Option A: give my credit card details to a known security fail house like mind geek.
Option B: Pay €10 a month to ProtonVPN (Other VPN houses are available) and have the side benefit of making the home offices life harder.
More than half of Brits surveyed by an age-verification vendor did not know about the UK's impending smut-block. For Reg readers, the fact the government will lock adult content behind age-gates is old news – but awareness beyond these pages appears to be much lower. The controversial measures were introduced in the Digital …
I wouldn't even pay £10 per month for a VPN. If you have a bit of technical know how which will be the majority of readers of El Reg. You can just get a low priced VPS for £30 a year (probably less if you shopped around) with a host based outside the UK and set up your own VPN using Open source software.
That way you know that your web browsing history isn't being collected by the VPN provider to sell on to the highest bidder.
I had a cursory look into that, given my background as a SQL/C developer I realised that that approach has several major downsides for me:
1: I am, not an admin so I would have to spend a bunch of time learning how to do a decent job of running Linux box.
2: Any decent VPN provider comes with robust multi-platform tools so you don't have to spend ages trying to get your phone and desktop to agree.
3: You only have 1 endpoint used by a small user pool, one of the main strengths of using a large VPN provider is the network of endpoints that all of which have enough traffic running through them to allow you to hide in the mass.
4: Encryption of any stripe is Reallllllllly hard to do right and really easy to get badly wrong whilst giving the impression of working to a non-specialist.
All told the £40 or so a year I would save by going it alone does not justify in my view the ease of use and peace of mind I get having this kind of thing done right.
The caveat emptor is that you need to do your homework before picking any encryption provider, its a market saturated with snake oil and there is no such thing as cheap security only cheap illusions.
www.vultr.com have vpn servers for $3.50 a month.
They have a library of optional install options, and one of them is a dedicate openvpn setup. i've never used it, but it apparently does everything for you. Sure, you'll still have the 1 endpoint issue, but otherwise...
I am surprised by the downvotes for the VPS suggestion. OpenVPN isn’t all that hard to set up (and with many paid for VPN services, you’ll still end up having to do the client piece anyway) and if all you’re wanting is to dodge national restrictions, anonymity and security (of the tunnel) aren’t really much concern. Yes it’s a bit of a pain to have to admin your own machine but on the flip side, you never know when having a server might come in handy for other things. If, on the other hand, you’re after anonymity (from law enforcement / RIAA / MPAA presumably), then that is obviously a completely different proposition...
You can just get a low priced VPS for £30 a year (probably less if you shopped around) with a host based outside the UK and set up your own VPN using Open source software.
That way you know that your web browsing history isn't being collected by the VPN provider to sell on to the highest bidder.
I'm not sure you understand how that stuff works.
The reason a good paid VPN conceals your identity is because your activities are buried in encrypted datastreams along with the activities of many other users.... and the IP address leads back to your VPN provider with tens or hundreds of thousands or millions of users.
An IP of a VPS leads back to the VPS, which leads to you. It's easy enough looking at the traffic to/from the VPS which can be picked up inside the hosing organization... by them or by anyone of their tens of thousands of customers who may want to collect data on other users... or by anyone with a good look at the two arms of the VPN tunnel.
A personal VPS can protect you when using public WiFi or an external network... but it can't protect your identity reliably. We haven't even considered leaks from your system or the VPS system due to DNS lookups.
"You can only prove it by publishing also your identity to every site you want to access"
Not true. The one sensible idea in this whole mess is having a third-party do the actual identity validation completely independently from anything else. They are then able to provide some sort of verification token to any site that asks for it, presumably based on some sort of username/password you provide, but without any connection to your actual identity. Even the verifying third-party doesn't actually need to hold on to any personal data, they can just check your age when you sign up and then immediately delete anything - it's not like you're going to get any younger so as long as they know the account owner is 18+ nothing more is ever needed in the future.
Obviously there are serious questions about whether any particular implementation will actually do any of this properly. And in the current case the fact that the biggest user of a verification system will also be the biggest third-party verifier raises issues even if they claim to keep everything separate. But it's certainly possible to conceive a system in which your age can be verified without ever needing to reveal your identity to the people wanting to verify your age, and even without having the connecting data saved anywhere to be hacked.
Efraim Southwark-Portendorfer is over 18. He gets his username/password verified and Theresa promises to forget who he is. Someone accidently publishes the username and password on the internet. The ID gets used by thousands of people, some of them children. Theresa sends the cops round to Efraim and he says he left the user name and password on a post-it note stuck to the bottom of his keyboard and the note disappeared during a party. He would have reported the theft but he could not remember his username or password and there was no point phoning Theresa as she had promised to delete any record of his name.
