The goal of the legislation was to "stop children from accessing age inappropriate content" on the internet.
Ahead of the legislation it was known that there would be a significant proportion of individuals who would switch to using VPN's because without platform based verification it would be a pita for users (more logins, random age verification services, and some sites just deciding to block).
However, VPN's, come with their own minimum age 18 T&C's, as do the means of payment for those services (credit and debit).
So from the pov of "stop children from accessing age inappropriate content" similar result
Not perfect, but empirically this seems to be working well enough e.g. "New data shows no rise in children’s VPN use after the introduction of online age checks" (https://www.internetmatters.org/hub/research/data-shows-no-r...), i.e. the VPN traffic is largely adults.
As to other unintended consequences, such as making it more difficult for the authorities to snoop on their citizens, I doubt this effectively makes any difference whatsoever.
I have a VPN, self hosted, I had one because it was a way to keep my infra in one network for config management. I then extended it for skirting round giving my raw ID to some dogshit start who'll then either get hacked, or sell my details to someone nefarious.
If there had been a free, public and verifiable Age/ID service, that wasn't tied to advertising, then I might be more willing to hand over my ID. But because the VC whispered "freemarket" in the ears of the prick who designed this, we are stuck with the worst of all worlds. A non-secure way to prove ID, and a non-acceptable way to shield those that don't or cant consent, from harm.
I’m in the UK and have been using a self-hosted VPN for years, since the Investigatory Powers Act obliged ISPs to keep records of what you browse and gave public bodies warrantless access to those records (which I think on principle is entirely wrong).
Originally IKEv2 and more recently WireGuard, configured like so:
I did despite being quite resistant to the idea at first. Eventually I didn't have a choice, as many things I wanted to read were suddenly hidden. I am paranoid however and worry that the VPN maker is tracking me, but there is only so much I can be paranoid about in the day.
This is what I do, except into the UK so I can watch geo-blocked sports. Pure wireguard, nothing fancy. But that also means if anything were to go wrong or stop working I can just tear it down and set it up somewhere else.
I got a VPN in preparation for Australia's (even more draconian) "age verification" laws (those take effect in 4 days).
But what I'd really love (startup idea!?) is an app that let's you map websites to countries and it handles tunnelling that domain's traffic through the selected country's VPN.
For example, I'd like to view Reddit, YouTube, X, Facebook, Instagram and social media apps from a US IP (to avoid Australia's "age verification"), dailymail.co.uk from a UK IP (since it's blocked in Thailand), predication markets from a country that allows them, Imgur from a country that allows it, Spotify from any country so long as it's fixed (to avoid it randomly stopping mid workout with a 'your country has changed' notification).
Until something automated like this exists the current best solution is a VPN and manually switching countries when something you want isn't available from the current country, which isn't great UX.
Setting this up through your router / network infra is one possible path.
Another AU citizen here. I've been beefing up our home in prep for these laws too.
You can use policy based routing to send traffic through a few VPN egress points depending on either domain, or IP based country lookup. Most providers will let you keep simultaneous connections up. This then applies to all devices so streaming apps works well (e.g. for my partner to access her home country's public broadcaster) and any complexity remains hidden from others you live with. From there, a wireguard tunnel for personal devices back through home means you can keep these same paths active when mobile.
I'm looking forward to the level of networking and systems knowledge these laws will encourage across future generations.
I’ve seen people do this on the router level with a proxy, with imgur being the example - all other traffic just went as normal but imgur traffic was sent through a VPN.
However it was a very complicated setup with many parts and a home server so I would definitely like to see a proper app built around this that just handles everything for you.
After the article I set it up myself, it took me around a day I would say. It supports exactly what you're asking for, although it's not a comprehensive tutorial so you'll need to figure some things out on your own.
Full disclosure I ended up turning it off only 2 days later because it was causing too many issues with networking and I suck at networking-related things, but it was great while it was working. I plan on setting it up again in the near future.
I already had a VPN, because I live in the UK and do business in the US, and the easiest way to get websites to show local prices & shipping is a VPN. I think anyone that is involved with multiple countries needs one.
Localization was supposed to be a browser thing, using headers like Accept-Language, but alas.
For your own personal sake, you may be selfishly wishing it’s as few people as possible. Eventually they’ll outlaw VPNs too and by then you’ll have little recourse. You can’t hide behind them forever, deeper change is needed.
The western view of China’s Internet censorship often flies in the face of reality. A lot of people seem to think China has an impenetrable firewall.
