Reform UK (the party currently leading in the polls by a large margin) is the only party that loudly opposed the draconian measures within the Online Safety Act and promise to repeal it
To stop it now we need a majority of MPs who are willing to take a political risk to reject it.
Which isn't going to happen.
It is an utter waste of time. MPs already know about the concerns. They don't care. I wrote to my MP about many of these concerns in the past. You either get ignored, told you are enabling pedos, told there will be protections put in place (ignoring the whole point is that I don't trust the government), or you get a boilerplate reply.
Moreover The vast majority of people (unfortunately this includes people in my own family) have been propagandised to agree with all iffy censorship, monitoring and other spooky nonsense the UK state engages with.
People tend to be a lot more reasonable in person, and also if you listen to them first.
The UK has a strong tradition of safeguarding privacy while ensuring that appropriate action can be taken against criminals, such as child sexual abusers and terrorists. I firmly believe that privacy and security are not mutually exclusive—we can and must have both. The Investigatory Powers Act governs how and when data can be requested by law enforcement and other relevant agencies. It includes robust safeguards and independent oversight to protect privacy, ensuring that data is accessed only in exceptional cases and only when necessary and proportionate. The suggestion that cybersecurity and access to data by law enforcement are at odds is false. It is possible for online platforms to have strong cybersecurity measures whilst also ensuring that criminal activities can be detected.
Working with startups, I've signed up for 100s of sites. My password manager lists 550. Those signups are currently low-risk: just my email (already widely public) and a random password. But it would put a big chill on my work if I had to upload government age verification docs to each one.
I can tell you that isn't entirely true. When they get a lot of messages about the same thing, or better still you meet them in person, they may keep giving you the 'party line response', but they will also be feeding back that there is discontent to the whips.
Legislation like this does not make children safer, it makes everyone else less safe.
[0] maybe it is still illegal, IDK, bu likely due to other laws (eg a generic "it is illegal to use workaround for X")
So technically if you are from UK, they might come at your VPS provider if they find that you use them as a VPN (law's kinda vague from what I can gather)
Your VPS provider wouldn't really protect your privacy for 4 $ so a snitch.
My point which fucking scares me if I were a UK citizen is that they just have to do it once to scare you to your guts.
Maybe I am paranoid but I couldn't see this shit happen 2-3 years ago & UK is atleast moving at a very dystopian rate and I am not sure if other countries might move in similar direction too if UK experiment turns out to be helpful to the people in power or helps in curbing out protests/real change in any capacity.
I know the law hasn't passed but chances are unless osmething very unlikley happens, its gonna get passed
What's up with democracies trying to imprison their own citizens in such sense, whether digitally or in person. Some countries feel like prisons rather than free land now.
These were the best benefits of democracies over authoritarianism.
I genuinely question with such points if democracy actually just becomes a dual party authoritarianism. Sure people vote but just scare them for real change just once. If a person speaks online, even if they use a VPN, just catch one extreme and scare the moderates from even ever saying something different than what govt says
Say it with me, 2+2=5 (1984 reference)
So theoretically, suppose I have a vpn company on A) either such lowend niche providers who might support let's say my mission or we are aligned or B) the hyperscalers or large companies.
Now I am 99% sure that large companies would actually restrict VPN creation usage (something remarkably rare right now but still it's a gone deal now)
And I feel like even with niche lowendbox providers, suppose I am paying 4 euros or something to a provider to get an IP, they are either using hyperscaler themselves (like OVH) or part of a datacenter itself
If a server they own in some capacity runs a vps, can it be considered that they are running a vps and they can get sued by the Safety Act too? If not, then what if this happens one layer above at datacenter and now datacenters might have to comply with them
I haven't read the article but wtf.
Suppose I run a tmate instance (basically allows you to connect one ssh server to another both inside nat), theoretically this is a vpn as well.
I was calling out that they might ban vpn's when online safety act came and I realized that theoretically nothing's stopping them technologically to do so. It's a cat and mouse game but they didn't have a legal reason to do it so much. Now... You have it.
