be a good fix.
"legal parent/guardian is responsible for the child"
if a parent faced fine or jail for a child having access to the internet you can be sure 90% of the children wouldn't have internet access
I'm no defender of the big social/media sites but I don't see why it's their fault/problem if a minor has internet access when they aren't supposed to
This all feels like the opposite goal of knowing everyone who is online everywhere
Because it's not how you'd make the law, you'd wouldn't go to service by service and make it their problem, you'd make it the adult responsible for the child's problem
what if instead of this age gate or whatever government is doing, what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
remove all "reasonable step" shield to hide behind. for example, a shopkeeper can't say they took "reasonable steps" if they sell alcohol to a child so why should a website be any different? if we are going to the absurdity of age-gating VPNs, at least lets make it so that there is an incentive for children to self-report
The end result will be the same. If you face a 10k liability for serving the wrong customer, you end up needing to ID your customers.
If the government isn't going to provide that service you end up with private companies verifying identity and the data security issues that entails.
If you want to shift the responsibility of protecting children away from parents, then you end up in a situation where third parties need to be able to differentiate between a child and an adult. I haven't yet seen a proposal that doesn't entail someone - government or private enterprise - getting access to identifiable information.
Of course, you could have something like a signed certificate, so the identity verifier doesn't see who you are patronizing, and the identity seeking business only gets to see your age, but it still has privacy issues.
You've needed to do that for at least ten years. Mobile internet either requires a contract, or an ID check before you get a sim (pay and go)
Anyone providing internets is liable for what the users are doing. The way you got out of that is responding to legal requests. (originally mostly copyright)
This is the frustrating thing, we have effective and relatively uncontroversial age gated network (mobile data) already. and it worked.
> what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
All of these proposals probably sound good to people who think the Venn diagram of sites they use and sites covered by these laws are two separate circles.
They probably sound a lot less good when you realize the law covers site like YouTube. The Australian law (which they said they’re modeling this after) also includes social news sites like Reddit.
If they passed a law like this extending to VPN services then you’d have to hand over your ID to use a VPN.
Usually people realize how bad these proposals are once they realize it might impact their internet use, too.
> big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
HIPAA has been super effective this way. As we all know, American companies don’t give two shits about user privacy or even security. But wave the HIPAA flag and everyone starts caring real hard and taking extremely cumbersome steps to comply with patient privacy.
Very simple: Each HIPAA violation comes with a financial penalty for the business and personal penalty for every person involved in the leak. Very effective.
I agree the threat is there but I've never seen anyone actually punished for HIPAA violations and my data have been involved in several hospital and insurance breaches.
> It's not possible to prevent a person (of any age) from reaching a specific website if they are determined enough. Full stop.
right, and that reveals the absurdity of this "age gate", doesn't it?
because I am sure giving every UK national their very own unicorn would also poll very well but that doesn't mean that's what a functional democracy should be prioritizing
just because a majority of the public supports
because doing so is not possible
In Russia, they claimed that new measures to block websites are necessary to protect the children online. Of course, they immediately used these new capabilities to block opposition websites and sources critical of the government.
Now, seeing many European governments tirelessly push for these new measures to protect the children, I'm pretty sure that the children are finally going to be safe online.
It is really disheartening to see the sentiment around privacy erode like this. Fifteen or even ten years ago this would have been unanimously and vehemently opposed, but now it is somehow up for debate?
There has been 15 more years of highly motivated psychologists tuning their social media systems to create addiction, time for those who've grown up through this to become adults, foreign interference with democracy etc.
Though I think banning it for children is the wrong approach. Ban the addictive and dangerous features for everyone, adults included — no more infinite scroll, and no more feeds showing content from outside social connections.
5 replies →
They've somehow managed to breed several generations who's only criteria for "computing" is "it just works". All consumption, little-to-no understanding of how stuff works. As long as it does what it does, and it's "free", that's all that matters.
Social media got worse.
We've had time to witness the damage of a dopamine-doomscroll. I personally know children who've posted too much, and children who've been solicited directly by adults, both to try and meet and for nudes. And we've seen the complete lack of positive action from platforms. Roblox is full of paedophiles and Grok was letting you nudify your classmates just a few months ago. These places aren't suitable for kids.
I don't want a ban on VPNs. That isn't being suggested, just making sure they're also age-checked. But some inconvenience is a price worth considering.
12 replies →
Us peasants cannot stop this, Canada will roll this out soon also, its being rammed through no matter what people feel.
1 reply →
[dead]
Opposed, yeah right. People don't care back then just as they don't now. Only small groups of technical users like us care.
"The urge to save humanity is almost always a false front for the urge to rule."
H.L. Mencken
The Ones Who Walk Away from Omelas
If you are talking about the recent blockades of VPNs, the Russians made it pretty clear that they did not want western information sources inside the country. I am not sure it was ever in the guise of protecting the children
The first law about building technical and legal infrastructure to enable website blocking in Russia in 2012 was passed under the name of children protection. Everything else is an addition.
