I don't get why the device changes the blame logic.
If child-services knew a parent was constantly watching/leaving around adult-content near children, that'd be considered the parents fault. If a parent lets a kid watch anything they want on TV and the kid watches adult content, it's the parents fault. But if the parent gives the child a phone, and doesn't manage what apps they use or content they watch, now it's the companies fault?
Does big tech help the parents? Can I set the age of the child in the phone user account and then the browser will report the age to the websites and the nice websites will aknowledge it and deny minors to watch adult content?
No big tech and browser makers did not put their hurds of developers to handle this and forced the governments to try more retarded solutions.
This big OSes should have a super easy activation procedure where a parent will enter the birthday of the account user and then the tech should do the magic,/
What are the current solutions for Android and iOS? To buy some apps and give them root permissions and they will filter out webpages or block entire domains ?
Just for clarification. House of Lords amendments do not have to be accepted by the House of Commons and may not make it into law. If you do not agree with an amendment then write to your MP, write to the ministers concerned. If you do not tell them your concerns they will not know. You can ask for an appointment with your MP. You can ask for an appointment with ministers. Better still you can form an advocacy group and lobby.
I've written to my MP several times about this. Each response just repeats the same talking points about safety whilst completely missing the underlying technical issues and consequences.
I've been met with that kind of stone walling before too, you know what eventually worked to actually turn the position of a local councilwoman? Going to her office and demand to speak with her, then sitting down, listening and having a conversation with her. Turns out that most of the emails "she" wrote to me was written by an assistant "to save her time" and she weren't aware of the points I was trying to bring up. Granted, this was like one and half decade ago, but if I was met with something similar today I'd try the same thing.
People tend to be a lot more reasonable in person, and also if you listen to them first.
Yeah, also they could be male. Don't take it so literal, the point I'm making is about going and physically meeting people, not about what title/label those people have.
Same. I have protested over email about the Online Safety Act (amongst other things). I get a generic reply after 6-8 weeks with the same talking points.
Legislation like this does not make children safer, it makes everyone else less safe.
There are lots of replies stating that their MP gave them a cookie cutter response, so it is a waste of time.
I can tell you that isn't entirely true. When they get a lot of messages about the same thing, or better still you meet them in person, they may keep giving you the 'party line response', but they will also be feeding back that there is discontent to the whips.
Same, my MP is clueless. They won’t listen to the experts. This is what he said:
The UK has a strong tradition of safeguarding privacy while ensuring that appropriate action can be taken against criminals, such as child sexual abusers and terrorists. I firmly believe that privacy and security are not mutually exclusive—we can and must have both.
The Investigatory Powers Act governs how and when data can be requested by law enforcement and other relevant agencies. It includes robust safeguards and independent oversight to protect privacy, ensuring that data is accessed only in exceptional cases and only when necessary and proportionate.
The suggestion that cybersecurity and access to data by law enforcement are at odds is false. It is possible for online platforms to have strong cybersecurity measures whilst also ensuring that criminal activities can be detected.
The response is the same boilerplate responses I used to get when I used to write to my MP. This is why I just gave up emailing my MP. You are essentially pleading with someone to reverse their previous position when they have no incentive do to so.
All of which is arguably true, but misses the point that uploading your age verification documents to every social media site you might want to look at is very likely to result in them getting hacked and leaked.
Working with startups, I've signed up for 100s of sites. My password manager lists 550. Those signups are currently low-risk: just my email (already widely public) and a random password. But it would put a big chill on my work if I had to upload government age verification docs to each one.
No, but it does mean that MP's have to make a positive decision to reject it, the proponents of the amendments (who are well financed) will claim anyone who opposes the amendment is pro-pedophile (as happened with the online safety act) which makes it hard to reject.
To stop it now we need a majority of MPs who are willing to take a political risk to reject it.
> If you do not agree with an amendment then write to your MP, write to the ministers concerned. If you do not tell them your concerns they will not know.
It is an utter waste of time. MPs already know about the concerns. They don't care. I wrote to my MP about many of these concerns in the past. You either get ignored, told you are enabling pedos, told there will be protections put in place (ignoring the whole point is that I don't trust the government), or you get a boilerplate reply.
Moreover The vast majority of people (unfortunately this includes people in my own family) have been propagandised to agree with all iffy censorship, monitoring and other spooky nonsense the UK state engages with.
How is age verification and free speech in any case related?
You can solve the problem of age verification without limiting your free speech right. Those two get entangled all the time and it does not make sense.
Non-anonymous free speech is a bit of a red herring. If you say something publicly, especially in this era of mass data, you are perpetually liable to be punished for it at some point in the future. If not by the current government, potentially another. Virtually every country in the world has experienced authoritarianism at one point or another, and there is never a guarantee that it won't again. Saying something publicly tied to your identity is signing up to be imprisoned when an authoritarian who doesn't like what you said seizes power. We have many historical examples of dictators rounding up and executing wide classes of people, so we know this threat model is more than just a hypothetical but rather something that can and does realistically happen at various times and places.
Therefore, in practice, anonymity is the only way to safely express oneself in public. Privacy is the true bastion of the freedom of ideas. This is naturally lost when the means to communicate privately are stripped from us, when every word we've ever said is recorded and tied to our identity. Age verification could possibly theoretically be implemented in a way that does not immediately infringe upon privacy, but you surely know that there is no world in which it will ever be implemented in such a way.
If VPNs require age verification, then people will shift to running a VPN on a cheap VPS. Probably via a popular single-click setup script.
Or people will just get drawn to more seedy providers that do no KYC or have ulterior motives. If I was Russia, I'd consider operating a free VPN or VPS service that MITMs the traffic.
I never thought I'd say this, but I now fully approve of social media bans for children, screw under 16s, let's go further no children on the internet full stop. No mobile data plans for under 18s, arrest parents if they are found allowing their children to use a computer with an internet connection at home. Remove the internet from schools.