Is the end of total privacy for UK here?
I feel like even privacy oriented VPN's will move out of UK and non privacy oriented (ie. who will accept your id's) will probably have to manage it or use some third party and I am pretty sure that this basically gives govt. even more, they might now look at which IP said something, contact the now compliant VPN and block other truly private, for which user Id used a particular IP at particular time and seek their ID. I don't know how Dystopian UK's gotten but what's stopping a "reasonable cause" or some UK fbi equivalent contacting.
I feel like even one or two such extreme case of VPN providers would be enough to scare the whole country into check where if you are UK citizen and you talk against UK online, you will be screwed.
Atleast that's the direction I am seeing it heading.
Depending on the instance & how many more such dystopian laws UK adds. It's democracy gets really questionable... and I am not sure what it will be replaced by.
Both parties are kind of aligned in this from what I can tell. Just raise what "reasonable" suspicion to contact means and abuse any laws or create new dystopian laws but online safety act wasn't okay but VPN's provided a way around it.
Now that VPN's themselves are affected. It's kind of gonna wreak havoc imo of any individual privacy.
I am worried what this might mean on tor. Since tor can be considered a vpn, so will UK company sue me if I run a tor instance now?
Make the friction high enough for evading age restrictions and it will stop most kids. Not all but most. Same as most shops stop under age kids buying alcohol and most cinemas enforce age ratings.
If you want to roll your own VPN go ahead.
As far as the "dystopian" state of the UK goes. Even if the UK was a "distopia" the internet won't save you, even though people of a certain age like to think they can stop an authoritarian government from their keyboard. Take the US as a recent example, the bastion of free speech, but US citizens are being murdered by a government organisation. Posting memes from your VPN won't help.
I understand what you mean but still, one has to realize that all the grievances happening in US (esp with Greenland) feels like something trying to distract from the Epstein files (Me and my cousin literally talked about this yesterday and these were almost his words not mine)
Epstein files pressure got dialed up to 11 because of internet, was it not.
If however the internet keyboard warriors weren't there or just the people who were aware from the internet (I mean I can't attest for you but I was reaware of epstein files from internet)
Also yeah, Take the example of Nepal whose almost authoritarian esque govt. was literally toppled by internet protestors to get an anti corrupt person in power.
Internet & anonymity still has power and to just give it up to a govt. would still have massive massive consequences man.
If this law passes, anonymity & privacy is fundamentally ended in UK.
> If you want to roll your own VPN go ahead.
If my VPN would have an IP be arranged via a VPS they will just come knocking to my VPS
Russians actually use a Russia VPS to connect to VPN but they are getting locked down. (Source: I saw some russian person in a forum doing exactly this)
if we are comparing UK to Russia on a reasonable amount, then that would speak mountains too and we can move our conversation from there.
Edit: perhaps I feel like I was also overthinking it a year back when I was worried about VPN's block (I have written it in Hackernews you can go read) and I figured that with something like UK, the tech wouldn't be enough to be uncensorable and we are still off to govt laws and I was worried about exactly this happening.
I didn't want to be right then and I don't want to be right now but I am just telling what I have a reasonable enough suspicion of something happening in future.
Sure teens will still figure out a way to access when they really want to, but they won’t be be the same level of peer pressure.
I feel like this is the strongest argument in favor of the bans. I am not sure it will be effective or is the most effective way to go about it. I am curious to see the data that comes out of Australia in a few years.
Of course, we're sliding quite rapidly down that slippery slope here so I'm sure logging and easier government tracking would be next. The justifications will get weaker and even more lacking in supporting evidence for their implementation.
Yes. But I think most of the zero logs providers will remove the identifiable payments details after a certain about of time. e.g. Mullvad have a specific policy relating to what is stored and retention time (I am not affiliated with Mullvad, I just use their service).
https://mullvad.net/en/help/no-logging-data-policy#payments
> Surely savvy people can just use their existing VPN to buy a VPN from outside the UK.
Or you can use Tor. I will just use a VPN that lets me pay with Monero or some other crypto currency. None of this will stop savvy people.
