Jesus Christ, what the fuck is going on in the UK and the rest of Europe right now with this age verification nanny state shit?
If I ran a website that would be subject to these new regulations, do you know what I would do? I'd fucking IP ban all of the United Kingdom, not comply in advance with this fascist horseshit.
If there's one silver lining about this digital insanity going on right now, it's that governments and corporations are essentially forcing users underground, and the dark web (unindexed websites) has the potential to grow and thrive as a result. We might have an opportunity to take the internet back from those who are trying to tighten their grip around the free and unfettered flow of information.
It's a lot easier to do when people consolidate resources (cloudflare, aws, CDNs in general). I understand the need but now they have too much power to interfere in service.
Unless you're based in or have some kind of presence in those countries there's no reason to even ban them. Banning by geolocation isn't exactly trivial or reliable. Let them figure out a way to ban you instead.
Hm well Britain did try to fine 4chan. Amusing conceptually but it does mean they're not above picking on website owners for not complying with their rules, regardless of where they are based.
I feel like these anti-privacy legislations are less of a left vs right thing and more just that the government is always trying to strip citizens of their freedoms to give themselves more power and control.
Would Mullvad even legally need to comply with UK laws if they don't have a server in the UK? Maybe they could allow UK user but just not operate out of UK?
I'd take it a step further and say it's not even a use of a VPN at all. If you want to browse the web anonymously a VPN doesn't provide that guarantee: it only affects your source IP, which most services probably understand is unreliable for tracking purposes anyway.
Even for changing your IP to aid in being anonymous on the web, TOR is the network layer tool to use, because you will have a much wider range of source IPs than the single one you'll get from the VPN, but there is still so much work to do to "browse the web anonymously".
I think a lot of people don't understand VPNs. They're great privacy tools if you don't trust the local network or your ISP, as all traffic is typically encrypted and headed for the same server, but being anonymous on the web is way more involved because you are much more than your IP address.
Btw I'm not replying here thinking you don't understand all that; just expanding on the conversation
Yeah, and the second you log into your account on a website, you’re already identified. VPNs are great privacy tools, but they’re not a one-stop solution for anonymity.
First: VPNs are also used by businesses to allow access for remote workers and sites to the company's internal network. In fact, this used to be their most common use and maybe still is.
Second: what's stopping a foreign VPN provider from offering a VPN service to UK customers without forcing them to identify themselves? If such a company doesn't have UK owners, workers or assets all that the UK authorities could do to enforce a court judgement against them is force British ISPs to block the IP addresses of that provider's VPN servers, which would easilly turn into an a whack-a-mole situation, more so if VPS providers started selling "easy personal VPN server setup" facilities for their virtual personal servers which would make that an insane whack-a-mole situation.
The "VPN server on a rented VPS" situation could easilly turn trully insane to try to block - there are A LOT of VPS providers outside the UK selling pretty cheap services good enough to run a personal VPN server and even without the VPS providers leaning into it by providing an out-of-the-box option (and merelly supporting Turnkey Linux images means having two linux server images that work as VPN servers out of the box), step by step instruction of how to make it work with normal server distros will soon emerge and become common knowledge amongst Britons with even just basic technical skills.
In summary, the UK is a pigmy trying to look like a giant when it comes to how much their laws will influence foreign VPN providers in a market which is pretty competitive and were there is no one dominant market participant which can be pressured to have an implementation "for UK customers only", and even if they found a way to enforce that law on all foreign VPN providers, that's not enough at a technical level to stop people altogether from having access to no-authentication VPN service since anybody can rent a VPS anywhere and run their own VPN server in it.
I agree that technically, this is almost impossible to implement. To begin with, traffic can be tunneled through a variety of protocols. I used to evade my school's filtering by tunneling over https, which was a form of VPN for the purposes of this discussion. It would be a game of whack-a-mole at best in order to identify 'rogue' VPN traffic out of the giant pile of normal encrypted sessions. Duration, maybe, but then the VPN software could just establish a new session to a new endpoint every random amount of time; VPNs become more expensive and slower, but don't go away.
Outlawing encrypted traffic altogether would break so much of the internet that it will never happen.
I'm a little tin-foil-hat about this right now, but I think this could be an anti-worker policy at least as much as it is anti-privacy. We keep talking about how all companies are using VPNs. What if this is being pushed to force all remote workers give up their privacy as a way to urge people back into offices. Company XYZ says, "You can still work remote, but the law says you'll have to do a biometric scan of your face every time/week/month in order to use the VPN."
And if companies get exempted somehow... then I've got a great idea for a new startup:
"EnVeePee is a company which pays literally nothing to our contractors, and we expect them to be online for hours a day working really hard for us. We also expect them to contribute to the monthly pizza party."
There's plenty of ways age checking could be decoupled from identity checking, and I find it extremely suspicious that the proponents of these laws aren't promoting them.
There's lots of cryptographic type approaches where the entity validating you is air-gapped from the entity certifying your age.
But if you don't trust them it's not hard to figure out a scratchcard system where for, say, £1 cash your local newsagent checks your ID and lets you pick a card that you scratch off to get a code that you can then use to obtain a cryptographic token online signed by a recognized CA. Neither the newsagent nor the card issuer have any way of tying you to that code, and if you don't like the idea of using the same token on multiple sites you can always buy more. Of course you'd also have the option of obtaining codes online, but there's something I think people would find reassuring about the existence of a visible physical gap.
In my country if you want to buy booze online, you verify your age by logging into this id check service the banks have set up. The bank will only send if the buyer is 18+ or not to the store. So no identification data is send to the store not even the actual age.
Yeah thats why theyre now pushing tmfor verification to allow use of VPNs. Im not techy enough to know how this could actually be enforced, but if they pull it off using a VPN to gain access to a VPN sounds tricky.
What does that have to do with this discussion? If you can bypass this EU system, you can also bypass the less private British one. No reason to push the less private one unless age verification is not your true goal.
You want to ask what does the existence of a widely accepted privacy-preserving solution, while the government is pushing a privacy-destroying one, have to do with the original comment of "the people pushing it being suspicious"? Now you are just trolling.
Jesus fuck, I'm so tired of this "everyone who disagrees with me or I don't understand is 'trolling'" nonsense. I can't even be bothered to discuss anything further. Goodbye.
You could do it with an offline AI model and Python. You download, firewall it, it checks your image and shits out signed text message of your approximate age range and the time.
I don't understand. The proposed legislation would force ID verification for Mullvad users. You're still a Mullvad user, regardless of whether you connect through your VPS.