People from duma (the russian parlament) also publicly stated it would never use it for anything but children protection.
1 reply →
The only (probably) good thing here is that one can at least try to apply Russian experience at circumventing the censorship, where it's currently way more severe, up to the point when entire companies have their workflows disrupted because remote workers can't connect through the VPN (which is blocked). Maybe that will help.
You see, the problem is that all exit points of our VPNs are in Europe. These too can be banned quite easily. Where to will we run next, given that this cancer tends to spread?
5 replies →
You seriously think the government has a clear, honest reasons, as stated?
Companies will be exempt (with remote employees having to identify linking their IP and computer's fingerprint with their real identity), and the next step, after using the law to silencing dissent, will be penalisation.
Yeah. The children are just the excuse. They hate us for our freedome.
Nobody is surprised that Russia resorts to this. They are a potemkin dictatorship. But that the UK is also acting as a dictatorship - now that's interesting.
it would be great if they cared as much about the safety of kids in the streets
> it would be great if they cared as much about the safety of kids in the streets
car culture < childhood.
This isn't a cynically curated viewpoint. It's some* of what we have and what that cost.
* also trespassing culture & stranger-danger culture
Non-nationalist parties that have been in power in Europe for so long are shitting their pants at the growing rise of nationalist parties and are absolutely planning to censor the shit out of them.
I'm not even taking a side here and what they are trying to do is obvious.
Somehow the "center"'s answer to the rise of right-wingers is stupid censorship, instead of fighting ideas with better ideas.
Alternatively, the center starts trying to attract right-wing voters by adopting right-wing ideas like anti-immigrant views or "well, we can sacrifice the climate a bit more" positions.
Keir Starmer is from a "left" party but his actions has shown him to be a centrist, Ursula von der Leyen is quite right. Then again, these are European positioning, as someone's said years ago, the European right-wing would be liberal in the US. And with the currently openly racist regime of the USA, even more so!
How is that happening? In the UK fringe nationalist parties are typically given as much airtime on main stream media as the governing parties. They've also setup their own 'news' stations to further spread propaganda. Any notion that they're being censored in the UK is ludicrous. They're pandered to.
3 replies →
It's easy to blame the governments in this - and some of their decisions are idiotic - but most of the blame should go on the tech companies. The fact they think "our ToS says you have to be over 13" or a popup asking "are you over 18" is sufficient while they make billions is a disgrace. They're the reason the governments are sinking to these levels. It's not like they haven't been given every opportunity to do the sensible thing over decades.
I also do not believe that this is primarily aimed at ptotecting children. I think the goal is to counteract the bot-farms that spread disinformation, instigate violence, and so on. Which Russia, by the way, pioneered and scaled up to make a material difference in elections in the West. It is a real problem for which no effective solution has been found.
Liz Kendall's official job remit is 'Science, Innovation and Technology', yet her understanding of any of them is severely limited, nigh on non-existent.
> the main thing that we've done is we've commissioned additional research on this because I've not been happy with the evidence.
Ah, yes, the existing research doesn't agree with our biases, so let's fund new "research" that does.
Full context:
> Ms Kendall told Nick Ferrari: “I told MPs yesterday I'm going to come back to the House with a statement on the issue of VPNs in July. There are very strong views on both sides of this. For some people, it is about privacy, and it is the ability to use that is really held strongly by people. And for others, they say they should be banned because kids are using them to get around. And so I— the main thing that we've done is we've commissioned additional research on this because I've not been happy with the evidence."
Sounds like they realize there are two sides and no "clear winning argument" in either direction, that's why the additional research is needed. Sounds a bit more nuanced than what I expected based on your snippet.
What is there to research? Yes, VPNs can be used to circumvent geofences (and by extension, regional age restrictions). Yes, attempting to age-restrict VPNs is at odds with strong privacy guarantees. Privacy is a human right, and one which is essential for effective democracy.
6 replies →
"I want to do the thing that gets me the most votes and carries the least political risk". Note this is not necessarily the wisest thing, or even the thing that objectively solves or mitigates the problem the most. Many such cases...
These people created a law that is catastrophic for privacy, so I don't believe they will be stopped from banning VPN's just because someone claims VPN's are good for privacy.
>both sides
Reminds me of the drugs tsar, Dr Nutt, saying that drugs should be legalised/decriminalised. So he got sacked.
Quite often, people in power don’t want to hear the truth, they want to hear their own words/views parroted back to them.
To put it into perspective he was asked to do the harm review, in which he proved how much more harmful the legal drugs (alcohol and nicotine) are from some of the banned ones (namely cannabis, LSD or Psylocibin).
Famously at the exact same time UK was claiming there was no evidence of the medicinal use of the cannabis, the UK was also the biggest exporter of it, and all was then turned into Sativex, a cannabis based medicine, not approved for use in the UK of course (individual import is allowed).
