Talk about unintended consequences. How many other people have done the same?
If there had been a free, public and verifiable Age/ID service, that wasn't tied to advertising, then I might be more willing to hand over my ID. But because the VC whispered "freemarket" in the ears of the prick who designed this, we are stuck with the worst of all worlds. A non-secure way to prove ID, and a non-acceptable way to shield those that don't or cant consent, from harm.
Originally IKEv2 and more recently WireGuard, configured like so:
It wasn't an unintended consequence.
The goal of the legislation was to "stop children from accessing age inappropriate content" on the internet.
Ahead of the legislation it was known that there would be a significant proportion of individuals who would switch to using VPN's because without platform based verification it would be a pita for users (more logins, random age verification services, and some sites just deciding to block).
However, VPN's, come with their own minimum age 18 T&C's, as do the means of payment for those services (credit and debit).
So from the pov of "stop children from accessing age inappropriate content" similar result
Not perfect, but empirically this seems to be working well enough e.g. "New data shows no rise in children’s VPN use after the introduction of online age checks" (https://www.internetmatters.org/hub/research/data-shows-no-r...), i.e. the VPN traffic is largely adults.
As to other unintended consequences, such as making it more difficult for the authorities to snoop on their citizens, I doubt this effectively makes any difference whatsoever.
You'll basically have your own private VPN
Localization was supposed to be a browser thing, using headers like Accept-Language, but alas.
But what I'd really love (startup idea!?) is an app that let's you map websites to countries and it handles tunnelling that domain's traffic through the selected country's VPN.
For example, I'd like to view Reddit, YouTube, X, Facebook, Instagram and social media apps from a US IP (to avoid Australia's "age verification"), dailymail.co.uk from a UK IP (since it's blocked in Thailand), predication markets from a country that allows them, Imgur from a country that allows it, Spotify from any country so long as it's fixed (to avoid it randomly stopping mid workout with a 'your country has changed' notification).
Until something automated like this exists the current best solution is a VPN and manually switching countries when something you want isn't available from the current country, which isn't great UX.
Another AU citizen here. I've been beefing up our home in prep for these laws too.
You can use policy based routing to send traffic through a few VPN egress points depending on either domain, or IP based country lookup. Most providers will let you keep simultaneous connections up. This then applies to all devices so streaming apps works well (e.g. for my partner to access her home country's public broadcaster) and any complexity remains hidden from others you live with. From there, a wireguard tunnel for personal devices back through home means you can keep these same paths active when mobile.
I'm looking forward to the level of networking and systems knowledge these laws will encourage across future generations.
However it was a very complicated setup with many parts and a home server so I would definitely like to see a proper app built around this that just handles everything for you.
After the article I set it up myself, it took me around a day I would say. It supports exactly what you're asking for, although it's not a comprehensive tutorial so you'll need to figure some things out on your own.
Full disclosure I ended up turning it off only 2 days later because it was causing too many issues with networking and I suck at networking-related things, but it was great while it was working. I plan on setting it up again in the near future.
For your own personal sake, you may be selfishly wishing it’s as few people as possible. Eventually they’ll outlaw VPNs too and by then you’ll have little recourse. You can’t hide behind them forever, deeper change is needed.
Even China doesn't quite manage to enforce that.
Bypassing internet restrictions in mainland China is a normal part of life for people who want to access the western internet. China is able to censor the Internet effectively because Chinese people are most comfortable using apps that cater directly to Chinese people, through language and culture. The Chinese government has a lot of control over these companies because they’re based are located in China.
The English speaking west is so dependent on the U.S. internet that it is impossible to copy the Chinese model.
It’s only techies who think “if I can get around it, it’s not that big of a deal”. As long as you live in a society, how other people behave affects what you can do too.
Even those who are happy to break laws, don't generally do so perfectly.
Even nation states' pulling James Bond stunts don't do it perfectly.
Imperfect enforcement used to be the default even for petty crimes, before CCTV and finger prints and DNA tests and all the other forensics got cheap. The legal systems don't care if the methods are imperfect… and worse, they don't understand why we do, making it hard to explain to them the consequences of this kind of thing in our domain.
Mass surveillance, population control, and the destruction of services they disapprove of. Pornhub’s traffic went down by 80% when they implemented the mandatory age verification checks in some state. So they simply blocked them because it wasn’t worth it. Later, someone (I don’t have the ability to track down the source right now) was caught admitting one of the goals of the law is to drive those sites out of business.
I recommend reading about authoritarian regimes in Europe (it was not just Germany) and how they controlled discourse, and what people had accessed to. Some of their decisions have repercussions which are felt to this day. In Spain, foreign media is dubbed while in Portugal it is subbed. Both are due to their respective dictators.
I will read about that, but I quite quickly realised talking about this in person it's one of the few things I feel this strongly about, and even I'm not sure why I agree so entirely. I think I look at it a bit like climate activists interacting with deniers. Say what you want about future risks and criticisms, but there is no time, the situation is extremely fucked right now, particularly with children, and something needed doing asap.
It does not work that way in functioning democracies. This is like blithely raising people's electric bills in the name of preventing global warming. Noble aspirations but brain dead implementation that completely undermines the original goal. And fuels, one might add, the rise of political parties that just want to burn everything down.
Personally I went from more or less ignorant of these laws to completely outraged in the time it took to eat a couple of sausages.
Why don't we humans think this stuff through? Surely we can do better.
EIAs are £452.17/month (a statutory amount originally defined in The Online Safety Act’s 2027 update, subject to triple-lock inflation), licensed, and subject to inspection. There’s a four month waiting list for licensing due to backlogs at the local County Court.