The first hop would go from "my UK client machine" -> "my VPN server elsewhere" which would impede Mullvad from automatically recognize you as a UK customer because that "server elsewhere" wouldn't have a UK IP address.
The second, Mullvad, hop would go from "my VPN server elsewhere" -> "some other IP maybe in yet another country"
As long as you didn't pay with a UK payment system (so, use a crypto currency or send them money in an envelope), due to that first hop Mullvad would have no way to know you are British and thus no legal obligation to treat you as such.
However a "my server elsewhere" also needs to be paid for. Further, all connections from that server would always be yours since you would be the single user of that server. Adding a Mullvad hop after that adds the anonymization of, for the rest of the Internet, your stuff being just one amongst many connections from many Mullvad clients coming from that server, plus Mullvad is probably much better at anonymizing stuff that "random techie setting up their own a VPN server on a VPS", plus if you pay Mullvad using an anonymous payment system, they themselves have no idea who you are if they were ever legally forced to disclose it.
That first hop gives Mullvad plausible deniability about serving a UK customer without ID, whilst the second hop gives you a stronger anonymity than you would get if your entrance point into the internet was a single-user server you owner or rented.
Mullvad also accepts anonymous cash payments, good luck with identifying me as a mullvad user with only an envelope, a target address,an account id which isn't tied to a name and 10 bucks in it.
The Tor foundation is constantly working to fight all sorts of attacks. Don't buy into misinformation as there are many organizations who stand to benefit from people not using Tor.
Even if Tor was vulnerable like you say, I'm not sure what else you would use. Not using Tor is worse than using Tor. It is in the interest of the nation states for you to not use it which is while you see them promoting the idea that Tor is insecure.
The source is “this is a known weakness of tor and always has been”, there have been a number of white papers and conference talks on this over the years.
When tor was developed it was known what the weakness was. Mitigation is possible, but you can not certainly say 100% that tor will anonymize you, unfortunately.
The exit nodes being the weakness in tor has always been known, any actor capable of monitoring and capturing enough traffic on exit nodes can correlate it, at that point you have to track it.
Tor alone can not protect you, but it is a pretty significant tool. You need defense in depth if you intend to protect your identity.
I think you are overestimating the threat model. Nothing is ever fool proof but Tor does make it extremely difficult to actually identify someone. You are talking about a hypothetical attack vs something that is actually feasible to pull off. Tor is design so that there can be many compromised nodes without to much danger. Tor's popularity as makes it hard to track individuals since there is a lot of traffic.
Also, we know that a major problem with TOR is that LE/Intel agencies run their own nodes, and if you bounce through enough of them, or you got through a honeypot exit node, they can deanonymize you, this has happened before, and it probably happens more than is publically known.
That and if you run a node, and the US government finds out, and they don't like you, they will shut it down, raid you.
Meanwhile, the multi-stage packet encryption and relay method of I2P makes it much more difficult to decrypt a packet and then also figure out which parts of which packet are going to who.
You really should consider the fact that there are parties who have a vested interest in making people doubt Tor. Tor is the best option we have by far and is currently far superior than i2p. It is designed to keep anonymity even with compromised nodes. Doing a deanonymizing attack is extremely hard and costly and only has a small chance of actually succeeding and that's before the new crypto algorithm roles out which makes this kind if attack pretty much impossible. Nothing is perfect but Tor does a pretty good job. It also has some of the most robust censorship resistance tools available and works in Russia and Iran. They solved the denial of service issue with a proof of work system a while back so performance wise Tor is now much better.
Meanwhile I2p still has issues with its design which the developers acknowledge on the website. This isn't meant to be hate against i2p but simply an analysis of the real world facts. I2p shouldn't be used anywhere where anonymity is critical as it is vulnerable to attack due to some outstanding issues with its design. Even outside out deanonymity, i2p still has issues with denial of service attacks and it doesn't have a simple solution for name resolution which is rather dangerous. I like it and concept and run my own node but I wouldn't rely on it for survival. Building a p2p network is really really hard which is why Tor uses a more centralized approach.
If you want to look more into that, there's a company called Holepunch that's exploring a lot of that technology. But as a heads up they are funded by a crypto company.
I mean, I2P is a FOSS project, from its inception.
Frankly, I don't a damn for any tech being developed by a private company of crypto bros, they're all corrupt liars, beyond the possible exception of monero, who seem to actually be competent at security/privacy/anonymity, unlike literally all other crypto.
I've always wondered why we aren't buying/hacking info about politicians that support anti-privacy legislation from these databrokers and leaking it to the public. If I had the knowledge that's what I'd be doing. I can't think of anything that would be more effective.
Cameras everwhere they are and following them everywhere, always on recording of their means of communication, all free to access by anybody at any time.
How should this be enforced? Mullvad doesn't even know where the customers are from (if they pay anonymosly), so they can't check if the legislation applies to a specific customer.
Also (and I'm not trying to legitimate such law projects), age verification without identity leak is possible. The government needs to distribute a ZK proof system linked to ID cards which creates a signed proof including "holder of the ID is over/under 18" and a service-dependend pseudonym (to prevent repeating the proof for other users).
I don't think it's intended to be enforced very well, just to 'boil the frog' so to say. Either that or incompetence & not realising it won't work.
Even if it passes and isn't enforced well it'll legitimise more surveillance & identity checks. It'll probably be terrible for privacy on people who aren't as tech literate to avoid it.
This is pretty much it. Someone will google "what's the best VPN" and get an AI generated answer that leads them to some bigger service that adheres to identification laws. That'll filter most regular users.
In order to make it easier for the CGHQ to track and watch every single civilian in the UK all the time, the UK Governement is de facto creating a generation of Britons trained to evade such surveillance, something which wasn't happenning in the previous "less than perfect but still good enough" surveillance system.
To comply, mullvad would just display "service not available in your country" page to IP addresses from UK ISPs (on a page with a footer that reminds users that they have a Tor Onion Address and accept permissionless cryptocurrency payments)
Or mullvad could ignore it, since they are a Swedish company.
You could probably make a pretty good run at it from GEO IP databases and ICAN blocks. It wouldn't be something the government is good at, but they could hire security contractors to put up somewhat effective barriers for people. Trying to enforce the rest of the world to do that for them is more complicated.
There are tons of ways to do age verification without leaking, if you had something opensource that digests something from an id and just signs a message in realtime that the user is of age, but there's a lot of room there for espionage. you REALLY need to be able to trust those apps.
