I've been waiting for this for some time. It's an obvious loophole in the current rules.
So how long will we have to wait before it dawns on them that VPNs are also used to circumvent IP address blocks in the UK, and other countries of course.
So lemme guess - in order to prove one's age, one needs to obtain a digital ID and use said ID to gain access to the internet thereby creating a perfect system to monitor one's internet activity.
Gotta hand it to them - "protecting the children" is a pretty good pretext.
To protect children we must install malware on their computers! Let's just hope those authorities don't use malware to peep on them through webcams ... Again
or look at their personal data
or use behavior analytics to target minority groups as
"risks" sending law enforcement to harass or kill them.
or store all their personal data on a 3rd party companies insecure servers
You have to start surveillance young, get them used to it early so they don't realize how bad it is!
This is one of dozens of amendments proposed by members, so it's more accurate to say "three members of the House of Lords attempting to ban the use of VPNs".
Blacklists are an inherently terrible, rights infringing approach to this sort of issue vs whitelists. It would be a lot better if the internet by default was simply considered 18+ (or 16+ or whatever a country wants). Instead, the tld system could be easily used to have age based domains where anyone who wanted one had to meet some set of requirements for content standards, accountability and content vetting, didn't allow user contributed content at all without review or whatever was needed.
At that point all the technical components exist to make this an ultra easy UI for parents. Require ISP WiFi routers at least to support VLANs and PPSKs, which ultra cheap gear can do nowadays no problem, and have an easy to GUI to "generate child password, restrict to [age bracket]", heck to even just put in a birthday and by default have it auto-increment access if a parent wants. Add some easy options for time-of-day restrictions etc, done. Now parents are in charge and no adult needs anything ever.
Now I highly doubt politicians are all being honest about full motivations here, clearly there are plenty of forces trying to use this issue as a wedge to go after rights in general. But at the same time parental concern is real, and non-technical people find it overwhelming. It'd be good if industries and community could proactively offer a working solution, that'd reduce the political salience a great deal. It's unfortunate the entire narrative has been allowed to go 100% backwards in approach.
It's so organic and grass roots and good for democracy™ that every single Western country suddenly decided that eliminating privacy online in lockstep was the top priority despite none of the ruling parties running on it as a platform or with any meaningful referendums from the voting public. But to what end?
I'm relatively confident this was the entire end goal of the Online Safety Act. Get the (relatively) easy law passed, then "oh no platforms are only requiring this for UK-based IPs and there are too many VPNs/proxies, I guess we need to de-anonymize everyone".
This is a clearly terrible idea. It's clear to us, at least, not to them. As is on the public record, there are three proponents behind this amendment. They and their contact details are:
LORD NASH [Tory, contactholmember@parliament.uk]
BARONESS CASS [Crossbench / 'independent', rivisn@parliament.uk ("staff")]
BARONESS BENJAMIN [Liberal Democrat - which particularly disappoints me – benjaminf@parliament.uk]
If you're reading this website and are either living in the UK or are a British citizen I strongly urge you to write a personalised and above all polite email stating with evidence why they are misguided. The "think of the children" brigade is strong – you may well be able to persuade these individuals why it is a bad idea.
On a related note, they built their digital ID so that third parties could verify attributes (it's NOT just a single-service login across government + a linking ID across government services, which is how it was sold by the BBC).
They're pretty close to completely de-anonymising the internet for UK citizens. Say they introduce an Australian-style social media ban for under 16s, then requires all social media to link their accounts to digital IDs for this verification.
Naturally the only remaining loophole is if a UK citizen manages to avoid being flagged as British ever by using a VPN, so I expect they will focus on that going forwards. Keep in mind the UK already arrests and imprisons vast numbers of people for speech offences, there's no slippery-slope argument here because the UK is already at the bottom of the slope as an ultra-authoratitarian anti-speech nation.
The way this, and various other proposals/actions in other countries, are all popping up at the same time, seemingly independently though obviously not, has to be one of the biggest warning signs of trouble in my lifetime. Not helped by various European states deciding they want national service again all of a sudden.
Our governments have turned into the very thing they claimed to be opposing for decades. It's disgraceful.
It's also worth stating that the worst part of that proposed amendment [1] isn't even necessarily the VPN ban, it's the next clause, on page 20:
"The “CSAM requirement” is that any relevant device supplied for use in the UK
must have installed tamper-proof system software which is highly effective at
preventing the recording, transmitting (by any means, including livestreaming)
and viewing of CSAM using that device."
"Regulations under subsection (1) must enable the Secretary of State, by further
regulations, to expand the definition of ‘relevant devices’ to include other
categories of device which may be used to record, transmit or view CSAM"
Law never had anything to do with reason, but this is one more law that mandates an unreachable goal. This will trigger an untold amount of brain-rotten despotism.
Apple tried to do it in a way where nobody would see your personal data until they had multiple confirmed matches against known CSAM - and even then a human would check the results before involving any law enforcement.
But the internet had one of their Misunderstanding Olympics and now we're here again - with an even shittier solution, being formed into actual law.
