Prominent backbench MP Sarah Champion launched a campaign against VPNs previously, saying: “My new clause 54 would require the Secretary of State to publish, within six months of the Bill’s passage, a report on the effect of VPN use on Ofcom’s ability to enforce the requirements under clause 112.
"If VPNs cause significant issues, the Government must identify those issues and find solutions, rather than avoiding difficult problems.” And the Labour Party said there were “gaps” in the bill that needed to be amended.
Just to fast-forward this dumb cat-and-mouse thing, the next step is people go back to torrenting their porn and deeper down the rabbit hole of garbage “free” websites skirting the rules.
As always, the UK is useful on the international stage because sometimes you need to be able to point at some idiot trying dumb stuff to explain to people why dumb stuff is dumb.
It does feel that way. UK bureaucracy is just one giant guinea pig stunting it’s own commonwealth.
Next someone will try enforcing paper umbrellas as a solution for climate action. We’ll all say, “That won’t work”. They’ll still do it; it won’t work. We’ll say, “We told you so”, and it won’t get reversed because they’re already aiming at the next foot to shoot.
There has to be a logical next step for the information age. Old school government is not fucking working, and we can all see it.
The fact that there aren’t large scale riots already is astounding.
UK Bureaucracy is just one giant guinea pig
He tries his best…
100% Brexit quickly shut up similar movements when people saw how badly it went
Now if only Trumpism would have shut down extremist right wing idiology globally.
Trumpism is still in progress, maybe…
It should have died when he tried to coup the US government after he lost the 2020 election.
Alberta seems to have missed that memo.
Damn Alberta; always trying to leave the EU.
I’m uninformed. What’s the reason for the porn ID thing? Is it just porn or more?
Surveillance due to paranoia due to all the shady shit they’re doing.
Neoliberal political class implementing fascist surveillance capitalism laws — masquerading as child protection — because they are owned by a fascist oligarchy.
It’s never about the children, it’s an excuse for surveillance capitalism.
Christian evangelists at the root of it all. 'nuff said.
Must protect the children
You know the old saying… The politicians don’t want children to be able to recognize a cunt.
If data is collected that can be used for blackmail, it will eventially be used for that purpose.
It’s probably true that a few anti-porn people exist somewhere in the world. It’s certainly true that fascists love adding in new tools to keep the general population from using the internet freely.
So the answer to your question is yes, and yes.
Then, we move to the socks proxy, or tor, or other options I haven’t even considered yet.
I am pretty sure they would consider tor as using a VPN.
Probably they would demand ISPs to run lists of known VPN addresses and if you connect to them, they will forward the information to the anti-terrorism unit and you will get SWATed.
If Russia, China, and Iran cannot stop tor usage, there’s no way the UK can do it.
I believe China can stop any kind of access at any time, they just choose to allow a certain percentage of folks to get through above a certain bar of sophistication and need.
Don’t the people in those countries use a proxy to access tor first? probably that means cycling through the proxies regularly as they become known. I have no doubt that it is impossible to prevent truly tech savvy people from access. Also Russia, Iran and China all run state sanctioned hackers, so the governments have a vested interest in allowing these groups to obscure where they are coming from.
But i am not sure how much that transpires to a broader public.
That’s what things like snowflake and bridges are for. Because, at least with snowflake, it just looks like a webRTC phone call. But it’s actually tor traffic. And snowflake proxies are ephemeral, since you can just run them in your browser and help anyone connect.
Their next strategy will be to keep a list of websites that are “government approved”, I’m afraid. Long live the Great UK Firewall!!
go back?
This kinda proves that it was never about the children. How many children have know how and the means to buy a VPN subscription?
A lot more than you know, I knew how to use it since middle school.
And if they don’t know they will use Reddit to find out how to access the sites:
https://reddit.adminforge.de/r/teenagers/comments/tv70x0/do_yall_know_a_good_vpn/?
Don’t underestimate kids.