It's not just age verification: the identity-verifying document's image is kept on servers for future use. Theoretically by governments verifying, practically so that everyone's identity can be highjacked in a leak.
Adult verification is simply determining a single bit: is this person an adult or not? We have had zero-knowledge proof for ages: if the government really wanted to determine this single bit, it could do so without jeopardizing everyone's privacy and online security.
I wonder if in the future we'll get to know exactly who pressed the digital freedoms crackdown button on the summer of 2025. Things were going backwards already before then but the sudden acceleration is curious and concerning to me.
It's to move to a risk management based society. Look at the sociology behind all of this and you would see a counter example. this was already being accelerated the first step was facial recognition years ago. Surveillance states are defaults in risk management societies. In a nutshell if we treat everyone like a criminal then its only a matter of time before we catch someone is their consciousness going forward.
Australia pressed it, as a result of parents who have genuine concerns about social media addiction in kids (but who aren't willing to do anything about it themselves).
And there's also this which explains why the implementation is the most annoying way possible. If I had my way age-verification would be solely tied to the addictive features of social media, but if that were the case the big tech companies would just lose users and wouldn't be able to insert themselves as an age-verification middle-man.
I wasn't meaning age verification in particular, Google deciding to mandate developer registration for Android apps and Samsung removing to option to unlock the bootloader on their phones also happened last summer
That's going to be a crazy policy to try and enforce. Reminds me of the US attempt to ban sports gambling online but only domestically. That just prompted people to make accounts overseas.
As usual, the governmental response is to increase the surveillance state and punish the end users, without addressing the incentive to create or distribute illicit content. They're just feeding a sprawling black market which... may be the intent. Black markets are notoriously unregulated and far easier to manipulate/gouge/swindle people over.
Orwell was a British police officer in Myanmar, crushing independence movements and worker organizations, during the early parts of his career.
He wrote these books from lived experience. As propaganda tools to antagonize against the USSR, they were brilliant expressions of the very Doublespeak his most famous book coined. Using fear of the foreigner to rally people into the Two Minute Hate sessions he ostensibly pillared.
Next step will be a country wide captive portal where you need to log in with your digital id just to get on the Internet at all. We should all start looking into decentralized network infrastructure like a wifi&lora meshnet or community run satellite connection. There already is a network stack with an active community that allows that called reticulum. It can be incorporated into the existing infrastructure of meshtastic, i2p, wifi meshnets etc.
We should all start looking into decentralized network infrastructure like a wifi&lora meshnet or community run satellite connection.
As usual, its a great idea. But it requires the kind of coordinated effort and extensive financial commitment that anarchist movements never seem able to muster. The great thing about the IEFT was that it set universal standards for connection and communication. Community run meshnets and one-off local groups end up with a plethora of competing standards and very insular bespoke networks.
I've played with local meshnets before and what I tend to find lacks the general utility of a standard ISP (trying connecting to your bank or your office VPN from a daisy chained local internet hub) with a few hobbyists who come and go as the mood strikes them.
It's very much a "you get what you pay for" situation. Without a real professional organization guaranteeing service, you're at the whim of someone else's hobby setup.
China does that shit with any social media or any Chinese file hosting website. You are required to link your real identity so they know who to go after
Nobody stops you from renting a VPS outside the UK and setting up your own VPN server there.
If you get a provider that supports Turnkey Linux, you can literally just directly choose an OS image for it that makes that VPN out-of-the-box an OpenVPN server or a Wireguard server.
Gonna say the thing: IDGAF if kids see porn online. I'd far prefer children explore pornography and learn what they are and are not comfortable with; rather than risk being exploited by less-naive children or adults. Open access to porn is the harm reduction. They are images on a screen.
Let's not pretend that today's adults never saw porn growing up. I, a Gen Z kid, saw porn at young ages. There are reasons I am "off" in the head but none of them have to do with porn; and many of them have to do from forces who, among other things, push the purity culture narrative. This is the exact same over-dramatic messaging as the USA's War on Drugs or its "Satanic Panic"—both of which source from purity culture and both of which have harmed significantly more kids than what they hoped regulate.
Is this actually possible to enforce? To stay with the example of Mullvad, you could still send an envelope full of cash over to Sweden to add time to your account (or create a new one).
They could literally just put resources into modern parental controls and better parenting. But this is about anonymity and data collection databases for their AI partners.
Even if an ID was verified without storing any data, how would they know if people were reusing the same ID or if someone else was accessing the account? ID verification isn't the solution. But punishing negligent parents will incentivize them to do their job and watch what their kids do online
Let's assume the UK (and others) take a fully-fascist approach and try to squash VPNs within their jurisdiction. What would they have to do to achieve this, and is it practical? The way I see it, they'd have to...
keep track the IPs of any VPN entry node (to update blocklists, see step 2)
have them blocked (e.g. by using mandatory DNS filtering, probably applied at the ISP level)
make sure people do not just switch to DNS servers not under their / the ISPs' control.
Can somebody chime in and check my reasoning? The way I see it, this will hold off non-technical folks, but to make it absolutely waterproof would be quite hard and require a game of constant whack-a-mole, wouldn't it?
1 & 2 contradict. You're suggesting blocking the IP addresses of known VPNs (which is what they would have to do if they wanted this to work in the slightest). DNS blocking (which is something they've made ISPs do in the past) is pretty pointless, since you can resolve the IP address of a host multiple different ways (like switch DNS server, use a custom downloadable hosts file...)
They'd tell the ISPs they need to block traffic to VPNs, and then fine them if they let traffic through, shifting the responsibility to the ISP.
It's like a slippery slope of stupid. If they wanted kids to not see porn, or social media, they could have mandated ISPs, mobile operators and Apple / Google implement parental controls on < 18 accounts and provide parental control software for family accounts. Adults or families who did not explicitly opt in to this law would be fully exempt from it.
They tried to bring in digital ID and that failed. This will fail too in so many ways. Privacy is a human right and privacy from a Government is the ultimate human right.
The UK is winning some and losing others, prosecute pedophiles but also creating a police state in the island. The surveillance level there rivals China. The internet is less free every passing year that we allow illiterate politicians decide for the people. The complete disregard of our privacy just because they don't understand the nature of the internet or technology is astonishing, at best, and that's giving them the benefit of the doubt that this is not plain out government overreach on the private citizens lives.
Honestly I'm not opposed to age restriction, so long as its only ever accomplished using zero knowledge proofs of some kind. Or just without revealing identity. But they've made it pretty clear with the systems they have implemented already nearly everyone is either incompetent or the goal is survelence all along.
