Papart

The UK government spyware demand means that the government decides exactly what should be censored on every mobile device. They say they will start with nude pictures (if you don’t identify yourself as an adult). But it could at any time be expanded to anything the government disapproves of. Today, 30 people are arrested every day in the United Kingdom for writing something online that the government classifies as "grossly offensive". It is obvious that they will use this tool to restrict free speech. Currently, there appears to be no requirement to report findings outside the device. However, with both legal and technological decision-making power taken away from individuals and transferred to the government, that is only a pen stroke away. This means that the government could also use this system for total mass surveillance. And they can do so in secret. The government recently, in secret, tried to pressure Apple (which is now agreeing to client-side scanning) to build backdoors into its end-to-end encrypted cloud service. They can do this under the Investigatory Powers Act 2016, also known as the "Snoopers' Charter" – a law that makes it illegal for tech companies to disclose secret demands from the government.

Is the UK on the verge of banning VPNs?   On May 26, the consultation intended to help the British government make decisions on age verification for websites, digital services, and social media platforms came to an end. Some form of restrictions regarding at least age limits for social media already appear inevitable; government officials have confirmed as much. The only question is what kind of restrictions will be imposed.   For example, the age verification restrictions could end up including VPN services. National restrictions for websites and social media can be bypassed using tools such as VPNs, virtual phone numbers, eSIM cards, Tor and dedicated services. It is therefore unsurprising that politicians have begun looking toward VPN services, which are the most common and accessible method of changing one’s geographic location.   In early 2026, the House of Lords sent an amendment(regarding the Children’s Wellbeing and Schools Bill) to the House of Commons, proposing an 18-year age limit for using VPN services. The House of Commons rejected the House of Lords amendment four separate times. However, the House of Commons instead introduced its own proposal, which was passed and has now become law. This agreement grants the government the power to introduce restrictions through secondary legislation, with only limited parliamentary scrutiny.   Unfortunately, the risk that the UK government will crack down on VPN services is real – effectively joining countries such as China and Russia in opposing VPN services. Officials have already hinted that they may consider introducing age restrictions for VPN usage under the slogan “No platform gets a free pass”.   If VPN services were to implement identity verification, this would mean collecting data that could be abused through either malice or incompetence. It would, for example, make such services risky for whistleblowers and activists, make it harder for journalists to work with sensitive information, and create a chilling effect on online debate (VPNs can help people post anonymously on social media). In a society like the UK, where 30 people are arrested every day for writing something online that authorities classify as “grossly offensive”, VPN services are an important tool for free speech.   If VPN providers were to impose an age limit on their service, this would also mean that underage users would effectively lose their right to online privacy. Ironically, one consequence would be that social media companies mapping people’s lives through third-party trackers on websites could continue monitoring young people’s online behavior via their IP addresses without any interference. In other words, politicians would remove one of the protections children have against the very companies they claim to want to protect children from.