The one sensible idea in this whole mess is having a third-party do the actual identity validation completely independently from anything else. They are then able to provide some sort of verification token to any site that asks for it, presumably based on some sort of username/password you provide,
Yep, but providing uid/pw to a second or third party also reveals your identity to that party.
The possible promise of said third party to immediatly forget your identity after the queston does not count.
Even the verifying third-party doesn't actually need to hold on to any personal data, they can just check your age when you sign up and then immediately delete anything -
There's the fatal flaw. "immediately delete anything". In this day and age, your details are worth more than fee you might pay for this service.
This is about mature content, so they should check maturity instead of age. Something like: "write a minimum of 40 explicit and/or double-entendre words in the access field". Or: "select all pictures of adult actors and actresses". Or: "do you see dolphins or kissing humans?". Or: "write down the full time-dependent Hamiltonian for a two-spin system".
Come to think about it, you could start a broad public education campaign based on such an access system.
There's an even easier way - let the ISPs block access unless you've demonstrated your age to them. I can't access "mature content" (which covers a wider range than you'd think) on my mobile network, as I haven't been bothered to switch the flag off (and need a CC or drivers licence in one of their shops to do so).
But oh, wait, they've already done that. It's just no-one uses it. People are eager for smut blocking for their kids, but not if it means their own smut is blocked or they have to take responsibility.
Somewhere, some of Britain's cadre of spooks who are charged with observing the Internet and reporting on possibly dodgy users thereon will be quietly mourning the forthcoming loss of a really good source of information. The thing is, Adult Verification (AV) tests are only fit for purpose if they can access Government-approved identity documents, so that the age of the person can be definitively verified. Once an AV system has established that User Fred was born at least 18 years ago, it isn't going to forget the ID documents that it saw.
So, if you as a consumer of adult material use Government AV, then there is a strong potential that someone somewhere can cross-reference what you looked at with definitive proof of who you are. Given the startlingly and abysmally poor standards of handling secret data that the Civil Service often shows, only a complete idiot is going to hand over documentation to this new scheme lest they be blackmailed at some future date.
No, the average person is going to buy a VPN connection which terminates somewhere outside the UK and use this for their browsing instead. The number of VPNs is thus going explode virtually overnight, and the utility of knowing that someone is trying to hide who they are from the Government drops dramatically.
Right about now, the main users of VPNs are businesses, remote workers, a few copyright pirates and a very few paranoids and loons, plus the odd terrorist or two.
As soon as the law is enforced, this select grouping of possibly-interesting users will be swamped with a tidal wave of, err, one-handed typists, shall we say. MI5 will lose a useful source of info from this little bit of stupidity.
It will be much more straight forward than that.
The "average" punter won't buy and setup a VPN.
They'll do exactly as they do now, only on a different site. The second it kicks in they'll all remember how google works, and some porn sites in random countries will get a sudden uptick in traffic and uploads.
Yoti's recently launched age-estimation tech, which uses neural network learning to estimate a person's age from an image of their face, with a mean error rate of ±2.5 years in the 18-30 age band.
They found some of the estimates were way off, until they discovered the subjects were just out-lying about their age.
Mine's the one with SPSS for Dummies in the pocket --->
> Wrong ?
MDMA is illegal, which is factually correct but I can still buy it from a dealer, it's illegal to buy alcohol if you are under 18 which again is factually correct but under 18s do manage to buy alcohol.
It states in their T&Cs that you have to be 13 so please don't begin by yelling wrong, whether you can practically obtain restricted goods or services when not entitled to do so is entirely another matter and a question of policing.
> Yoti's recently launched age-estimation tech, which uses neural network learning to estimate a person's age from an image of their face.
So my choices are:
1. Upload a copy of my Government issued ID
2. Give them my credit card number
3. Turn on my webcam before looking at porn
I know which one I'd trust most...
Given that most UK ISPs (be it broadband provider, mobile phone SIM provider) by default set people up as no pr0n (using their own filters) and customers must give age proof of some sort to opt in to adult content as this makes it lots easier for families with young kids (though obviously filters far from perfect)*
So could be useful if ISP could just pass through a "this person is age verified" token (and even better, this would be anonymized so no tracking across sites).
For many UK ISP users who wnat pr0n, a solution of this type would avoid them giving sensitive data to yet another third party when they have already given it to their ISP
* Discovered the default blocking when denied access to a web page that had info on urinogenital medical issues and was erroneously triggering ISP (pathetic) filter technology (I assume a bit slapdash on matching a few "keywords" with no account taken of overall page content context). So now got a perv flag with ISP so I can look at some medical web sites!