All it takes is one big brother/sister that knows how to access a free or paid VPN and their 5 year old little sibling and all their friends will have it also. Despite the difficulty teaching them math or history, they DO learn very quickly and are fast to figure out new things that interest them.
Do you know what’s smarter and more talented the the UK government?
14, 402, 544 kids…
Were you never a child? I formatted my family pc and reinstalled windows xp in 5th grade, and used a proxy to circumvent the schools online filter in 7th grade.
Children are not as stupid as you seem to think
VPNs also accept many anonymous payment methods that happen to be easily accessible to children, like gift cards. And free VPNs exist
Where there is a will there is a way, I guess.
Still, a possible ban on VPNs affects way bigger group of business and adult users than the number of tech savvy kids.
Where should the line be drawn? How much rights should everyone have to give up so that little techie Billy can’t hack his way to see some titties?
I started using a VPN after my friends/classmates told me about them in my Sophomore year of HS, mostly to get around the Wifi banning us from accessing certain apps (social media). Now, like all the other dumb kids, I used whatever they recommended, which was some shitty “Free” VPN that was probably stalking my data. But by Senior year, I smartened up and learned about online privacy and got myself a Proton VPN subscription after using the free version for a bit.
So yeah, I could totally believe middle-school and up are using VPNs, cause that’s what we literally did.
Just needs a Union Jack on his hat and the wrapping paper and “UK” in place of “US” on the box.
the Government must identify those issues and find solutions, rather than avoiding difficult problems
The government: Parents have you tried being a parent to your children?
Parents: Oh lord no that’s too difficult can’t you just, I don’t know lol, ban it or something?
In my English textbook, ca. 2007 there was a comic of a child in a cage hanging outside the house. The father told the neighbor something like “This way they get out of the house, but stay off the streets.”
I think that hit quite well, what many consider parenting in the UK.
Those child cages were real. They would attach to a window similar to AC units today.
This government literally can’t afford to fuck about wasting money yet here they are. Proving they are imposters failing the country.
This ends with just another war on encryption.
When encryption is legal, they can’t know what is going on between two points. They going to make is so we can only have encryption to nodes they trust?
It is dangerously technologically illiterate to wage war on encryption.
Jokes on you, e2e encryption is already banned in some cases in the uk afaik. Hence apple dropping some cloud services
Easy enough to do when it’s mega corps. They don’t really care about anything but money. If everyone had self hosted services with e2e, be far harder. Encryption is everywhere now.
So they will go after the end points. Which again, is a battle they can’t win. All very Cory Doctorow’s “Unauthorized Bread”.
If you care about this stuff:
UK: https://action.openrightsgroup.org/make-one-donation US: https://www.eff.org/pages/donate-eff EU: https://my.fsfe.org/donate
There will be others too, those are just in my head’s cache.
Some how we need to get governments to listen to us serfs instead mega corps and authoritarian police/spooks.
The world they want is not only terrible for digital and political freedom, but competition, thus functioning markets. It’s terrible for making developers and makers instead of dumb consumers, which in turn, is terrible for technology and progress.
If I was black hatter I would be looking at these people like they just dropped a golden goose.
Best of luck with that, idiots. How are you planning to tell the difference between my personal VPN and my work VPN?
Next step: ban on remote work.
It’s not just remote work. All our manufacturing sites use to VPN connections data centres. It would cripple manufacturing on an epic scale if they were instabanned.
Well we just fire you, and the one you’re still using then must be your personal one!
He means, how is the government supposed to tell the difference between personal and work vpns.
he just answered your question. maybe read it again
Either just banning remote work or more realistically you’ll need a permit for running a vpn server. Permit pricing starting at 100k a year
How many small businesses can afford such permit? Hell, I’d argue that even bigger companies will have a problem paying for that.
Also, what if I just connect to a vps overseas and set my exit point there? Will they ban vps too? This is gonna be so much fun to see from the outside
How many small businesses can afford such permit? Hell, I’d argue that even bigger companies will have a problem paying for that.