So-called age verification for social media is spreading across the world, framed as an effort to create a safer internet for children. In reality, age verification lays the foundation for a fully controlled internet. The age verification rush must be slowed down, and politicians need to recognize the consequences of different types of legislation and systems. Age verification is the wrong approach to fix “the social media problem” The big tech social media companies are bad. Their business model is bad; it is based on mass surveillance and manipulation, and they cooperate with governments in mapping entire populations. But age verification is fundamentally the wrong approach to preventing children from using big tech social media platforms. Introducing age verification is based on coercion; the state forces social media companies to verify their users’ identities. But the big tech social media platforms already know which of their users are children. Their business model depends on knowing this. They know how old users are, and they know exactly what type of person they are. As age verification is based on coercion, politicians could instead force platforms to stop doing the things politicians consider harmful to children, or force them to block children (again, they know who they are) from using their services. But instead, politicians seek to massively invade everyone’s privacy and undermine democratic rights on a global scale. In other words, the latter is the real objective – they do not want to protect children; they want to impose control. Slippery slope of age verification It is undeniable that age verification threatens freedom of expression, risks increasing mass surveillance, and is likely to lead to censorship. It will not only shrink the online world and reduce young people’s right to privacy (for example, if VPN services were to be restricted); but also risks becoming a significant step toward a controlled internet for everyone. Most age verification is identity verification Most countries are now considering introducing age verification systems, meaning that everyone would have to identify themselves either to the service/website they want to use or to a third party capable of linking them to their activity on that service or website. This is not age verification but identity verification, and the consequence is therefore that freedom of information is restricted (you can no longer visit regulated websites anonymously) and that you can no longer post anonymously on social media. This is a major problem in countries like the UK and Germany where the police conduct raids on people’s homes for posting content on social media that the authorities dislike. Or in the United States, where authorities are trying to pressure tech companies into revealing the identities behind accounts protesting ICE. Social media identity verification removes important tools for activists in countries where criticizing those in power is dangerous. Restrictions on app store or operating system level Some countries are looking to impose identity verification at the app store level or even within the operating system itself. This is an exciting experiment, since this is possible to circumvent using open-source operating systems. Some countries are already looking to include open-source systems. Since open-source systems cannot be controlled, politicians would ultimately need to ban devices that are not controlled by the state. The end point: telescreens like those in Orwell’s 1984, devices that both monitor you and broadcast only the information approved by the state. The Zero-Knowledge Proof (ZKP) alternative and the EU The EU has presented its own age verification app as “completely anonymous”. The idea is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is currently designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time. Read more on our site. https://t.co/wTVKHMS1zg

The EU age verification app is presented as “completely anonymous”. But the risk is that member states (the countries are supposed to create their own versions of the open-source EU app) use it to introduce identity verification that makes it impossible to post anonymously on social media. The idea behind “completely anonymous” is to use Zero-Knowledge Proof (ZKP) cryptography to break the link between the age credential issuer (EU governments) and the regulated services/sites. Currently, the EU app does not have ZKP functionality, contrasting Ursula von der Leyen’s claim that the app ”is technically ready to be used”. But more importantly, the app is designed to always function without ZKP technology; if ZKP is unavailable, the app falls back to a non-ZKP model. Even if fully developed ZKP technology could be implemented in the future, it would remain an optional extra feature that countries may choose to disable and that the EU could remove at any time. This means that the EU could decide at any time that ZKP may no longer be used, and in one stroke the app would fall back to its default mode, meaning that every post on social media carries an ID tag. By that point, an infrastructure will already have been rolled out; people will have gotten used to it, and it will be harder to roll it back. More details on https://t.co/wTVKHMS1zg

South Carolina just passed a law requiring platforms to estimate your age every 100 hours of use, or any time they run their algorithms on you. 80% confidence minimum, $10k fine per wrong guess. The incentive is to collect more data about everyone, including kids. https://t.co/3L3DRHKu7h

The full text for HR 8250, the proposed Federal law which would require all Operating Systems to implement Age Verification, has just been made publicly available. It is short, poorly written, clearly not at all thought out, and almost entirely devoid of specifics. Some key points: - The bill does not specify how age verification would work at all. It states that the Federal Trade Commission would have 180 days to specify the exact mechanism and requirements for Age Verification within the Operating Systems. - The Federal Trade Commission would also specify data storage protection requirements as well as requirements for how the Operating System must provide access to collected user data. - This bill would apply to ALL Operating Systems. Everything from Windows to Linux to embedded systems. Yes, even to a smart refrigerator. The “Operating System” definition is incredibly broad. - The law will be considered in effect 1 year from the date it is enacted. - Violations of the law will be handled under the Federal Trade Commission Act. - It is given the “Short Title” of “Parents Decide Act”. https://t.co/u22o583kH2

A new national law has been introduced to require all Operating Systems to have mandatory Age Verification. House Resolution 8250 : “To require operating system providers to verify the age of any user of an operating system, and for other purposes.” The Federal bill was introduced by Rep. Josh Gottheimer, Democrat from New Jersey. And is co-sponsored by Elise M. Stefanik, Republican from New York. The full text of the bill has not yet been made publicly available (but is expected shortly). https://t.co/prqh6Y2bmc