As much as it saddens me to say, it looks like we were right: online age verification is being used as a Trojan horse for the mass rollout of digital identity systems.
Last Friday (July 25), the Starmer government took a historic step by making age verification checks mandatory for accessing pornography and other supposedly adult content online. In doing so, it risks making itself even more unpopular while further propelling support for non-mainstream parties such as Nigel Farage’s Reform and Jeremy Corbyn’s nascent “Your Party”.
The age verification checks can include uploading an ID document — including, presumably, the government’s recently launched digital identity wallet (on which more later) — , checking a person’s age via their credit card provider, bank or mobile phone network operator, or a selfie for validation and analysis.
“It is the biggest step forward in safety since the invention of the internet,” said Labour Party Tech Secretary Peter Kyle. “When it comes to children, that is something we celebrate.”
The Costs of Non-Compliance
The checks apply to a bewildering array of websites and platforms, including social media, search engines and even Wikipedia. One estimate suggests that as many as 100,000 services will now have to comply with the rules, or risk ruinous fines of up to £18m or 10% of global turnover, whichever is higher.
The brainchild of successive former Conservative administrations, the new rules form part of the so-called Online Safety Act, which was passed by the Sunak government in 2022 and has creeped into force in piecemeal fashion. The majority of Labour Party MPs voted against the bill when it was presented in 2022. However, since coming to power the Starmer government has not only embraced the Act but has expanded its scope by enabling censorship of online speech.
Like the EU’s Digital Services Act, the OSA seeks to compel online platforms “to remove illegal disinformation content if they become aware of it on their services. This includes the removal of illegal, state-sponsored disinformation through the Foreign Interference Offence, forcing companies to take action against a range of state-sponsored disinformation and state-linked interference online.”
The banned content so far has already included politically sensitive news and developments, notes Fred de Fosssard in an op-ed for The Critic:
Footage of British people being arrested in Leeds while protesting against asylum seekers’ hotels was censored on X for users who had not verified their age.
Even worse, videos of a speech made in Parliament by Katie Lam MP detailing the horrors of the rape gangs have also been blocked by these new rules. Speech which has been constitutionally protected from censure since the 1689 Bill of Rights is now being censored online via age verification technology.
It is hard to overstate the significance of this. British people are being forced by the state to verify their age and hand over personal information to view political news about their own country. It is the sort of thing for which British diplomats would castigate third world or tyrannical government
Growing Public Opposition
The new law is already deeply unpopular among the UK public — despite the fact that an estimated eight in 10 Britons supported mandatory age checks to stop young children accessing pornography sites in principle, according to a poll by YouGov. What they probably don’t support is banning children from using Wikipedia to do their homework or blocking access to sensitive political news online. As Yougov itself reports, the changes have come in for much criticism:
[M]any [claim] that the rules can be easily bypassed, that the security measures raise data privacy concerns, and that it is resulting in unintentional over-censorship (indeed, the FT reported that a post on X containing YouGov’s own polling on the subject was blocked as it contained “pornography” in the title).
Public support for the measures has already fallen to 69%, though the wording of the survey question has changed slightly from one that specified “pornography websites” only to one that asks about “websites that may contain pornographic material”. If it is anything like public approval for Starmer’s government, support for the measures will probably have slumped to single figures within a few weeks.
As of today, more than 465,000 people have signed a petition asking for the OSA to be repealed. Many more are using VPNs to skirt the age checks. So far, one in four Britons (26%) have encountered the new restrictions while browsing, according to YouGov.
