You must log in or # to comment.
They tried to bring in digital ID and that failed. This will fail too in so many ways. Privacy is a human right and privacy from a Government is the ultimate human right.
The UK is winning some and losing others, prosecute pedophiles but also creating a police state in the island. The surveillance level there rivals China. The internet is less free every passing year that we allow illiterate politicians decide for the people. The complete disregard of our privacy just because they don’t understand the nature of the internet or technology is astonishing, at best, and that’s giving them the benefit of the doubt that this is not plain out government overreach on the private citizens lives.
Gonna say the thing: IDGAF if kids see porn online. I’d far prefer children explore pornography and learn what they are and are not comfortable with; rather than risk being exploited by less-naive children or adults. Open access to porn is the harm reduction. They are images on a screen.
Let’s not pretend that today’s adults never saw porn growing up. I, a Gen Z kid, saw porn at young ages. There are reasons I am “off” in the head but none of them have to do with porn; and many of them have to do from forces who, among other things, push the purity culture narrative. This is the exact same over-dramatic messaging as the USA’s War on Drugs or its “Satanic Panic”—both of which source from purity culture and both of which have harmed significantly more kids than what they hoped regulate.
It’s like a slippery slope of stupid. If they wanted kids to not see porn, or social media, they could have mandated ISPs, mobile operators and Apple / Google implement parental controls on < 18 accounts and provide parental control software for family accounts. Adults or families who did not explicitly opt in to this law would be fully exempt from it.
Jesus Christ, what the fuck is going on in the UK and the rest of Europe right now with this age verification nanny state shit?
If I ran a website that would be subject to these new regulations, do you know what I would do? I’d fucking IP ban all of the United Kingdom, not comply in advance with this fascist horseshit.
If there’s one silver lining about this digital insanity going on right now, it’s that governments and corporations are essentially forcing users underground, and the dark web (unindexed websites) has the potential to grow and thrive as a result. We might have an opportunity to take the internet back from those who are trying to tighten their grip around the free and unfettered flow of information.
A lot of websites have already done that. A lot of image hosting sites. If I forget to turn the VPN on my feed looks about 30% like this
They have to fast track the mandatory ID laws now because the Epstein files is rapidly making people realize what their true intentions are
newspapers owned by foreign billionaires and shitty childrens authors that give epstein tickets to her play for children
Did not know that latter bit! Not like she’s enjoyed any positive sentiment from me for a long ass time, but damn! Gross!
The deepstate is real. Its Right here cumming for your porn.
To get a little more serious about it look into Who is buying our media outlets and who is buying our financial outlets (visa/mastercard).
This is almost always being pushed by a rightwing cult. Sorry “thinktank”.
I feel like these anti-privacy legislations are less of a left vs right thing and more just that the government is always trying to strip citizens of their freedoms to give themselves more power and control.
Unless you’re based in or have some kind of presence in those countries there’s no reason to even ban them. Banning by geolocation isn’t exactly trivial or reliable. Let them figure out a way to ban you instead.
Hm well Britain did try to fine 4chan. Amusing conceptually but it does mean they’re not above picking on website owners for not complying with their rules, regardless of where they are based.
Would Mullvad even legally need to comply with UK laws if they don’t have a server in the UK? Maybe they could allow UK user but just not operate out of UK?
Age verification laws are just an excuse to kill anonymity on the internet.
So…what’s the point in even using a VPN, if you have to identify yourself just to use it? The whole point is to browse the web anonymously.
I don’t use a VPN for anonymity, I use it for privacy.
It’s not the only use. VPNs can be used to access local servers remotely, for example your jobs server while WFH.
I’d take it a step further and say it’s not even a use of a VPN at all. If you want to browse the web anonymously a VPN doesn’t provide that guarantee: it only affects your source IP, which most services probably understand is unreliable for tracking purposes anyway.
Even for changing your IP to aid in being anonymous on the web, TOR is the network layer tool to use, because you will have a much wider range of source IPs than the single one you’ll get from the VPN, but there is still so much work to do to “browse the web anonymously”.
I think a lot of people don’t understand VPNs. They’re great privacy tools if you don’t trust the local network or your ISP, as all traffic is typically encrypted and headed for the same server, but being anonymous on the web is way more involved because you are much more than your IP address.
Btw I’m not replying here thinking you don’t understand all that; just expanding on the conversation
Would you mind going a little more into depth about the aspects of anonymity other than masking the IP address you think people are unaware of?
Yeah, and the second you log into your account on a website, you’re already identified. VPNs are great privacy tools, but they’re not a one-stop solution for anonymity.
