The Dystopian UK and Airvpn

[KnightOwl 0]

With what is going on in the UK would Airvpn ever bend the knee and submit to demands for user verification?

Worth the ask. How does Italian law prevent this? 

[Tech Jedi Alex 1560]

Actually, I find this to be a reasonable thing, but pretty much all political endeavors came quite a few decades too late for that party. Now, every implementation of such user verification will have so many holes in it, you'd wonder whether it's got enough substance to even be called swiss cheese. Probably more like some bits of cheese dangling in the air. At least as long as single countries still try to do crap themselves while the internet as a whole simply continues defying political borders.

The principle is very easy: You do have a government-provided ID, a proof of your citizenship, you're required to have offline, so the idea that the online world is somehow excluded from that requirement defies simple logic. It's not a different world, it's an extension of the offline world. The fact that we didn't have such ID all this time simply shows that technology got politics beat in speed by orders of magnitude. And still can't catch up, as UK and other jurisdictions are so kindly demonstating.

When something started as a research network, an implementation of some sort of ID is the farthest thing from being the next feature to be implemented – doesn't help the tech, after all – and by the time that research network reached a certain size it was already too late to implement anything like that.
Those who grew up with the internet will consequently see the absence of ID as the norm there. Authorities don't have a choice but to cling to the technical data implemented by those engineers for technical reasons and declare it PII, personally identifiable information, so that their offline authority can be somewhat applied in the extention that is the online world.. but this is so imperfect that by simply changing said PII, especially the IP address, you can evade responsibility for your actions. It's why people use VPNs and proxies – never met a person in my life who enjoyed being fined. Something that is quite difficult to do offline, though. You've been responsible for your actions ever since you can remember, so why is it supposed to be different online? Remember, it's not another world, it's an extension of the world you actually live in. Offline rules should apply.

So any and all attempts to apply offline policy to the wild west that is the internet today will elicit, of course, reactions like yours. Which are understandable, you grew up with that standard. You've never known anything else. If we really think about it, the internet is the centerpiece of early 21st century society – everything revolves around it. It drastically impacts the offline world. And to prevent that online wild west to swap over to the offline world, the offline world must take measures to reign in its extension. It is only natural.
Of course, this requires a proper execution…

So, nothing dystopian with online age verification when we've been having this for maybe hundreds of years offline. It's high time, really. Unless you think offline age verification (as in, owning a citizen ID) is also dystopian…
 

9 hours ago, KnightOwl said:

Worth the ask. How does Italian law prevent this? 

It's exactly why UK's endeavor will not show the desired results. A UK law won't force an Italian website to verify the visitor's age, even if said website is a VPN provider. It's outside their jurisdiction. As long as single jurisdictions do things in a single fashion, the internet will remain as it was. And AirVPN will remain as it was.
There'd be a higher impact if UK would suggest such a law to the European Commi..ssion.. oh. Guess, that ship has sailed. ¯\_(ツ)_/¯

[YLwpLUbcf77U 34]

As someone who has had to help adult sites integrate AV and has had their eye on the legislation in UK and USA for some years now, it's too little too late.
It may offend some, but where were the VPN providers several years ago when the adult industry was raising a five alarm fire about these regulations?
Voicing some support in the form of amicus briefs (see FSC vs Paxton) that some outside industry elements did is nice, but far from enough.

On the UK front, this holds just as true.  Ofcom per enforcement has been a mixed bag (putting it lightly), but they are *well aware* of the VPN loophole and there's an important thing to note per VPNs:

Unlike adult sites where many of the largest happen to be illicitly monetized pirate sites that will never bend the knee (good luck getting some ad-supported site hosted in Moldova to comply with anything), VPNs are immediately monetized and thus no matter how much vocal support they may emit, at the end of the day, their billing partners *will* make them comply with laws (as is the case for any adult site now with credit card processing--billers are checking and no AV = suspension/termination).  AirVPN could say they won't comply, but if PayPal/their card billing providers say "comply or we shut you off", they will comply, as will every other VPN provider out there.  Crypto and other alternative methods could still work, but most still don't use them and even a privacy-focused business would see a huge loss of sales by removing plastic as a checkout option.

Just for clarity:  every complaint about the effectiveness of these laws voiced by those against them I totally agree with.  But the ship containing common sense has sailed off and may not be back for awhile.  Now we need to deal with the cards we're dealt.

[Staff 10561]

@Tech Jedi Alex

Hello!