Then we can get rid of the online safety act, no need to dox adults if we just ban the children.
Then when the government refuses to repeal the OSA, we can then have an open and honest discussion about the real reasons that act exists.
> a ban on social media for users under 16, like Australia. Pretty dramatic change.
Meanwhile the government and official accounts continue to use X even as they're trying to ban it. Mixed messaging.
I think you'd find Govt. account users are over 16.
It drives me nuts that local governments in the US continue to use Twitter/X to disseminate communications, despite having perfectly good web sites of their own.
Those websites aren't easy to update. I have a website of my own too, and even though I've set it up to be as painless as possible, it's always going to be easier for me to open a social media app and post.
Now imagine that the local government has a website that can only be changed by contacting a web developer, who takes 1-2 business days to reply. It might not be as bad as that, but I wouldn't be surprised if that's the ballpark.
Most content websites that are managed by a organisation such as a council/government or are usually driven by some CMS software. Updates are usually done by a content/social media team. These people are also posting the updates to twitter.
It isn't the late 90s/2000s anymore where people are uploading HTML files over FTP.
What I find particularly tragic about all of this legislation (the OSA and now this) is that there are obviously technical people in the room that would advise against this clusterfuck of a direction and they are being ignored by politicians who think the internet is something they can aggressively control.
This will continue to push people towards providers who operate outside UK jurisdiction or providers that care less about UK law and are less trustworthy.
I remain upset that they do this without building the necessary infra. They already assert identity when applying for a passport (and they do this very well). If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped. Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting. Instead we have this status quo of encouraging UK citizens to hand over their identity documents to dubious third-parties or shifting their traffic from the UK externally to avoid these checks.
> If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped.
Far less than all. See Australia, where age restriction is routinely evaded through adult collusion.
> by politicians who think the internet is something they can aggressively control
You seem to believe they're wrong. Since they're the ones who come up with the laws of the land, I think it's important to realize that they can and do aggressively control access to the internet in their country. It sucks, but it's the reality.
> Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting.
The privacy issue would still exist. They can tie your online activity directly to these tokens.
Yeah, if you're unable to read, I understand reaching such conclusion :) But no, this is about platforms/services:
> Amendment 92 (“Action to Prohibit the Provision of VPN Services to Children in the United Kingdom”) requires VPNs that are “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons” to implement age assurance for UK users.
it also said to have "different ages for different services" so the fact you have a debit/credit card to pay is more than enough to prove you at least 16.
this will be interesting to watch i just wish i weren't caught in the net.
That's never been true in the UK? You don't have to be 16 to get a debit card, and having one isn't proof of any age. (For example, Barclays gave me my first debit card when I was 13, many years ago.)
If those services are provided by a company that “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons”, then they need to implement those checks. Still outside of openvpn, and still outside of general servers, you can still spin up your own server and use that, without any age checks, as you're not offering any service.
The host who lets you spin up the server might also need to implement those age checks though. But still, not openvpn.
So effectively truly Private vpn providers have to have an exit from UK. I mean even if say proton says that its not meant for UK but "substantial" people use protonvpn because its private, then they would be forced for the same laws.
Another point is what prevents UK govt or UK bots to sign up for Proton Vpn say themselves and the difference between bots and humans is becoming thin especially for such Private Vpn's and then UK govt comes again knocking asking for age verification.
Honestly makes me feel like UK citizens are hostage in their own countries & we might see more UK IP's being blocked from accessing services because the idea of Virtual private network is still vague in my opinion. One can abstract a sort of VPN on top of xmpp or matrix servers too or even telegram as the intermediate. Would that mean that UK govt would come knocking onto these asking for who created the VPN (suppose I built a VPN which uses telegram to send messages/packets or uses telegram infra, so would they come to telegram asking what is the IP/detail info of my telegram user, would they go to signal or xmpp or matrix providers too? What if I use a provider who colo's on a datacenter and they go to the datacenter asking for access or the company behind datacenter
I am not saying that they would for something so niche but the fact of the matter is that nothing's stopping them from the laws from what I can gather.
They would only have to do it once to instill fear in the masses. I mean technically just this law has instilled fear and I am not even a UK citizen
Someone familiar with UK law please comment on my message but VPN is such a vague term imo. Like at this point you are just targeting private networks or people who meet online in private
VPNs LITERALLY means Virtual "PRIVATE NETWORKS"
What gives the govt right to intercept between two parties communicating in any way (enforcing a condition for one party to have Id of other for age verification etc.)
i don't think so, it is not provided as a service. if you provide vpn service people can connect to from their router then you need to do age verification before giving them a key/password to connect to the server
Not made clear in this article - this bill will be passed back to the House of Commons to debate/amend before going back to the House of Lords. This was not the final say.
The Commons are even more hungry for pervasive online surveillance than the Lords - at least, while Labour and the Tories are in power.
Reform UK (the party currently leading in the polls by a large margin) is the only party that loudly opposed the draconian measures within the Online Safety Act and promise to repeal it
Hotels are not platforms. No network effects at play. The idea of ban is to push teen DAUs below the critical mass necessary for self sustaining retention and growth.
Sure teens will still figure out a way to access when they really want to, but they won’t be be the same level of peer pressure.
I feel like this is the strongest argument in favor of the bans. I am not sure it will be effective or is the most effective way to go about it. I am curious to see the data that comes out of Australia in a few years.
I'm very interested to see how some VPN providers react to this. For a zero logs VPN provider, if such a thing can really exist, how big of a problem is this? Presumably many customers pay with a debit/credit card already so there's some PII on file? Usage remains the same? Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.
