According to TechRadar, half of the US population now needs to verify their age to view certain content online, a shift that became fully operational in 2025. This follows the UK’s implementation of its Online Safety Act in July 2025 and Australia’s groundbreaking social media ban for under-16s. The laws often require all users, not just minors, to upload passports or undergo facial scans, a process that led to a breach exposing 70,000 government ID photos from a Discord vendor in October 2025. Experts like Laura Tyrylyte of Nord Security and Molly Buckley of the EFF warn these measures create huge privacy risks and stifle free speech. In response, VPN usage has spiked, but lawmakers in states like Wisconsin and Michigan are now proposing to block VPN traffic to close what they see as a loophole.
The privacy problem is already here
Here’s the thing: the core argument for these laws makes sense on the surface. Keep kids safe. Who’s against that? But the implementation is a privacy nightmare. We’re being asked to hand over our most sensitive biometric and identity data to the very tech companies and third-party vendors we constantly hear are bad at security. And the Discord breach proves it’s not a theoretical risk—it’s happening now.
Once that data is collected, it’s a permanent target. Think about it. A centralized database of face scans and passport images? For hackers, that’s the ultimate score. And as Robin Wilton from the Internet Society points out, this isn’t just about age. It’s a slippery slope toward “mandatory authentication for online access.” Basically, proving who you are to use the web. That’s a fundamental change to how the internet has always worked.
It’s not just privacy, it’s a free speech chill
But the fallout goes way beyond data leaks. Look at what’s already happening in the UK. Reddit has had to age-gate communities focused on mental health support or news from conflict zones, like r/UkraineWarFootage. So now, an adult who needs support or wants uncensored news has to jump through a biometric hoop. That has a chilling effect. It quietly pushes legitimate content and communities into the shadows.
And the Australian model of a blanket ban for under-16s on social media? Experts like John Perrino are right to call it out. It cuts kids off from support networks and treats a 17-year-old the same as a 4-year-old. Is that really the goal? To keep them safe, or just to keep them off the internet entirely? It seems like a blunt instrument that causes more harm than good.
The VPN crackdown is deeply ironic
So people are reacting like you’d expect. They’re flocking to VPNs to protect their data and regain some control. But now, the very lawmakers pushing these privacy-invasive laws want to ban the tools that protect privacy. Proposals in the US want to block VPN traffic, and UK regulators are “monitoring” VPN use.
This is where the argument gets really twisted. As Christine Bannan from Proton points out, VPNs are the same technology that helps activists bypass censorship in authoritarian states. Now, in democracies, that tool is being framed as a “loophole” for dodging rules. The irony is thick. We’re undermining a critical security tool to enforce a system that makes us less secure. It’s a dangerous misunderstanding of what VPNs are for.
2026 looks like a tipping point
Now, this is all accelerating. Countries like Denmark and Malaysia are planning similar rules for 2026. The momentum is huge. So what happens next? The tech companies providing VPNs say they’re in talks with regulators, hoping to find a balance. But digital rights groups like the EFF are gearing up for legal battles.
I think Molly Buckley nailed it. We’re at a crucial moment to push back on the misconceptions. The goal should be smarter, more nuanced protection for kids that doesn’t sacrifice everyone’s privacy and freedom. If we don’t get this right, the anonymous, open web we grew up with might just be gone. And getting it back? That’s probably impossible.