First: VPNs are also used by businesses to allow access for remote workers and sites to the company’s internal network. In fact, this used to be their most common use and maybe still is.
Second: what’s stopping a foreign VPN provider from offering a VPN service to UK customers without forcing them to identify themselves? If such a company doesn’t have UK owners, workers or assets all that the UK authorities could do to enforce a court judgement against them is force British ISPs to block the IP addresses of that provider’s VPN servers, which would easilly turn into an a whack-a-mole situation, more so if VPS providers started selling “easy personal VPN server setup” facilities for their virtual personal servers which would make that an insane whack-a-mole situation.
The “VPN server on a rented VPS” situation could easilly turn trully insane to try to block - there are A LOT of VPS providers outside the UK selling pretty cheap services good enough to run a personal VPN server and even without the VPS providers leaning into it by providing an out-of-the-box option (and merelly supporting Turnkey Linux images means having two linux server images that work as VPN servers out of the box), step by step instruction of how to make it work with normal server distros will soon emerge and become common knowledge amongst Britons with even just basic technical skills.
In summary, the UK is a pigmy trying to look like a giant when it comes to how much their laws will influence foreign VPN providers in a market which is pretty competitive and were there is no one dominant market participant which can be pressured to have an implementation “for UK customers only”, and even if they found a way to enforce that law on all foreign VPN providers, that’s not enough at a technical level to stop people altogether from having access to no-authentication VPN service since anybody can rent a VPS anywhere and run their own VPN server in it.
I agree that technically, this is almost impossible to implement. To begin with, traffic can be tunneled through a variety of protocols. I used to evade my school’s filtering by tunneling over https, which was a form of VPN for the purposes of this discussion. It would be a game of whack-a-mole at best in order to identify ‘rogue’ VPN traffic out of the giant pile of normal encrypted sessions. Duration, maybe, but then the VPN software could just establish a new session to a new endpoint every random amount of time; VPNs become more expensive and slower, but don’t go away.
Outlawing encrypted traffic altogether would break so much of the internet that it will never happen.
I’m a little tin-foil-hat about this right now, but I think this could be an anti-worker policy at least as much as it is anti-privacy. We keep talking about how all companies are using VPNs. What if this is being pushed to force all remote workers give up their privacy as a way to urge people back into offices. Company XYZ says, “You can still work remote, but the law says you’ll have to do a biometric scan of your face every time/week/month in order to use the VPN.”
And if companies get exempted somehow… then I’ve got a great idea for a new startup: “EnVeePee is a company which pays literally nothing to our contractors, and we expect them to be online for hours a day working really hard for us. We also expect them to contribute to the monthly pizza party.”
Not necessarily. I would argue the primary intent of commercial VPNs is to obscure web traffic data from your ISP.
what’s the point in even using a VPN, if you have to identify yourself just to use it?
Having to identify doesn’t mean they can see inside the tunnel or that your VPN IP can be traced back to you.
There’s plenty of ways age checking could be decoupled from identity checking, and I find it extremely suspicious that the proponents of these laws aren’t promoting them.
Any examples?
There’s lots of cryptographic type approaches where the entity validating you is air-gapped from the entity certifying your age.
But if you don’t trust them it’s not hard to figure out a scratchcard system where for, say, £1 cash your local newsagent checks your ID and lets you pick a card that you scratch off to get a code that you can then use to obtain a cryptographic token online signed by a recognized CA. Neither the newsagent nor the card issuer have any way of tying you to that code, and if you don’t like the idea of using the same token on multiple sites you can always buy more. Of course you’d also have the option of obtaining codes online, but there’s something I think people would find reassuring about the existence of a visible physical gap.
In my country if you want to buy booze online, you verify your age by logging into this id check service the banks have set up. The bank will only send if the buyer is 18+ or not to the store. So no identification data is send to the store not even the actual age.
You’d have to rely on your country’s banks not relaying all info anyway, pinky promise, but it’s an interesting model.
Banks know your age anyways, so it stops the system from sucking more than it already does
Not necessarily the best approach but a widely and officially recognized one:
https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
People are using VPNs to circumvent identity verification, so this solves nothing.
Yeah thats why theyre now pushing tmfor verification to allow use of VPNs. Im not techy enough to know how this could actually be enforced, but if they pull it off using a VPN to gain access to a VPN sounds tricky.
What does that have to do with this discussion? If you can bypass this EU system, you can also bypass the less private British one. No reason to push the less private one unless age verification is not your true goal.
I could ask you the same question.