Of course, we're sliding quite rapidly down that slippery slope here so I'm sure logging and easier government tracking would be next. The justifications will get weaker and even more lacking in supporting evidence for their implementation.
I believe a whole host of VPN providers have no real need to comply with this amendment if it passes the Commons.
The providers are structured in a way that makes forcing compliance difficult and have built their whole business model around this. NordVPN is registered in Panama for example and Mullvad lets you send cash in the mail and doesn't store any user details (even a hashed email).
It'll be interesting to see how & who reacts if it does pass.
> Presumably many customers pay with a debit/credit card already so there's some PII on file?
Yes. But I think most of the zero logs providers will remove the identifiable payments details after a certain about of time. e.g. Mullvad have a specific policy relating to what is stored and retention time (I am not affiliated with Mullvad, I just use their service).
How do they define "VPN" in this? If I make a little wireguard mesh and use an aws vm in another country as the exit node for my traffic, would that go under VPN?
What societal "harm" is the UK actually trying to reduce with this age verification? It almost feels like the amount of effort they're putting into this is out of balance with the actual harm.
political dissent. Uncomfortable truths. Any speech that does not align with the official narrative.
A Labour MP foolish attended a GB News show and when pushed admitted that the Online Safety Act was also about identifying speech by adults [0].
Sorry about the quality of the link, but the video is there (higher quality is available on X) and its not like the paragon of truth that is the BBC reported on this.
Privacy has an age rating now ? Seems a little ironic forcing anyone under 18 away from being able to have extra layers of privacy and in some cases security online.
I think we need to accept that age verification makes the internet safer. What we cannot accept is age verification's use as a mechanism to pry too far into peoples lives. When we can separate age verification from who am I, most people will be happier. What's tricky is who validates age? Your ISP? Your government? Your OS? A thirty party? Who accredits third-parties, and can you trust them? I'm convinced there's a way to solve this do we can keep the internet safe and not intrude massively on peoples privacy.
I don't think it's possible? You could imagine some sort of certificate scheme where the govt issues a thing that says to a 3rd party "we certify this person is 18 but in a way that doesn't reveal who they are". You could also implement that in a way where, even if the 3rd party reports the details of an authorisation to the govt, the govt can't say who was involved in that auth.
But in the latter case, the system is wildly open to abuse coz nobody can detect if every teenager in the country is using Auth Georg's cert. The only way for that to be possible is if the tokens let you psuedonymise Georg at which point it's no longer private.
The answer is to leave this shit to parents. It's not the government's job. It's not the government's business.
Can we somehow get age verification without IDs? Age verification itself is OK as an idea. I’m happy to show ID to buy alcohol at the store… but the store clerk doesn’t take a photo of that ID and store it in logs somewhere forever.
Can we please get a law where kids won’t just take their parents’ IDs and upload them to random places?
The Digital ID scheme is for you. It uses Zero Knowledge Proofs, so that one of your 'IDs' could be a simple 'Is over 18' ZKP, without involving your name or anything other detail. This is one of the examples listed in the framework docs.
> "Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details." (from https://www.gov.uk/guidance/digital-identity )
There's a huge amount of disinformation circulating about the digital ID scheme, and the government's messaging over it has been catastrophically clumsy. Which is a pity, because the system has very clearly been designed with civil liberties in mind (defensively) and for citizens it's a serious improvement over the current system.
I mean it's still a Virtual Private network between you and the VPS (which is rented by VPS provider)
So technically if you are from UK, they might come at your VPS provider if they find that you use them as a VPN (law's kinda vague from what I can gather)
Your VPS provider wouldn't really protect your privacy for 4 $ so a snitch.
My point which fucking scares me if I were a UK citizen is that they just have to do it once to scare you to your guts.
Maybe I am paranoid but I couldn't see this shit happen 2-3 years ago & UK is atleast moving at a very dystopian rate and I am not sure if other countries might move in similar direction too if UK experiment turns out to be helpful to the people in power or helps in curbing out protests/real change in any capacity.
I know the law hasn't passed but chances are unless osmething very unlikley happens, its gonna get passed
What's up with democracies trying to imprison their own citizens in such sense, whether digitally or in person. Some countries feel like prisons rather than free land now.
These were the best benefits of democracies over authoritarianism.
I genuinely question with such points if democracy actually just becomes a dual party authoritarianism. Sure people vote but just scare them for real change just once. If a person speaks online, even if they use a VPN, just catch one extreme and scare the moderates from even ever saying something different than what govt says
It’s a lot more difficult to do this anonymously than it is to use a VPN. You almost certainly need to provide payment information and often also identity verification.
Probably about the same, there is a lot of VPS providers out there, and not a small
amount accepts basically an email + cryptocurrencies without any further verification than that. And that's just on the clearweb, going beyond that you start having even more options.
then you are not using any vpn service marketed or provided in the UK. if you were to sell access to your VPS to others then you would have to do age verifications on them maybe.
maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
then you are not using any vpn service marketed or provided in the UK[0]. if you were to sell access to your VPS to others then you would have to do age verifications on them maybe.
[0] maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
Every government in the world right now wants to get their hands on the controls and put their thumb on the scales here. Modern social media has proven to be effectively remote control for their citizens, nothing like this kind of power has never existed before and is absolutely irresistible to politicians. Expect them all to be laser focused on this until they're able to seize complete control, no matter how long it takes or how roundabout the path to this is.
Yes and no - you need to check whether each individual politician, not just party, is taking money from said global corporates, because they have a lot of money and UK politicians are cheap.
Not to mention the opaque mess that's Reform UK financing.
The "coordinated corporate fascists" (your words not mine) are providing a platform where I can challenge the the state and be seen by potentially millions of people.
This is very bad news because I have been in contact with low cost providers (lowendtalk) and the community & even they usually end up renting etc. from datacenters and they usually would have name as well
So theoretically, suppose I have a vpn company on A) either such lowend niche providers who might support let's say my mission or we are aligned or B) the hyperscalers or large companies.