Interesting is that the husband of one of the very prominent Home Secretary and later Prime Minister is a senior executive in the producet.
Of course there's no suggestion of the financial interest of them in keeping a monopoly. See also: https://leftfootforward.org/2021/04/revealed-uk-is-the-world...
Nothing new unfortunately [0]. Happy to trust the science as long as it suits them.
[0] https://en.wikipedia.org/wiki/David_Nutt#Dismissal
Obviously Labour has been "lobbied" and now have to deliver this for whoever wants this.
It's pathetic how they use sobbing families to push it through, similar tactic like before Iraq invasion.
same players behind the scenes.
This is pretty much it. Bought and paid for, or hand forced by intelligence powers operating beyond ordinary voter politics
Conspiracy theory^
This is happening worldwide: https://en.wikipedia.org/wiki/Online_age_verification_laws_b...
10 replies →
Isn't it how it alwasy works?
I've been using a VPN in the UK on my laptop and phone exclusively for 20 years, and the state has been working with ISPs to make "connection records" for most of that time.
On mobile a VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit. Using the web interface avoids this.
The UK has also moved to force ISPs to block certain bittorrent search engines.
The UK is not shy when it comes to invading your privacy or censoring the Internet.
>The UK is not shy when it comes to invading your privacy or censoring the Internet.
Definitely doesn't shy away from doing it! But one thing I find most irritating is that it seems reluctant to say it proud and loud.
Look at the situation with 4chan and Kiwifarms. They are basically asking to be blocked from the UK and they refuse to. I can't really say why the onus is put on the websites to enact blocks, but my suspicion is the government doesn't like the idea of displaying an official page stating that you are not allowed to see something because the government doesn't want you to.
>the government doesn't like the idea of displaying an official page stating that you are not allowed to see something
They don't even have to do that, the connection can just be left to time out on the client side. This is what they did (and some ISPs still do) for the Internet Archive...
Yes, archive.org is classed as an adult site in the UK.
The UK is a funny place. 4chan is accessible but IPTorrents is blocked.
Browsing with a VPN is a frustrating experience. They are abused by many of their users which leads to circular capture checks and straight blocks.
On the mobile apps can check your SIMs country code. This is how bluesky knows the UK users (they used to use IP, not anymore)
In retrospect native apps were a terrible idea. I try to use web apps as much as possible.
> On mobile a VPN isn't always effective in avoid geoblocks.
It seems like your VPN setup has a leak, or the real location is obtained otherwise through the operating system (locale setting or GPS).
I would be surprised if your locale leaked on GrapheneOS for example.
Company like this exist
https://www.geocomply.com/
> On mobile VPN isn't always effective in avoid geoblocks. Some apps are able to determine I'm in the UK and still ask for ID - reddit is one for example, if you stumble on to an adult subreddit.
I've never had this issue (using Private Internet Access on iOS).
I'm a Brit living abroad, when I visit the UK I use a Tailscale network with an exit node at my home, and yeah this always seems to work for me.
Going the other way around to try and watch British TV I used to find with a normal hosted VPN services could still figure out I wasn't in the country, but now I have a Tailscale exit node at my mum's place in the UK it always works fine.
So I suspect it all comes down to the IP source, probably a residential IP is the best possible case and with commercial VPNs it depends on how hard they work on isolating their IP blocks from known datacentres.
3 replies →
Some context - Birmingham Mail is one of dozens of clickbait-driven publications owned by Reach plc.
They're not a high quality source of news - they've more than decimated their journalism staff and replaced them with 'content' staff who are performance monitored on the number of clicks their articles generate.
Content is syndicated in different accents across their range of papers from the national papers, The Mirror and The Daily Express down into a large number of notionally 'local' outlets.
So, take it with a pinch of salt.
Yeah I've seen similar stories a few times this week and it's always one of the dodgy regional media sites. Shame it's getting so much traction here.
I'm very much in favour of blocking children from social media - it's an absolutely vile cesspit of cognitive addiction, bullying and social (and potential sexual) abuse. But none of it requires a mass-surveillance network to be put in place.
Just for one example; it would be trivial for Apple and Google to put age estimation on my phone, verify it on opening the web browser and provide a zero-knowledge proof of age to websites in a way that does not reveal my identity. All the infrastructure is already there, and it's relatively trivial to turn it on. The downside is that this will only work for people who are older than about 25 because of the uncertainty of face-to-age recognition, but it would be a start.
Another way to do it is for my bank, who know my age already, providing a similar credential that I can feed into the zero-knowledge proof engine on the phone.
This was all done properly for the covid tracking apps, at a time when the phone providers actually wanted to do tracking with anonymity - this is a similar problem, and it's easily cracked by technical means.
And you don't even need zero knowledge proofs if you perform on-device content detection - turn it on for kids, keep it off for adults. Modern phones have more than enough TPU capacity to do this.