There's also a petition to stop that bit "Do not ban children from using virtual private networks". I'm pesamistic about its chance of it succeeding but after the shinanigins around digital ID, who knows?
Slightly unrelated but the other day I discovered tor browser was being blocked on NHS wifi I could only connect with a bridge. The internet in this country makes me depressed now.
Parents can already control which websites their kids visit by using parental control software, basically every porn website which complies with these identity verification laws uses it. https://rtalabel.net/page.php?content=parents
Restricting these safe websites makes users switch to other, freely accessible, and often less moderated sites.
Exactly, even increasing education on parental controls or legal requirements for that would be better if they actually cared about the children. I think the goal is actually just surveilence.
Slightly more conspiratorially, I think the goal might be to do just that: push users to more unsafe options, then use that to justify more crackdowns.
Yeah but imagine trying to explain to your 15yo kid that you're not going to let them interact with their friends on facebook or whatever because reasons.
The people creating a moral panic about protecting the children only took action against a paedophile when information came to light that he may have leaked secret government information to his paedophile buddy.
Not the child sex crimes.
When they do something about the child sex traffickers in power, then they we talk about protecting the children on the internet.
Honestly I'm not opposed to age restriction, so long as its only ever accomplished using zero knowledge proofs of some kind. Or just without revealing identity.
Restriction of a class is the restriction of all. Laws like this shouldn't be marked by shallow legal lines, this is yet again a play on discrimination.
Its widely agreed that many activities are not safe or healthy for kids, or probably anyone. The current people in power have convinced us that bad behavior should be enforced completely backwards, making the victim the criminal:
It's not the poor casino operator's fault that a devious adolescent animal tricked them into letting them gamble, it was that damn tricky kid's fault!
Its not the upstanding businessman running the meat packing plant's fault all these durn illegals keep fooling him into hiring them for $4/hour, its their fault for taking the job!
Its not the fault of the fine young man just following his natural urges that a girl got stalked and raped, it was her slutty clothes and lewd behavior that got her what she really wanted!
See what I mean? Many of our laws, including those to "save the kids" are always looking for ways to pin the wrong on the person being exploited, not the one doing the exploiting.
The problem with age restriction laws, even if implemented in a way that protects privacy, is that I don't trust the state to decide what is adult content.
No idea why you are getting down voted. Zero knowledge verification for age would be great. You could also do zero knowledge verification for being a real person to distinguish people from bots.
Because the underlying concept is so terrible and guaranteed to have bad results as it is inherently 'think of the children' bullshit. The entire premise is flawed.
Are you saying that the underlying concept of zero knowledge ID verification is terrible? If so, how do you mean?
There are multiple published ways to do so cryptographically, some of which have been mathematically proven to work, so conceptually the idea is sound. There are also other potential uses for it beyond just making sure kids don't watch porn, so even if you disagree with that type of censorship, as many here do, the concept of it is not terrible itself.
Is there maybe something else I didn't think of that you feel makes it terrible?
No, I am saying the underlying concept that people should be expected or required to prove their age or who they are on the internet for access is bullshit. How that is proven doesn't matter, because it will always escalate and any credentials can just be used by someone else anyway.
For example, how would any kind of proof work on a computer without a camera or other means of identifying who is using it at a point in time? I have zero plans to ever add a camera to my desktop PC. If I have to go through hoops like I did to get a stupid IRS account that ended up with a fucking video call on my phone to prove it was me creating the account anywhere else I won't bother. If they want me to use that ID to do things, then anything I can do is easily tracked.
Self identification for all internet activity is the wet dream of tech bros, and fascists, and other authoritarians. I would much rather kids stumble across porn because they clicked 'yes I am an adult' than give more power to the pedos running the system.
Jesus Christ, what the fuck is going on in the UK and the rest of Europe right now with this age verification nanny state shit?
If I ran a website that would be subject to these new regulations, do you know what I would do? I'd fucking IP ban all of the United Kingdom, not comply in advance with this fascist horseshit.
If there's one silver lining about this digital insanity going on right now, it's that governments and corporations are essentially forcing users underground, and the dark web (unindexed websites) has the potential to grow and thrive as a result. We might have an opportunity to take the internet back from those who are trying to tighten their grip around the free and unfettered flow of information.
A lot of websites have already done that. A lot of image hosting sites. If I forget to turn the VPN on my feed looks about 30% like this
It's a lot easier to do when people consolidate resources (cloudflare, aws, CDNs in general). I understand the need but now they have too much power to interfere in service.
They have to fast track the mandatory ID laws now because the Epstein files is rapidly making people realize what their true intentions are
Unless you're based in or have some kind of presence in those countries there's no reason to even ban them. Banning by geolocation isn't exactly trivial or reliable. Let them figure out a way to ban you instead.
Hm well Britain did try to fine 4chan. Amusing conceptually but it does mean they're not above picking on website owners for not complying with their rules, regardless of where they are based.
The deepstate is real. Its Right here cumming for your porn.
To get a little more serious about it look into Who is buying our media outlets and who is buying our financial outlets (visa/mastercard).
This is almost always being pushed by a rightwing cult. Sorry "thinktank".
I feel like these anti-privacy legislations are less of a left vs right thing and more just that the government is always trying to strip citizens of their freedoms to give themselves more power and control.
newspapers owned by foreign billionaires and shitty childrens authors that give epstein tickets to her play for children
Did not know that latter bit! Not like she's enjoyed any positive sentiment from me for a long ass time, but damn! Gross!
Would Mullvad even legally need to comply with UK laws if they don't have a server in the UK? Maybe they could allow UK user but just not operate out of UK?
So...what's the point in even using a VPN, if you have to identify yourself just to use it? The whole point is to browse the web anonymously.
It's not the only use. VPNs can be used to access local servers remotely, for example your jobs server while WFH.
I'd take it a step further and say it's not even a use of a VPN at all. If you want to browse the web anonymously a VPN doesn't provide that guarantee: it only affects your source IP, which most services probably understand is unreliable for tracking purposes anyway.
Even for changing your IP to aid in being anonymous on the web, TOR is the network layer tool to use, because you will have a much wider range of source IPs than the single one you'll get from the VPN, but there is still so much work to do to "browse the web anonymously".
I think a lot of people don't understand VPNs. They're great privacy tools if you don't trust the local network or your ISP, as all traffic is typically encrypted and headed for the same server, but being anonymous on the web is way more involved because you are much more than your IP address.
Btw I'm not replying here thinking you don't understand all that; just expanding on the conversation
Yeah, and the second you log into your account on a website, you’re already identified. VPNs are great privacy tools, but they’re not a one-stop solution for anonymity.