Now I am 99% sure that large companies would actually restrict VPN creation usage (something remarkably rare right now but still it's a gone deal now)
And I feel like even with niche lowendbox providers, suppose I am paying 4 euros or something to a provider to get an IP, they are either using hyperscaler themselves (like OVH) or part of a datacenter itself
If a server they own in some capacity runs a vps, can it be considered that they are running a vps and they can get sued by the Safety Act too? If not, then what if this happens one layer above at datacenter and now datacenters might have to comply with them
I haven't read the article but wtf.
Suppose I run a tmate instance (basically allows you to connect one ssh server to another both inside nat), theoretically this is a vpn as well.
I was calling out that they might ban vpn's when online safety act came and I realized that theoretically nothing's stopping them technologically to do so. It's a cat and mouse game but they didn't have a legal reason to do it so much. Now... You have it.
Is the end of total privacy for UK here?
I feel like even privacy oriented VPN's will move out of UK and non privacy oriented (ie. who will accept your id's) will probably have to manage it or use some third party and I am pretty sure that this basically gives govt. even more, they might now look at which IP said something, contact the now compliant VPN and block other truly private, for which user Id used a particular IP at particular time and seek their ID. I don't know how Dystopian UK's gotten but what's stopping a "reasonable cause" or some UK fbi equivalent contacting.
I feel like even one or two such extreme case of VPN providers would be enough to scare the whole country into check where if you are UK citizen and you talk against UK online, you will be screwed.
Atleast that's the direction I am seeing it heading.
Depending on the instance & how many more such dystopian laws UK adds. It's democracy gets really questionable... and I am not sure what it will be replaced by.
Both parties are kind of aligned in this from what I can tell. Just raise what "reasonable" suspicion to contact means and abuse any laws or create new dystopian laws but online safety act wasn't okay but VPN's provided a way around it.
Now that VPN's themselves are affected. It's kind of gonna wreak havoc imo of any individual privacy.
I am worried what this might mean on tor. Since tor can be considered a vpn, so will UK company sue me if I run a tor instance now?
You are over thinking. This is to enforce age restrictions online which parents are overwhelmingly in favour of.
Make the friction high enough for evading age restrictions and it will stop most kids. Not all but most. Same as most shops stop under age kids buying alcohol and most cinemas enforce age ratings.
If you want to roll your own VPN go ahead.
As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.
> As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.
I understand what you mean but still, one has to realize that all the grievances happening in US (esp with Greenland) feels like something trying to distract from the Epstein files (Me and my cousin literally talked about this yesterday and these were almost his words not mine)
Epstein files pressure got dialed up to 11 because of internet, was it not.
If however the internet keyboard warriors weren't there or just the people who were aware from the internet (I mean I can't attest for you but I was reaware of epstein files from internet)
Also yeah, Take the example of Nepal whose almost authoritarian esque govt. was literally toppled by internet protestors to get an anti corrupt person in power.
Internet & anonymity still has power and to just give it up to a govt. would still have massive massive consequences man.
If this law passes, anonymity & privacy is fundamentally ended in UK.
> If you want to roll your own VPN go ahead.
If my VPN would have an IP be arranged via a VPS they will just come knocking to my VPS
Russians actually use a Russia VPS to connect to VPN but they are getting locked down. (Source: I saw some russian person in a forum doing exactly this)
if we are comparing UK to Russia on a reasonable amount, then that would speak mountains too and we can move our conversation from there.
Edit: perhaps I feel like I was also overthinking it a year back when I was worried about VPN's block (I have written it in Hackernews you can go read) and I figured that with something like UK, the tech wouldn't be enough to be uncensorable and we are still off to govt laws and I was worried about exactly this happening.
I didn't want to be right then and I don't want to be right now but I am just telling what I have a reasonable enough suspicion of something happening in future.
I don't get why the device changes the blame logic.
If child-services knew a parent was constantly watching/leaving around adult-content near children, that'd be considered the parents fault. If a parent lets a kid watch anything they want on TV and the kid watches adult content, it's the parents fault. But if the parent gives the child a phone, and doesn't manage what apps they use or content they watch, now it's the companies fault?
Does big tech help the parents? Can I set the age of the child in the phone user account and then the browser will report the age to the websites and the nice websites will aknowledge it and deny minors to watch adult content?
No big tech and browser makers did not put their hurds of developers to handle this and forced the governments to try more retarded solutions.
This big OSes should have a super easy activation procedure where a parent will enter the birthday of the account user and then the tech should do the magic,/
What are the current solutions for Android and iOS? To buy some apps and give them root permissions and they will filter out webpages or block entire domains ?
Just for clarification. House of Lords amendments do not have to be accepted by the House of Commons and may not make it into law. If you do not agree with an amendment then write to your MP, write to the ministers concerned. If you do not tell them your concerns they will not know. You can ask for an appointment with your MP. You can ask for an appointment with ministers. Better still you can form an advocacy group and lobby.
I've written to my MP several times about this. Each response just repeats the same talking points about safety whilst completely missing the underlying technical issues and consequences.
I've been met with that kind of stone walling before too, you know what eventually worked to actually turn the position of a local councilwoman? Going to her office and demand to speak with her, then sitting down, listening and having a conversation with her. Turns out that most of the emails "she" wrote to me was written by an assistant "to save her time" and she weren't aware of the points I was trying to bring up. Granted, this was like one and half decade ago, but if I was met with something similar today I'd try the same thing.
People tend to be a lot more reasonable in person, and also if you listen to them first.
Councillors have a totally different role though and aren't involved in creating legislation
Yeah, also they could be male. Don't take it so literal, the point I'm making is about going and physically meeting people, not about what title/label those people have.