Just to point out that age verification should have nothing to do with identity check. Various countries, the European Commission and some Italian bodies are studying methods of age verification that don't force the citizen to show his/her ID card at any step, and surely not to private entities they don't even know. If the UK wants to implement age verification through identity verification we don't know, but it would be a giant mistake that would allow potentially shady entities to steal and build highly reliable ID databases with huge monetary value on the black market. The Discord Hack catastrophe is a useful reminder https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/

Then of course you can debate ad nauseam about whether it is right or wrong that a person younger than 21, 18 or 16 should be forbidden to connect to a virtual private network, Tor, proxy, etc.

For the readers, our position is close to EFF position, see here: https://www.eff.org/issues/age-verification
 

9 hours ago, YLwpLUbcf77U said:

where were the VPN providers several years ago when the adult industry was raising a five alarm fire about these regulations?

We were with EDRi and EFF as usual, how can you not know?! Check our mission and endorsement page. The same must be said of some other VPNs to be honest.

Kind regards
 

[YLwpLUbcf77U 34]

What I mean by what you quoted was only now in 2026 when VPNs are soon to be 'in scope' (in UK) and surely covered elsewhere is that VPN providers finally starting to raise the alarms. 
That a VPN provider backs the EFF who was active early on is good and my comments aren't really directed at AirVPN whom I don't think has been as some of the 'leopards at my face' VPN providers I have seen on social media/tech news sites as of late.

Per the Discord hack, this is part of what I call the "big platform AV fallacy".  Not a single AV law requires *only* face scans and/or submitting an ID.
Every one allows third-party database checking.  In other words, for US and UK at least, simply typing in a phone # or inputting one's street address *and nothing more* for almost all users is enough.
Discord will stick to face scans/ID submissions because they are a freemium platform that wants to stay as much in the black as possible.
This means they will only use the verification methods with the highest friction as any user who doesn't want to do that has a high chance of never becoming a Nitro user/not that active on Discord to begin with.
Of course, they messed up badly per the leak but if they allowed third-party DB checking, there would not have been a leak to begin with (or at worst a significantly smaller one).
But just like some VPN providers (again, not Air), when the writing was on the wall leading up to AV bills working through the government, they were quiet.
Censorship may begin with the lowest hanging fruit (adult), but it will rise and affect other venues of free speech in good time.

Per the EU AV methods via an app/device, looks promising!  TBD per actual implementation.  I'm hopeful though.

[KnightOwl 0]

On 6/18/2026 at 11:07 PM, Tech Jedi Alex said:

Actually, I find this to be a reasonable thing,  ...snip

My issue is not age verification its state tracking, control, censorship, and suppression of free speech.  

Private citizens are just that.  Edited ... by KnightOwl

[KnightOwl 0]

"You do have a government-provided ID, a proof of your citizenship, you're required to have offline"

No. Only to access certain services and to drive. In the UK you are not required to carry ID and enforcement can only request ID under certain circumstances.

[Staff 10561]

4 hours ago, KnightOwl said:

In the UK you are not required to carry ID and enforcement can only request ID under certain circumstances.

Hello!

Obviously! Same in Italy, Germany, France and probably all EU countries.
In Italy if police needs a positive identification while you're walking freely around and you don't have an ID card with you, police can and must use other methods (with the inconvenience that you may be required to waste a lot of time) and there is not even a fine for that. The vision of the previous moderator is very conservative and probably the basis of totalitarian regimes. 😅

Kind regards
 

[Tech Jedi Alex 1560]

 

On 6/22/2026 at 11:26 AM, KnightOwl said:

In the UK you are not required to carry ID and enforcement can only request ID under certain circumstances.

Mind the wording: You are required to have one. I didn't write anything about carrying it with you.
But, it's true, transferring it to the example of online age verification, I don't need to have to verify my age every step of the way (= carrying ID with me). But then I have to live with the fact that certain services will simply be unaccessible for me. The EFF likes to picture this as a negative, but would you, unattended, let your 12 year old boy gamble his pocket money away? Or yours? Or be subjected to far-left and far-right influencing on social media? I'd like to think that's what politics is concerned about the most, at least in countries not exactly deemed totalitarian. Of course, it doesn't help that precedents exist for this to be the public reason while the actual reason is, as feared, wide-ranging restrictions. Needs more thought behind it.

And at least in Germany businesses with a legitimate interest can ask for such ID, not just authorities. Think of it as the same thing with age verification: There is a legitimate interest behind it.
Just one innocent example: You receive a parcel, but are not home. You may collect it from your next parcel shop, but only with ID. That's the business' policy. The paranoid mind would think "ah they're just going to collect my data" or something (I don't speak paranoid). But the actual reason: They prevent your parcel from being stolen by someone else. Because there are precedent cases; why else introduce it, go through all the trouble setting it up, the bureaucratics, the IT systems, the personnel training? Your ID therefore protects you from harm. (And, no, those cards you may find in your mailbox are not sufficient, anyone can use that to collect it for you; again: Precedent cases exist). Opportunity makes the thief.

