According to TechRadar, UK MPs used a scheduled debate on public opposition to the Online Safety Act to instead argue for stricter rules on Virtual Private Networks (VPNs). Conservative MP Peter Fortune and Labour MP Jim McMahon both pushed for examining VPN use, with McMahon suggesting VPN companies should be responsible for preventing children from evading age verification checks. In response, Digital Minister Ian Murray stated that regulator Ofcom is already monitoring VPN use and that the government “will not hesitate to go further if necessary.” This follows a move last week by UK Lords to table an amendment to another bill that would ban VPNs for children entirely, a proposal one VPN CEO called the “dumbest fix.” The debate signals a growing political willingness to regulate the security tools many Brits adopted after mandatory age verification was implemented in July.
The fundamental misunderstanding
Here’s the thing: this entire debate seems to rest on a massive, almost willful, misunderstanding of what a VPN is and does. A VPN is, at its core, a privacy tool. It encrypts your traffic and masks your IP address. Asking a VPN provider to verify the age of its users is like asking a manufacturer of window blinds to verify the age of everyone in a house before they close them. It completely negates the point. The moment a VPN service starts collecting and verifying identifiable user data—like a passport or driver’s license for age checks—it ceases to be a trusted privacy tool for a huge portion of its user base. And let’s be real, the evidence suggests most VPN users are adults seeking privacy, not kids trying to access porn.
A slippery slope to surveillance
So what would “going further” actually look like? The hints from MPs are chilling. Julia Lopez suggested age-gating “at the device level.” Think about that. That’s not regulating a service; that’s mandating backdoors in your phone or computer. It’s a move from regulating *access* to regulating *ownership and use* of general-purpose computing technology. And once that precedent is set, where does it stop? The technical reality is that any measure strong enough to reliably block a determined teenager from using a VPN would fundamentally break the internet‘s openness and deeply compromise device security for everyone. It’s the digital equivalent of tearing down the village to save it.
History shows this won’t work
Look, we’ve seen this movie before, and it always ends the same way. Governments try to build a digital wall. Tech-savvy users, including kids, find a way over, under, or around it. Remember the great firewall? The cat-and-mouse game never ends. All these proposals would do is punish legitimate users—journalists, activists, ordinary adults who value their privacy—while doing little to stop a kid with a search engine and 10 minutes of time. It would also cripple UK-based VPN providers, pushing users towards foreign-operated services that have zero interest in complying with UK law. Basically, it’s a policy that fails on its own terms while creating a host of new, worse problems.
The real target is privacy itself
Let’s not be naive. This isn’t just about protecting children. The Online Safety Act is a sprawling piece of legislation with huge surveillance and censorship powers. VPNs represent a glaring loophole in that control framework, from the government’s perspective. If you can’t see what people are doing online, you can’t regulate it. That’s the unspoken tension. The push to regulate VPNs feels less like a child safety measure and more like an attempt to close the last escape hatch for digital privacy. And once you start compromising the security of fundamental tools, you’re on a path that’s very hard to reverse. The question we should be asking isn’t “how do we stop VPNs?” It’s “why are so many people feeling the need to use them in the first place?”