Would you mind going a little more into depth about the aspects of anonymity other than masking the IP address you think people are unaware of?
First: VPNs are also used by businesses to allow access for remote workers and sites to the company's internal network. In fact, this used to be their most common use and maybe still is.
Second: what's stopping a foreign VPN provider from offering a VPN service to UK customers without forcing them to identify themselves? If such a company doesn't have UK owners, workers or assets all that the UK authorities could do to enforce a court judgement against them is force British ISPs to block the IP addresses of that provider's VPN servers, which would easilly turn into an a whack-a-mole situation, more so if VPS providers started selling "easy personal VPN server setup" facilities for their virtual personal servers which would make that an insane whack-a-mole situation.
The "VPN server on a rented VPS" situation could easilly turn trully insane to try to block - there are A LOT of VPS providers outside the UK selling pretty cheap services good enough to run a personal VPN server and even without the VPS providers leaning into it by providing an out-of-the-box option (and merelly supporting Turnkey Linux images means having two linux server images that work as VPN servers out of the box), step by step instruction of how to make it work with normal server distros will soon emerge and become common knowledge amongst Britons with even just basic technical skills.
In summary, the UK is a pigmy trying to look like a giant when it comes to how much their laws will influence foreign VPN providers in a market which is pretty competitive and were there is no one dominant market participant which can be pressured to have an implementation "for UK customers only", and even if they found a way to enforce that law on all foreign VPN providers, that's not enough at a technical level to stop people altogether from having access to no-authentication VPN service since anybody can rent a VPS anywhere and run their own VPN server in it.
I agree that technically, this is almost impossible to implement. To begin with, traffic can be tunneled through a variety of protocols. I used to evade my school's filtering by tunneling over https, which was a form of VPN for the purposes of this discussion. It would be a game of whack-a-mole at best in order to identify 'rogue' VPN traffic out of the giant pile of normal encrypted sessions. Duration, maybe, but then the VPN software could just establish a new session to a new endpoint every random amount of time; VPNs become more expensive and slower, but don't go away.
Outlawing encrypted traffic altogether would break so much of the internet that it will never happen.
I'm a little tin-foil-hat about this right now, but I think this could be an anti-worker policy at least as much as it is anti-privacy. We keep talking about how all companies are using VPNs. What if this is being pushed to force all remote workers give up their privacy as a way to urge people back into offices. Company XYZ says, "You can still work remote, but the law says you'll have to do a biometric scan of your face every time/week/month in order to use the VPN."
And if companies get exempted somehow... then I've got a great idea for a new startup: "EnVeePee is a company which pays literally nothing to our contractors, and we expect them to be online for hours a day working really hard for us. We also expect them to contribute to the monthly pizza party."
Not necessarily. I would argue the primary intent of commercial VPNs is to obscure web traffic data from your ISP.
Having to identify doesn't mean they can see inside the tunnel or that your VPN IP can be traced back to you.
I don't use a VPN for anonymity, I use it for privacy.
There's plenty of ways age checking could be decoupled from identity checking, and I find it extremely suspicious that the proponents of these laws aren't promoting them.
Any examples?
There's lots of cryptographic type approaches where the entity validating you is air-gapped from the entity certifying your age.
But if you don't trust them it's not hard to figure out a scratchcard system where for, say, £1 cash your local newsagent checks your ID and lets you pick a card that you scratch off to get a code that you can then use to obtain a cryptographic token online signed by a recognized CA. Neither the newsagent nor the card issuer have any way of tying you to that code, and if you don't like the idea of using the same token on multiple sites you can always buy more. Of course you'd also have the option of obtaining codes online, but there's something I think people would find reassuring about the existence of a visible physical gap.
In my country if you want to buy booze online, you verify your age by logging into this id check service the banks have set up. The bank will only send if the buyer is 18+ or not to the store. So no identification data is send to the store not even the actual age.
You'd have to rely on your country's banks not relaying all info anyway, pinky promise, but it's an interesting model.
Banks know your age anyways, so it stops the system from sucking more than it already does
Not necessarily the best approach but a widely and officially recognized one:
https://digital-strategy.ec.europa.eu/en/policies/eu-age-verification
People are using VPNs to circumvent identity verification, so this solves nothing.
Yeah thats why theyre now pushing tmfor verification to allow use of VPNs. Im not techy enough to know how this could actually be enforced, but if they pull it off using a VPN to gain access to a VPN sounds tricky.
What does that have to do with this discussion? If you can bypass this EU system, you can also bypass the less private British one. No reason to push the less private one unless age verification is not your true goal.
I could ask you the same question.
You want to ask what does the existence of a widely accepted privacy-preserving solution, while the government is pushing a privacy-destroying one, have to do with the original comment of "the people pushing it being suspicious"? Now you are just trolling.
Jesus fuck, I'm so tired of this "everyone who disagrees with me or I don't understand is 'trolling'" nonsense. I can't even be bothered to discuss anything further. Goodbye.
You could do it with an offline AI model and Python. You download, firewall it, it checks your image and shits out signed text message of your approximate age range and the time.
Age verification laws are just an excuse to kill anonymity on the internet.
if people are technically inclined, a service like Tailscale can be used to circumvent things like the online safety act. with the exit nodes.
or just roll your own vpn
Roll up your own vpn? Where the server is in your name? Or your home IP?
yeah, it’s not even close to being anonymous, but at least you will get out of the OSA bullshit
Just use your server to connect to Mullvad
Why not just connect directly?
No need for age verification to connect to your own server + mullvad obfuscating your identity afterwards
I don't understand. The proposed legislation would force ID verification for Mullvad users. You're still a Mullvad user, regardless of whether you connect through your VPS.
The first hop would go from "my UK client machine" -> "my VPN server elsewhere" which would impede Mullvad from automatically recognize you as a UK customer because that "server elsewhere" wouldn't have a UK IP address.
The second, Mullvad, hop would go from "my VPN server elsewhere" -> "some other IP maybe in yet another country"
As long as you didn't pay with a UK payment system (so, use a crypto currency or send them money in an envelope), due to that first hop Mullvad would have no way to know you are British and thus no legal obligation to treat you as such.
However a "my server elsewhere" also needs to be paid for. Further, all connections from that server would always be yours since you would be the single user of that server. Adding a Mullvad hop after that adds the anonymization of, for the rest of the Internet, your stuff being just one amongst many connections from many Mullvad clients coming from that server, plus Mullvad is probably much better at anonymizing stuff that "random techie setting up their own a VPN server on a VPS", plus if you pay Mullvad using an anonymous payment system, they themselves have no idea who you are if they were ever legally forced to disclose it.