As we warned in November, these online age verification checks that are now proliferating across the collective West’s ostensibly liberal democracies threaten to trap everyone, not just minors, in their web. As the Australian government admitted last year, though the age restrictions are only meant to apply to children under 15 or 16, their enforcement requires everyone to verify their age — unless, of course, they use a VPN (more on that shortly):
For governments around the world, one of the great advantages of age verification, or assurance as the Austrian government is now calling it, is that it traps everyone in the same web — not just under-16s but just about anyone who wants to use the Internet. As members of the Australian government recently admitted, everyone will soon have to prove their age to use social media. And that will presumably mean having to use the government’s recently launched digital ID app, myID:
RE: Social Media Ban for Under16’s (aka the trojan horse Digital ID for ALL Australians)
So the Federal Labor Gov’t have confirmed at Senate Estimates that ALL Australians will have to go through an age verification process to access social media, not just under 16 year olds.… pic.twitter.com/LgPu5DXdek
— Glen Schaefer (@hardenuppete) November 10, 2024
The UK’s Online Safety Act is also hitting hurdles. While the introduction of the age-gating for pornography websites has meant that five million extra online age checks are being carried out per day, according to The Guardian, it has also driven a massive, seemingly sustained surge in demand for virtual private networks, or VPNs. According to some reports, some VPN companies have reported a 1,400 percent increase in sign-ups since the OSA came into force.
Just a few minutes after the Online Safety Act went into effect last night, Proton VPN signups originating in the UK surged by more than 1,400%.
Unlike previous surges, this one is sustained, and is significantly higher than when France lost access to adult content. pic.twitter.com/W9R5FQBWKa
— Proton VPN (@ProtonVPN) July 25, 2025
For readers who don’t know, VPNs are virtual private networks that establish a digital connection between your computer and a remote server owned by a VPN provider, allowing you to browse the web as if from another country. As WIRED reports, people have also been playing around with other creative workarounds:
In some cases, reportedly, you can even use the video game Death Stranding’s photo mode to take a selfie of character Sam Porter Bridges and submit it to access age-gated forum content.
For proponents of the law, there is progress to point to as well. The UK’s communications regulator Ofcom says that more than 6,600 porn websites have introduced age checks so far. And major social platforms like Reddit, X, and Bluesky have also added age verification for content that is now restricted in the UK or are in the process of doing so. Microsoft has even started rolling out voluntary age checks for Xbox users in the UK. But even if this movement is satisfactory for now, digital rights advocates point out that normalizing such mechanisms creates the possibility that they will be enforced more aggressively in the future.
“I think people just want to show that we can make some progress on this without thinking about what the consequences of the progress will be,” says Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union. “We do know that there are some things that you can do to help kids have a better relationship with digital tools. And that involves having an adequate social support network; it involves listening when kids run into problems and making sure that they have functioning emotional relationships with adults who can respond to them. But instead what we’re looking for is a quick technological fix, and those technological fixes have consequences.”
Seema Shah, VP of research and insights at the market intelligence firm Sensor Tower, says five VPN apps have experienced particularly “explosive growth” and reached the top 10 free apps on Apple’s UK App Store by Monday.
The fact that tech-savvy youths are already finding work-arounds while older generations are generally falling into line is hardly a surprise. As we noted in our July 2024 article on Spain’s plans to launch a similar age-verification system for accessing online porn, which even contemplated rationing the amount of porn adult users could access, “if someone specifically wants to continue accessing Spanish-hosted porn, they could do so by simply using a VPN.”
People in the UK, as the VPNs kick in… pic.twitter.com/fxR6WQ6q2b
— Jordan Walker (@JayW132) July 26, 2025
Prior to the launch of the age-checks, the UK government was given fair warning about what would happen. Melanie Dawes, the head of Ofcom, told MPs in May that people would use VPNs to get around the restrictions.
“A very concerted 17-year-old who really wants to use a VPN to access a site they shouldn’t may well be able to,” she said. “Individual users can use VPNs. Nothing in the Act blocks it.”
As VPN use has surged, there have been reports that Starmer may respond with the nuclear option of trying to ban the use of VPNs. While the government has denied these claims, such an act would certainly be consistent with its authoritarian impulses. Sarah Champion, a prominent backbench MP, recently launched a campaign against VPNs, saying:
“My new clause 54 would require the Secretary of State to publish, within six months of the Bill’s passage, a report on the effect of VPN use on Ofcom’s ability to enforce the requirements under clause 112.