Bypassing internet restrictions in mainland China is a normal part of life for people who want to access the western internet. China is able to censor the Internet effectively because Chinese people are most comfortable using apps that cater directly to Chinese people, through language and culture. The Chinese government has a lot of control over these companies because they’re based are located in China.
The English speaking west is so dependent on the U.S. internet that it is impossible to copy the Chinese model.
It’s a mistake to think you need to get everyone perfectly all the time to be effective. Stopping businesses from operating legally and having your population afraid of committing a crime does a lot of work by itself.
It’s only techies who think “if I can get around it, it’s not that big of a deal”. As long as you live in a society, how other people behave affects what you can do too.
Even those who are happy to break laws, don't generally do so perfectly.
Even nation states' pulling James Bond stunts don't do it perfectly.
Imperfect enforcement used to be the default even for petty crimes, before CCTV and finger prints and DNA tests and all the other forensics got cheap. The legal systems don't care if the methods are imperfect… and worse, they don't understand why we do, making it hard to explain to them the consequences of this kind of thing in our domain.
> For your own personal sake, you may be selfishly wishing it’s as few people as possible. Eventually they’ll outlaw VPNs too and by then you’ll have little recourse. You can’t hide behind them forever, deeper change is needed.
It does not work that way in functioning democracies. This is like blithely raising people's electric bills in the name of preventing global warming. Noble aspirations but brain dead implementation that completely undermines the original goal. And fuels, one might add, the rise of political parties that just want to burn everything down.
Personally I went from more or less ignorant of these laws to completely outraged in the time it took to eat a couple of sausages.
Why don't we humans think this stuff through? Surely we can do better.
I don't know why people immediately have this thought, outlawing VPNs achieves virtually nothing in the UK. An adult bypassing an age check is irrelevant; underage users are at least mature enough to know what a VPN is - not the main target of the act. And there's virtually no real anonymity; hiding from your ISP doesn't make you untraceable. So why would they even consider it?
It’s naive to believe the goal of these laws is truly to protect children and that it has anything to do with age. That’s just the justification which gets them in the door.
What is the goal then? Why do they care that you're bypassing it? I wouldn't deny using children in messaging isn't a deliberate focus to strengthen the case, but I don't think they're lying that it's about reducing access to harmful material, and I don't disagree with that goal or the way they've implemented it. It would be a weak case not to use statistics they find in the younger internet users because that's where it's causing the most unacceptable harm.
> What is the goal then? Why do they care that you're bypassing it?
Mass surveillance, population control, and the destruction of services they disapprove of. Pornhub’s traffic went down by 80% when they implemented the mandatory age verification checks in some state. So they simply blocked them because it wasn’t worth it. Later, someone (I don’t have the ability to track down the source right now) was caught admitting one of the goals of the law is to drive those sites out of business.
I recommend reading about authoritarian regimes in Europe (it was not just Germany) and how they controlled discourse, and what people had accessed to. Some of their decisions have repercussions which are felt to this day. In Spain, foreign media is dubbed while in Portugal it is subbed. Both are due to their respective dictators.
You’ll need to have some plausible amount of non-ssh traffic otherwise your account will be automatically re-assigned as an Enterprise Infrastructure Account. It will be temporarily suspended while you apply for a license.
EIAs are £452.17/month (a statutory amount originally defined in The Online Safety Act’s 2027 update, subject to triple-lock inflation), licensed, and subject to inspection. There’s a four month waiting list for licensing due to backlogs at the local County Court.
The alternative is therefore to use up a strike and apply to have the account repurposed back to a Citizen User Account. CUAs must remain below a 50:1 down/up ratio and must have p90 non-https “control” traffic of 48kbps or less. They are expensive too but you get a 25% discount if you install your ISP’s mobileconfig / MDM profile though. With the profile discount the price is now only £64.99 a month.
(This assumes you run an Approved Platform capable of mobile device management. Anything else — Linux based, old versions of macOS, Windows <= 13 etc. — has to pay the full price and CUAs are limited to one Custom Access device per connection.)
You can get it down to £49.99 a month if you sign up for a 12-month trial of their home security system — cameras, door “e-locks”, that sort of thing. The devices are locked down but you can see the last 48h of events on their cloud portal. The devices have tamper detectors and the traffic is encrypted e2e but luckily that doesn’t count towards your CUA agreement’s limits on opaque traffic.
Good luck having the general public using SSH connections to route their traffic. You’re not a hermit (or you wouldn’t be on HN). You live in a society and what affects your peers and their behaviours also influences your life.