You want to ask what does the existence of a widely accepted privacy-preserving solution, while the government is pushing a privacy-destroying one, have to do with the original comment of “the people pushing it being suspicious”? Now you are just trolling.
Jesus fuck, I’m so tired of this “everyone who disagrees with me or I don’t understand is ‘trolling’” nonsense. I can’t even be bothered to discuss anything further. Goodbye.
You could do it with an offline AI model and Python. You download, firewall it, it checks your image and shits out signed text message of your approximate age range and the time.
When do we just start killing politicians?
46 years ago. Start with Reagan.
maybe if hinckley wasn’t a complete failure
UK is a joke, what is going on over there
Every politician proposing such rules must first make their browsing history public, it should go both ways right?
I’ve always wondered why we aren’t buying/hacking info about politicians that support anti-privacy legislation from these databrokers and leaking it to the public. If I had the knowledge that’s what I’d be doing. I can’t think of anything that would be more effective.
Cameras everwhere they are and following them everywhere, always on recording of their means of communication, all free to access by anybody at any time.
Surely those politicians “have nothing to hide”?
It’s not just age verification: the identity-verifying document’s image is kept on servers for future use. Theoretically by governments verifying, practically so that everyone’s identity can be highjacked in a leak.
Adult verification is simply determining a single bit: is this person an adult or not? We have had zero-knowledge proof for ages: if the government really wanted to determine this single bit, it could do so without jeopardizing everyone’s privacy and online security.
I wonder if in the future we’ll get to know exactly who pressed the digital freedoms crackdown button on the summer of 2025. Things were going backwards already before then but the sudden acceleration is curious and concerning to me.
Australia pressed it, as a result of parents who have genuine concerns about social media addiction in kids (but who aren’t willing to do anything about it themselves).
And there’s also this which explains why the implementation is the most annoying way possible. If I had my way age-verification would be solely tied to the addictive features of social media, but if that were the case the big tech companies would just lose users and wouldn’t be able to insert themselves as an age-verification middle-man.
I wasn’t meaning age verification in particular, Google deciding to mandate developer registration for Android apps and Samsung removing to option to unlock the bootloader on their phones also happened last summer
Regardless, my reply does explain why age verification on the internet is becoming a thing.
It’s to move to a risk management based society. Look at the sociology behind all of this and you would see a counter example. this was already being accelerated the first step was facial recognition years ago. Surveillance states are defaults in risk management societies. In a nutshell if we treat everyone like a criminal then its only a matter of time before we catch someone is their consciousness going forward.
Guilty until proven innocent.
ssh -D 1337 [email protected]is this a VPN?
Oi, you got a loicense for that session?
The law applies to providers, not to users iirc
Good luck suing German tor exit nodes. Or the tor project, which is used by the intelligence agencies in the UK and backed-up by the US military
a-yup
so is tor, i2p, snowflake
Performance wise it isn’t going to be great. I’m not sure about censorship resistance.
really? i use it all the time and i find the latency just fine
if people are technically inclined, a service like Tailscale can be used to circumvent things like the online safety act. with the exit nodes.
or just roll your own vpn
Roll up your own vpn? Where the server is in your name? Or your home IP?
yeah, it’s not even close to being anonymous, but at least you will get out of the OSA bullshit
Just use your server to connect to Mullvad
Why not just connect directly?
No need for age verification to connect to your own server + mullvad obfuscating your identity afterwards
I don’t understand. The proposed legislation would force ID verification for Mullvad users. You’re still a Mullvad user, regardless of whether you connect through your VPS.
Mullvad also accepts anonymous cash payments, good luck with identifying me as a mullvad user with only an envelope, a target address,an account id which isn’t tied to a name and 10 bucks in it.
The first hop would go from “my UK client machine” -> “my VPN server elsewhere” which would impede Mullvad from automatically recognize you as a UK customer because that “server elsewhere” wouldn’t have a UK IP address.
The second, Mullvad, hop would go from “my VPN server elsewhere” -> “some other IP maybe in yet another country”
As long as you didn’t pay with a UK payment system (so, use a crypto currency or send them money in an envelope), due to that first hop Mullvad would have no way to know you are British and thus no legal obligation to treat you as such.
However a “my server elsewhere” also needs to be paid for. Further, all connections from that server would always be yours since you would be the single user of that server. Adding a Mullvad hop after that adds the anonymization of, for the rest of the Internet, your stuff being just one amongst many connections from many Mullvad clients coming from that server, plus Mullvad is probably much better at anonymizing stuff that “random techie setting up their own a VPN server on a VPS”, plus if you pay Mullvad using an anonymous payment system, they themselves have no idea who you are if they were ever legally forced to disclose it.