Same. I have protested over email about the Online Safety Act (amongst other things). I get a generic reply after 6-8 weeks with the same talking points.
Legislation like this does not make children safer, it makes everyone else less safe.
There are lots of replies stating that their MP gave them a cookie cutter response, so it is a waste of time.
I can tell you that isn't entirely true. When they get a lot of messages about the same thing, or better still you meet them in person, they may keep giving you the 'party line response', but they will also be feeding back that there is discontent to the whips.
Same, my MP is clueless. They won’t listen to the experts. This is what he said:
The UK has a strong tradition of safeguarding privacy while ensuring that appropriate action can be taken against criminals, such as child sexual abusers and terrorists. I firmly believe that privacy and security are not mutually exclusive—we can and must have both. The Investigatory Powers Act governs how and when data can be requested by law enforcement and other relevant agencies. It includes robust safeguards and independent oversight to protect privacy, ensuring that data is accessed only in exceptional cases and only when necessary and proportionate. The suggestion that cybersecurity and access to data by law enforcement are at odds is false. It is possible for online platforms to have strong cybersecurity measures whilst also ensuring that criminal activities can be detected.
The response is the same boilerplate responses I used to get when I used to write to my MP. This is why I just gave up emailing my MP. You are essentially pleading with someone to reverse their previous position when they have no incentive do to so.
All of which is arguably true, but misses the point that uploading your age verification documents to every social media site you might want to look at is very likely to result in them getting hacked and leaked.
Working with startups, I've signed up for 100s of sites. My password manager lists 550. Those signups are currently low-risk: just my email (already widely public) and a random password. But it would put a big chill on my work if I had to upload government age verification docs to each one.
No, but it does mean that MP's have to make a positive decision to reject it, the proponents of the amendments (who are well financed) will claim anyone who opposes the amendment is pro-pedophile (as happened with the online safety act) which makes it hard to reject.
To stop it now we need a majority of MPs who are willing to take a political risk to reject it.
> To stop it now we need a majority of MPs who are willing to take a political risk to reject it.
Which isn't going to happen.
> If you do not agree with an amendment then write to your MP, write to the ministers concerned. If you do not tell them your concerns they will not know.
It is an utter waste of time. MPs already know about the concerns. They don't care. I wrote to my MP about many of these concerns in the past. You either get ignored, told you are enabling pedos, told there will be protections put in place (ignoring the whole point is that I don't trust the government), or you get a boilerplate reply.
Moreover The vast majority of people (unfortunately this includes people in my own family) have been propagandised to agree with all iffy censorship, monitoring and other spooky nonsense the UK state engages with.
Are there any remaining western countries with strong free speech protections?
UK and Germany weren't ever good in this department but now worst than ever.
US supposedly good but I wouldn't risk it in practice.
Australia I hear is also quite bad.
Canada and NZ I don't know.
I expect Denmark and Sweden to have somewhat weak free speech laws too.
Norway and Finland I expect to be good.
France I expect to be just slightly better than Germany.
Netherlands and Switzerland, I have no idea.
Czech Republic I think has strong protections.
Italy and Spain and Ireland, I heard mixed reports about.
Poland, Greece, Slovenia, Portugal and other unnamed countries I don't know at all.
"Free speech" usually refers to the freedom to say what you want without the state giving you consequences for what you say.
In Germany, for example, you can say almost anything you want and no-one will give a hoot. If you're truly interested, here's some background for Germany in particular https://www.deutschland.de/en/topic/politics/freedom-of-expr...
And reporters without borders has a world press freedom index that ranks the US on place... 57 - behind most of Europe. https://rsf.org/en/index
How is age verification and free speech in any case related?
You can solve the problem of age verification without limiting your free speech right. Those two get entangled all the time and it does not make sense.
Non-anonymous free speech is a bit of a red herring. If you say something publicly, especially in this era of mass data, you are perpetually liable to be punished for it at some point in the future. If not by the current government, potentially another. Virtually every country in the world has experienced authoritarianism at one point or another, and there is never a guarantee that it won't again. Saying something publicly tied to your identity is signing up to be imprisoned when an authoritarian who doesn't like what you said seizes power. We have many historical examples of dictators rounding up and executing wide classes of people, so we know this threat model is more than just a hypothetical but rather something that can and does realistically happen at various times and places.
Therefore, in practice, anonymity is the only way to safely express oneself in public. Privacy is the true bastion of the freedom of ideas. This is naturally lost when the means to communicate privately are stripped from us, when every word we've ever said is recorded and tied to our identity. Age verification could possibly theoretically be implemented in a way that does not immediately infringe upon privacy, but you surely know that there is no world in which it will ever be implemented in such a way.
If your ID is tied to your anonymous identity this creates a chilling effect.
https://en.wikipedia.org/wiki/Chilling_effect
Where does this end? Turtles all the way down.
If VPNs require age verification, then people will shift to running a VPN on a cheap VPS. Probably via a popular single-click setup script.
Or people will just get drawn to more seedy providers that do no KYC or have ulterior motives. If I was Russia, I'd consider operating a free VPN or VPS service that MITMs the traffic.
There will always be a way out if you are dedicated enough. They "just" want to make it unviable for most of the population.
That, and then the dedicated stick out like sore thumb.
Same article also says the bill includes a ban on social media for users under 16, like Australia. Pretty dramatic change.
Meanwhile the government and official accounts continue to use X even as they're trying to ban it. Mixed messaging.
Lead proponent of the VPN ban: https://en.wikipedia.org/wiki/John_Nash,_Baron_Nash; he's https://en.wikipedia.org/wiki/Centre_for_Policy_Studies again, the dead hand of Thatcherism.