But none of the actual implementations I've seen are truly anonymizing, and they all rely on trusting some really dodgy companies with your identity and browsing habits. Yes, the more respectable ones have security and privacy policies that are audited, but will they always? The cynical answer is "no", because history shows that someone will always do something sooner or later if (a) it makes money, and (b) they can get away with it.
Everything I see suggests that the desire for mass surveillance is the driver, and the "protect the children" front on this is a strategem by the people who are really driving this from behind the curtain. There are huge amounts of money to be made by capturing verifiable, blackmailable, personal data, and this is a magic money fountain for those who will be able to mine it.
In more sensible times, we'd run an ad campaign highlighting the dangers and informational campaigns for parents on what to do to prevent your children getting access to social media.
Perfect is impossible, but if its stigmatised then the network effects stop being so punitive to children who have reasonable parents.
it's the 10-80-10 rule: 10% of kids will still access social media, 10% will never... but 80% can be swayed.
If you ban IPsec ESP people will start using WireGuard on random ports.
If you ban WireGuard using DPI people will start using SSL VPNs.
If you ban SSL you ban the entire internet.
They don't want perfection. They want to move things forward, for their definition of forward.
If they ban bog standard VPNs and find out they're still being used, they'll punish the VPN companies.
If the VPN companies create workarounds and avoid the punishment, they'll punish the payment processors.
If the VPN companies start using esoteric workarounds and taking cryptocurrency for payment, then they've mostly won -- most people aren't going to deal with that shit.
All the while, they'll still go after the social media/etc companies for allowing circumvention of age-gating. So the social media companies will crack down on our ability to visit their sites with any sort of privacy.
My point: laws are all imperfect but can still have a huge effect. Pointing out work arounds doesn't change that.
For context, I'm really disturbed by the recent move to punish people seeking privacy instead of the social media companies that are enabling this social media shit. They know who the companies are, since that's who they're going to punish for not age gating. But they'd (I'm talking about US based age-gating pushes as well) rather fuck with our privacy and make our PII more susceptible to data breaches than tell the social media companies to eat shit.
bruhghghbmphf, the VPNs! the VPNs! can't have those! What's that good sir? You say ssh? Do not shh me sir. Oh, SSH... yes, SSH, can't have that! It's elementary, any system which one accesses MUST report to parliament. Personally Identifiable Documents for General Evaluation Of Ne'er-do-wells. We'll call it the P.I.D.G.E.O.N. network.
It's never about the technical capability of the tool. This is a mistake technologists keep making. It's about what the average person thinks it does or uses it to do.
Ban VPNs, an industry of SOCKS5 proxies will boom. Ban those, put the SOCKS5 proxy behind an SSH port-forward, and so on and so forth. Suddenly calling a Kubernetes API puts you in a secret service list somewhere.
1 reply →
Safetyism is the actual biggest threat to free societies
At least we get to raise the next generation of IT geeks because they'll have to understand a bunch of networking basics to watch porn, and might get hooked on it. (on IT)
Or they will ask their AI to do that for them, learn very little about the networking stack in the process
Unless AI detects their prompt is from UK and they reply: Sorry I am not allowed to do that.
1 reply →
I am sure a contract with Palantir to find these miscreants is just around the corner.
Israel will be making kill on this, they will unleash their free VPNs to the young people like they did to Iran. UK national security will be like Suisse cheese
In a way, the cack-handed way they've gone about this makes me slightly more optimistic. If we must have such a law, please let it be one which:
* Creates a market for privacy tech of several million teenagers
* Wastes police time chasing down social forums which kids are hosting abroad using their pocket money
* Rubs the noses of the securirati in the fact that they've made it easier for terrorists to hide their comms among the thousands of teenage speakeasies
This is not the 80's when comms tech required capital and man-years of engineering. Setting up forums online isn't even a high-school project.
Most VPN companies won't implement age verification, because their purpose is privacy. This is really an attempt to ban VPNs. This won't be popular when 70% of the population uses VPNs.
> Most VPN companies won't implement age verification, because their purpose is privacy.
They will when it's law. Their purpose is most likely either snake oil, or bypassing geo restricctions on netflix or sports.
> when 70% of the population uses VPNs.
To be honest, unfortunately, I'm not really sure about this one.
A large chunk of them is from China :p
Good thing Brexit happened to prevent government overreach.
Tbf the point was to prevent the EU 'overreach' i.e stopping us violating our own peoples human rights. We can violate them freely now. Success.
Better then performing a social experiment on children.
This is not to stop children from doing that. This is primarily to deanonymise as many people as possible, before the next steps come into force (scanning all files and messages on the every Internet - connected devices, hardware attestation of all the internet - connected devices, etc)
So when the citizens inevitably start protesting against the oppression, it's easier to subdue them.
don't worry they're still doing that
Every corporate I know of, uses VPNs. Especially when workers connect from home. Is the UK government really interested in going up against the majority of their business partners...?