> As of Monday morning, half of the top ten free apps in Apple's app download charts in the UK appeared to be for VPN services.
> Proton VPN, an app offered by Swiss privacy tech firm Proton, told the BBC it had seen a 1800% spike in UK daily sign-ups over the weekend after age check rules took effect on Friday.
Marketing network security products is usually hard. Not any more. The practical effect of these so-called protection laws is to break shit across the entire Internet.
Last I checked, many of the top free VPNs on the App Store were dodgy no-name ones that probably funnel traffic through Russia. Well done UK government you saved the children.
I should mention that what pushed me over the edge was discovering that the FP problem was [among other things] triggered by a user comment that was then suppressed. However, it had a helpful message that I could solve the problem by uploading identification information to a website somewhere that I've never heard of.
Given the rate at which those sites are hacked, that's basically the following, simple procedure:
Step 1: Share your identifying information with the entire Internet.
I was trying to follow a tutorial the other day and couldn't because the embedded images were on Imgur and it was so frustrating. It was the straw that broke the camel's back.
I caved, bought a 3 year PIA plan, had my router configured within about 2 minutes (actually impressed how straightforward Unifi made it) and now my browsing experience is fixed.
By putting it on your router, all your traffic is tunneled through the VPN, right?
I ask this in comparison to applying it at a finer-grained level, such as just a particular machine, or to an application, or to even a browser tab or particular domain. I feel like I would never want all my traffic VPN-ed because it is slow, there are greater privacy concerns of VPN operators, and my needs for VPNs are a cleanly-separable small chunk of my online activities.
I'm planning to turn the VPN off when I don't need it. Mullvad is nice because you can just put money on the meter when you are traveling to locations that make it necessary.
I got one to bypass Arizona's internet ID law. It put a crimp in my watching of adult entertainment (for science). Although I don't live in Arizona, IP geo mappers disagree. Borders contain censorship about as well as they contain invasive species.
A lot I expect. There were stories about VPNs being top of the App Store, etc. when the law kicked in.
Lots of people using Brave's Tor or Opera's VPN in their browsers, and free VPNs like Proton (which seems like a negative security outcome for the country to me).
I'd have thought the intel agencies would be pissed at all that data going dark, but haven't heard a peep in the media.
I am in the UK, and I work for a combined FNO/ISP (a company that owns and operates both the access network and the internet service). It makes me angry that corporations and governments are ruining what was once a thriving network that allowed people to communicate freely with one another. I hope that we will be able to save what remains before it's completely out of our control. My fear is that eventually all devices will be required to have a government-mandated backdoor installed, and anyone found with a non-compliant device will be treated as a criminal.
For now, I used my Hetzner server via Tailscale running fast-socks5 [1] using FoxyProxy [2] (for Mozilla Firefox) which allows me to select a list of domains to re-direct through the socks proxy. I also have Tor installed which is useful when roaming.
I did, I don't want the hassle of anything being blocked, and I don't want to upload identity details as they have the potential for misuse.
I notice that some tech companies claim they are "trusted" or have "trusted third parties", I don't trust them at all, I'm not sure why they think I do.
I was already using Tor Browser for sites that UK ISPs are banned from letting me access.
I continue to use Tor Browser for entirely innocuous sites that are collateral damage of the OSA.
For example, the Interactive Fiction Archive. All its game files are voluntarily blocked in the UK by its well-meaning but stupid operators. Even games intended for children. They should stop complying and just serve up all their files to everyone. If a teenager learns what a. z5 file even is, they deserve to be able to play it.
Any reddit thread where someone said naughty words? "Oh we're going to need your phone number and a facial". I don't think so, Mr Data Harvester. Click on URL, Ctrl+c, alt-tab to Tor Browser, Ctrl+v, "Are you over 18?" Yes I am. See how easy that is?
I use Orbot on Android - which provides a Tor connection. I'm not sure why people are paying for VPNs for the small number of sites that are blocked in the UK.
Not only your government. The Conservatives who proposed it. Labour who provided no opposition. But most importantly Ofcom, who comprehensively failed to implement a competent and reasonable solution.
Everyone could have done a lot better, and could have achieved the stated aims without so much damage.
Labour actively supported it and still do. I got this from my Labour MP:
The UK has a strong tradition of safeguarding privacy while ensuring that appropriate action can be taken against criminals, such as child sexual abusers and terrorists. I firmly believe that privacy and security are not mutually exclusive—we can and must have both.