Feature, not a bug.
They want people back in offices to help landlords and property prices. This way they can say that remote work is not banned and it’s just companies choosing not to buy a permit and offer it.
I work from office and i regularly use a vpn at work to connect remotely to devices that are not physically with me. Not to talk about companies that provide remote assistance and use them to connect to their customers devices.
Remote work is just a byproduct of vpns, but not the real reason why you use them at work.
You think given how well thought through this online safety act has been that they’ll understand that would be an issue and legislate accordingly?
Absolutely not, of course. I’m just hoping they try to enforce this so a shitstorm of proportions only seen in the brexit will ensue.
One thing we must acknowledge to these idiots is how much effort they put on showing the world the consequences of extremely stupid acts so the rest don’t have to do it.
how much effort they put on showing the world the consequences of extremely stupid acts so the rest don’t have to do it.
Kinda sucks to be the world’s policy alpha tester though.
VPN ban risks pushback from their billionaire masters. Multinational corporations don’t want to deal with anything that could hurt profits.
yes everything will be banned and binned. better dust off that carrier pigeon
If they outlaw VPNs then all internet-connected businesses will flee and everyone will just move to the dark net. Then you’ve got a whole other problem.
These ancient tyrants are in over their heads.
Selfishly, I think this is great for I2P/Snowflake/Tor. The incoming legitimate traffic helps to protect its most vulnerable users.
Honest question but what makes you think that would happen? Do most businesses use VPNs?
VPNs are one of the core security measures of all large companies.
VPNs aren’t just a “hide your IP” tool, they’re a way of giving someone access to an organisation’s internal network. Sensitive servers such as databases, wikis, scheduling tools etc don’t have publicly exposed IPs, they only have connections that are accessible from inside that VPN. See also https://en.wikipedia.org/wiki/Defense_in_depth_(computing)
Not only that, but they are crucial for network security. VPNs allow all network traffic (with a few necessary exceptions) to be routed through the company’s network and benefit from its security measures, mainly monitoring traffic for suspicious and malicious behaviour. Without it, finding compromised PCs is much harder and enforcing company policies regarding web use would be impossible outside the office.
I have never worked for a company that didn’t utilize VPNs.
I work in consulting. I have a VPN for my company and also for each client
Damn near every business uses VPN technology. They literally cannot exist in the modern world without it. It would be incredibly expensive and impractical to do without.
I have no less than 7 VPNs installed on my work laptop, and I work for one single company.
deleted by creator
The UK has long championed writing legislative checks that their emaciated state infrastructure can’t cash.
If they do outlaw it will likely be banned solely for non-business use for this reason alone.
If only I could start my own business….
That sounds a bit like fear mongering from Reform: a VPN is safety 101 when using public networks, and most businesses make use of VPNs to secure their data. They are also a key component if WFH (you use the company VPN).
If Labour are stupid enough to go after VPN usage, I suspect it would guarantee their loss at the next election.
Eh, I dunno. The vast majority have no idea what a VPN is. If a VPN ban benefits Rupert fucking Murdoch then the tabloids will wang on about how they’re used by paedophiles and people smugglers and that’ll be that.
It has always been the main aim of legislation like this to nobble VPNs, they just needed the “child” “violent pornography” etc. excuse to do so. UK government already monitors all of the internet traffic for the UK, except for MPs who are exempt, VPNs are a blocker for this.
Obviously, not even the UK government would expect a private VPN ban (work VPNs would likely need an Ofcom license) to stop everybody from using a VPN or suitable alternative, its not the aim. The aim is to stop the majority from doing so and criminalize the minority who do still bypass the block as it gives them the power to seize equipment, ask for your logins (its illegal punishable with jail time to not supply this in the UK), request ISP logs etc. to deep dive into your life.
Work VPN doesn’t look any different a porn VPN to the people tapping the line.