I have a contract with my ISP. By law, by default, that means i am over 18 which is all they need to know, not how old i am. Or say i am online.
Just give me a token fgs.
Face photo? Couldn't i just give them a photo of my hand(s), with all the aged scars from friction burns?
No, they don't want a picture of your hands. They want pictures of other parts of your anatomy which only mature when you're over 18. But, just imagine the job opportunities! There will be lots of people who have to be hired to sit and look at the incoming boob pics all day. ;-)
What? No, that's not porn. I mean, I thought I was sending it to an AV site...
"But at the moment, porn providers, AV suppliers, policymakers and charities (and plenty of pearl-clutchers) remain divided over the benefits and risks of age verification."
For porn, the risk is totally clear: imagine the price any criminal would pay for a porn viewer DB extract ? And with real ID of course !
And since porn sites were probably not designed with high security in mind, we *know* this will happen.
Nice tool for blackmailers.
I predict we'll get some famous Brits getting shamed for their favoured choice of smut, and government will do absolutely nothing. Then you'll get the same happen to a prominent Tory minister or donor, and the age verification law will be taken off the books faster than you can say "expenses scandal".
"Yoti – pinching a phrase from the government's playbook – reckoned that the chance that children could stumble on "potentially harmful material" was the reason for this support."
My kids stumble on harmful material on youtube all the time, and this ill-considered knee-jerk solution won't even begin to address that.
children could stumble on "potentially harmful material"
Potentially (adverb) - possibly but not yet actually.
Your stove is "potentially harmful" - you could get burned if you touch the hot parts. Your car is "potentially harmful" - you might crash or it could break down and strand you somewhere. EVERYTHING is "potentially harmful" if you look at it in the right way.
Frankly I would be FAR more worried that my child might watch flat-earth videos or become an anti-vaxer after reading garbage websites than I would be worried that they saw an assortment of genitals and orifices interacting.
Ask most people, "Do you want to keep children away from online porn?" And most people will answer yes.
Ask most people, "Do you want the government monitoring your porn viewing habits?" And most people will answer no.
You just ask the right question to get the survey results you want.
It's not even that. The following is more likely:
Do you want to keep children away from online porn? Yes
Do you want porn users to have to compromise their personal information online? I don't watch porn so sure, why not?
The government has once again added to the foundation of their desired police state using "think of the children" logic. Lets hope the age verification systems get breached badly straight away to force a rethink, or it's only a matter of time before age verification becomes required for all internet use in the UK.
It seems the shedload of AV services that actual adult entertainment sites register with means nothing to HMG
Who remain as f**kwittedly stupid about this as the day it was muted.
And yes you can bet this is the thin end of a very big wedge from the UK designated "Centre for Evil," IE The Home Office.
I remember a time where pretty much all porn sites required a credit card for age verification (or payment). The days of free porn like now were non existent.
This made porn sites massive targets for attacks, because it attracted two main kinds of hackers:
1. Pro hackers looking for ID/CC details to make money, or other criminal intent (e.g. blackmail of porn visitors).
2. Underage horny amateurs desperate for a fix but without means to pay/ID themselves.
Then you had the porn swapping channels, piracy FTP servers, and later on P2P systems to share pilfered porn. Also it bred a market of compromised IDs and CC details to use when signing on to porn sites.
It was such a horrendous mess, and such an expense defending from attacks and trying to stop spreading of the pilfered porn that a lot of porn companies wised up, and started giving limited access for free (but if you are a serious porn consumer, you got the VIP areas for the full monty).
While the MPAA and RIAA were trying to order the tide to stop coming in, the porn industry saw the writing on the wall, and adapted.
Now the government wants them to go back to requiring ID of users? Even if they don't require CC details, storing identifiable information will make them big hacker targets again (not to mention having to comply with regulations regarding storing identifiable data), and I doubt they want to paint a bulls eye on themselves. More likely they would just block access from the UK, and let punters work a way round for their fix.
Spot on with everything, apart from the very last line.
"More likely they would just block access from the UK, and let punters work a way round for their fix."
If I was a porn peddler I'd be looking at the cost of implementing age verification and comparing it with the likely future income from UK subscriptions. If the sums work, go ahead and implement age verification. If they don't, ignore the new laws and let UK ISPs pick up the tab for enforcement costs.
You're not going to get ad revenue from non-subscribers anyway - no-one is going to bother circumventing ISP blocks with VPN etc. and not also be running an ad-blocker.