The Investigatory Powers Act governs how and when data can be requested by law enforcement and other relevant agencies. It includes robust safeguards and independent oversight to protect privacy, ensuring that data is accessed only in exceptional cases and only when necessary and proportionate.
The suggestion that cybersecurity and access to data by law enforcement are at odds is false. It is possible for online platforms to have strong cybersecurity measures whilst also ensuring that criminal activities can be detected.
So much of the Internet is broken if you don't have a VPN (and much of it is broken if you do). But the consequence of circumventing laws through VPNs will inevitably be bans on VPNs for individuals. By the way, the people who are writing these laws aren't clueless 60 year olds who need help operating their phones. The EU politicians pushing through chat control understand what they are doing.
The idea of a global internet is becoming increasingly infeasible and I believe that China is just ahead of its time. If you look at the UK, it is really just a matter of time until they figure out that the real issue they are having is that, the Internet allows communication with entities they can not enforce their laws on. The logical consequence for them will be to deny access entirely. The same seems true for the EU, which is moving in a similar direction.
This is such an insane stance. The proposal of chat control is surveillance of most private communication.
Blaming Russia is such a tiresome stance. Russian propaganda is so bad and so hilariously ineffective that it penetrates only small bubbles inside political parties, even after years of propaganda.
Also the current German government includes the historically most notorious Russian shill party.
The laws are absolutely the issue and if you are tearing down democracy to "preserve democracy", you just see democracy as a useful propaganda tool, for the sake of your own power.
It's not only Russia, it's also China and Iran. It's very easy today to control social media conversation by participating as both sides and creating hate. It's actually possible to remotely organize demonstrations, create entire movements from afar
If steering far off (based on Iran's MO in Israel for example) with a little bit of bitcoin and time you can hire someone to do anything for you in a foreign country. This includes graffiti, burning cars, moving weapons and finally assasinations.
Because democracies are so dependent on voters opinions, and organizations that have a vested interest in the failure of a state now have influence, this can be catastrophic (brexit, covid vaccines, race wars)
Can't say I support cracking down on free speech, but IMO that's exactly what we're going to see, especially in Europe where Defensive Democracy is already in place
Yes, another one for tor. You can restrict exit nodes to certain countries, if you need to read something only available locally. Works for most, but not all, sites.
Since Google eliminated country specific search sites like google.co.uk and bans you from changing location you have to get VPN. If you happen to be travelling and want to do Xmas shopping for UK Google now blocks this possibility because it assumes you want to shop for delivery at your airport transfer lounge location because it doesn't understand user intent or helpful content, in its own bubble land it unbelievably says this is a smoother experience for users! Most expats now are forced onto vpn if they still use Google. Fortunately ai is doing away with the need for Google altogether.
I love how google (youtube) starts immediately showing me ads in the language of whatever country I happen to be on holiday at the time. For that country specific services/products. As if they don't know exactly where I'm from and which languages I speak. Absolutely baffling that they get this so badly wrong.
Yes.
It wasn't an unintended consequence.
The goal of the legislation was to "stop children from accessing age inappropriate content" on the internet.
Ahead of the legislation it was known that there would be a significant proportion of individuals who would switch to using VPN's because without platform based verification it would be a pita for users (more logins, random age verification services, and some sites just deciding to block).
However, VPN's, come with their own minimum age 18 T&C's, as do the means of payment for those services (credit and debit).
So from the pov of "stop children from accessing age inappropriate content" similar result
Not perfect, but empirically this seems to be working well enough e.g. "New data shows no rise in children’s VPN use after the introduction of online age checks" (https://www.internetmatters.org/hub/research/data-shows-no-r...), i.e. the VPN traffic is largely adults.
As to other unintended consequences, such as making it more difficult for the authorities to snoop on their citizens, I doubt this effectively makes any difference whatsoever.
I have a VPN, self hosted, I had one because it was a way to keep my infra in one network for config management. I then extended it for skirting round giving my raw ID to some dogshit start who'll then either get hacked, or sell my details to someone nefarious.
If there had been a free, public and verifiable Age/ID service, that wasn't tied to advertising, then I might be more willing to hand over my ID. But because the VC whispered "freemarket" in the ears of the prick who designed this, we are stuck with the worst of all worlds. A non-secure way to prove ID, and a non-acceptable way to shield those that don't or cant consent, from harm.
I’m in the UK and have been using a self-hosted VPN for years, since the Investigatory Powers Act obliged ISPs to keep records of what you browse and gave public bodies warrantless access to those records (which I think on principle is entirely wrong).