No problem there. Once a user is old enough, he stays old enough.
The providers are structured in a way that makes forcing compliance difficult and have built their whole business model around this. NordVPN is registered in Panama for example and Mullvad lets you send cash in the mail and doesn't store any user details (even a hashed email).
It'll be interesting to see how & who reacts if it does pass.
Surely they can simply buy that direct ... at least until the Govt. requires ISP to blacklist.
A Labour MP foolish attended a GB News show and when pushed admitted that the Online Safety Act was also about identifying speech by adults [0].
Sorry about the quality of the link, but the video is there (higher quality is available on X) and its not like the paragon of truth that is the BBC reported on this.
https://europeanconservative.com/articles/news/uk-government...
No, this age verification is not against that.
https://www.gov.uk/government/publications/online-safety-act...
Harmful accurate info is allowed, note.
I remain upset that they do this without building the necessary infra. They already assert identity when applying for a passport (and they do this very well). If they had extended this process by creating a OAuth compliant digital id provider first, then they could have avoided all the problems on the day the OSA dropped. Even better, they could have created a non-governmental agency to exchange tokens and urls to prevent the privacy issue of the government knowing which sites people are visiting. Instead we have this status quo of encouraging UK citizens to hand over their identity documents to dubious third-parties or shifting their traffic from the UK externally to avoid these checks.
You seem to believe they're wrong. Since they're the ones who come up with the laws of the land, I think it's important to realize that they can and do aggressively control access to the internet in their country. It sucks, but it's the reality.
yes but this is like watching someone deal with an ant infestation by stamping on them. They're not solving the issue and unlike the ant analogy, they're making the problem worse.
The privacy issue would still exist. They can tie your online activity directly to these tokens.
Which would absolutely would happen. The authorities will ask the non-gov agency for the details and they will be provided.
Far less than all. See Australia, where age restriction is routinely evaded through adult collusion.
Meanwhile the government and official accounts continue to use X even as they're trying to ban it. Mixed messaging.
Lead proponent of the VPN ban: https://en.wikipedia.org/wiki/John_Nash,_Baron_Nash; he's https://en.wikipedia.org/wiki/Centre_for_Policy_Studies again, the dead hand of Thatcherism.
Now imagine that the local government has a website that can only be changed by contacting a web developer, who takes 1-2 business days to reply. It might not be as bad as that, but I wouldn't be surprised if that's the ballpark.
It isn't the late 90s/2000s anymore where people are uploading HTML files over FTP.
Then we can get rid of the online safety act, no need to dox adults if we just ban the children.
Then when the government refuses to repeal the OSA, we can then have an open and honest discussion about the real reasons that act exists.
Being sarcastic, but at the same time...
I think you'd find Govt. account users are over 16.
If VPNs require age verification, then people will shift to running a VPN on a cheap VPS. Probably via a popular single-click setup script.
Or people will just get drawn to more seedy providers that do no KYC or have ulterior motives. If I was Russia, I'd consider operating a free VPN or VPS service that MITMs the traffic.
Can we please get a law where kids won’t just take their parents’ IDs and upload them to random places?
> "Unlike with a physical document, when using a digital identity, you can limit the amount of information you share to only what is necessary. For example, if you are asked to prove you are over 18, you could provide a simple yes or no response and avoid sharing any other personal details." (from https://www.gov.uk/guidance/digital-identity )
There's a huge amount of disinformation circulating about the digital ID scheme, and the government's messaging over it has been catastrophically clumsy. Which is a pity, because the system has clearly been designed with civil liberties in mind (ie defensively) and for citizens it's a serious improvement over the current system.
Not to mention the opaque mess that's Reform UK financing.
But in the latter case, the system is wildly open to abuse coz nobody can detect if every teenager in the country is using Auth Georg's cert. The only way for that to be possible is if the tokens let you psuedonymise Georg at which point it's no longer private.
The answer is to leave this shit to parents. It's not the government's job. It's not the government's business.
Then you will be rich. Because no-one else has found a way to keep your age private whilst disclosing it.
