UK web surfers warned of cyber security risks following new Online Safety Act
Introduced this month, the Online Safety Act is focused on blocking access to adult material online. The legislation requires all users wanting to access particular sites to enter their information in order to prove their age.
Communications regulator Ofcom claims the policy will drastically reduce the number of children accessing inappropriate content. "This is a significant change to how adults in the UK access pornography, and is a key step in helping to protect children from harmful content when they're online," Ofcom said in a recent statement.
READ MORE: HMP Dovegate name inmate tragically found dead this morning
READ MORE: Student entrepreneur running business from bedroom makes £788k made-up VAT claim
But - although the bill is aimed at children - numerous adults have criticised the legislation. Sceptics have argued they do not want to provide personal details such as names, email addresses and financial information in order to access adult platforms.
Additionally, specialists have expressed worries that this mandate could leave people more vulnerable to online criminal activity, with scammers potentially looking to capitalise on the fresh verification system. Jake Moore, Global Cybersecurity Advisor at ESET, explained: "There are still details of the act that are missing that could even pose significant privacy and security risks by collecting data such as ID uploads and financial information."
As reported by Express.co.uk, the introduction of the act has sparked a surge in the use of Virtual Private Networks (VPNs), which conceal users' online activity and can mislead websites into believing a computer is located in another country. A VPN provider has reported a significant surge in UK downloads, with these apps currently dominating the top spots on app stores.
While it may appear to be a straightforward solution, downloading and using a VPN can carry certain dangers, particularly when searching for free versions. The web is awash with sites offering VPN services at no cost, but such deals are frequently too good to be true.
"One of the primary concerns with free VPNs online is that they may not have robust security features," the EC-Council University said. "Many free VPN providers lack the resources to develop and maintain strong security protocols, leaving their users vulnerable to cyber threats such as malware, hacking, and phishing.
"Free VPNs need to generate revenue, and they often do this by logging and selling users' data to third-party advertisers. These VPN providers may log your browsing history, online activity, and personal information and then sell it to advertisers, compromising your online privacy."
Prior to considering downloading a VPN, it's essential to carry out comprehensive research and verify that any software you install is entirely safe. "We understand the temptation of having a secure online connection for free," the Mozilla team stated.
"It's important that you know, however, that the risks of free VPNs may make you think twice about that free price tag. When VPNs are offered to users for free, that means that providers have to gain revenue in another way."
Following the implementation of the Online Safety Act, a petition has been created urging the Government to abolish it. At the time of writing, it had attracted more than 423,000 signatures.
The petition stated: "We believe that the scope of the Online Safety act is far broader and restrictive than is necessary in a free society. For instance, the definitions in Part 2 covers online hobby forums, which we think do not have the resource to comply with the act and so are shutting down instead.
"We think that Parliament should repeal the act and work towards producing proportionate legislation rather than risking clamping down on civil society talking about trains, football, video games or even hamsters because it can't deal with individual bad faith actors."
Should a petition reach 100,000 signatures, it must be considered for parliamentary debate.