Originally IKEv2 and more recently WireGuard, configured like so:
https://github.com/jawj/IKEv2-setup
https://github.com/jawj/wireguard-setup
I did despite being quite resistant to the idea at first. Eventually I didn't have a choice, as many things I wanted to read were suddenly hidden. I am paranoid however and worry that the VPN maker is tracking me, but there is only so much I can be paranoid about in the day.
Why not get a remote server and tunnel your connection through it -- Tailscale, or Cloudflare, or even raw WireGuard if that's what you prefer.
You'll basically have your own private VPN
This is what I do, except into the UK so I can watch geo-blocked sports. Pure wireguard, nothing fancy. But that also means if anything were to go wrong or stop working I can just tear it down and set it up somewhere else.
I got a VPN in preparation for Australia's (even more draconian) "age verification" laws (those take effect in 4 days).
But what I'd really love (startup idea!?) is an app that let's you map websites to countries and it handles tunnelling that domain's traffic through the selected country's VPN.
For example, I'd like to view Reddit, YouTube, X, Facebook, Instagram and social media apps from a US IP (to avoid Australia's "age verification"), dailymail.co.uk from a UK IP (since it's blocked in Thailand), predication markets from a country that allows them, Imgur from a country that allows it, Spotify from any country so long as it's fixed (to avoid it randomly stopping mid workout with a 'your country has changed' notification).
Until something automated like this exists the current best solution is a VPN and manually switching countries when something you want isn't available from the current country, which isn't great UX.
Setting this up through your router / network infra is one possible path.
Another AU citizen here. I've been beefing up our home in prep for these laws too.
You can use policy based routing to send traffic through a few VPN egress points depending on either domain, or IP based country lookup. Most providers will let you keep simultaneous connections up. This then applies to all devices so streaming apps works well (e.g. for my partner to access her home country's public broadcaster) and any complexity remains hidden from others you live with. From there, a wireguard tunnel for personal devices back through home means you can keep these same paths active when mobile.
I'm looking forward to the level of networking and systems knowledge these laws will encourage across future generations.
I’ve seen people do this on the router level with a proxy, with imgur being the example - all other traffic just went as normal but imgur traffic was sent through a VPN.
However it was a very complicated setup with many parts and a home server so I would definitely like to see a proper app built around this that just handles everything for you.
Openwrt with the policy based routing package can do this, and is simple to set up.
How much would you pay for that app?
I currently pay $10/month for ProtonVPN, so at least that much.
Check out this fully self-hosted solution that was posted on HN recently: https://news.ycombinator.com/item?id=46081188
After the article I set it up myself, it took me around a day I would say. It supports exactly what you're asking for, although it's not a comprehensive tutorial so you'll need to figure some things out on your own.
Full disclosure I ended up turning it off only 2 days later because it was causing too many issues with networking and I suck at networking-related things, but it was great while it was working. I plan on setting it up again in the near future.
I already had a VPN, because I live in the UK and do business in the US, and the easiest way to get websites to show local prices & shipping is a VPN. I think anyone that is involved with multiple countries needs one.
Localization was supposed to be a browser thing, using headers like Accept-Language, but alas.
> How many other people have done the same?
For your own personal sake, you may be selfishly wishing it’s as few people as possible. Eventually they’ll outlaw VPNs too and by then you’ll have little recourse. You can’t hide behind them forever, deeper change is needed.
> Eventually they’ll outlaw VPNs too and by then you’ll have little recourse.
Even China doesn't quite manage to enforce that.
The western view of China’s Internet censorship often flies in the face of reality. A lot of people seem to think China has an impenetrable firewall.
Bypassing internet restrictions in mainland China is a normal part of life for people who want to access the western internet. China is able to censor the Internet effectively because Chinese people are most comfortable using apps that cater directly to Chinese people, through language and culture. The Chinese government has a lot of control over these companies because they’re based are located in China.
The English speaking west is so dependent on the U.S. internet that it is impossible to copy the Chinese model.
It’s a mistake to think you need to get everyone perfectly all the time to be effective. Stopping businesses from operating legally and having your population afraid of committing a crime does a lot of work by itself.
It’s only techies who think “if I can get around it, it’s not that big of a deal”. As long as you live in a society, how other people behave affects what you can do too.
Yes, and more.
Even those who are happy to break laws, don't generally do so perfectly.
Even nation states' pulling James Bond stunts don't do it perfectly.