“If VPNs cause significant issues, the Government must identify those issues and find solutions, rather than avoiding difficult problems.”
The Register, a British technology news website, predicts that any move against VPN would likely backfire:
[E}xperts we spoke to were predictably dismissive. One told us that it’s “not gonna happen.”
The government could pull various technical levers, such as banning the sale of VPN kit, but as people who spoke to The Register about the matter said, it would be like banning people from smoking in their own homes.
“You might not like it, but good luck enforcing it,” said Graeme Stewart, head of public sector at Check Point Software. “The logistics are near-impossible. You could, in theory, ban the sale of VPN equipment, or instruct ISPs not to accept VPN traffic. But even then, people will find workarounds. All you’d achieve is pushing VPN use underground, creating a black market for VPN concentrators.
“The only way to do it is badly. You’d effectively be forcing ISPs to block legitimate encrypted traffic and, in doing so, you’d be regulating an entire industry out of existence. Worse still, you’d be legislating against cybersecurity and privacy.”
…
Jake Moore, global cybersecurity advisor at ESET, told us that other methods could see the UK veering into enemy territory, not to mention a PR calamity.
“Although we shouldn’t even consider adopting a route used by China, the Chinese use the technique of analyzing traffic patterns for VPN usage, but this requires expensive infrastructure and constant updates so again, not feasible,” he said.
“Furthermore, many VPNs offer modes to make their traffic look like regular HTTPS anyway, making detection harder yet again.”
To put it in his plainer terms: “Not gonna happen.”
Scott McGready, co-founder of Damn Good Security, agreed that if UK ISPs started snitching on their customers’ VPN usage, it would be “a very worrying position to be in” and the unintended consequences for legitimate users and businesses would be massive…
Morally unconscionable?
Some countries that ban the use of VPNs include Russia, the United Arab Emirates, Iran, Saudi Arabia, Turkmenistan, Myanmar, Belarus, and China. That’s not even an exhaustive list, but it shows the questionable company the UK would keep should it choose to ban VPNs.
A ban not only puts the UK on a concerning trajectory from a privacy and cybersecurity standpoint, but it is also unlikely to work in practice. Possible? Yes, but the practicality of policing such a ban would be challenging.
As shown by individuals in nearly all the aforementioned countries that outlaw VPNs, bans don’t prevent use. People always find ways to circumvent such restrictions, as they do routinely and successfully in more authoritarian countries.
All a UK ban would do is provide the impetus for young people to learn how to circumvent the legislation by using outlawed privacy tech. They would find a way, they always do.
Given the Starmer government is already perceived by voters as “chaotic” while its approval ratings continue to sink to fresh lows, it may thing twice before targeting VPNs. That said, the people using VPNs are presumably a minority of the population, albeit a relatively large one, and minorities are always vulnerable to attack.
Whatever the government ends up doing, one thing is clear: the Online Safety Act is likely to be manna from heaven for Nigel Farage’s rapidly rising right-wing Reform Party, which is already leading in the polls. Farage has likened the new rules to “state suppression of genuine free speech” and said his party would reverse the regulations.
Well, here’s the UK government’s response to the petition against the Online Safety Act.
In other news, Reform has already confirmed they will repeal the law if they win the next election.
It’s crazy how Labour would give them such a free win. Absolutely brain-dead decision. pic.twitter.com/XrZWJYg4ZH
— Kurt 🏳️🌈 (@KurtJP35) July 28, 2025
For those who don’t have access to X, the government’s Orwellian response reads as follows (emphasis my own):
The Government has no plans to repeal the Online Safety Act, and is working closely with [the communications watchdog] Ofcom to implement the Act as quickly and as effectively as possible to enable UK users to benefit from its protections.