I firmly believe that the EFF massively overstate the implications. But proponents do the same, advertising for the safety this all supposedly adds. Both are wrong. Not totally, but both overstate their point of view. We must find a middle way; as I wrote before, the execution needs much more thought behind it. But the execution itself is not the wrong idea, considering the current state of things.

[fsy 40]

11 minutes ago, Tech Jedi Alex said:

Just one innocent example: You receive a parcel, but are not home. You may collect it from your next parcel shop, but only with ID. That's the business' policy. The paranoid mind would think "ah they're just going to collect my data" or something (I don't speak paranoid). But the actual reason: They prevent your parcel from being stolen by someone else.

Parcel shops are not permitted to make copies of an ID card or driving license, nor to compile a database of such documents. Yet several age-verification systems that have been proposed or are already in use rely on storing an ID card image (or 2, F+R) with such fidelity that every detail - including the photograph - must be perfectly visible and readable so this example is wrong and irrelevant.

Age verification must not require displaying ID cards, because displaying on the Internet in this case means storing, it's a technical inevitability. Vowing to delete data after a few days or hours has already been shown by hackers and crackers to be inadequate protection. Breaches have caused theft of 37 million ID cards or more per year (official Identity Theft Resource Center data) since 2020. 
 

On 6/22/2026 at 11:19 AM, KnightOwl said:

My issue is not age verification its state tracking, control, censorship, and suppression of free speech. 

Just like child protection, age verification can be a business opportunity and a valuable tool for different purposes... more refined behavioral control, authoritarian surveillance, social and business more granular micro-targeting and more. At the end of the day the whole thing is only a matter to make more money and control people more efficiently (to make even more money) as usual.

As you are in the UK read this: https://pmc.ncbi.nlm.nih.gov/articles/PMC11429505 especially on the part "neoliberal transfer of responsibilities from the government to non-government organisations and citizens can be motivated by a lack of government capacity and budget but framed as a nudge towards citizen duty and adding public value".

You can see the pervasiveness of this deception (or paradigm??) everywhere -- even a moderator of forums in airvpn that has historically been a little bit subversive or rebel (think of WikiLeaks...) is taking a submissive stance and seems willing to accept even greater restrictions than currently exist. OK, a community mod might not share the views or the attitude of the bosses, but I find this longing for submission worrying anyway lol ! 

I think that the surveillance capitalism as well (for surveillance c. I mean this: Shoshana Zuboff – The Age of Surveillance Capitalism - 2019), can like age verification (and extended data retention obligations on VPN services, proxies, etc...,  a hot subject again) because on the short-mid run they may bring in more money.

Seeyabye!
 

[Tech Jedi Alex 1560]

4 hours ago, fsy said:

seems willing to accept even greater restrictions than currently exist

Absolutely untrue; I vehemently disagree with your verdict of my opinion.
But I do realize that discussing this here was a bad idea from the start, so yeah, seeyabye!

[Staff 10561]

19 hours ago, fsy said:

Just like child protection, age verification can be a business opportunity and a valuable tool for different purposes... more refined behavioral control, authoritarian surveillance, social and business more granular micro-targeting and more. At the end of the day the whole thing is only a matter to make more money and control people more efficiently (to make even more money) as usual.

As you are in the UK read this: https://pmc.ncbi.nlm.nih.gov/articles/PMC11429505 especially on the part "neoliberal transfer of responsibilities from the government to non-government organisations and citizens can be motivated by a lack of government capacity and budget but framed as a nudge towards citizen duty and adding public value".

Hello!

Good catch. Large corporations and conglomerates are often wealthier, faster and much more efficient than most or all government bodies. Shifting the surveillance role to private entities serves a dual purpose: to address the incompetence and lack of funding in public institutions, ravaged by decades of malpractice and corruption, and to increase the profits of conglomerates both directly and indirectly. Surveillance raises the cost of dissent, pushes self-censorship, reduce participation in protests etc.

The key issue is not merely whether surveillance exists, but who controls it, how it is regulated, and whether there are effective checks on its abuse. Once surveillance is mainly up to conglomerates and judicial overview is weak or absent, it works in tandem with other capabilities of the conglomerates themselves: control of platforms, restriction on opposition and competitors, restrictions against political parties not supporting laws favorable for the conglomerates purposes. This has already happened multiple times and probably the more you give surveillance roles to large corporations, the more it will occur and possibly in more covert manners. And yes, this is clearly proven by Shoshana Zuboff's work you mentioned, at least in Western countries. An article more recent than the 7 years old book that you cited is available here: https://journals.sagepub.com/doi/10.1177/26317877221129290
 

20 hours ago, Tech Jedi Alex said:

but would you ... be subjected to far-left and far-right influencing on social media? I'd like to think that's what politics is concerned about the most, at least in countries not exactly deemed totalitarian.