Imperfect enforcement used to be the default even for petty crimes, before CCTV and finger prints and DNA tests and all the other forensics got cheap. The legal systems don't care if the methods are imperfect… and worse, they don't understand why we do, making it hard to explain to them the consequences of this kind of thing in our domain.
VPNs can never be completely banned because they're a tool used by businesses (nothing is more important than a business in neoliberal capitalism).
You can create the concept of a legal VPN (tracking inside the tunnel) and keep that legal, though. Businesses will not mind.
> For your own personal sake, you may be selfishly wishing it’s as few people as possible. Eventually they’ll outlaw VPNs too and by then you’ll have little recourse. You can’t hide behind them forever, deeper change is needed.
It does not work that way in functioning democracies. This is like blithely raising people's electric bills in the name of preventing global warming. Noble aspirations but brain dead implementation that completely undermines the original goal. And fuels, one might add, the rise of political parties that just want to burn everything down.
Personally I went from more or less ignorant of these laws to completely outraged in the time it took to eat a couple of sausages.
Why don't we humans think this stuff through? Surely we can do better.
I don't know why people immediately have this thought, outlawing VPNs achieves virtually nothing in the UK. An adult bypassing an age check is irrelevant; underage users are at least mature enough to know what a VPN is - not the main target of the act. And there's virtually no real anonymity; hiding from your ISP doesn't make you untraceable. So why would they even consider it?
It’s naive to believe the goal of these laws is truly to protect children and that it has anything to do with age. That’s just the justification which gets them in the door.
What is the goal then? Why do they care that you're bypassing it? I wouldn't deny using children in messaging isn't a deliberate focus to strengthen the case, but I don't think they're lying that it's about reducing access to harmful material, and I don't disagree with that goal or the way they've implemented it. It would be a weak case not to use statistics they find in the younger internet users because that's where it's causing the most unacceptable harm.
> What is the goal then? Why do they care that you're bypassing it?
Mass surveillance, population control, and the destruction of services they disapprove of. Pornhub’s traffic went down by 80% when they implemented the mandatory age verification checks in some state. So they simply blocked them because it wasn’t worth it. Later, someone (I don’t have the ability to track down the source right now) was caught admitting one of the goals of the law is to drive those sites out of business.
I recommend reading about authoritarian regimes in Europe (it was not just Germany) and how they controlled discourse, and what people had accessed to. Some of their decisions have repercussions which are felt to this day. In Spain, foreign media is dubbed while in Portugal it is subbed. Both are due to their respective dictators.
For the children of course. Haven't you been around for this before?
I mean good luck banning ssh connections.
You’ll need to have some plausible amount of non-ssh traffic otherwise your account will be automatically re-assigned as an Enterprise Infrastructure Account. It will be temporarily suspended while you apply for a license.
EIAs are £452.17/month (a statutory amount originally defined in The Online Safety Act’s 2027 update, subject to triple-lock inflation), licensed, and subject to inspection. There’s a four month waiting list for licensing due to backlogs at the local County Court.
The alternative is therefore to use up a strike and apply to have the account repurposed back to a Citizen User Account. CUAs must remain below a 50:1 down/up ratio and must have p90 non-https “control” traffic of 48kbps or less. They are expensive too but you get a 25% discount if you install your ISP’s mobileconfig / MDM profile though. With the profile discount the price is now only £64.99 a month.
(This assumes you run an Approved Platform capable of mobile device management. Anything else — Linux based, old versions of macOS, Windows <= 13 etc. — has to pay the full price and CUAs are limited to one Custom Access device per connection.)
You can get it down to £49.99 a month if you sign up for a 12-month trial of their home security system — cameras, door “e-locks”, that sort of thing. The devices are locked down but you can see the last 48h of events on their cloud portal. The devices have tamper detectors and the traffic is encrypted e2e but luckily that doesn’t count towards your CUA agreement’s limits on opaque traffic.
You forgot about the Internet Tunnelling Tax.
* does not apply to pensioners
Well that is ridiculous.
..but sadly within the margin of ridiculousness for our government's approach to the internet.
Good luck having the general public using SSH connections to route their traffic. You’re not a hermit (or you wouldn’t be on HN). You live in a society and what affects your peers and their behaviours also influences your life.
> As of Monday morning, half of the top ten free apps in Apple's app download charts in the UK appeared to be for VPN services.