Laws don't apply to corporations. It'll only be used to punish individuals.
[dead]
There is nothing in this article that suggests the UK government are planning to ban VPNs.
There is lots in the article that suggests they want to ban them for minors though. How the hell is that supposed to work without at a minimum a severe curtailment of VPNs in general?
So no, not a ban for all. A ban for minors, and a severe curtailment in general. The parent post might not be 100% accurate, but it's close.
The government use VPNs. The ban will target individual use.
It's not about a technical capability to encapsulate packets, it's about whether people use it to bypass censorship or not.
A lot of corporations use crappy VPN-like MitM services like Zscaler.
It would not be hard to write laws to restrict one use but not the other. They may be the same tech but the use-cases are quite different.
The great firewall of UK.
Feel like there ought to be some Sinn Fein backed point to point connection in Belfast that leverages the Good Friday Agreement to get around this.
It would have to alter the voice of anyone on it to make them sound ridiculous.
2 replies →
Hadrian’s Firewall
Hadrian's Gate
Anyone who thinks parenting by legislation is a good solution to anything should be neither a parent nor a legislator.
Oi m8! U got a fooken loicense fer dem veepee-en or wot?!
The "loicense m8" memes are getting less and less funny ...
1. Age-gate social media
2. Children start using VPNs to bypass the ban
3. Age-gate VPNs
4. Repeat steps 2-3
Truly a masterful plan.
It's actually
1. Ban something
2. People bypass the ban
3. Ban however they're bypassing the ban
4. Goto 2
Don't forget about plans to scan phones (in this iteration).
What if I use a VPS instead? What if it's a virtual private VPS wholely in memory? What if it's a pool of VPS boxes shared by me and a network of people?
There's always a way around, but this direction is concerning.
They're banking on the number of kids using that mechanism to bypass the ban being small.
I'm not in favour of this but I'm acknowledging that if the number of children accessing social media drops significantly because of a VPN ban then they've achieved what they set out to do.
I don't like the salami slice tactics of not including this in previous legislation despite knowing that it would be necessary to enforce the social media ban. There would have been a lot less support if it was presented as a complete package that could be debated in it's whole.
This will obviously not become law, because it would cause significant collateral damage to businesses, and they won't risk the gravy train derailing.
There are few things more exciting, in relationship to attempting to restrict access to (data) communications, than a government which thinks geeks won't find ways around such. Now sit back, relax, and let's wait for the next generation of encrypted channels solution development.
This isn't something that can be defeated like this. You are right, there will be ways around this. But we also have to be honest: being able to buy "off the shelf", two click VPN solution for 5$ already puts you into "geek" category. Relatively speaking.
If they ban the commercial providers, payment processors will be the first to enforce it. And Google and Apple will throw the 1-Click solutions out of their app store for users from those countries immediately. And with that the topic is effectively dead even for most "geeks". At this point the goal is already pretty much achieved, most people are cutoff and under heavier surveillance. Next comes the group that know what a server is, how to rent one, what OpenVPN or Wireguard are. But many of the most used websites already make your life difficult if your IP is from such a range.
It goes on. At each step you can argue "there is still a way, as long as you got networking with other countries". Absolutely correct, but at each step the group who knows how and is willing to invest the energy shrinks. And the intended goal will likely already be achieved at the mentioned phase 1 above. The fact that some people still find ways isn't really a gotcha in this matter.
And at some point they will criminalize it. Does it matter that they are unlikely to catch you? Is it worth the risk? And if so, what if you catch strays for it from an unrelated matter. Ultimately they will simply target the devs that help build easy solution for the less tech-savy.
One big reason why you want to keep a bunch of nerds tunneling out around anyway is that you keep useful, defusing attitudes like that floating around. Aka "It's not that bad, there are still ways around it, haha, those idiots".
It is technically possible to circumvent the Great Firewall of China, but I think it's fair to say it's been successful in what it set out to achieve.
They know they'll find workarounds, they'll just arrest whoever is involved in the workarounds. Law isn't a computer firewall, it's a loaded weapon.
The beauty of VPNs is that you do not need to have a presence in the UK to make or sell one. And there's a huge amount of money in it.
The law is very bad at dealing with such realities, see also piracy and drugs. The last time I checked TPB is still accessible in the UK with only DoH.
1 reply →
Oh, they're in motion already. There are other countries that tried to ban VPNs for decades now, that sparked multiple great avenues of development.
It's exciting to think I'll become a dissident like my parents, just because I don't want a slimy, rightwing, greasy friends of Epstein and other known abusers to ID and surveil me.
but isn't it the labour party pushing this?
1 reply →
Perhaps then you could at least vaguely understand the desire of people to avoid having slimy, rightwing, greasy friends of Epstein and other known abusers to ID and surveil their children.