The modern societies run via those devices and the enforcement will move to the mostly free Internet that was "a long time ago, when it didn't matter as much".
I know what you're thinking: these restrictions are easy to work around. But don't worry, we can just layer more restrictions on top. Eventually the children will be safe! The government just needs to...
- require proof of age (ID) to install apps from unofficial sources on your phone or PC. Probably best to block this at both the OS and also popular VPN downloading sites like github.com and debian.org.
- require proof of age (ID) to unblock DNS provider IP addresses like 8.8.8.8 and 1.1.1.1 at your ISP.
- make sure children aren't using any other "privacy" tools that might be a slippery slope to installing a VPN.
This makes it so much easier for the parents too! The internet will be so safe that they won't even need to talk to their children about internet safety.
As someone fully supportive of the social media ban for Australian kids, I think As someone fully supportive of the social media ban for Australian kids, I think we need to teach UK kids to vibecode their own VPNs with OSS models at this point so they can save what's left of their future civil liberties.
We all know where this is going, they're going to ban the one mathematical tool we have that gives us control over machines, encryption.
63 comments
[ 3.1 ms ] story [ 73.4 ms ] threadSo how long will we have to wait before it dawns on them that VPNs are also used to circumvent IP address blocks in the UK, and other countries of course.
Gotta hand it to them - "protecting the children" is a pretty good pretext.
or look at their personal data
or use behavior analytics to target minority groups as "risks" sending law enforcement to harass or kill them.
or store all their personal data on a 3rd party companies insecure servers
You have to start surveillance young, get them used to it early so they don't realize how bad it is!
At that point all the technical components exist to make this an ultra easy UI for parents. Require ISP WiFi routers at least to support VLANs and PPSKs, which ultra cheap gear can do nowadays no problem, and have an easy to GUI to "generate child password, restrict to [age bracket]", heck to even just put in a birthday and by default have it auto-increment access if a parent wants. Add some easy options for time-of-day restrictions etc, done. Now parents are in charge and no adult needs anything ever.
Now I highly doubt politicians are all being honest about full motivations here, clearly there are plenty of forces trying to use this issue as a wedge to go after rights in general. But at the same time parental concern is real, and non-technical people find it overwhelming. It'd be good if industries and community could proactively offer a working solution, that'd reduce the political salience a great deal. It's unfortunate the entire narrative has been allowed to go 100% backwards in approach.
(That is, none at all)
LORD NASH [Tory, contactholmember@parliament.uk] BARONESS CASS [Crossbench / 'independent', rivisn@parliament.uk ("staff")] BARONESS BENJAMIN [Liberal Democrat - which particularly disappoints me – benjaminf@parliament.uk]
All three can be contacted by sending an email to contactholmember@parliament.uk using the proper form of address as detailed in https://members.parliament.uk/member/4270/contact
If you're reading this website and are either living in the UK or are a British citizen I strongly urge you to write a personalised and above all polite email stating with evidence why they are misguided. The "think of the children" brigade is strong – you may well be able to persuade these individuals why it is a bad idea.
They're pretty close to completely de-anonymising the internet for UK citizens. Say they introduce an Australian-style social media ban for under 16s, then requires all social media to link their accounts to digital IDs for this verification.
Naturally the only remaining loophole is if a UK citizen manages to avoid being flagged as British ever by using a VPN, so I expect they will focus on that going forwards. Keep in mind the UK already arrests and imprisons vast numbers of people for speech offences, there's no slippery-slope argument here because the UK is already at the bottom of the slope as an ultra-authoratitarian anti-speech nation.
Our governments have turned into the very thing they claimed to be opposing for decades. It's disgraceful.
"The “CSAM requirement” is that any relevant device supplied for use in the UK must have installed tamper-proof system software which is highly effective at preventing the recording, transmitting (by any means, including livestreaming) and viewing of CSAM using that device."
"Regulations under subsection (1) must enable the Secretary of State, by further regulations, to expand the definition of ‘relevant devices’ to include other categories of device which may be used to record, transmit or view CSAM"
Apple, what did you start?
[1] https://bills.parliament.uk/publications/63901/documents/746...
Apple tried to do it in a way where nobody would see your personal data until they had multiple confirmed matches against known CSAM - and even then a human would check the results before involving any law enforcement.
But the internet had one of their Misunderstanding Olympics and now we're here again - with an even shittier solution, being formed into actual law.
The modern societies run via those devices and the enforcement will move to the mostly free Internet that was "a long time ago, when it didn't matter as much".
What the heck media are these folks consuming to have such a warped view of this country?
- require proof of age (ID) to install apps from unofficial sources on your phone or PC. Probably best to block this at both the OS and also popular VPN downloading sites like github.com and debian.org.
- require proof of age (ID) to unblock DNS provider IP addresses like 8.8.8.8 and 1.1.1.1 at your ISP.
- make sure children aren't using any other "privacy" tools that might be a slippery slope to installing a VPN.
This makes it so much easier for the parents too! The internet will be so safe that they won't even need to talk to their children about internet safety.
We all know where this is going, they're going to ban the one mathematical tool we have that gives us control over machines, encryption.