That first hop gives Mullvad plausible deniability about serving a UK customer without ID, whilst the second hop gives you a stronger anonymity than you would get if your entrance point into the internet was a single-user server you owner or rented.
I2P.
Essentially, what if the entire internet worked kinda like how torrents do, and was also anonymized and E2EE?
Well, it would be pretty slow, but it would also be extremely distributed and difficult to censor/disrupt.
Basically, everyone on I2P is a micro-relay for everyone else.
I2p has some flaws that make it potentially dangerous to use in a country targeting civil liberties.
Tor is a much better choice since it has better anti censorship and anti detection built in.
It should be noted that we are past the point of tor being able to provide true anonymity from nation state actors.
The threat vector for tor was always the exit nodes and now that we have the equipment to monitor it you ought to expect tor can also give you up.
Source?
The Tor foundation is constantly working to fight all sorts of attacks. Don’t buy into misinformation as there are many organizations who stand to benefit from people not using Tor.
Even if Tor was vulnerable like you say, I’m not sure what else you would use. Not using Tor is worse than using Tor. It is in the interest of the nation states for you to not use it which is while you see them promoting the idea that Tor is insecure.
The source is “this is a known weakness of tor and always has been”, there have been a number of white papers and conference talks on this over the years.
When tor was developed it was known what the weakness was. Mitigation is possible, but you can not certainly say 100% that tor will anonymize you, unfortunately.
The exit nodes being the weakness in tor has always been known, any actor capable of monitoring and capturing enough traffic on exit nodes can correlate it, at that point you have to track it.
Tor alone can not protect you, but it is a pretty significant tool. You need defense in depth if you intend to protect your identity.
I think you are overestimating the threat model. Nothing is ever fool proof but Tor does make it extremely difficult to actually identify someone. You are talking about a hypothetical attack vs something that is actually feasible to pull off. Tor is design so that there can be many compromised nodes without to much danger. Tor’s popularity as makes it hard to track individuals since there is a lot of traffic.
Hard disagree.
What flaws are you talking about?
Also, we know that a major problem with TOR is that LE/Intel agencies run their own nodes, and if you bounce through enough of them, or you got through a honeypot exit node, they can deanonymize you, this has happened before, and it probably happens more than is publically known.
That and if you run a node, and the US government finds out, and they don’t like you, they will shut it down, raid you.
Meanwhile, the multi-stage packet encryption and relay method of I2P makes it much more difficult to decrypt a packet and then also figure out which parts of which packet are going to who.
You really should consider the fact that there are parties who have a vested interest in making people doubt Tor. Tor is the best option we have by far and is currently far superior than i2p. It is designed to keep anonymity even with compromised nodes. Doing a deanonymizing attack is extremely hard and costly and only has a small chance of actually succeeding and that’s before the new crypto algorithm roles out which makes this kind if attack pretty much impossible. Nothing is perfect but Tor does a pretty good job. It also has some of the most robust censorship resistance tools available and works in Russia and Iran. They solved the denial of service issue with a proof of work system a while back so performance wise Tor is now much better.
Meanwhile I2p still has issues with its design which the developers acknowledge on the website. This isn’t meant to be hate against i2p but simply an analysis of the real world facts. I2p shouldn’t be used anywhere where anonymity is critical as it is vulnerable to attack due to some outstanding issues with its design. Even outside out deanonymity, i2p still has issues with denial of service attacks and it doesn’t have a simple solution for name resolution which is rather dangerous. I like it and concept and run my own node but I wouldn’t rely on it for survival. Building a p2p network is really really hard which is why Tor uses a more centralized approach.
If you want to look more into that, there’s a company called Holepunch that’s exploring a lot of that technology. But as a heads up they are funded by a crypto company.
I mean, I2P is a FOSS project, from its inception.
Frankly, I don’t a damn for any tech being developed by a private company of crypto bros, they’re all corrupt liars, beyond the possible exception of monero, who seem to actually be competent at security/privacy/anonymity, unlike literally all other crypto.
Sure but, connected to where?
a VPS, preferably one you pay for with crypto. You use the exit node feature, and you will be VPN’d to another network.
Then you’ve not solved anything because that IP is still unique to you.
i never said it was private. I just said that it will get you around the OSA shit.
What’s “OSA shit”?
online safety act
This. Tor is better.
TOR is great for privacy but obviously awful for daily use.
Why?
…have you ever used it?