Get daily headlines and breaking news emailed to you - it's FREE
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tom's Guide
17 hours ago
- Tom's Guide
It's not surprising that the Online Safety Act doesn't cover personal data safety
On July 25, 2025, the Online Safety Act (OSA) went into effect in the UK, requiring sites hosting adult content and social media platforms to verify users' ages before allowing them to access adult content. With age verification techniques including supplying personal/sensitive information to these sites or platforms (e.g. photo ID, a face scan, credit card information, email address or phone number), many UK residents have turned to using the best VPNs to circumvent the ban. Concerns about the integrity of the third parties employed by sites or platforms have been raised, with many worried that their sensitive personal information will be stored, shared or even used to train AI models. However, many of these concerns have not been addressed by the UK government, with the focus being on the Online Safety Act's enforcement. NordVPN: our top-rated VPN overallFrom our testing, we consider NordVPN to be the best VPN for most people. This is down to its rock-solid security and privacy, excellent speeds and great unblocking performance. Prices start from £2.31 / $2.91 per month for a two-year subscription, which includes an exclusive four months free for Tom's Guide readers. Plus, you can get an Amazon gift card worth up to £50 / $50 if you sign up for NordVPN's Plus or Complete memberships. A 30-day money-back guarantee applies to all subscriptions. While this may be concerning to many UK citizens who do not want their personal information to be shared or stolen, and are worried about the potential ramifications of a data breach or leak of an age verification platform, it's not necessarily surprising that personal data safety hasn't been considered in the OSA. In May 2024, it was revealed that nearly 70% of UK MPs had had their personal information leaked on the dark web, including personal and login information. MP's email addresses were exposed 2,110 times, with some MPs targeted up to 30 times, and over 200 plain-text passwords were also leaked. The most common cause for these information leaks were hacks or breaches of companies that MPs had signed up for using their parliamentary email – including Adobe, Dropbox and LinkedIn. This is incredibly poor cybersecurity practice, as the leaks demonstrate – if the MPs had reused the same login information for any other account, it would be easily accessible. Even MPs who were on committees dedicated to looking after the cybersecurity of the UK had their personal data leaked, which is concerning considering the fact that you would expect them to have much more rigorous and robust data security practices. However, it does make it less surprising that the Online Safety Act does not include any requirements for businesses to ensure that users' personal data is kept secure. It appears as though this simply hasn't been considered. Additionally, with MPs like the Secretary of State for Science, Innovation and Technology Peter Kyle making inflammatory statements regarding pushback to the act – he posted on X that those who oppose it are "on the side of predators" – it appears that the government is far more concerned with the enforcement of age verification than ensuring that the sensitive information used for this is kept safe. The Online Safety Act does lay out guidelines for the age verification checks themselves, namely that they must be "technically accurate, robust, reliable and fair," but this doesn't mention anything about them being secure. By not outlining any guidelines for these age verification checks, it means that sites and platforms do not have to use secure third parties. While many are choosing to – for example, Reddit has employed the use of Persona, which deletes all user information within 7 days, and Spotify has employed the use of Yoti, which deletes user data immediately – this offers little reassurance that this will be the case for most other sites. The only statement regarding personal data safety has been from OFCOM, who shortly addressed data security and privacy concerns in an article on the Online Safety Act and what users need to know about it. OFCOM stated: "Strong age checks can be done effectively, safely, and in a way that protects your privacy. As with everything you do online, you should exercise a degree of caution and judgement when giving over personal information. "Data protection in the UK is regulated and enforced by the Information Commissioner's Office (ICO). We work closely with the ICO and where we have concerns that a provider has not complied with data protection law, we may refer the matter to the ICO. "In the UK people are familiar with having to prove their age in the offline world to buy age-restricted goods like alcohol and tobacco. Age checks to access [mature content] are just the same. It will help stop children from encountering [mature content] online, in the same way that a child should not be able to simply walk into a shop and buy a [NSFW] DVD or magazine." In this statement, the onus is on the end user to make sure their personal data is kept safe, rather than having the Online Safety Act require that the age verification techniques must be secure in the first place. Additionally, providing an ID card to a shop assistant, bouncer or bartender is incredibly different to taking a picture of your ID or scanning your face, especially when there is no guarantee that this information will be deleted. After all, a shop assistant would not take a photocopy of your ID and then hang onto it for an unspecified amount of time afterwards. However, there is some comfort to come from the fact that third-party age verification services will have to follow UK-based data regulations. Under the General Data Protection Regulations in the UK, personal data can only be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed." Essentially, this means that data should not be retained when it is no longer needed. While this could technically mean that age verification companies delete user data once their age has been verified – for example, Spotify's age verification partner, Yoti, does this – this may not be the case for all age verification services. Additionally, the statement that OFCOM "may" refer companies to the ICO if they have sufficient concerns that an age verification company has not complied with GDPR does not quite feel good enough when people's faces and sensitive information are at risk. Overall, while many companies do appear to be putting secure age verification checks in place, the concerns about personal data raised by the OSA are not unfounded. Hopefully there will be more guidance released regarding the safety and security of UK citizens' personal data in the coming weeks. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