I definitely see both sides of this argument but to pretend the answers here are obvious just means people aren’t being serious. Serious harm is being caused to children and just because that’s a known cliche doesn’t make it not a real concern people have.
2 replies →
This will be interesting to follow. I dont see how this can be fully enforced. Maybe for iOS and other platform where app distribution is highly restricted, but on linux, windows and even macOS i can use mullvad, sending cash in an envelope without ever revealing my identity.
The idea is that it doesn't matter if the ban is fully enforced. Most children only have a smartphone and they're the target of the ban.
they can forbid mullvad.
How would that work? The UK can presumably ban Mullvad from operating in the UK, but I don't see how it can prevent outbound connections to Mullvad servers elsewhere, short of implementing a nation-wide firewall like China or Iran. And even in those places the firewall is pourous and routinely circumvented.
1 reply →
It is so funny to read. They are so stupid.
The moment the UK does this, politicians in other Western countries are going to start thinking that its a good idea and attempting to copy the UK.
There is very little doubt that we need to find a way to update our relationship with social media. The evidence of their harm in current form is overwhelming.
However, using this reason to induce censorship rules, word by word matching Russia/China playbook is making the goal less achievable if anything.
Doesn't the UK already have geo-targeted age verification infrastructure in place? A website or app could require the user to submit a live video of themselves quaffing a local beer.
No. It has laws that websites must follow to serve content in the UK. It’s up to the websites to do the age verification themselves, and the majority use third party ID verification services. Reddit used an American company to do it,
Damnably hard to find local ales. I had to wander for hours last time I was in London to get Fullers.
While I do support restricting social media to younger minds, the way they go about it, and the collateral damage that will result is unacceptable. For about 500ms I thought I might have found the "one thing" I agree with this government, but nope... I'm considering whether it's time to leave the UK. There is an air of hostility here towards... well everything.
Where would you go to then? European countries, Australia and American states already have implemented or are keen to implement ID requirements/tracking for websites.
Leaving is not the hard decision. The hard decision is where to go. Do you have any suggestions?
So the UK government finally admits that age-sniffing is just an attempt to censor people. How evil.
People need to look at the UK government much more so than the US government in ADDITION. Everyone knows how the USA serves the superrich only these days, but the UK government is kind of polite on the outside, but pure evil on the inside.
At some point there has to be a line past which you can still get a clean network between A and B somehow. At very least for corporate, right?
Uk kids about to discover the power of Hetzner Linux vps + vnc.
And then UK residents are going to discover the "power" of government which will require age verification for renting a VPS or VDS or any other kind of cloud infrastructure, tied directly to your passport/ID, because "many families are desperate for this to happen and I listen particularly to bereaved families that say the longer we delay this, the more children are put at risk".
/j or /s
P.S. by the way, is it possible for them to use Hetzner? Don't they need something like credit card?
Perhaps it'll work like dodgy boxes/firesticks, where you have a handful of people who individually set up their own service then charge a fee for access.
Glad HN is getting to experience the true level of adverts on “news” sites in the UK. It really is next level.
Adblock??
That will be illegal soon enough.
They can have their cookie, I'm deleting it as soon as I close my browser.
Funny how quickly "won't someone think of the children" turns into mandatory government ID for private services, banning necessary and secure (and encrypted) communications systems, and locking children out of access to the de facto communication systems of the modern era.
This is a privacy nightmare on all fronts and a horrible limit on freedom of speech. These kids will be learning how to drive a car, yet unable to contact their extended family over Messenger or follow news on Twitter. For everyone else, it means no anonymity or secrecy which has a chilling effect on free speech at a time when fascism is growing within democratic countries and dissidents are being imprisoned or murdered.
Yes, there are some really big problems with social media, but keeping children away from it doesn't fix the problems - it just leaves them for the rest of us to deal with. Let's fix the root of the problem, starting with the recommendation algorithms that inherently polarize people by building echo chambers around them and pushing divisive content all in the name of "engagement".
That's because the tech industry never made any attempt. It's like you blocked all the good options, now you get the worst one because it's one you can't block.
Enclosure of XXI century
The UK can’t block Dissent [1] since it looks like normal HTTPS traffic.
[1] https://godissent.com
Don't panic. These debates are nothing new. Encryption and obfuscation tech comes up every ten years or so. People scream and, in the end, nothing changes.
One upon a time, encryption math was regulated as a munition and the act of sharing open source software was tantamount to weapon smuggling. Once upon a time, VPNs were being banned by credit card companies. Part of the rise of bitcoin was the idea that you would need it for services like VPNs that credit card companies refused to service. Today, VPNs are openly advertised as piracy tools for getting around media geo-restrictions. Once upon a time, ISPs throttled torrents and so torrents become encrypted. Once upon a time DNS was to be poisoned in order to block filesharing websites (see COICA and PROTECT IP acts). All those efforts also came to nothing. These too will die.