> Proton VPN, an app offered by Swiss privacy tech firm Proton, told the BBC it had seen a 1800% spike in UK daily sign-ups over the weekend after age check rules took effect on Friday.
https://www.bbc.com/news/articles/cn72ydj70g5o
Marketing network security products is usually hard. Not any more. The practical effect of these so-called protection laws is to break shit across the entire Internet.
Last I checked, many of the top free VPNs on the App Store were dodgy no-name ones that probably funnel traffic through Russia. Well done UK government you saved the children.
I should mention that what pushed me over the edge was discovering that the FP problem was [among other things] triggered by a user comment that was then suppressed. However, it had a helpful message that I could solve the problem by uploading identification information to a website somewhere that I've never heard of.
Given the rate at which those sites are hacked, that's basically the following, simple procedure:
Step 1: Share your identifying information with the entire Internet.
I was trying to follow a tutorial the other day and couldn't because the embedded images were on Imgur and it was so frustrating. It was the straw that broke the camel's back.
I caved, bought a 3 year PIA plan, had my router configured within about 2 minutes (actually impressed how straightforward Unifi made it) and now my browsing experience is fixed.
By putting it on your router, all your traffic is tunneled through the VPN, right?
I ask this in comparison to applying it at a finer-grained level, such as just a particular machine, or to an application, or to even a browser tab or particular domain. I feel like I would never want all my traffic VPN-ed because it is slow, there are greater privacy concerns of VPN operators, and my needs for VPNs are a cleanly-separable small chunk of my online activities.
I used Policy Based Routing so only imgur.com/i.imgur.com are redirected, everything else is as it was before.
https://help.ui.com/hc/en-us/articles/12566175125783-UniFi-G...
I use Unifi Policy Based Routing to watch a streaming service from my home country. It is so easy to setup and works so well.
I'm planning to turn the VPN off when I don't need it. Mullvad is nice because you can just put money on the meter when you are traveling to locations that make it necessary.
Depending on the configuration it could be selective, I'm Ike routing only imgur through VPN.
I got one to bypass Arizona's internet ID law. It put a crimp in my watching of adult entertainment (for science). Although I don't live in Arizona, IP geo mappers disagree. Borders contain censorship about as well as they contain invasive species.
I sometimes use a Tailscale exit node on a VPS I already had before.
I also switched to use Redlib instances to browser Reddit
A lot I expect. There were stories about VPNs being top of the App Store, etc. when the law kicked in.
Lots of people using Brave's Tor or Opera's VPN in their browsers, and free VPNs like Proton (which seems like a negative security outcome for the country to me).
I'd have thought the intel agencies would be pissed at all that data going dark, but haven't heard a peep in the media.
I am in the UK, and I work for a combined FNO/ISP (a company that owns and operates both the access network and the internet service). It makes me angry that corporations and governments are ruining what was once a thriving network that allowed people to communicate freely with one another. I hope that we will be able to save what remains before it's completely out of our control. My fear is that eventually all devices will be required to have a government-mandated backdoor installed, and anyone found with a non-compliant device will be treated as a criminal.
For now, I used my Hetzner server via Tailscale running fast-socks5 [1] using FoxyProxy [2] (for Mozilla Firefox) which allows me to select a list of domains to re-direct through the socks proxy. I also have Tor installed which is useful when roaming.
[1] https://github.com/dizda/fast-socks5 [2] https://addons.mozilla.org/en-GB/firefox/addon/foxyproxy-sta...
>My fear is that eventually all devices will be required to have a government-mandated backdoor installed,
They tried to have the back door mandated with the Clipper chip. Governments will try again.
https://en.wikipedia.org/wiki/Clipper_chip
I did, I don't want the hassle of anything being blocked, and I don't want to upload identity details as they have the potential for misuse.
I notice that some tech companies claim they are "trusted" or have "trusted third parties", I don't trust them at all, I'm not sure why they think I do.
They trust themselves to do whatever increases the shareholder value. Is that not trust enough for you? /s
I had a VPN before but used it less. Now my devices are connected pretty much 24/7.
I was already using Tor Browser for sites that UK ISPs are banned from letting me access.
I continue to use Tor Browser for entirely innocuous sites that are collateral damage of the OSA.
For example, the Interactive Fiction Archive. All its game files are voluntarily blocked in the UK by its well-meaning but stupid operators. Even games intended for children. They should stop complying and just serve up all their files to everyone. If a teenager learns what a. z5 file even is, they deserve to be able to play it.