WIRED
a day ago
- WIRED
Google Will Use AI to Guess People's Ages Based on Search History
Aug 2, 2025 6:30 AM Plus: A former top US cyber official loses her new job due to political backlash, Congress is rushing through a bill to censor lawmakers' personal information online, and more. Photo-Illustration:Last week, the United Kingdom began requiring residents to verify their ages before accessing online pornography and other adult content, all in the name of protecting children. Almost immediately, things did not go as planned—although, they did go as expected. As experts predicted, UK residents began downloading virtual private networks (VPNs) en masse, allowing them to circumvent age verification, which can require users to upload their government IDs, by making it look like they're in a different country. The UK's Online Safety Act is just one part of a wave of age-verification efforts around the world. And while these laws may keep some kids from accessing adult content, some experts warn that they also create security and privacy risks for everyone. Russia's state-backed hacking group Turla is known for its bold, creative attacks, such as masking their communications via satellite or piggybacking on other hackers' attacks to avoid detection. The group, which is part of the Russian FSB intelligence agency, is now using its access to the country's internet providers to trick foreign officials into downloading spyware that breaks encryption, allowing Turla's hackers to access their private information. And that's not all. Each week, we round up the security and privacy news we didn't cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. Google Will Start Estimating Your Age Based on Browsing Data Google is rolling out an AI-powered age-estimation system to apply content protections to Search and YouTube, even for users who haven't provided their age. The system is launching in the EU, where digital safety regulations mandate that platforms take steps to protect minors from potentially harmful content. Instead of relying solely on user-input data, Google says it will infer age using a 'variety of signals' and other metadata to determine if a user should be shown restricted results. Privacy advocates say the move risks inaccuracies and raises questions about transparency and consent. Google claims the changes align with regulatory expectations and will help protect younger users from inappropriate content. Still, the idea that platforms can algorithmically infer personal traits like age—and restrict content based solely on those assumptions—adds a new wrinkle to long-standing debates over moderation, censorship, and digital privacy. Army Revokes Former CISA Director's West Point Appointment After Political Backlash Just 24 hours after naming Jen Easterly as West Point's Distinguished Chair in Social Sciences, the Army rescinded the appointment following far-right criticism. The former Cybersecurity and Infrastructure Security Agency (CISA) director and academy alum had been lauded for her decades of service. But backlash erupted online after activist Laura Loomer claimed Easterly had ties to the Biden-era Disinformation Governance Board. Nina Jankowicz, who served as executive director of the board, denied having worked with Easterly in a post on BlueSky, calling the episode yet another example of how we're all living in 'the stupidest timeline.' Nevertheless, Army secretary Dan Driscoll canceled Easterly's contract and ordered a full review of West Point's hiring policies. The Army also suspended the practice of allowing outside groups to help select faculty. The reversal marks the second high-profile clash involving former CISA leaders and political pressure following Donald Trump's revocation of Chris Krebs' security clearance earlier this year. Congress Fast-Tracks Bill Letting Lawmakers Censor Info About Their Homes and Travel A bipartisan bill from US senators Amy Klobuchar and Ted Cruz could let lawmakers demand the removal of online posts showing their home addresses or travel plans, Rolling Stone reports. The proposal, which could pass by unanimous consent, is framed as a response to growing threats against public officials—especially after the assassination of Minnesota legislator Melissa Hortman last month. Watchdogs joined dozens of media outlets in warning that the bill could chill reporting and enable selective censorship. While the legislation includes a nominal exemption for journalists, critics say it remains vague enough to allow members of Congress to sue outlets or demand takedowns of legitimate news stories. 'The Cruz-Klobuchar bill would not provide [lawmakers] the protection they seek but would create a powerful new tool that would result in censorship of public discussion and press accountability for their actions,' Daniel Schuman of the American Governance Institute told Rolling Stone. He urged Congress to go 'back to the drawing board' and try crafting a bill that protects all Americans' privacy 'without undermining accountability for public officials.' Google Bug Let People Quietly Censor Articles From Search An alarming vulnerability in Google's Refresh Outdated Content tool allowed bad actors to selectively scrub individual URLs from search results, 404 Media reports. And there was no hacking required. Journalist Jack Poulson discovered the bug when two of his investigative pieces, including one about a tech CEO's domestic violence arrest, vanished from Google, even when searched by exact title in quotes. The exploit involved repeatedly submitting URLs with minor capitalization tweaks. This reportedly confused Google's indexing engine, which responded by de-listing not just the altered URLs but the original live articles too. Google confirmed the flaw and quietly rolled out a fix, saying it impacted only a 'tiny fraction of web pages.' Free press advocates warn the vulnerability could've enabled targeted, silent censorship, especially by powerful actors using reputation management tactics. 'If your article doesn't appear in Google search results,' Poulson said, 'in many ways it just doesn't exist.'