I never thought I'd say this, but I now fully approve of social media bans for children, screw under 16s, let's go further no children on the internet full stop. No mobile data plans for under 18s, arrest parents if they are found allowing their children to use a computer with an internet connection at home. Remove the internet from schools.
Then we can get rid of the online safety act, no need to dox adults if we just ban the children.
Then when the government refuses to repeal the OSA, we can then have an open and honest discussion about the real reasons that act exists.
Being sarcastic, but at the same time...
> a ban on social media for users under 16, like Australia. Pretty dramatic change. Meanwhile the government and official accounts continue to use X even as they're trying to ban it. Mixed messaging.
I think you'd find Govt. account users are over 16.
Should be a smartphone ban, which would actually be enforceable.
How? Parents would give smartphones to their kids.
It drives me nuts that local governments in the US continue to use Twitter/X to disseminate communications, despite having perfectly good web sites of their own.
Those websites aren't easy to update. I have a website of my own too, and even though I've set it up to be as painless as possible, it's always going to be easier for me to open a social media app and post.
Now imagine that the local government has a website that can only be changed by contacting a web developer, who takes 1-2 business days to reply. It might not be as bad as that, but I wouldn't be surprised if that's the ballpark.
Most content websites that are managed by a organisation such as a council/government or are usually driven by some CMS software. Updates are usually done by a content/social media team. These people are also posting the updates to twitter.
It isn't the late 90s/2000s anymore where people are uploading HTML files over FTP.
I'm pretty sure, their target-groups are usually not under 16s. What do they mix up here?
What I find particularly tragic about all of this legislation (the OSA and now this) is that there are obviously technical people in the room that would advise against this clusterfuck of a direction and they are being ignored by politicians who think the internet is something they can aggressively control. This will continue to push people towards providers who operate outside UK jurisdiction or providers that care less about UK law and are less trustworthy.
I remain upset that they do this without building the necessary infra. They already assert identity when applying for a passport (and they do this very well). If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped. Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting. Instead we have this status quo of encouraging UK citizens to hand over their identity documents to dubious third-parties or shifting their traffic from the UK externally to avoid these checks.
> If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped.
Far less than all. See Australia, where age restriction is routinely evaded through adult collusion.
> by politicians who think the internet is something they can aggressively control
You seem to believe they're wrong. Since they're the ones who come up with the laws of the land, I think it's important to realize that they can and do aggressively control access to the internet in their country. It sucks, but it's the reality.
> Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting.
The privacy issue would still exist. They can tie your online activity directly to these tokens.
Email your MP if you’re in the uk
https://members.parliament.uk/FindYourMP
So will openvpn now get a new command line argument '--passport-number-for-age-verification 8371652299'?
And presumably also a '--webcam-to-use-for-identity'
Yeah, if you're unable to read, I understand reaching such conclusion :) But no, this is about platforms/services:
> Amendment 92 (“Action to Prohibit the Provision of VPN Services to Children in the United Kingdom”) requires VPNs that are “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons” to implement age assurance for UK users.
it also said to have "different ages for different services" so the fact you have a debit/credit card to pay is more than enough to prove you at least 16.
this will be interesting to watch i just wish i weren't caught in the net.
That's never been true in the UK? You don't have to be 16 to get a debit card, and having one isn't proof of any age. (For example, Barclays gave me my first debit card when I was 13, many years ago.)
There are debit cards in the UK marketed for down to 6 years old. Granted the accounts are linked to a parent.
But if openvpn clients want to connect to those servers?
If those services are provided by a company that “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons”, then they need to implement those checks. Still outside of openvpn, and still outside of general servers, you can still spin up your own server and use that, without any age checks, as you're not offering any service.
The host who lets you spin up the server might also need to implement those age checks though. But still, not openvpn.
So effectively truly Private vpn providers have to have an exit from UK. I mean even if say proton says that its not meant for UK but "substantial" people use protonvpn because its private, then they would be forced for the same laws.
Another point is what prevents UK govt or UK bots to sign up for Proton Vpn say themselves and the difference between bots and humans is becoming thin especially for such Private Vpn's and then UK govt comes again knocking asking for age verification.
Honestly makes me feel like UK citizens are hostage in their own countries & we might see more UK IP's being blocked from accessing services because the idea of Virtual private network is still vague in my opinion. One can abstract a sort of VPN on top of xmpp or matrix servers too or even telegram as the intermediate. Would that mean that UK govt would come knocking onto these asking for who created the VPN (suppose I built a VPN which uses telegram to send messages/packets or uses telegram infra, so would they come to telegram asking what is the IP/detail info of my telegram user, would they go to signal or xmpp or matrix providers too? What if I use a provider who colo's on a datacenter and they go to the datacenter asking for access or the company behind datacenter
I am not saying that they would for something so niche but the fact of the matter is that nothing's stopping them from the laws from what I can gather.
They would only have to do it once to instill fear in the masses. I mean technically just this law has instilled fear and I am not even a UK citizen
Someone familiar with UK law please comment on my message but VPN is such a vague term imo. Like at this point you are just targeting private networks or people who meet online in private
VPNs LITERALLY means Virtual "PRIVATE NETWORKS"
What gives the govt right to intercept between two parties communicating in any way (enforcing a condition for one party to have Id of other for age verification etc.)
[delayed]
surely openvpn being pre-installed on most routers means it's provided to an significant portion?
It is the server that you connect to that is covered by this amendment; they don't care how you connect.
Sure, but openvpn itself doesn't become a "service" just because of that.
i don't think so, it is not provided as a service. if you provide vpn service people can connect to from their router then you need to do age verification before giving them a key/password to connect to the server
And --preferred-address-for-swat.
Not made clear in this article - this bill will be passed back to the House of Commons to debate/amend before going back to the House of Lords. This was not the final say.
The Commons are even more hungry for pervasive online surveillance than the Lords - at least, while Labour and the Tories are in power.
