Pondering routing more of my traffic via nodes outside the UK
neilzone.co.uk71 points by ColinWright 6 days ago
71 points by ColinWright 6 days ago
Australia isn't different, but homelab is my jam so solutions were implemented :)
1. Nginx Proxmox LXC container with domains that require digital ID such as X. I can easily add or remove domains to it via Ansible.
2. Mullvad VPN server/client setup on OPNSense
3. OPNSense Firewall rules with aliases from the local lists from step 1
4. Every time I access X or whatever, OPNSense firewall rule redirects that traffic via the Mullvad VPN Gateway bypassing the digital ID enforcement
5. I host Pihole + Unbound recursive DNS so I have full control over my DNS. Recursive DNS uses the 13 root nameserver, I do not use public DNS such as Google or whatever, in fact, they are all blocked.
My data under my control.
When I tried implementing something like this at some point, I found it impossible to actually implement reliably because DNS resolution changes all the time.
Unless you dynamically add rules as you resolve DNS requests and before responding to them, which seems painful to pull off.
Or do you point DNS records for the relevant domains at a proxy server, and have that server inspect SNI, look up the actual DNS records, and then tunnel the traffic? But this would rely on SNI which isn't a requirement (although it's probably always there...).
>I do not use public DNS such as Google or whatever, in fact, they are all blocked.
Honestly surprised that works given Google loves to hardcode DNS queries using their DNS Resolver into many things (Google TV, Android, etc).
I'm assuming you are using NAT Redirection (Port 53), blocking DNS over TLS - DoT (TCP Port 853), using SNI FIltering to block DNS Over HTTP (DoH). Not sure how you handle Encrypted Client Hello.
>Honestly surprised that works given Google loves to hardcode DNS queries using their DNS Resolver into many things (Google TV, Android, etc).
My Samsung smartTV has Google DNS hardcoded in it, that is why I do what I do.
No matter if I set my phone DNS to Google, OPNSense NAT redirects any DNS to Piholes only, and since public DNS, DNS-over-TLS and DNS-over-HTTPS are blocked, only Piholes forward it to Unbound. Only Unbound can request DNS and OPNSense enforces that.
Unbound is recursive DNS with is own caching so everything happens localy, surfing the internet is insane fast.
As for the digital ID, the DNS happens locally but the traffic is forward to Mullvad VPN Gateway.
I don't wanna hide my traffic, I just don't wanna this mass survilance on my personal information. My social media accounts are burner, no real name, no photos, minimal apps installed on my GrapheneOS phone and I have a complete normal digital life without sharing my shit haha
> ..., DNS-over-HTTPS are blocked
Not trying to be facetious, but how do you know you are blocking them all? I thought one of the reasons for using DNS-over-HTTPS was to be able to avoid detection.
You aer mixing two things together, and popular misundertanding: You cant never truly hide your DNS requests, your ISP can still see the traffic.
There are plenty of videos showing how you can use WireShark within your network to identify packages flagged as DNS, no matter if DNS, DOT, DOH, they have identifiers making it easier to identify them by analysing the packages. You just need to know how.
If your ISP really wanna know what you are accessing, they can, DOH isn't VPN.
1. Icannot just block 443, I have an aliases with every known public DOT and DOH on OPNSense
2. The firewall blocks any requests to those IPs on port 443-DOH and 853-DOT
If I type on my browser 8.8.8.8:443, it does not work and OPNSense firewall log shows the block message, so DOT:853 and DOH:443 are fully blocked.
Side note, I do agree with under 16 being denied access to social media.
Spend 5 minutes on X, Instagram or even worse Snapchat for you to see what these minors are doing. A lot generation, all for likes.
GenZ is so cooked, by the time they reach their 30s, damn.
Gen Alpha being born within the digital and AI world is even more cooked.
I don't think social media is any healthier just because people are older, I'd rather just ban them outright.
And from what I remember of the coverage of the scientists presenting their case in the UK there wasn't enough evidence to say whether it had an impact on children.
Personally I think ipad as babysitter is more to blame, but until the proper studies are done it's all just speculation.
>Personally I think ipad as babysitter is more to blame, but until the proper studies are done it's all just speculation.
Proper study??
Look around us, kids are talking to ChatGPT instead of running, playing, instead of being kids.
Kids cannot speak and yet have a tablet to interact with, by adulthood those kids are cooked.
Teens at school can't read, they have been using ChatGPT to cheat exams. If somebody tells me that more study is required to prove what is right there in from of our eyes, that somebody is part of the problem, full stop!!
>Look around us, kids are talking to ChatGPT instead of running, playing, instead of being kids
Isn't that a symptom of other things? I'm an elder 'millenial' playing out was already decreasing when all we had was a nes and 4 channels on TV.
Unfortunately now we have to 'protect' kids from the dangers outside. Which necessarily means them spending time inside.
Millennials never spent like >6-8 hours a day on phones doing nothing productive.
Yes, as adults we now spend loads of time in our places of work on devices but generally in the pursuits of doing productive things.