Yahoo
a day ago
- Yahoo
Trustless VPN signups surge as UK Online Safety Act sparks privacy rush
Signups for virtual private networks, or VPNs, are surging after new provisions from the UK's Online Safety Act that enforce age and identity checks and require sites to block certain content for UK users came into effect last week. So-called trustless or decentralised VPNs that tap into blockchain technology are benefitting too, despite stiff competition from more mainstream products. 'Traffic does seem to be increasing, and users from the UK are increasing,' Harry Halpin, CEO of Nym Technologies, the firm behind NymVPN, told DL News. Spokespeople from two other trustless VPNs told DL News they've also seen an uptick in signups and traffic since the UK's new rules came into effect on July 25. What are VPN? VPNs are software that encrypt users' internet traffic, making their browsing history and location harder to trace. They allow users to access websites blocked in the UK and dodge identity checks. Their increased use comes as UK residents push back against the Online Safety Act. The act is meant to protect children by blocking access to websites that contain material harmful to them, such as porn sites. Web users can remove the blocks by providing sites documents such as bank statements or passports to verifying their age and identity. But critics say the rules are being applied too broadly and that even adults are struggling to access legal content. Others argue that the blocks do little to protect children as they are easily circumvented using VPNs, and the mandatory age and identity checks threaten users' privacy. No control Trustless or decentralised VPNs advertise themselves as a more private and secure alternative to commercial VPNs. 'Most commercial VPN providers are centralised,' Halpin said. 'Centralised VPN providers can actually directly see all of your internet traffic, even if they claim to use encryption.' Several commercial VPN companies that say they don't log user activity have been caught doing so. This is a problem, Halpin said, because it means those VPNs can easily hand over their users' data to authorities should they request it, or lose the data in a hack. Decentralised VPNs, on the other hand, operate similarly to blockchains in that they are made up of a network of distributed nodes. Proponents claim this means they cannot collect or log users' data, even if they wanted to. 'There is no central point of control,' Freqnik, a pseudonymous core developer at Meile dVPN, told DL News. 'Decentralised VPNs reduce the trust barrier.' Many decentralised or trustless VPNs leverage blockchain technology. Meile dVPN uses Sentinel, a decentralised blockchain marketplace where anyone can buy and sell internet bandwidth. Others, like NymVPN, let users pay for their services with privacy-preserving crypto like Monero and Zcash. Downsides Yet there are downsides to the enhanced privacy. 'With great freedom comes great responsibility,' Freqnik said. 'Any decentralised network, whether it be blockchain or peer-to-peer connections, is prone to bad actors.' Meile says it solves this issue by assigning nodes on its network a score based on the quality of service they provide. Some users also worry that decentralised VPNs won't be as performant as their centralised counterparts. According to Halpin, the extra level of anonymity NymVPN provides does slow it down. He said the speed is enough for instant messages and cryptocurrency transactions, and that Nym also offers a faster, less anonymous version of its VPN. For privacy diehards, these downsides likely aren't an issue. But for more casual users it might be a hard sell. After all, commercial VPNs do just as good a job of helping users bypass website blocks, the main reason users are flocking to the software. 'From what we can tell, centralised VPNs seem to be benefiting the most,' Freqnik said. 'Decentralised VPNs are still under the radar.' Tim Craig is DL News' Edinburgh-based DeFi Correspondent. Reach out with tips at tim@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