Yeah that’s the point of the license from Ofcom, to approve the endpoint address used for the VPN. Most work places don’t use some random IP address but a small pool of known DNS entries for their endpoint. Just because you are using a VPN doesn’t mean nobody can see which endpoint you using.
It would have been smarter for the UK to mandate that every ISP must provide a family filter for free as part of their service. Something that is optional and can be turned on or off by the account holder but allows parents to set filters (and curfews) if they want. They could even require that ISPs require new signups to affirm if they want it on or off by default so people with families are more likely to start with it enabled.
The problem is that content filters don’t work all that well in the age of https everywhere. I mean, you can block the pornhub.com domain, that’s fairly straightforward … but what about reddit.com which has porn content but also legitimately non-porn content. Or closer to home: any lemmy instance.
I think it would be better if politicians stopped pearl clutching and realized that porn perhaps isn’t the worst problem in the world. Tiktok and influencer brainrot, incel and manosphere stuff, rage baiting social media, etc. are all much worse things for the psyche of young people, and they’re doing exactly jack shit about that.
They know. The “think of the children” angle is just cover to enrage the tabloid readers and to be used as a straw man against anyone criticisng the law (“you’re a pedophile”). The real purpose is “let’s enumerate the IDs of everyone who uses the internet for anything we don’t like” and “let’s censor anything we don’t like starting with LGBTQ content”
That’s a problem is for ISPs and content providers to figure out. I don’t see why the government has to care other than laying out the ground rules - you must offer and implement a parental filter for people who want it for free as part of your service. If ISPs have to do deep packet inspection and proxy certs for protected devices / accounts then that’s what they’ll have to do.
As far as the government is concerned it’s not their problem. They’ve said what should happen and providing the choice without being assholes to people over 18 who are exercising their rights to use the internet as they see fit.
That’s a problem is for ISPs and content providers to figure out
No, there are very good technical reasons why this approach can’t work.
ISPs … deep packet inspection
There is no deep packet inspection on properly encrypted TLS connections. I know TLS termination and interception and recertifying with custom certificates is a thing, but even if it were feasible to implement this on millions of client computers that you don’t own, it is an absolutely god awful idea for a million reasons and much worse for privacy and security than the age-gate problem you’re trying to work around.
Actually it can be done and is being done. Software like Fortigate Firewall can do deep packet inspection on encrypted connections by replacing certs with their own and doing man in the middle inspection. It requires the browser has a root CA cert that trusts the certs issued by the proxy but that’s about it. Filtering software could onboard a new device where the root cert could be installed.
And if Fortigate can do it then any filtering software can too. e.g. a kid uses their filtered device to go to reddit.com, the filter software substitutes reddit’s cert for their own and proxies the connection. Then it looks at the paths to see if the kid is visiting an innocuous group or an 18+ group. So basic filtering rules could be:
- If domain is entirely blocked, just block it.
- If domain hosts mixed content, deep packet inspection & block if necessary
- If domain is innocuous allow it through
This is eminently possible for an ISP to implement and do so in a way that it ONLY happens when a user opts into it on a registered device while leaving everything open if they did not opt into it.
And like I said this is an ISP problem to figure out. The government could have set the rules and walked away. And as a solution it would be far more simple that requiring every website to implement age verification.
I know how it works, so spare me the explanation. It’s not that as easy as you make it out to be. OS and browser companies are actively fighthing “rogue” root CAs and making it harder and harder to use custom CAs, especially on mobile devices.
And for good reason, because by accepting a rogue root CA that’s not your own, you’re basically undermining the whole trust system that SSL is based on and surrendering all your online privacy and security to the government and your ISP. Whoever has control over that custom root CA has the keys to your online life.
Rolling such a system out countrywide is utter madness.
You obviously didn’t know how it works if I had to explain it was already possible. And I am not aware of any mobile device that prevents you installing a new root CA.