UK and Germany weren't ever good in this department but now worst than ever.
US supposedly good but I wouldn't risk it in practice.
Australia I hear is also quite bad.
Canada and NZ I don't know.
I expect Denmark and Sweden to have somewhat weak free speech laws too.
Norway and Finland I expect to be good.
France I expect to be just slightly better than Germany.
Netherlands and Switzerland, I have no idea.
Czech Republic I think has strong protections.
Italy and Spain and Ireland, I heard mixed reports about.
Poland, Greece, Slovenia, Portugal and other unnamed countries I don't know at all.
You can solve the problem of age verification without limiting your free speech right. Those two get entangled all the time and it does not make sense.
Therefore, in practice, anonymity is the only way to safely express oneself in public. Privacy is the true bastion of the freedom of ideas. This is naturally lost when the means to communicate privately are stripped from us, when every word we've ever said is recorded and tied to our identity. Age verification could possibly theoretically be implemented in a way that does not immediately infringe upon privacy, but you surely know that there is no world in which it will ever be implemented in such a way.
In Germany, for example, you can say almost anything you want and no-one will give a hoot. If you're truly interested, here's some background for Germany in particular https://www.deutschland.de/en/topic/politics/freedom-of-expr...
And reporters without borders has a world press freedom index that ranks the US on place... 57 - behind most of Europe. https://rsf.org/en/index
After WWII you mostly had state run and controlled TV and radio. And some more freedom in the written press but still most countries mandate Legal deposit [0] sometimes since the Middle Ages. Legal deposit is just the granddaddy of what we understand the Internet is in China. You could really get in trouble easily.
Then mass media were liberalized and put under the control of big corporations in the 1970-80s what gave the illusion of more freedom.
But the WWW really brought the US free speech standards to the entire developed world in the 90-2000s. This is why people under 50 understand "free speech" according to this standard.
The "you get put in jail because of a meme on Facebook" is really a return to normal after a 20 year pause on the Internet. If you don't fight for it, it will never last.
Starmer, like most leaders in the EU, has an 18% approval rating. He really can't afford free speech for its subjects.
If child-services knew a parent was constantly watching/leaving around adult-content near children, that'd be considered the parents fault. If a parent lets a kid watch anything they want on TV and the kid watches adult content, it's the parents fault. But if the parent gives the child a phone, and doesn't manage what apps they use or content they watch, now it's the companies fault?
No big tech and browser makers did not put their hurds of developers to handle this and forced the governments to try more retarded solutions.
This big OSes should have a super easy activation procedure where a parent will enter the birthday of the account user and then the tech should do the magic,/
What are the current solutions for Android and iOS? To buy some apps and give them root permissions and they will filter out webpages or block entire domains ?
The failure here is two-sided.
One and the most glaring are the parents who let devices raise their children, this hasn't changed since before home computers were a thing.
Secondly it's a failure of the state for not educating both adults and teenagers on best practices when using online platforms to be safe. If they're interested enough in policing people's web habits, they can spend time and resources on educating the masses. The best time to start doing it was 20 years ago, the second best is now and it could take a decade plus for it to have a meaningful impact.
Also this is important. The UK, like it or not, is a nanny state. They like to use child safety as an excuse to police adult habits, and more important their speech. There's quite a few times they've admitted to this plainly without any ambiguity.
"The Online Safety Act 2023 (the Act) is a new set of laws that protects children and adults online"
https://www.gov.uk/government/publications/online-safety-act...
There's also examples of them being asked directly in interviews and they admit to wanting to police adults speech and content they consume online.
Australia is in a similar predicament and honestly most of the world is rolling towards this, just not as fast as the UK.
The UK unfortunately has incarcerated people for simply lifting cardboard signs saying Free Palestine. They've jailed people for innocuous social media posts on Facebook and other platforms.
I'm not proud of the USA for a lot of reasons, especially lately, but one thing that any and all Americans should be proud of is their Freedom of Speech protected by the First Amendment, it's the most American thing and one of the best aspects of America that other countries should aspire to, and I hope that the jabs Freedom of Speech has taken over the past decade doesn't make it crumble away.