Reform UK (the party currently leading in the polls by a large margin) is the only party that loudly opposed the draconian measures within the Online Safety Act and promise to repeal it
The crazy thing is that you don’t need to show an ID to stay at hotel in the uk, but you will need one to use the internet.
Hotels are not platforms. No network effects at play. The idea of ban is to push teen DAUs below the critical mass necessary for self sustaining retention and growth.
Sure teens will still figure out a way to access when they really want to, but they won’t be be the same level of peer pressure.
I feel like this is the strongest argument in favor of the bans. I am not sure it will be effective or is the most effective way to go about it. I am curious to see the data that comes out of Australia in a few years.
I'm very interested to see how some VPN providers react to this. For a zero logs VPN provider, if such a thing can really exist, how big of a problem is this? Presumably many customers pay with a debit/credit card already so there's some PII on file? Usage remains the same? Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.
Of course, we're sliding quite rapidly down that slippery slope here so I'm sure logging and easier government tracking would be next. The justifications will get weaker and even more lacking in supporting evidence for their implementation.
I believe a whole host of VPN providers have no real need to comply with this amendment if it passes the Commons.
The providers are structured in a way that makes forcing compliance difficult and have built their whole business model around this. NordVPN is registered in Panama for example and Mullvad lets you send cash in the mail and doesn't store any user details (even a hashed email).
It'll be interesting to see how & who reacts if it does pass.
> Presumably many customers pay with a debit/credit card already so there's some PII on file?
Yes. But I think most of the zero logs providers will remove the identifiable payments details after a certain about of time. e.g. Mullvad have a specific policy relating to what is stored and retention time (I am not affiliated with Mullvad, I just use their service).
https://mullvad.net/en/help/no-logging-data-policy#payments
> Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.
Or you can use Tor. I will just use a VPN that lets me pay with Monero or some other crypto currency. None of this will stop savvy people.
There are already solutions that do the double VPN thing for you. For example https://obscura.net
The UK is clearly moving towards pervasive digital monitoring. I’m curious how Mullvad would even comply given their accountless authentication model.
How do they define "VPN" in this? If I make a little wireguard mesh and use an aws vm in another country as the exit node for my traffic, would that go under VPN?
What societal "harm" is the UK actually trying to reduce with this age verification? It almost feels like the amount of effort they're putting into this is out of balance with the actual harm.
political dissent. Uncomfortable truths. Any speech that does not align with the official narrative.
A Labour MP foolish attended a GB News show and when pushed admitted that the Online Safety Act was also about identifying speech by adults [0].
Sorry about the quality of the link, but the video is there (higher quality is available on X) and its not like the paragon of truth that is the BBC reported on this.
https://europeanconservative.com/articles/news/uk-government...
Nothing, the point is that they have a couple of fig leaf reasons while doing what they want to do anyway.
The stated harms are "adult content", and social media in general (same bill includes a ban on under-16s)
Privacy has an age rating now ? Seems a little ironic forcing anyone under 18 away from being able to have extra layers of privacy and in some cases security online.
I think we need to accept that age verification makes the internet safer. What we cannot accept is age verification's use as a mechanism to pry too far into peoples lives. When we can separate age verification from who am I, most people will be happier. What's tricky is who validates age? Your ISP? Your government? Your OS? A thirty party? Who accredits third-parties, and can you trust them? I'm convinced there's a way to solve this do we can keep the internet safe and not intrude massively on peoples privacy.
I don't think it's possible? You could imagine some sort of certificate scheme where the govt issues a thing that says to a 3rd party "we certify this person is 18 but in a way that doesn't reveal who they are". You could also implement that in a way where, even if the 3rd party reports the details of an authorisation to the govt, the govt can't say who was involved in that auth.
But in the latter case, the system is wildly open to abuse coz nobody can detect if every teenager in the country is using Auth Georg's cert. The only way for that to be possible is if the tokens let you psuedonymise Georg at which point it's no longer private.
The answer is to leave this shit to parents. It's not the government's job. It's not the government's business.
Can we somehow get age verification without IDs? Age verification itself is OK as an idea. I’m happy to show ID to buy alcohol at the store… but the store clerk doesn’t take a photo of that ID and store it in logs somewhere forever.
Can we please get a law where kids won’t just take their parents’ IDs and upload them to random places?
The Digital ID scheme is for you. It uses Zero Knowledge Proofs, so that one of your 'IDs' could be a simple 'Is over 18' ZKP, without involving your name or anything other detail. This is one of the examples listed in the framework docs.
> "Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details." (from https://www.gov.uk/guidance/digital-identity )
There's a huge amount of disinformation circulating about the digital ID scheme, and the government's messaging over it has been catastrophically clumsy. Which is a pity, because the system has very clearly been designed with civil liberties in mind (defensively) and for citizens it's a serious improvement over the current system.
What if I rent a cheap VPS overseas and wireguard my traffic to that?
I mean it's still a Virtual Private network between you and the VPS (which is rented by VPS provider)
So technically if you are from UK, they might come at your VPS provider if they find that you use them as a VPN (law's kinda vague from what I can gather)
Your VPS provider wouldn't really protect your privacy for 4 $ so a snitch.
My point which fucking scares me if I were a UK citizen is that they just have to do it once to scare you to your guts.
Maybe I am paranoid but I couldn't see this shit happen 2-3 years ago & UK is atleast moving at a very dystopian rate and I am not sure if other countries might move in similar direction too if UK experiment turns out to be helpful to the people in power or helps in curbing out protests/real change in any capacity.
I know the law hasn't passed but chances are unless osmething very unlikley happens, its gonna get passed
What's up with democracies trying to imprison their own citizens in such sense, whether digitally or in person. Some countries feel like prisons rather than free land now.