Just moved back to the UK after many years away, and it's creepy here. Doing the elderly under terror legislation, some crazy kangaroo court antics, a frankly sinister approach to "online safety". VPNs?
The even more concerning thing is that we've got a far right party that have been leading in the polls for most of the last year.
This is a very dangerous situation.
Hopefully won't happen
This is all about pushing Digital ID by the backdoor and building surveillance state for benefit of corporations pretending to be against it.
https://www.lighthousereports.com/investigation/blair-and-th...
https://institute.global/insights/politics-and-governance/di...
UK government has been talking about digital ID for a while now. The existing verification methods are too vulnerable to cheating (fake beards, fake ID, borrow dad's credit card, etc...), so the logical next step is direct government ID numbers. The goal is to link all online activity to a unique identifier to make it easier to punish dissent.
maybe the UK should instead look into protecting women and girls being systematically abused and raped while the police and government cover it up
Baffling how easy companies like Meta have it with politicians. Fuck them all, I'm leaving for the woods. It's been fun with tech but now it's just so painful,
Talk to you on meshtastic.
They have it easy, because law enforcement is too scared to act or is just as corrupt.
The article below sharply summarizes why all this is a dystopian surveillance setup:
> how, precisely, do you stop a fourteen-year-old from opening Instagram without first checking the age of the forty-year-old?
> You don’t. You can’t. So everyone gets carded. Britain is lifting the system wholesale from Australia, where a computer first scans your face and guesses your age from your cheekbones, then, failing that, surveils you to death, studies your browsing habits and the hours you keep, and then, when the algorithm throws up its hands, simply demands your passport.
https://reclaimthenet.org/starmers-social-media-ban-surveill...
> You don’t. You can’t. So everyone gets carded.
Exactly. A little at a time. First it's adult sites, because if you need to show ID to buy alcohol, shouldn't you need ID to buy pornography? Once that's accepted, expand the sphere of control to non-adult sites too by redefining everything as 16+.
Honestly, the UK already shot itself in the foot. Now they're shooting their other foot. And they keep voting for the Labor party...
And yet, govt will find it's impossible to regulate the creativity of software engineers.
keep voting for the labour party?
this is the first time in more than a decade that its not tories in charge, and to get there, labour also had to become conservatives
> And they keep voting for the Labor party.
The alternatives are even more power-mad, fundamentally illiberal parties (Reform, Conservatives), equally pearl-clutching ones that will likely continue on the same road as Labour (greens) and unreliable figures that will flip-flop as soon as they are in power (libdems).
What's left? Count Binface, I guess.
FWIW you can age-gate VPNs the same way you can age-gate anything else that is paid for: just don't let people who haven't got credit cards (not debit cards) sign up.
Or you can simply let free plans only terminate inside their own country. I noticed recently that TunnelBear has done this with their free plans — the "fastest" endpoint, which is the only one that is free, is now a UK endpoint. It still meets the security need anyone might have from a VPN.
I am honestly not that bothered about adult content age gating in principle, and I never really have been. I personally think sexual content is not remotely immoral but that it's reasonable to say the very young shouldn't be able to see it. It's not a freedom of speech issue.
Given the practical impossibility of parental regulation of access to devices when cheap phones and PAYG exist, the problem is the practice of it: how do you do that in a way that is privacy-preserving?
I feel that Apple has coped with this pretty well: they decided I am an adult automatically based on how long I have held an account.
I also think the UK PAYG mobile providers handle this well: they have simply always blocked adult content until you unlock it. I haven't bothered and I have never seen the content wall (except when deliberately testing it) so I believe its boundaries are drawn quite well.
Though I do routinely use one site that might end up blocked over time because it sits right at the boundary of the law's interest. So one day I might need to, I guess. And I have considered what I might need to do about a website for my own photographic work, which sits on the edge of the ofcom rules interest in practice.
We are missing secure anonymous age attestation but I think that will come.
I do think American critics tend to interpret this in terms of the morality and religion battle-zone that riddles US culture and encourages US states to try to police morality in bizarre ways or to extend "porn" rules to things like information about sexuality, gender or sexual health (which would just not happen here because we're actually not really religious or prudes; there is essentially no religion in our politics, which is ironic considering the C of E have seats in the Lords).
I don't think American critics should really leap to judge UK rules when you have two dozen different states imposing rule sets that in some cases came first and in many are wholly unworkable.
UK concerns are about child access to extreme material and about sexual exploitation, fundamentally. It's not easy and it's clear some aspects of the legislation are difficult, but accepting criticism from Americans as if the US position is clear, unambiguous and robust is no longer something we should entertain, especially lessons about the morality of free speech from the US administration, given their apparent selective contempt for it.
So every adult citizen is forced to open a credit line?
You're straw-manning there. Every adult citizen isn't forced to have a VPN or view porn.
Most UK citizens do have a credit card anyway (though I in fact do not). It's more than three quarters.