To make matters worse, the UK Secretary of State for Tech Peter Kyle unleashed the following tweet a couple of days ago likening all opponents of the Online Safety Act, in particular Farage, to sexual predators:
If you want to overturn the Online Safety Act you are on the side of predators. It is as simple as that. https://t.co/oVArgFvpcW
— Peter Kyle (@peterkyle) July 29, 2025
This is not to say that a Prime Minister Farage, which is still a distant prospect, would be a genuine defender of freedom of speech. We have already seen in the US how Trump 2.0, after winning re-election by pledging to defend the first amendment, has executed a wide-ranging crackdown on freedom of speech by targeting student protestors, their lawyers and universities, largely for the benefit of Israel. I would expect something similar from Farage, who recently described UK plans to recognise Palestine as “rewarding terrorism.”
But Farage is not alone in criticising the OSA’s age checks. Opponents of age verification mandates include academic researchers, hobby-site operators and digital rights lawyers on both sides of the Atlantic, including the Electronic Frontier Foundation (EFF).
In a three-part series published on the issue in April, the EFF warned that the mandates “undermine the free expression rights of adults and young people alike, create new barriers to internet access, and put at risk all internet users’ privacy, anonymity, and security”:
We do not think that requiring service providers to verify users’ age is the right approach to protecting people online.
Policy makers frame age verification as a necessary tool to prevent children from accessing content deemed unsuitable, to be able to design online services appropriate for children and teenagers, and to enable minors to participate online in age appropriate ways. Rarely is it acknowledged that age verification undermines the privacy and free expression rights of all users, routinely blocks access to resources that can be life saving, and undermines the development of media literacy. Rare, too, are critical conversations about the specific rights of young users: The UN Convention on the Rights of the Child clearly expresses that minors have rights to freedom of expression and access to information online, as well as the right to privacy. These rights are reflected in the European Charter of Fundamental Rights, which establishes the rights to privacy, data protection and free expression for all European citizens, including children. These rights would be steamrolled by age verification requirements. And rarer still are policy discussions of ways to improve these rights for young people.
This is not at all surprising. The goal here is to radically transform the Internet from a space of relatively unhindered movement into a tightly controlled gated environment. And it is the government and large tech platforms that will hold the keys.
The Trojan Horse of Digital Identity
In recent days, the EU has announced that it, too, will launch an “empowering” age verification system in 2026, with pilots already set to launch in five member states. Non-compliance could lead to fines of up to €18 million or 10% of global turnover — coincidentally, exactly the same figures as the UK’s Online Safety Act. The vehicle by which users will be able to prove their age will be (cue drumroll…) the EU’s recently launched Digital Identity Wallet (EUDIW).
As much as it saddens me to say, it looks like we were right: online age verification is being used as a Trojan horse for the mass rollout of digital identity systems, with all the sweeping threats to basic rights (privacy, security of personal data, freedom of speech, freedom of movement, and with the seemingly inevitable introduction of central bank digital currencies, freedom to transact) that entails. There can be no doubting that protecting the children makes for a seductive pretext.
However, the role of digital identity is almost totally absent from the public debate over online age verification currently raging in the UK. And that is almost certainly by design. After all, the ultimate goal is to transform not just the Internet beyond all recognition but just about every aspect of our lives, as shown by the World Economic Forum’s now-infamous 2018 infographic on digital identity.
Put simply, we are being led down the garden path into a world of much greater AI-empowered surveillance and control.
Lastly, at the risk of leaving readers with a bitter taste in the mouth, here’s Tony Blair, one of the world’s most vocal advocates of digital surveillance and control tech and a major influence on the Starmer government, talking about the inevitable need for digital identity at the recent “Governing in the Age of AI” conference, organised by his own TBI foundation. However, to reach a critical mass, he says, to peals of laughter from the audience, “we will have a little work of persuasion to do.”
Tony Blair on “Digital ID is an essential part of a modern digital infrastructure […] Although, we have a little work of persuasion to do here!” https://t.co/XXGXivHnXv pic.twitter.com/SQ2JwqqexM
— Tim Hinchliffe (@TimHinchliffe) July 9, 2024
Of course, the word Blair was actually thinking of (but didn’t say, for obvious reasons) is “coercion,” not persuasion, since “persuasion” suggests that the people receiving the message will have a choice about whether or not to act on it. That will not be the case here.