And it isn’t “madness”, it’s a completely workable way to offer filtering for people who want it for kids and have no filtering or censorship for anybody else. It is a vastly better option than onerously demanding adults provide their identity to random and potentially adult themed websites where they could be victims of identity theft or extortion
You obviously didn’t know how it works if I had to explain it was already possible.
If you read my comment properly, you’ll see that I wrote: “I know TLS termination and interception and recertifying with custom certificates is a thing”
And it isn’t “madness"
Yes it is. TLS interception should never be normalized because it breaks the chain of trust upon which TLS is based. It can be useful in some situations, like the fortigate firewall where you control the certificate, but ISPs nor the government should be trusted to wield this power over virtually the whole country. It is a very slippery slope.
I am not aware of any mobile device that prevents you installing a new root CA.
On Android, apps can’t install their own root CA. The user has to manually download it, then jump through a bunch of hoops and deeply nested menus to install it and in the process ignore all the scary warnings that their communication may be intercepted if they install and trust this certificate, and (at least on Pixel phones) they get a permanent warning in their notification tray that someone may be eavesdropping on them. Which is correct.
It is a vastly better option than onerously demanding adults provide their identity to random and potentially adult themed websites where they could be victims of identity theft or extortion
I’m strongly against government mandated age gates myself, but you’re objecting for the wrong reasons. You’re not providing your identity to the adult website. You’re providing it to the third party identity verifier, who then certifies to the adult website that you are an adult without passing on your actual identity. Keep this in mind when you’re arguing against it, because pro-age-gater puritans can use it to undermine your argument.
I object to it first and foremost on principle. I shouldn’t have to request permission from a third party or the government to do perfectly normal legal adult things in the privacy of my own home.
Secondly, there is still a privacy problem at the “identity verifier”. They may swear up and down that they do not store my identity data, but there is no way to prove that one way or another so I cannot trust that my data can’t be leaked through them.
Thirdly, when viewing adult content, I don’t want there to be any association between my real identity and the adult content whatsoever, even through a third party, and I don’t want there to be anything that uniquely identifies me.
Finally, I object to the (re)demonization of all things sexual in our societies. We seem to be backsliding into puritanism under the guise of protecting the children, while we’re doing nothing to protect them from real actually harmful online things that are damaging the younger generations beyond repair.
I have a Gen Z stepson, and all the ways in which he is fucked up by the online world (no attention span, permanent online-ness, no real world friends, always seeking instant gratification, unrealistic expectations about life, an overly materialistic worldview, plenty of manosphere bullshit, … ) have precious little do do with viewing porn.
The problem is that they’re not trying to protect kids. They’re trying to be like China where every user has to identify themselves so they can be tracked across the internet.
Crazy because every (isp provided) router I have used has these options. They probably aren’t 100% correct all the time, but it would be good enough for children (even though you shouldn’t rely soley on filters to replace watching your kid).
Exactly. This was turned on on my professional phone so that was always an option.
Damn. Labor really wants to lose that election to Farage. Good luck to Corbyn and Sultana, I guess.
“It has come to our attention that we haven’t fascismed hard enough, nor in sufficient detail”
Nothing will meaningfully improve until the rich fear for their lives
those two people who downvoted you can go eat a big bag of dicks.
Maybe if they see significant issues with the populace adhereing to this law they should identify the solution of revoking the unpopular law.
It’s the populace that is wrong, not the lawmakers /s
See: the 18th and 21st Amendments in the US (Prohibition).
Come on UK, just skip all the boring parts and make unremovable collars for everyone fitted with GPS, cameras and miniature bombs that can be remotely detonated. After all, that’s the only way to make sure nobody is doing bad, very bad illegal stuff and to PROTECT THE CHILDREN, isn’t it? Fucking hell, these fucks really are trying to create a bloody dystopia…
They think 1984 is a manual.
Oh, wait, no, that was about the evil communists.
“We will force you to do what we want”, democracy in action