It's not even the only way someone offering a service for what is after all a subscription product could achieve adult verification through existing banking-based mechanisms, because there are also bank mechanisms for making payments through a direct debit, which again you have to be an adult to do in the UK, and everyone can.
KYC processes also work though they are annoying and a VPN provider is inherently not going to want to do it.
But they are going to want to take money and there are these two mechanisms that come with adulthood verification attached.
Apple could do more on this with Wallet — they could let you pay with a virtual debit card that can only be in your wallet if you've passed their adult verification. Would need some card industry support. I am not sure why I can't just associate adulthood with my debit card; that would be a good fix.
[dead]
[dead]
[dead]
[dead]
[dead]
[dead]
isn't the simple answer an age-limit for VPN? /s
all this because they refuse to make the law just
"legal parent/guardian is responsible for the child"
if a parent faced fine or jail for a child having access to the internet you can be sure 90% of the children wouldn't have internet access
I'm no defender of the big social/media sites but I don't see why it's their fault/problem if a minor has internet access when they aren't supposed to
This all feels like the opposite goal of knowing everyone who is online everywhere
Because it's not how you'd make the law, you'd wouldn't go to service by service and make it their problem, you'd make it the adult responsible for the child's problem
[dead]
[dead]
[flagged]
[flagged]
what if instead of this age gate or whatever government is doing, what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
remove all "reasonable step" shield to hide behind. for example, a shopkeeper can't say they took "reasonable steps" if they sell alcohol to a child so why should a website be any different? if we are going to the absurdity of age-gating VPNs, at least lets make it so that there is an incentive for children to self-report
The end result will be the same. If you face a 10k liability for serving the wrong customer, you end up needing to ID your customers.
If the government isn't going to provide that service you end up with private companies verifying identity and the data security issues that entails.
If you want to shift the responsibility of protecting children away from parents, then you end up in a situation where third parties need to be able to differentiate between a child and an adult. I haven't yet seen a proposal that doesn't entail someone - government or private enterprise - getting access to identifiable information.
Of course, you could have something like a signed certificate, so the identity verifier doesn't see who you are patronizing, and the identity seeking business only gets to see your age, but it still has privacy issues.
> . I haven't yet seen a proposal that doesn't entail someone - government or private enterprise - getting access to identifiable information
California's Digital Age Assurance Act
1 reply →
> you end up needing to ID your customers.
You've needed to do that for at least ten years. Mobile internet either requires a contract, or an ID check before you get a sim (pay and go)
Anyone providing internets is liable for what the users are doing. The way you got out of that is responding to legal requests. (originally mostly copyright)
This is the frustrating thing, we have effective and relatively uncontroversial age gated network (mobile data) already. and it worked.
but now they've done and fucked it up with OSA.
3 replies →
> what if we simply said these big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
All of these proposals probably sound good to people who think the Venn diagram of sites they use and sites covered by these laws are two separate circles.
They probably sound a lot less good when you realize the law covers site like YouTube. The Australian law (which they said they’re modeling this after) also includes social news sites like Reddit.
If they passed a law like this extending to VPN services then you’d have to hand over your ID to use a VPN.
Usually people realize how bad these proposals are once they realize it might impact their internet use, too.
Or perhaps we should expect parents to take some responsibility for their kids' screen use?
Don't be daft. It's not the parent's responsibility to monitor and care for their kids.
Ok, can you explain what that looks like in practice or is it just some abstract feel-good words?
1 reply →
You expect the average parent to outwit Meta and TikTok and their teams of psychologists scheming to get their kids attention?
The social media companies could have done the socially responsible thing a decade ago and avoided all this.
1 reply →
How do you create new procurement pipeline and surveillance infrastructure from that?
1 reply →
Because they will just withdraw from the jurisdiction rather than bother to implement that, most likely
> big companies need to self police and if a child can reach their service they have to pay the child like lets say GBP 10k per instance?
HIPAA has been super effective this way. As we all know, American companies don’t give two shits about user privacy or even security. But wave the HIPAA flag and everyone starts caring real hard and taking extremely cumbersome steps to comply with patient privacy.
Very simple: Each HIPAA violation comes with a financial penalty for the business and personal penalty for every person involved in the leak. Very effective.
I agree the threat is there but I've never seen anyone actually punished for HIPAA violations and my data have been involved in several hospital and insurance breaches.
1 reply →
> these big companies need to self police
It's not possible to prevent a person (of any age) from reaching a specific website if they are determined enough. Full stop.
> It's not possible to prevent a person (of any age) from reaching a specific website if they are determined enough. Full stop.
right, and that reveals the absurdity of this "age gate", doesn't it? because I am sure giving every UK national their very own unicorn would also poll very well but that doesn't mean that's what a functional democracy should be prioritizing just because a majority of the public supports because doing so is not possible
4 replies →
Fwiw they acknowledge this and claim the goal of this regulation is to drastically increase friction, not render it impossible