It sounds good, but like in child protection the devil is in the details. The current UK legislation the OP was talking about, after we examined it a second time, seems to favor the direction you fear, provided that you replace "far-left" or "far-right" with the political group a conglomerate supports. It adds precious tools that enhance the possibility to influence large parts of the population by the corporation themselves.

Age verification out of any oversight and potentially through gathering ID cards seems a small, maybe inessential step, but on the contrary it is very instrumental (just think of the power of adding to accurate profiling a real ID document of the profiled person, with real exact address, accurate photo, fiscal code...), also possibly a prelude to "chat control" and data retention (again exclusively up to private entities with no real judicial overview, as far as we can see). The Act does not "force" a private entity to store your ID card, but "allows" the private entity to do it. It also does not say "delete it after a few minutes", it just says "preserve it only for the time it's necessary and to prove your compliance", very ambiguous. Too tempting an opportunity for a lot of corporations!

To continue with your parallelism with the offline life, it would be as if you authorize a tobacco shop or a market selling alcohol not only to ask for your ID card in order to verify that you're at least 21 (or 18), but to make an accurate, integral scan of the card and preserve it and create a database of accurate images of ID cards with no judicial oversight at all. This document preservation and database creation was privilege of very limited categories (such as public utilities providers). This UK Act changed radically everything.

If judicial oversight, transparency requirements, antitrust enforcement, and democratic accountability are weak, as it already happens in Europe and UK due to budget restraints, government body inefficiency and lawmakers large scale corruption (*), surveillance capabilities can become intertwined with market power and political power, creating opportunities to shape public discourse, influence political outcomes, disadvantage competitors, pressure policymakers and filter out hostile politicians. Historical examples (including digital authoritarianism in USA and EU mentioned by @fsy) suggest that such risks are real, although the extent and mechanisms vary considerably across cases. By considering our mission, it is unavoidable that we strongly oppose age verification through ID cards as well as any form of blanket data retention.

We would also like to add a question: are the lawmakers sure that a person under 18 is safer by surfing the Internet without a VPN than by surfing while connected to a reputable VPN?

(*) For a proof of large scale corruption at least in the European Parliament from the Qatargate and on, see https://www.ftm.eu/articles/european-parliamentarians-involved-in-hundreds-of-scandals - 25% of MEPs have been involved in investigations about or found guilty of various crimes, from harassment to corruption.
 

19 hours ago, fsy said:

extended data retention obligations on VPN services, proxies, etc...,  a hot subject again

This is indeed on the agenda according to some rants of the Vice President of the Commission (no doubt that VPNs are a pain in the ass for some people), but we would like to remind that the highest judicial body of the EU, the CJEU, affirmed three times, with legally binding decisions, in three different cases that blanket data retention is in breach of fundamental rights and therefore no Member State can force any Internet operator to perform pre-emptive, blanket and indiscriminate retention of traffic metadata or data:
https://airvpn.org/forums/topic/57288-general-questions/?do=findComment&comment=230078

Kind regards
 

[Stridulum 0]

On 6/23/2026 at 5:05 PM, fsy said:

Shoshana Zuboff – The Age of Surveillance Capitalism - 2019

What a welcome surprise to see Zuboff cited as a bibliography entry in a VPN forum.

“Surveillance capitalism’s development is best understood as part of a broader contest with the democratic order—the only institutional framework that poses an existential threat. The democratic order retains the legitimate authority to contradict, interrupt, and abolish surveillance capitalism’s foundational operations. Its distinctive advantages include the power to inspire action and the necessary authority to make, impose, and enforce the rule of law.”, she says in a known essay linked by the Staff.

Once you disrupt the democratic order’s operations and replace operations of public interest/government body competence with corporate operations, the existential threat disappears. Yet another compelling reason to oppose the delegation of age verification and ID card databases build-up to private companies.
 

8 hours ago, Staff said:

If judicial oversight, transparency requirements, antitrust enforcement, and democratic accountability are weak, as it already happens in Europe and UK due to budget restraints, government body inefficiency and lawmakers large scale corruption (*), surveillance capabilities can become intertwined with market power and political power, creating opportunities to shape public discourse ...

Big corps need governments strong enough to protect their properties and any menace from "we, the people", but weak enough to be corruptible and manipulated... 😪

 

On 6/23/2026 at 5:05 PM, fsy said:

Seeyabye!

Always, Seeyabye!