These were the best benefits of democracies over authoritarianism.
I genuinely question with such points if democracy actually just becomes a dual party authoritarianism. Sure people vote but just scare them for real change just once. If a person speaks online, even if they use a VPN, just catch one extreme and scare the moderates from even ever saying something different than what govt says
Say it with me, 2+2=5 (1984 reference)
It’s a lot more difficult to do this anonymously than it is to use a VPN. You almost certainly need to provide payment information and often also identity verification.
Probably about the same, there is a lot of VPS providers out there, and not a small amount accepts basically an email + cryptocurrencies without any further verification than that. And that's just on the clearweb, going beyond that you start having even more options.
As long as you don't offer it for others in exchange for money, it isn't a service and not what's covered here.
then you are not using any vpn service marketed or provided in the UK. if you were to sell access to your VPS to others then you would have to do age verifications on them maybe.
maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
then you are not using any vpn service marketed or provided in the UK[0]. if you were to sell access to your VPS to others then you would have to do age verifications on them maybe.
[0] maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
Every government in the world right now wants to get their hands on the controls and put their thumb on the scales here. Modern social media has proven to be effectively remote control for their citizens, nothing like this kind of power has never existed before and is absolutely irresistible to politicians. Expect them all to be laser focused on this until they're able to seize complete control, no matter how long it takes or how roundabout the path to this is.
Counterpoint - Governments are attempting to wrest political control away from coordinated global corporate fascists.
Yes and no - you need to check whether each individual politician, not just party, is taking money from said global corporates, because they have a lot of money and UK politicians are cheap.
Not to mention the opaque mess that's Reform UK financing.
The "coordinated corporate fascists" (your words not mine) are providing a platform where I can challenge the the state and be seen by potentially millions of people.
This is very bad news because I have been in contact with low cost providers (lowendtalk) and the community & even they usually end up renting etc. from datacenters and they usually would have name as well
So theoretically, suppose I have a vpn company on A) either such lowend niche providers who might support let's say my mission or we are aligned or B) the hyperscalers or large companies.
Now I am 99% sure that large companies would actually restrict VPN creation usage (something remarkably rare right now but still it's a gone deal now)
And I feel like even with niche lowendbox providers, suppose I am paying 4 euros or something to a provider to get an IP, they are either using hyperscaler themselves (like OVH) or part of a datacenter itself
If a server they own in some capacity runs a vps, can it be considered that they are running a vps and they can get sued by the Safety Act too? If not, then what if this happens one layer above at datacenter and now datacenters might have to comply with them
I haven't read the article but wtf.
Suppose I run a tmate instance (basically allows you to connect one ssh server to another both inside nat), theoretically this is a vpn as well.
I was calling out that they might ban vpn's when online safety act came and I realized that theoretically nothing's stopping them technologically to do so. It's a cat and mouse game but they didn't have a legal reason to do it so much. Now... You have it.
Is the end of total privacy for UK here?
I feel like even privacy oriented VPN's will move out of UK and non privacy oriented (ie. who will accept your id's) will probably have to manage it or use some third party and I am pretty sure that this basically gives govt. even more, they might now look at which IP said something, contact the now compliant VPN and block other truly private, for which user Id used a particular IP at particular time and seek their ID. I don't know how Dystopian UK's gotten but what's stopping a "reasonable cause" or some UK fbi equivalent contacting.
I feel like even one or two such extreme case of VPN providers would be enough to scare the whole country into check where if you are UK citizen and you talk against UK online, you will be screwed.
Atleast that's the direction I am seeing it heading.
Depending on the instance & how many more such dystopian laws UK adds. It's democracy gets really questionable... and I am not sure what it will be replaced by.
Both parties are kind of aligned in this from what I can tell. Just raise what "reasonable" suspicion to contact means and abuse any laws or create new dystopian laws but online safety act wasn't okay but VPN's provided a way around it.
Now that VPN's themselves are affected. It's kind of gonna wreak havoc imo of any individual privacy.
I am worried what this might mean on tor. Since tor can be considered a vpn, so will UK company sue me if I run a tor instance now?
You are over thinking. This is to enforce age restrictions online which parents are overwhelmingly in favour of.
Make the friction high enough for evading age restrictions and it will stop most kids. Not all but most. Same as most shops stop under age kids buying alcohol and most cinemas enforce age ratings.
If you want to roll your own VPN go ahead.
As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.
> As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.
I understand what you mean but still, one has to realize that all the grievances happening in US (esp with Greenland) feels like something trying to distract from the Epstein files (Me and my cousin literally talked about this yesterday and these were almost his words not mine)
Epstein files pressure got dialed up to 11 because of internet, was it not.
If however the internet keyboard warriors weren't there or just the people who were aware from the internet (I mean I can't attest for you but I was reaware of epstein files from internet)
Also yeah, Take the example of Nepal whose almost authoritarian esque govt. was literally toppled by internet protestors to get an anti corrupt person in power.
Internet & anonymity still has power and to just give it up to a govt. would still have massive massive consequences man.
If this law passes, anonymity & privacy is fundamentally ended in UK.
> If you want to roll your own VPN go ahead.
If my VPN would have an IP be arranged via a VPS they will just come knocking to my VPS
Russians actually use a Russia VPS to connect to VPN but they are getting locked down. (Source: I saw some russian person in a forum doing exactly this)
if we are comparing UK to Russia on a reasonable amount, then that would speak mountains too and we can move our conversation from there.
Edit: perhaps I feel like I was also overthinking it a year back when I was worried about VPN's block (I have written it in Hackernews you can go read) and I figured that with something like UK, the tech wouldn't be enough to be uncensorable and we are still off to govt laws and I was worried about exactly this happening.
I didn't want to be right then and I don't want to be right now but I am just telling what I have a reasonable enough suspicion of something happening in future.