That first hop gives Mullvad plausible deniability about serving a UK customer without ID, whilst the second hop gives you a stronger anonymity than you would get if your entrance point into the internet was a single-user server you owner or rented.
Mullvad also accepts anonymous cash payments, good luck with identifying me as a mullvad user with only an envelope, a target address,an account id which isn't tied to a name and 10 bucks in it.
I2P.
Essentially, what if the entire internet worked kinda like how torrents do, and was also anonymized and E2EE?
Well, it would be pretty slow, but it would also be extremely distributed and difficult to censor/disrupt.
Basically, everyone on I2P is a micro-relay for everyone else.
I2p has some flaws that make it potentially dangerous to use in a country targeting civil liberties.
Tor is a much better choice since it has better anti censorship and anti detection built in.
It should be noted that we are past the point of tor being able to provide true anonymity from nation state actors.
The threat vector for tor was always the exit nodes and now that we have the equipment to monitor it you ought to expect tor can also give you up.
Source?
The Tor foundation is constantly working to fight all sorts of attacks. Don't buy into misinformation as there are many organizations who stand to benefit from people not using Tor.
Even if Tor was vulnerable like you say, I'm not sure what else you would use. Not using Tor is worse than using Tor. It is in the interest of the nation states for you to not use it which is while you see them promoting the idea that Tor is insecure.
The source is “this is a known weakness of tor and always has been”, there have been a number of white papers and conference talks on this over the years.
When tor was developed it was known what the weakness was. Mitigation is possible, but you can not certainly say 100% that tor will anonymize you, unfortunately.
The exit nodes being the weakness in tor has always been known, any actor capable of monitoring and capturing enough traffic on exit nodes can correlate it, at that point you have to track it.
Tor alone can not protect you, but it is a pretty significant tool. You need defense in depth if you intend to protect your identity.
I think you are overestimating the threat model. Nothing is ever fool proof but Tor does make it extremely difficult to actually identify someone. You are talking about a hypothetical attack vs something that is actually feasible to pull off. Tor is design so that there can be many compromised nodes without to much danger. Tor's popularity as makes it hard to track individuals since there is a lot of traffic.
Hard disagree.
What flaws are you talking about?
Also, we know that a major problem with TOR is that LE/Intel agencies run their own nodes, and if you bounce through enough of them, or you got through a honeypot exit node, they can deanonymize you, this has happened before, and it probably happens more than is publically known.
That and if you run a node, and the US government finds out, and they don't like you, they will shut it down, raid you.
Meanwhile, the multi-stage packet encryption and relay method of I2P makes it much more difficult to decrypt a packet and then also figure out which parts of which packet are going to who.
You really should consider the fact that there are parties who have a vested interest in making people doubt Tor. Tor is the best option we have by far and is currently far superior than i2p. It is designed to keep anonymity even with compromised nodes. Doing a deanonymizing attack is extremely hard and costly and only has a small chance of actually succeeding and that's before the new crypto algorithm roles out which makes this kind if attack pretty much impossible. Nothing is perfect but Tor does a pretty good job. It also has some of the most robust censorship resistance tools available and works in Russia and Iran. They solved the denial of service issue with a proof of work system a while back so performance wise Tor is now much better.
Meanwhile I2p still has issues with its design which the developers acknowledge on the website. This isn't meant to be hate against i2p but simply an analysis of the real world facts. I2p shouldn't be used anywhere where anonymity is critical as it is vulnerable to attack due to some outstanding issues with its design. Even outside out deanonymity, i2p still has issues with denial of service attacks and it doesn't have a simple solution for name resolution which is rather dangerous. I like it and concept and run my own node but I wouldn't rely on it for survival. Building a p2p network is really really hard which is why Tor uses a more centralized approach.
If you want to look more into that, there's a company called Holepunch that's exploring a lot of that technology. But as a heads up they are funded by a crypto company.
I mean, I2P is a FOSS project, from its inception.
Frankly, I don't a damn for any tech being developed by a private company of crypto bros, they're all corrupt liars, beyond the possible exception of monero, who seem to actually be competent at security/privacy/anonymity, unlike literally all other crypto.
Sure but, connected to where?
a VPS, preferably one you pay for with crypto. You use the exit node feature, and you will be VPN'd to another network.
Then you've not solved anything because that IP is still unique to you.
i never said it was private. I just said that it will get you around the OSA shit.
What's "OSA shit"?
online safety act
This. Tor is better.
TOR is great for privacy but obviously awful for daily use.
Why?
...have you ever used it?
Every politician proposing such rules must first make their browsing history public, it should go both ways right?
I've always wondered why we aren't buying/hacking info about politicians that support anti-privacy legislation from these databrokers and leaking it to the public. If I had the knowledge that's what I'd be doing. I can't think of anything that would be more effective.
Cameras everwhere they are and following them everywhere, always on recording of their means of communication, all free to access by anybody at any time.
Surely those politicians "have nothing to hide"?
is this a VPN?
Oi, you got a loicense for that session?
The law applies to providers, not to users iirc
Good luck suing German tor exit nodes. Or the tor project, which is used by the intelligence agencies in the UK and backed-up by the US military
a-yup
so is tor, i2p, snowflake
Performance wise it isn't going to be great. I'm not sure about censorship resistance.
really? i use it all the time and i find the latency just fine
How should this be enforced? Mullvad doesn't even know where the customers are from (if they pay anonymosly), so they can't check if the legislation applies to a specific customer.
Also (and I'm not trying to legitimate such law projects), age verification without identity leak is possible. The government needs to distribute a ZK proof system linked to ID cards which creates a signed proof including "holder of the ID is over/under 18" and a service-dependend pseudonym (to prevent repeating the proof for other users).
I don't think it's intended to be enforced very well, just to 'boil the frog' so to say. Either that or incompetence & not realising it won't work.
Even if it passes and isn't enforced well it'll legitimise more surveillance & identity checks. It'll probably be terrible for privacy on people who aren't as tech literate to avoid it.
This is pretty much it. Someone will google "what's the best VPN" and get an AI generated answer that leads them to some bigger service that adheres to identification laws. That'll filter most regular users.
The good news is that the youth will find all sorts of ways to bypass it
In order to make it easier for the CGHQ to track and watch every single civilian in the UK all the time, the UK Governement is de facto creating a generation of Britons trained to evade such surveillance, something which wasn't happenning in the previous "less than perfect but still good enough" surveillance system.
geoip.
