https://petition.parliament.uk/petitions/754408We call upon the UK Government to reject any calls or lobbying that propose to restrict or ban the use of virtual private networks ("VPNs") for children, because of the impact this would have on other VPN users.
An amendment agreed by the House of Lords proposes an addition to the Children's Wellbeing and Schools Bill: "Action to prohibit the provision of VPN services to children in the United Kingdom". The method and implementation would likely rely on 3rd-party facial scans or ID checks, which we believe are invasive. Thus, such a law would cause massive collateral damage for the millions of current users who rely on VPNs for privacy and security.
To enforce the ban, data on adult users would be collected through age verification.
The age verification process leaks unnecessary data to third-parties:
Age verification providers have been hacked:
A dating app for adults required users to submit their ID for their own safety. It was hacked and people were harassed:
https://www.idstrong.com/sentinel/tea-app-data-breach/ .
Billions of social security numbers have been stolen:
https://www.independent.co.uk/news/world/americas/social-security-number-data-breach-credit-fraud-b2646567.html .
A credit check company had their customer details stolen:
https://www.bleepingcomputer.com/news/security/700credit-data-breach-impacts-58-million-vehicle-dealership-customers/ .
There have been notable uk-specific data breaches and cyber-security incidents:
Personal sensitive data should not be collected. It has already been abused by bad actors. No one should never post their personal details online. You can and will be abused by it. Theft of personal sensitive data allows scammers to scam. Once data is online, it's online forever.
As a counter-proposal to age verification, I strongly suggest router controls and offline on-device controls. Neither require data collection. The settings are password/PIN protected.
Router controls are one of the methods that schools used to block unsuitable websites. They can also be taken advantage of at home. They prevent groups of websites being viewed. Parental controls on routers could be set up and enabled by default. It's common for details on how to access them on the router/hub itself or on a manual. There could also be government guidance on how to enable them.
Android devices have a feature called "Google Family Link":
https://www.internetmatters.org/parental-controls/smartphones-and-other-devices/android-smartphone/ . It enforces app limits, websites filtering, etc. Google Play has its own filtering for which apps can be installed:
https://www.internetmatters.org/parental-controls/entertainment-search-engines/google-play/ .
iPhones, iPads and Macs have a feature called "Screen Time". When enabled, the feature prevents age-inappropriate apps from being installed. Parents can select an age range for which apps can be installed. The feature can also be used limit how long children can spend on the phone/tablet. Further details are on
https://support.apple.com/en-gb/108806 and
https://support.apple.com/en-gb/guide/mac-help/mchl8490d51e/mac .
Windows has parental controls, though they require being signed in, rather than sticking offline:
https://www.internetmatters.org/parental-controls/smartphones-and-other-devices/windows-11-parental-controls/ . However, there are multiple alternatives that don't require account and are kept offline:
https://www.safetydetectives.com/best-parental-control/windows/ .
On Linux desktops, there are parental controls:
https://wiki.archlinux.org/title/Parental_control .
Parental controls let parents be parents. It isn't a government responsibility to restrict legal content that adults can choose to view.
Submitting personal sensitive data allows for abuse and scams that could have been prevented.