250
UK households could face VPN 'ban' after use skyrockets following Online Safety Bill
(www.birminghammail.co.uk)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 29 Jul 2025
250 points (99.6% liked)
Technology
74591 readers
426 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
The problem is that content filters don't work all that well in the age of https everywhere. I mean, you can block the pornhub.com domain, that's fairly straightforward ... but what about reddit.com which has porn content but also legitimately non-porn content. Or closer to home: any lemmy instance.
I think it would be better if politicians stopped pearl clutching and realized that porn perhaps isn't the worst problem in the world. Tiktok and influencer brainrot, incel and manosphere stuff, rage baiting social media, etc. are all much worse things for the psyche of young people, and they're doing exactly jack shit about that.
They know. The "think of the children" angle is just cover to enrage the tabloid readers and to be used as a straw man against anyone criticisng the law ("you're a pedophile"). The real purpose is "let's enumerate the IDs of everyone who uses the internet for anything we don't like" and "let's censor anything we don't like starting with LGBTQ content"
That's a problem is for ISPs and content providers to figure out. I don't see why the government has to care other than laying out the ground rules - you must offer and implement a parental filter for people who want it for free as part of your service. If ISPs have to do deep packet inspection and proxy certs for protected devices / accounts then that's what they'll have to do.
As far as the government is concerned it's not their problem. They've said what should happen and providing the choice without being assholes to people over 18 who are exercising their rights to use the internet as they see fit.
No, there are very good technical reasons why this approach can't work.
There is no deep packet inspection on properly encrypted TLS connections. I know TLS termination and interception and recertifying with custom certificates is a thing, but even if it were feasible to implement this on millions of client computers that you don't own, it is an absolutely god awful idea for a million reasons and much worse for privacy and security than the age-gate problem you're trying to work around.
@arc99 @SpaceCadet thats basically allowing the Government to force the ISP's to build a solution which is able to sensor every content. Sorry there is alot of reasons why you should be against it.
PS: even your deep packet inspection falls short to end 2 end encryption / decryption ...
Deep packet inspection already happens on encrypted traffic (Fortigate Firewall) so it's eminently possible for filtering software to do the same.
@arc99 please inform yourself about end to end encryption and decryption.
All i say is you haven't understand what is happening on this firewall and what this firewall can do and what the firewall can't do.
I'm intimately aware about what it can and cannot do. And it can intercept and man in the middles any https traffic
@arc99 but end 2 end encryption is not by default https traffic ;) ssh / vpn are protocolls ( end 2 end encryption, decryptio) and this firewall can't deep inspect while this protocoll can easy tunnel other tunnels.
I really do not know what you are saying. I have just told you that Fortigate Firewall can and does do deep packet inspection on https connections. It does so by man in the middle proxying. If one filter / proxy can do it then any other could too. There would be ways for kids to circumvent this, e.g via VPN but that is no different than with age verification.
@arc99
I said (picture) your deep inspection falls short to real end 2 end. You said your firewall can break end 2 end ... nope they can't and never will and you exactly said this in your last post too. (Sidenote -> i can gpg a text and post it public even with https .. for 99% it will be giberish and only the person who got the right key material will be able to read it ) ... so using deep package inspection to identify something you want to protect kids from is just a lie ...
I honestly do not know what you are saying. Deep packet inspection through a firewall that does mitm interception demonstrably happens. It is not up for debate.
@arc99 you still don't understand end 2 end encryption. Yes man in the middle decryption can be done. First for this to happen you need to accept the certificates of the firewall ( which in terms of a home PC you can't force anyone to do ). Second even if you can decrypt the https packets , you can still put an additional layer on top which only you and the reciever has the keys too.
To give you an example you can easy write down a base64 encoded binary blob in any text field on a website. If this binary blob has been encrypted before noone will be able to tell what is inside.
So breaking https is useless if someone really wants to hide informations. So no your deep packet inspection is totally useless. The only thing you know is that someone did put strange stuff in a text on a website.
No, YOU don't understand end to end encryption, and you don't understand browsers. You say you could "write down a base64 encoded binary blob on a website". Yes you could and how do you decrypt it? The asnwer is with a key (asymmetric or symmetric) that the recipient must have in memory of the receiving software - the browser that the filter has already intercepted and compromised. So "moar layers" is not protection since the filter could inject any JS it likes to reveal the inner key and/or conversation. It could do this ad nauseum and the only protection is how determined the filter is.
But this is also a nonsense argument just on a practical level. The problem is kids connecting to adult websites, or websites with some adult content. The filter doesn't need to do much - either block a domain outright, or do some DPI to determine from the path what part of the website the browser is calling. The government thinks it reasonable that every single website that potentially hosts adult content should capture proof of identity of adults. I contend that really the issue is kids having access to those websites at all, and that proxies can and would be a far more effective way to control the issue without imposing on adults. No solution is perfect, but a filter is a far more effective way than entrusting some random website with personal information. Only this week somebody found an app that was storing ids in a public S3 bucket compromising all those users. Multiply that by hundreds, thousands of websites all needing verification and this will not be the last compromise by any means.