| |
Ofcom reports on VPNs being used to evade ID/age verification
|
|
|
 | 10th December 2025
|
|
| See
report
(pdf) from ofcom.org.uk |
Ofcom writes: Since the age check rules came into force, there has been considerable public debate about children bypassing the protections, including by using virtual private networks (VPNs). VPN use is common in the UK and can offer
privacy and security benefits. However, because VPNs allow internet users to change their virtual location and IP address to another country, they can be used to try and get around the protections of the Online Safety Act, including its age check
requirements. Following the introduction of the age check requirement in July we saw an initial spike in the use of VPNs in the UK – with UK daily active users of VPN apps doubling to around 1.5 million. However, by the end
of October usage had fallen back to under 1 million daily active users.21 This early spike in VPN usage was expected and has happened in other countries and US states that have introduced age check requirements. There is currently no reliable up-to-date
data on how far the increased use of VPNs is due to children or to adults who wish to avoid having to complete age checks. Data from Internet Matters, collected before the rules came into force, suggests that around one in ten
under-18s used VPNs, with use skewing towards older teenagers. This would suggest the new age checks will already be offering significant protections to children. However, further evaluation is needed. We continue to build our
evidence base to help us understand children’s level of usage and familiarity with VPNs. This month we are launching a children’s advisory panel with the Children’s Commissioner for England to hear directly from children about their online experiences
and how they are changing, including VPN usage. We have introduced questions on VPNs to our Children and Parents Media Literacy Tracker and we plan to publish data and analysis on this in May 2026. These questions focus on the awareness and use of VPNs
among children aged 13-17. We also ask parents of 3-17s who use parental controls, whether they use tools to block VPN usage. Finally, we will continue to collect information about VPN adoption in the UK, as we have done since age assurance measures came
into force, as part of our work to understand how people in the UK use the internet. This evidence base will help guide thinking and decisions about whether there is a need for further action in this area, and what would be proportionate.
There has also been concern from some stakeholders about whether age checks are being implemented in a way that preserves privacy and protects users’ data. Ofcom has been clear that all age assurance methods involve processing of some
personal data and therefore platforms and vendors implementing age checks must comply with UK data protection laws. We have worked closely with the Information Commissioner’s Office, which oversees and enforces these laws, in developing our approach and
guidance for highly effective age checks. Finally, we have observed instances of over-moderation where content not harmful to children was inaccessible to them, especially soon after age checks were more broadly introduced. We
have provided clear, detailed guidance on what kinds of content we consider to be illegal content or content harmful to children – and therefore consider to be in-scope of safety measures. Where we are concerned that content which does not meet these
definitions is inaccessible, we are discussing these issues with the providers involved through our Supervision teams. |
| |
Circumvention of ID/age verification discussed in the House of Lords
|
|
|
| 10th
December 2025
|
|
| See Lords debate on 4th December from theyworkforyou.com
|
Baroness Benjamin Liberal Democrat; To ask His Majesty's Government what measures have been put in place to prevent children using virtual private networks to avoid age verification to access harmful material online.
Baroness Lloyd of Effra Parliamentary Under Secretary of State (Department for Science, Innovation and Technology), The Online Safety Act requires services to use highly effective
age assurance to prevent children in the UK from encountering harmful content. ofcom's guidance makes it clear that age assurance must be robust to prevent circumvention. Services must also take steps to mitigate against circumvention methods that are
easily accessible to children. Providers that do not comply with their child safety duties by deliberately promoting the use of VPNs could face enforcement action under the Act.
Baroness Benjamin
I thank the Minister for that Answer. However, Childnet has discovered an increase in the use of VPNs by children in the last three months. While younger children are deterred by age-verification checks, teenagers actively seek out
and share methods to circumvent them. Many minors are downloading free VPN applications that often monetise user data and expose devices to viruses. Also, by relocating to countries with few or no internet safety Laws, children can be exposed to more
extreme, illegal or unmoderated content. Perhaps children under 16 should be banned from social media altogether. What action will the Government take to address the increasing number of children using VPNs? Will they instruct ofcom to follow the lead of
the Australian e-safety commissioner and require that digital services check VPN traffic for technical and behavioural red flags that suggest a user in the UK may be a child? Let us act sooner rather than later. Baroness Lloyd of Effra
We recognise the international efforts to better protect children online, including in Australia, and we are working with the Australian Government to understand the impact of their policies, including that one. There
is currently limited evidence on how many children use VPNs, and the Government are addressing this evidence gap. We welcome any further evidence in this area, such as that quoted by the noble Baroness, Lady Benjamin, to complement our understanding. The
Government will ensure that we act where we need to, as we have seen in other areas, and that future interventions are proportionate and evidence based.
... Lord Carlile of Berriew Chair,
Northern Ireland Scrutiny Committee On the Radio 4 Today programme this morning, ofcom admitted that none of the three fines levied so far has been paid. Is it not right that Ofcom should be encouraged to take much
stronger enforcement action against those who do not pay by making it clear that within a very short time, they will lose their right to appear on any screen in the United Kingdom unless their enforcement is fit for purpose?
|
| |
And finding it on Australian search engines from 27th December
|
|
|
| 10th December 2025
|
|
| See article from news.com.au |
Australian internet censors will enforce a new rule that basically requires search engines into safe mode for unlogged in users and require ID/age verification to login. Under the new rules, search results that include pornography or extreme violence
will be blurred by default for users under 18, or for anyone using search without logging in. At the same time, search engines must verify the age of logged-in users. If the user is identified as a minor, safe search settings, filtering out pornography,
high-impact violence and disordered-eating content, must be applied automatically. In addition, searches by Australians related to suicide, self-harm or eating disorders will now automatically redirect to mental health support services. The
new censorship rules will kick in on December 27 2025. People will not need an account to search the internet. The codes do not require users to log in, and they do not notify the government about what people are searching. For users who are logged
in, age assurance mechanisms will be used, possibly including ID/age verification. Adults will still be able to access content if they choose. Blurred images can be clicked through to view, but only once the user accepts they are over 18.
|
| |
Ofcom widens its attempt to censor 4Chan, a US free speech forum
|
|
|
| 4th December 2025
|
|
| See
article from ofcom.org.uk |
Ofcom writes: Since we opened our investigation into 4chan Community Support LLC ('4chan') and its compliance with its duties to protect users from illegal content, new duties to protect children under the Online Safety
Act 2023 ('the Act') 203 the Protection of Children duties - have come into effect. Such duties require providers of regulated user-to-user services, which are likely to accessed by children, to use proportionate systems and
processes which are designed to effectively reduce the risk of harm to children from content available on their site and to prevent children from encountering certain types of harmful content, known as Primary Priority Conten, altogether. In particular,
section 12 of the Act requires providers of services that fall under Part 3 of the Act, and allow one or more kinds of Primary Priority Content (including pornographic content), to use highly effective age verification or age estimation (or both) to
prevent children from encountering that kind of content where identified on the service. Ofcom is therefore expanding this investigation to include consideration of whether there are reasonable grounds to believe that 4chan has
failed, or is failing, to comply with its duties under section 12 of the Act.
|
|
|