This is a hard problem, from about 0 to 18, kids go from being, well, kids, to being expected to be full adults and are expected to be able to deal with every liberty, every temptation that comes with it. There is no single best path to achieve this.
I want to educate my kids about sex, about alcohol, gambling, drugs, I want to teach them that the internet is a source of many good things, and many bad things. I'll make arrangements, determine the suitability of online materials, and will set boundaries together with my partner, thank you.
If my younger self, went into a store to buy a bottle of Vodka, before I came of age at 18 here in Germany, it wasn't my parents fault. It was the shop that did not check my license that was liable.
If they sold me beer before I was 16, same situation. Analogous for cigarettes. Or me trying to enter an amusement arcade (with monetary gains possible, not just pinball like things.
So why should "online stores" / "arcades" / "non kid friendly/appropriate venues" be treated differently than brick and mortar ones?
Wouldn't that be the same argument?
It's quite specific wording for a piece of legislation, just VPNs. It excludes businesses but, as written, it wouldn't include network proxies, or remote desktop protocols, or TOR, or web/mobile applications that fetch pages for you, any of which could be used to circumvent the bill. The slippery slope argument could be made that those things would have to be added for this bill to have any meaningful impact, and that would require the amendment to be written in a very non-specific way. I'm not hopeful that the Government would recognise that as overreach (ignoring that the amendment already is).
londons_explore•1h ago
And presumably also a '--webcam-to-use-for-identity'
embedding-shape•1h ago
> Amendment 92 (“Action to Prohibit the Provision of VPN Services to Children in the United Kingdom”) requires VPNs that are “offered or marketed to persons in the United Kingdom” or “provided to a significant number of persons” to implement age assurance for UK users.
londons_explore•1h ago
embedding-shape•1h ago
The host who lets you spin up the server might also need to implement those age checks though. But still, not openvpn.
Imustaskforhelp•1h ago
Another point is what prevents UK govt or UK bots to sign up for Proton Vpn say themselves and the difference between bots and humans is becoming thin especially for such Private Vpn's and then UK govt comes again knocking asking for age verification.
Honestly makes me feel like UK citizens are hostage in their own countries & we might see more UK IP's being blocked from accessing services because the idea of Virtual private network is still vague in my opinion. One can abstract a sort of VPN on top of xmpp or matrix servers too or even telegram as the intermediate. Would that mean that UK govt would come knocking onto these asking for who created the VPN (suppose I built a VPN which uses telegram to send messages/packets or uses telegram infra, so would they come to telegram asking what is the IP/detail info of my telegram user, would they go to signal or xmpp or matrix providers too? What if I use a provider who colo's on a datacenter and they go to the datacenter asking for access or the company behind datacenter
I am not saying that they would for something so niche but the fact of the matter is that nothing's stopping them from the laws from what I can gather.
They would only have to do it once to instill fear in the masses. I mean technically just this law has instilled fear and I am not even a UK citizen
Someone familiar with UK law please comment on my message but VPN is such a vague term imo. Like at this point you are just targeting private networks or people who meet online in private
VPNs LITERALLY means Virtual "PRIVATE NETWORKS"
What gives the govt right to intercept between two parties communicating in any way (enforcing a condition for one party to have Id of other for age verification etc.)
chrisjj•31m ago
It is no more than a requirement on the service provider.
Imustaskforhelp•2m ago
Sure but that's literally not my point.
It's still an interception because the govt is still decided who can communicate (essentially) or not.
You cannot communicate with a vps provider if they don't have your ID and this condition being forced as a requirement otherwise the UK govt.s gonna jail and sue into literal millions is much akin to an interception in basically everything.
totaa•1h ago
embedding-shape•1h ago
ZiiS•1h ago
afiori•1h ago
vorticalbox•1h ago
this will be interesting to watch i just wish i weren't caught in the net.
swores•1h ago
vidarh•54m ago
elcapitan•1h ago