To comply, mullvad would just display "service not available in your country" page to IP addresses from UK ISPs (on a page with a footer that reminds users that they have a Tor Onion Address and accept permissionless cryptocurrency payments)
Or mullvad could ignore it, since they are a Swedish company.
You could probably make a pretty good run at it from GEO IP databases and ICAN blocks. It wouldn't be something the government is good at, but they could hire security contractors to put up somewhat effective barriers for people. Trying to enforce the rest of the world to do that for them is more complicated.
There are tons of ways to do age verification without leaking, if you had something opensource that digests something from an id and just signs a message in realtime that the user is of age, but there's a lot of room there for espionage. you REALLY need to be able to trust those apps.
It's not just age verification: the identity-verifying document's image is kept on servers for future use. Theoretically by governments verifying, practically so that everyone's identity can be highjacked in a leak.
Adult verification is simply determining a single bit: is this person an adult or not? We have had zero-knowledge proof for ages: if the government really wanted to determine this single bit, it could do so without jeopardizing everyone's privacy and online security.
I wonder if in the future we'll get to know exactly who pressed the digital freedoms crackdown button on the summer of 2025. Things were going backwards already before then but the sudden acceleration is curious and concerning to me.
It's to move to a risk management based society. Look at the sociology behind all of this and you would see a counter example. this was already being accelerated the first step was facial recognition years ago. Surveillance states are defaults in risk management societies. In a nutshell if we treat everyone like a criminal then its only a matter of time before we catch someone is their consciousness going forward.
Guilty until proven innocent.
Australia pressed it, as a result of parents who have genuine concerns about social media addiction in kids (but who aren't willing to do anything about it themselves).
And there's also this which explains why the implementation is the most annoying way possible. If I had my way age-verification would be solely tied to the addictive features of social media, but if that were the case the big tech companies would just lose users and wouldn't be able to insert themselves as an age-verification middle-man.
I wasn't meaning age verification in particular, Google deciding to mandate developer registration for Android apps and Samsung removing to option to unlock the bootloader on their phones also happened last summer
Regardless, my reply does explain why age verification on the internet is becoming a thing.
When do we just start killing politicians?
46 years ago. Start with Reagan.
maybe if hinckley wasn't a complete failure
That's going to be a crazy policy to try and enforce. Reminds me of the US attempt to ban sports gambling online but only domestically. That just prompted people to make accounts overseas.
As usual, the governmental response is to increase the surveillance state and punish the end users, without addressing the incentive to create or distribute illicit content. They're just feeding a sprawling black market which... may be the intent. Black markets are notoriously unregulated and far easier to manipulate/gouge/swindle people over.
Just goes to show governments still don't understand technology.
Rent a cloud server somewhere and create a tunnel to it, done.
Rent a cloud server and create a financial paper trail
Monero
SHUM. Should Have Used Monero. OG Privacy Coin since 2014.
I honestly still can't wrap my brain around that. How is this not being used for all the money laundering?
More and more places are blocking known server hosts for origins. Used to just be reddit.
I like how this is the same country that brought us 1984
Orwell was a British police officer in Myanmar, crushing independence movements and worker organizations, during the early parts of his career.
He wrote these books from lived experience. As propaganda tools to antagonize against the USSR, they were brilliant expressions of the very Doublespeak his most famous book coined. Using fear of the foreigner to rally people into the Two Minute Hate sessions he ostensibly pillared.
Many scholars would say that country was Burma
Full Circle
Gotta punish the peasants for daring to look into the private life of the pedophiles.
Have you considered how you use the internet and don't spend enough money to be a greater sin? You should.
Next step will be a country wide captive portal where you need to log in with your digital id just to get on the Internet at all. We should all start looking into decentralized network infrastructure like a wifi&lora meshnet or community run satellite connection. There already is a network stack with an active community that allows that called reticulum. It can be incorporated into the existing infrastructure of meshtastic, i2p, wifi meshnets etc.
Next step would be to make owning such devices illegal :(
You wouldn't have one if you weren't a pedophile. Simple. Banned forever.
As usual, its a great idea. But it requires the kind of coordinated effort and extensive financial commitment that anarchist movements never seem able to muster. The great thing about the IEFT was that it set universal standards for connection and communication. Community run meshnets and one-off local groups end up with a plethora of competing standards and very insular bespoke networks.
I've played with local meshnets before and what I tend to find lacks the general utility of a standard ISP (trying connecting to your bank or your office VPN from a daisy chained local internet hub) with a few hobbyists who come and go as the mood strikes them.
It's very much a "you get what you pay for" situation. Without a real professional organization guaranteeing service, you're at the whim of someone else's hobby setup.
Well cute but LoRa bands can't handle audio or above, so they're only really useful for off-grid stuff.
China does that shit with any social media or any Chinese file hosting website. You are required to link your real identity so they know who to go after
So could I VPN out of the UK to circumvent the VPN verification step?
As long as you age verify yourself to use your VPN, you're good to go.
Nobody stops you from renting a VPS outside the UK and setting up your own VPN server there.
If you get a provider that supports Turnkey Linux, you can literally just directly choose an OS image for it that makes that VPN out-of-the-box an OpenVPN server or a Wireguard server.
This would make you your own VPN provider.
I wish I understood that. I just use proton and hit connect.
Yes. This is what people will do, I expect.
Gonna say the thing: IDGAF if kids see porn online. I'd far prefer children explore pornography and learn what they are and are not comfortable with; rather than risk being exploited by less-naive children or adults. Open access to porn is the harm reduction. They are images on a screen.
Let's not pretend that today's adults never saw porn growing up. I, a Gen Z kid, saw porn at young ages. There are reasons I am "off" in the head but none of them have to do with porn; and many of them have to do from forces who, among other things, push the purity culture narrative. This is the exact same over-dramatic messaging as the USA's War on Drugs or its "Satanic Panic"—both of which source from purity culture and both of which have harmed significantly more kids than what they hoped regulate.
I think we all know what happens to declining empires, but is anyone clear on whether that's supposed to happen to their vassals too?
Chaos. Historically, lots of murder from the ruling class as they consolidate local power.
Is this actually possible to enforce? To stay with the example of Mullvad, you could still send an envelope full of cash over to Sweden to add time to your account (or create a new one).
they also accept crypto I believe
Guess the number of tor users in the UK is about to explode
I wonder how many MPs and Lords use VPNs. It would be a shame if someone leaked which MPs and Lords were regularly using VPNs.