The alternative is therefore to use up a strike and apply to have the account repurposed back to a Citizen User Account. CUAs must remain below a 50:1 down/up ratio and must have p90 non-https “control” traffic of 48kbps or less. They are expensive too but you get a 25% discount if you install your ISP’s mobileconfig / MDM profile though. With the profile discount the price is now only £64.99 a month.
(This assumes you run an Approved Platform capable of mobile device management. Anything else — Linux based, old versions of macOS, Windows <= 13 etc. — has to pay the full price and CUAs are limited to one Custom Access device per connection.)
You can get it down to £49.99 a month if you sign up for a 12-month trial of their home security system — cameras, door “e-locks”, that sort of thing. The devices are locked down but you can see the last 48h of events on their cloud portal. The devices have tamper detectors and the traffic is encrypted e2e but luckily that doesn’t count towards your CUA agreement’s limits on opaque traffic.
* does not apply to pensioners
..but sadly within the margin of ridiculousness for our government's approach to the internet.
> Proton VPN, an app offered by Swiss privacy tech firm Proton, told the BBC it had seen a 1800% spike in UK daily sign-ups over the weekend after age check rules took effect on Friday.
Given the rate at which those sites are hacked, that's basically the following, simple procedure:
Step 1: Share your identifying information with the entire Internet.
I caved, bought a 3 year PIA plan, had my router configured within about 2 minutes (actually impressed how straightforward Unifi made it) and now my browsing experience is fixed.
I ask this in comparison to applying it at a finer-grained level, such as just a particular machine, or to an application, or to even a browser tab or particular domain. I feel like I would never want all my traffic VPN-ed because it is slow, there are greater privacy concerns of VPN operators, and my needs for VPNs are a cleanly-separable small chunk of my online activities.
https://help.ui.com/hc/en-us/articles/12566175125783-UniFi-G...
Lots of people using Brave's Tor or Opera's VPN in their browsers, and free VPNs like Proton (which seems like a negative security outcome for the country to me).
I'd have thought the intel agencies would be pissed at all that data going dark, but haven't heard a peep in the media.
I also switched to use Redlib instances to browser Reddit
For now, I used my Hetzner server via Tailscale running fast-socks5 [1] using FoxyProxy [2] (for Mozilla Firefox) which allows me to select a list of domains to re-direct through the socks proxy. I also have Tor installed which is useful when roaming.
[1] https://github.com/dizda/fast-socks5 [2] https://addons.mozilla.org/en-GB/firefox/addon/foxyproxy-sta...
They tried to have the back door mandated with the Clipper chip. Governments will try again.
I notice that some tech companies claim they are "trusted" or have "trusted third parties", I don't trust them at all, I'm not sure why they think I do.
I continue to use Tor Browser for entirely innocuous sites that are collateral damage of the OSA.
For example, the Interactive Fiction Archive. All its game files are voluntarily blocked in the UK by its well-meaning but stupid operators. Even games intended for children. They should stop complying and just serve up all their files to everyone. If a teenager learns what a. z5 file even is, they deserve to be able to play it.
Any reddit thread where someone said naughty words? "Oh we're going to need your phone number and a facial". I don't think so, Mr Data Harvester. Click on URL, Ctrl+c, alt-tab to Tor Browser, Ctrl+v, "Are you over 18?" Yes I am. See how easy that is?
I hate my government.
Everyone could have done a lot better, and could have achieved the stated aims without so much damage.
The UK has a strong tradition of safeguarding privacy while ensuring that appropriate action can be taken against criminals, such as child sexual abusers and terrorists. I firmly believe that privacy and security are not mutually exclusive—we can and must have both.
The Investigatory Powers Act governs how and when data can be requested by law enforcement and other relevant agencies. It includes robust safeguards and independent oversight to protect privacy, ensuring that data is accessed only in exceptional cases and only when necessary and proportionate.
The suggestion that cybersecurity and access to data by law enforcement are at odds is false. It is possible for online platforms to have strong cybersecurity measures whilst also ensuring that criminal activities can be detected.
Among the general public I would say effectively zero. The Online Safety Act does not even register in the news or as part of people's concerns.
There might have been a burst of interest because of reports in the media when the OSA came into force but I suspect that this is about it.
The idea of a global internet is becoming increasingly infeasible and I believe that China is just ahead of its time. If you look at the UK, it is really just a matter of time until they figure out that the real issue they are having is that, the Internet allows communication with entities they can not enforce their laws on. The logical consequence for them will be to deny access entirely. The same seems true for the EU, which is moving in a similar direction.
This is such a threat to democracy that ironically the only solution is to crack down on democracy
Blaming Russia is such a tiresome stance. Russian propaganda is so bad and so hilariously ineffective that it penetrates only small bubbles inside political parties, even after years of propaganda.
Also the current German government includes the historically most notorious Russian shill party.
The laws are absolutely the issue and if you are tearing down democracy to "preserve democracy", you just see democracy as a useful propaganda tool, for the sake of your own power.
If steering far off (based on Iran's MO in Israel for example) with a little bit of bitcoin and time you can hire someone to do anything for you in a foreign country. This includes graffiti, burning cars, moving weapons and finally assasinations.
Because democracies are so dependent on voters opinions, and organizations that have a vested interest in the failure of a state now have influence, this can be catastrophic (brexit, covid vaccines, race wars)
Can't say I support cracking down on free speech, but IMO that's exactly what we're going to see, especially in Europe where Defensive Democracy is already in place