Nothing to do with p0rn sites, I needed to use my Vodafone PAYG iphone as a wifi personal hotspot from Spain last week. Unless you go through an age verification step using a credit card, you cannot access NordVPN. I didn't check other VPN providers. The reason I was trying to use Nordvpn was that they had also blocked the Internet wayback machine site to "non-age-verified" people. All I was trying to do was to see what Jeremy Corbyn had deleted from his site about how wonderful Venezuela was doing - on the other hand, perhaps that is someone's p0rn
Yeah, I had similar things happen. They blocked access to a lot of websites I normally visit (like slashdot back in the day), my uni webpage, my VPN provider, and a few DIY electronics sites, all apparently under "adult content", and refused to give me access until I verified myself.
People think this will just be a porn filter, but I am sure quite a few sites will "accidentally" get categorised (including VPN services), and then you will be required to verify your ID to use your VPN.
I imagine one day they restrict all sites not on some approved list (if you stray out of the facebook/social media/government plantation), and you will have to be verified with your ID and consent to be tracked (for your own security of course).
Yes, that's the real reason for this type of law.
Step 1: Think of the children!!!!
Step 2: For your added security we've added VPN providers to the verification list.
Step N: Boots stamping on human faces - double plus good.
If I have to choose one or the other I'd prefer the Age-ID database to know the details of my favoured VPN solutions than my tastes in internet porn.
oh, Mr Smith, how nice to see you back! Look, we have a detective from the anti-anonymity rapid response unit on another line, he'd like to have a word with you, anonymously of course, wink-wink, nudge-nudge, know what I'm sayin, eh, eh?
As the go to "Tech" person for friends and family I suspect I will receive a lot of calls about their "internet not working on all sites" and advice on how to "fix" the problem.
So any VPN services out their that want to "sponsor" my services?
Back to given free tech advice then.....
I'll be getting a VPN. Once I have a VPN I may as well use it all the time. If I'm using a VPN form somewhere like Proton VPN then I may as well start using their encrypted Proton Mail too. Suddenly my footprint on the internet becomes near invisible. Because of porn checks the government may suddenly lose the ability to track many people.
The age verification solution will have the following characteristics:
* distributed - for network resilience.
* anonymous - so you can verify details without identifying the suspect.
* ledger - cos were looking up immutable information.
Surely the solution is going to be some kind of AI.
Brilliant! Has anybody used one of these images on a FaceBook post to see if facial recognition starts tracking them? With a bit of work, a completely fictitious person with a face that looks completely real could live a virtual life. A trickier thing would be to be able to create additional "photos" that a recognition program would identify with the first sample. The last big leap would be a virtual person that "looks" like me IRL yet "looks" like somebody else to a facial recognition program so I can have ID made to be that virtual person when humans look at it. Hmmm, going to have to see what Cory Doctorow can do with the idea.
Just use Opera..
Has a built in VPN, which you leave always enabled, most endpoints seem to come out in Amsterdam, occasionally a few in Canada.
But a question, who doesn't already use a VPN to view such things? I mean, most providers block access to these sites anyway, so to access from the UK, you pretty much already need a VPN anyway..
working in infosec and being the registered DPO for a number of companies it is going to be so much fun going after the AV companies, the biggest of which is owned by Mindgeek who own pornhub and it has been compromised more than just a couple of times and will actually be the UK's official AV.
One giant fluster cuck
"potentially harmful material"
I never understood how nudity or porn could be harmful to a child. Its the human body, one of which they own themselves. The only benefit to regarding stuff like this as harmful to a child is to help protect the parents themselves from having to answer pretty normal questions from the child due to the parents wanting to avoid awkwardness due to their own hangups on sex and nudity installed in their heads when they were kids/young adults.
Honestly I think most kids will handle it just fine as long as they are educated on whats real, fake, exaggerated for the viewers excitement etc.
"potentially harmful material" does not apply to this material in my opinion. Unless seen from the point of view of the adults who want to avoid their personal embarrassment. Seen from the eyes of a child its just another learning experience.
The real harmful material?
- Beheading videos.
- Crazy puppets telling kids how to slash their wrists.
- Flat earthers, and other "i dont believe in science" weirdos.
- Alex Jones trying to sell them a magic pill made by Mrs Jones to cure their brother from gayness.
The list goes on, but normal natural human biological processes and appendages are not on the list.
There are some "sexual" things that can have perpetual health consequences that kids might need to be persuaded against trying. That means that parents need to be able to discuss sexual behavior with their kids and provide proper guidance. That should be on the parenting test people have to take before having kids.
Biting the hand that feeds IT © 1998–2020