Fortunately all the good VPN providers have onion services and accept monero
Please present your ID to make use of Tor.
Not possible.
I mean it is, I could create a service that provided access to Tor via a VPN, but it would remove 99% of the reason you might want to use Tor.
No, it's not possible. China his been trying to block tor for decades. It's literally designed to bypass such fuckery
If I were you I'd have a look at what Russia and Iran have been doing w.r.t. whitelists recently.
It may be tricky to block tor if you're using a blacklisting strategy. But I imagine it's fairly easy to block if you use a whitelisting strategy.
They could literally just put resources into modern parental controls and better parenting. But this is about anonymity and data collection databases for their AI partners.
Even if an ID was verified without storing any data, how would they know if people were reusing the same ID or if someone else was accessing the account? ID verification isn't the solution. But punishing negligent parents will incentivize them to do their job and watch what their kids do online
UK is a joke, what is going on over there
Let's assume the UK (and others) take a fully-fascist approach and try to squash VPNs within their jurisdiction. What would they have to do to achieve this, and is it practical? The way I see it, they'd have to...
Can somebody chime in and check my reasoning? The way I see it, this will hold off non-technical folks, but to make it absolutely waterproof would be quite hard and require a game of constant whack-a-mole, wouldn't it?
1 & 2 contradict. You're suggesting blocking the IP addresses of known VPNs (which is what they would have to do if they wanted this to work in the slightest). DNS blocking (which is something they've made ISPs do in the past) is pretty pointless, since you can resolve the IP address of a host multiple different ways (like switch DNS server, use a custom downloadable hosts file...)
They'd tell the ISPs they need to block traffic to VPNs, and then fine them if they let traffic through, shifting the responsibility to the ISP.
It's like a slippery slope of stupid. If they wanted kids to not see porn, or social media, they could have mandated ISPs, mobile operators and Apple / Google implement parental controls on < 18 accounts and provide parental control software for family accounts. Adults or families who did not explicitly opt in to this law would be fully exempt from it.
This was always the logic next step to these campaigns. Sighhhh
How is the uk even a real country at this point
They tried to bring in digital ID and that failed. This will fail too in so many ways. Privacy is a human right and privacy from a Government is the ultimate human right.
These people are idiots
There will always be ways, we always find ways
Another step towards Airstrip 1
The UK is winning some and losing others, prosecute pedophiles but also creating a police state in the island. The surveillance level there rivals China. The internet is less free every passing year that we allow illiterate politicians decide for the people. The complete disregard of our privacy just because they don't understand the nature of the internet or technology is astonishing, at best, and that's giving them the benefit of the doubt that this is not plain out government overreach on the private citizens lives.
Honestly I'm not opposed to age restriction, so long as its only ever accomplished using zero knowledge proofs of some kind. Or just without revealing identity. But they've made it pretty clear with the systems they have implemented already nearly everyone is either incompetent or the goal is survelence all along.
The bill is the "Children’s Wellbeing and Schools Bill" here and this is the amendment they're talking about: https://bills.parliament.uk/bills/3909/stages/20215/amendments/10027478
There's also a petition to stop that bit "Do not ban children from using virtual private networks". I'm pesamistic about its chance of it succeeding but after the shinanigins around digital ID, who knows?
Slightly unrelated but the other day I discovered tor browser was being blocked on NHS wifi I could only connect with a bridge. The internet in this country makes me depressed now.
Parents can already control which websites their kids visit by using parental control software, basically every porn website which complies with these identity verification laws uses it. https://rtalabel.net/page.php?content=parents Restricting these safe websites makes users switch to other, freely accessible, and often less moderated sites.
Imma be real, the average kid used to know more about tech than the average parent. Nowadays it might be different.
Exactly, even increasing education on parental controls or legal requirements for that would be better if they actually cared about the children. I think the goal is actually just surveilence.
Slightly more conspiratorially, I think the goal might be to do just that: push users to more unsafe options, then use that to justify more crackdowns.
Yeah but imagine trying to explain to your 15yo kid that you're not going to let them interact with their friends on facebook or whatever because reasons.
Mine aren’t on Facebook. They can use iMessage and Signal. It’s not the end of the world. They read books and talk to their friends in meatspace.
The people creating a moral panic about protecting the children only took action against a paedophile when information came to light that he may have leaked secret government information to his paedophile buddy.
Not the child sex crimes.
When they do something about the child sex traffickers in power, then they we talk about protecting the children on the internet.
Restriction of a class is the restriction of all. Laws like this shouldn't be marked by shallow legal lines, this is yet again a play on discrimination.
Bro wants 10 year olds in online casinos and dating apps.
That's not what he's saying at all!
Its widely agreed that many activities are not safe or healthy for kids, or probably anyone. The current people in power have convinced us that bad behavior should be enforced completely backwards, making the victim the criminal:
See what I mean? Many of our laws, including those to "save the kids" are always looking for ways to pin the wrong on the person being exploited, not the one doing the exploiting.
The problem with age restriction laws, even if implemented in a way that protects privacy, is that I don't trust the state to decide what is adult content.
No idea why you are getting down voted. Zero knowledge verification for age would be great. You could also do zero knowledge verification for being a real person to distinguish people from bots.
Because the underlying concept is so terrible and guaranteed to have bad results as it is inherently 'think of the children' bullshit. The entire premise is flawed.
Are you saying that the underlying concept of zero knowledge ID verification is terrible? If so, how do you mean?
There are multiple published ways to do so cryptographically, some of which have been mathematically proven to work, so conceptually the idea is sound. There are also other potential uses for it beyond just making sure kids don't watch porn, so even if you disagree with that type of censorship, as many here do, the concept of it is not terrible itself.
Is there maybe something else I didn't think of that you feel makes it terrible?
No, I am saying the underlying concept that people should be expected or required to prove their age or who they are on the internet for access is bullshit. How that is proven doesn't matter, because it will always escalate and any credentials can just be used by someone else anyway.
For example, how would any kind of proof work on a computer without a camera or other means of identifying who is using it at a point in time? I have zero plans to ever add a camera to my desktop PC. If I have to go through hoops like I did to get a stupid IRS account that ended up with a fucking video call on my phone to prove it was me creating the account anywhere else I won't bother. If they want me to use that ID to do things, then anything I can do is easily tracked.
Self identification for all internet activity is the wet dream of tech bros, and fascists, and other authoritarians. I would much rather kids stumble across porn because they clicked 'yes I am an adult' than give more power to the pedos running the system.