Today is the last day for citizens and organizations in the UK to have their say on which measures lawmakers should take to protect children online. Whether or not to age-gate VPN services is, perhaps, the most controversial point.
The Department for Science, Innovation & Technology (DSIT) launched the three-month national consultation — dubbed "Growing up in the online world" — in March, noting that VPNs could face age restrictions if the findings indicated that these tools are guilty of undermining online safety protections.
The deadline for parents, the tech industry, and the public to share their views is almost up, with the consultation officially closing on May 26 at 11.59 pm.
Why the UK is considering restricting VPNs
UK lawmakers began toying with the idea of restricting virtual private network (VPN) tools last year. VPN usage skyrocketed in the UK last July as users sought ways to bypass newly enforced mandatory age checks.
While best known as security tools that encrypt internet connections, VPNs also mask users' IP addresses, making them appear as if they are browsing from another country. This allows users to evade geo-restrictions and age checks.
It is difficult to determine whether this spike in usage is driven by adults unwilling to share biometric data or by children seeking restricted content. However, studies from groups like Childnet and Internet Matters suggest the balance may swing toward the former.
The debate among the politicians has been heated. In December, UK Lords went as far as proposing an outright VPN ban for kids. The proposal was overturned in favor of the DSIT's evidence-gathering initiative, which will yield results soon.
In the consultation's accompanying report, the government emphasizes the need to balance enforceable content restrictions without limiting the "legitimate and lawful use" of VPNs by adults.
However when we took the online safety survey, we found that VPNs were mostly described as circumvention tools rather than important privacy products.
What the tech world is saying
The cybersecurity industry has been united in warning UK lawmakers against age-restricted access to VPNs.
Mozilla, the company behind the privacy-first Firefox browser and Mozilla VPN, addressed the DSIT with a public statement last week, arguing that age-restricting VPNs "would undermine the privacy and security of all users."
For Mozilla, forcing every VPN user in the country to verify their age to use this vital piece of technology would create new data vulnerabilities for anyone without solving the issues with children's online safety.
That's a stance also shared by others in the sector.
Nineteen organizations — including the likes of Proton VPN, Mullvad, ExpressVPN, and Tor — also urged UK lawmakers "not to undermine the open web" by restricting the use of privacy-preserving technologies like VPNs.
These public statements follow a similar outcry published by the VPN Trust Initiative (VTI) back in April. The industry-led consortium also warned that treating VPNs as mere 'loopholes' exposes kids to "greater harms."
A member of the VTI, Surfshark, also emphasizes that the company (as other providers) already prohibits users under 18 from using its services, arguing that age restrictions would only leave VPN firms with two bad options.
"Build identity checks into services designed to do the opposite, or rely on third-party verifiers that have repeatedly proven vulnerable to breaches. Either way, it weakens the very protections users rely on," a Surfshark spokesperson told TechRadar.
How likley for the UK to age-gate VPNs?
While predicting the consultation's outcome is difficult, the debate over VPNs and age verification continues to grow—both in the UK and abroad.
Just weeks ago, the controversial Children’s Wellbeing and Schools Act became law. Alongside new online restrictions for young people, the legislation introduces an obligation for service providers to take "reasonable anti-circumvention measures."
The rhetoric surrounding VPNs continues to focus heavily on their use as circumvention tools. During last week's Ofcom hearing, Ian Cheshire — who is the government's pick to lead the UK's communications regulator — still branded "the joys of VPNs" as "technical problems."
Across the Atlantic, Utah just became the first US state to enforce VPN usage restrictions as part of its latest age verification regulations. At the same time, the EU has also recently expressed its intention to deal with the circumvention of its age verification app as the next step.
If the online safety consultation results in a teen social media ban, VPNs will likely be caught in the crossfire. This could make mandatory age verification for VPN users an imminent reality.
However, it remains unclear exactly how lawmakers and providers would technically enforce these restrictions. Speaking to TechRadar back in March, NordVPN expressed doubts about the technical feasibility of enforcing Utah's requests.
According to the VPN giant, it is practically impossible to block all known VPN and proxy IPs in Utah. This leaves companies with only one option: age-verifying every user globally, regardless of their actual location.
NordVPN warns that this would subject "millions of users to invasive identity checks they have no legal obligation."
If you want to have your say in the debate, there are only a few hours left. Head to the GOV.UK website and fill out the survey before the end of the day.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
English (US) ·