Any reddit thread where someone said naughty words? "Oh we're going to need your phone number and a facial". I don't think so, Mr Data Harvester. Click on URL, Ctrl+c, alt-tab to Tor Browser, Ctrl+v, "Are you over 18?" Yes I am. See how easy that is?
I hate my government.
I use Orbot on Android - which provides a Tor connection. I'm not sure why people are paying for VPNs for the small number of sites that are blocked in the UK.
Not only your government. The Conservatives who proposed it. Labour who provided no opposition. But most importantly Ofcom, who comprehensively failed to implement a competent and reasonable solution.
Everyone could have done a lot better, and could have achieved the stated aims without so much damage.
Labour actively supported it and still do. I got this from my Labour MP:
The UK has a strong tradition of safeguarding privacy while ensuring that appropriate action can be taken against criminals, such as child sexual abusers and terrorists. I firmly believe that privacy and security are not mutually exclusive—we can and must have both.
The Investigatory Powers Act governs how and when data can be requested by law enforcement and other relevant agencies. It includes robust safeguards and independent oversight to protect privacy, ensuring that data is accessed only in exceptional cases and only when necessary and proportionate.
The suggestion that cybersecurity and access to data by law enforcement are at odds is false. It is possible for online platforms to have strong cybersecurity measures whilst also ensuring that criminal activities can be detected.
People from countries with oppressive governments: first time?
ProtonVPN free tier is great
Nah, but I very occasionally break out ssh port forwarding. Very occasionally.
Just used tor browser when I was back last week.
On HN probably a few but HN is an extremely niche demographics.
Among the general public I would say effectively zero. The Online Safety Act does not even register in the news or as part of people's concerns.
There might have been a burst of interest because of reports in the media when the OSA came into force but I suspect that this is about it.
So much of the Internet is broken if you don't have a VPN (and much of it is broken if you do). But the consequence of circumventing laws through VPNs will inevitably be bans on VPNs for individuals. By the way, the people who are writing these laws aren't clueless 60 year olds who need help operating their phones. The EU politicians pushing through chat control understand what they are doing.
The idea of a global internet is becoming increasingly infeasible and I believe that China is just ahead of its time. If you look at the UK, it is really just a matter of time until they figure out that the real issue they are having is that, the Internet allows communication with entities they can not enforce their laws on. The logical consequence for them will be to deny access entirely. The same seems true for the EU, which is moving in a similar direction.
laws are not the issue as much as foreign totalitarian entities have a strong ability to influence local voters in adverse ways.
This is such a threat to democracy that ironically the only solution is to crack down on democracy
Not a big fan of Managed Democracy, thank you.
This is such an insane stance. The proposal of chat control is surveillance of most private communication.
Blaming Russia is such a tiresome stance. Russian propaganda is so bad and so hilariously ineffective that it penetrates only small bubbles inside political parties, even after years of propaganda.
Also the current German government includes the historically most notorious Russian shill party.
The laws are absolutely the issue and if you are tearing down democracy to "preserve democracy", you just see democracy as a useful propaganda tool, for the sake of your own power.
It's not only Russia, it's also China and Iran. It's very easy today to control social media conversation by participating as both sides and creating hate. It's actually possible to remotely organize demonstrations, create entire movements from afar
If steering far off (based on Iran's MO in Israel for example) with a little bit of bitcoin and time you can hire someone to do anything for you in a foreign country. This includes graffiti, burning cars, moving weapons and finally assasinations.
Because democracies are so dependent on voters opinions, and organizations that have a vested interest in the failure of a state now have influence, this can be catastrophic (brexit, covid vaccines, race wars)
Can't say I support cracking down on free speech, but IMO that's exactly what we're going to see, especially in Europe where Defensive Democracy is already in place
I just use TOR for circumventing blocks.
Yes, another one for tor. You can restrict exit nodes to certain countries, if you need to read something only available locally. Works for most, but not all, sites.
Since Google eliminated country specific search sites like google.co.uk and bans you from changing location you have to get VPN. If you happen to be travelling and want to do Xmas shopping for UK Google now blocks this possibility because it assumes you want to shop for delivery at your airport transfer lounge location because it doesn't understand user intent or helpful content, in its own bubble land it unbelievably says this is a smoother experience for users! Most expats now are forced onto vpn if they still use Google. Fortunately ai is doing away with the need for Google altogether.
I love how google (youtube) starts immediately showing me ads in the language of whatever country I happen to be on holiday at the time. For that country specific services/products. As if they don't know exactly where I'm from and which languages I speak. Absolutely baffling that they get this so badly wrong.