And while I haven't looked up the stats, I don't feel like it's exceedingly more dangerous for kids to play outside today than it was back in the 00's, 90's, 90's etc. I just feel as though we're more aware of the dangers of what _could_ happen to kids - all of which is a facet of the media/social media pressure and scaremongering.
Plus there are still loads of feral kids allowed to roam around and be little shits anyway.
>Unfortunately now we have to 'protect' kids from the dangers outside. Which necessarily means them spending time inside.
That is the biggest bullsh1t of today's society, we aren't protecting the kids, it is the governments starting mass surveillance and before you call me a conspiracy theorist, looks what is happening world wide.
This is how it all started:
1. Australian activist group Collective Shout went after Steam +18 games to protect the kids
2. Steam ignored them so they used their political influence to go after Master/Visa/Paypal
3. Master/Visa/Paypal went after Steam which removed thousands of games bankrupting developers worldwide
4. UK pushed digital ID the following week, Collective Shout was the opportunity they all needed.
5. Countries worldwide followed suit
Mind you that same Collective Shout group supported a movie on Netflix showing kids being s*xual1zed.
People do not understand how serious this is, these services are now getting breached, your passport, photo, address, phone, etc, is all over the network.
Being victim of identity theft is the easiest thing in 2026, you trying to prove that you are you while somebody else being you is pulling your life apart.
I'm considering the same thing. I've done the "contact your MP" thing, but it's a waste of time. You just receive a pre-written letter from some minimum wage assistant (or maybe just a bot).
It's either that or I just consider the internet dead and move on. It's nothing like it was 20 years ago anyway. There are other things to do. Many books to read and places to go. We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
It’s hard to feel any enthusiasm for democracy watching things you disagree with being pushed through and having no power to stop it. I signed the petition to reverse the OSA and all we got was a canned response.
I’ve come to the conclusion the only thing you can really do is leave when you disagree with the direction of your country, but of course not everyone has the ability to do that.
This is what protest is for/about.
If enough people feel strongly about it to go onto the street and wave placards, that starts getting noticed and has to be acknowledged.
Of course, the UK (and others) have started making protests illegal, because they are doing things that we should feel strongly enough about to go and wave placards at them.
The problem I've found is that enough people don't feel strongly about it.
I've had plenty of conversations recently where people say "yeah, but social media is harming kids. Banning it is good". People broadly see the headline "think of the children" and think, "yup, let's protect children".
To me, there's all sorts of downsides - the death of small discussion forums, pushing interesting online experiences out of the reach of teenagers, the creeping surveillance and, worst of all, the complete end of the open internet (when inevitably it doesn't actually work). But most non-tech people just don't see that.
The currently in place age verificaton system is a joke. It's trivial to circumvent them - not just via VPN, but also because there's countless websites that just don't care. The social media ban will bring more of the same - and then they'll have to ban VPNs and bring in website firewalls.
Who wins? The established tech companies, who have big enough legal departments to comply with increasing red tape. How is a new social network going to legitimately compete with Facebook now?
But when I say all this to people I know, they just don't see it. Most people are not tech people.
100% agree.
And because I don't have kids, I'm presumed to not have any skin in the game - like the websites are not going to ask me my age or something.
> It’s hard to feel any enthusiasm for democracy watching things you disagree with being pushed through and having no power to stop it.
That often is democracy: what's popular isn't always what's best.
That's why democracy shouldn't be worshipped as the end-all be-all key to good government or good society. Or as Churchill put it, democracy is the worst form of government, except for all the others.
Freedom and liberty should be the foundations of a healthy society. Democracy should be reserved only for those things that must be decided collectively and universally enforced.
What kids do on their phones doesn't even come close. Let parents and vendors decide what their kids and customers can do. I've met plenty of well-adjusted kids who aren't on social media because their parents don't let them.
I find that many comments on this subject here don’t seem to consider that a majority (perhaps a large majority) of citizens in their nation support these policies
Because they don't understand the technology or the consequences.
When they do, they will change their mind (and probably protest loudly that they never wanted it in the first place).
See Brexit for a clear example.
But the argument I see is that the politicians are acting tyrannically against the desire of the voters.
some voters. The voters who actually understand the technology and the consequences
I do think people should consider trying a bit harder to change the opinions of their fellow citizens. Yes, this is a lot of work; yes, I've mostly delegated this myself by paying money to the Open Rights Group. But if you start from the position that everyone else is a newspaper-brainwashed idiot then of course it's going to look a bit dark.
I also think there's more of what I'd call "grassroots British libertarianism" than you'd expect. It's just in tension with Daily Mail-ism, often in the same people. They just don't want onerous rules applied to them.
Do you ever spend time thinking about your own opinions, or just other people's?
> consider the internet dead and move on. It's nothing like it was 20 years ago anyway. There are other things to do. Many books to read and places to go. We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
I'm pretty much at this stage too. The web/internet was a frontier like the Wild West. But those wild days are gone and are never coming back. Cyberspace has been settled.
The web is only a minuscule part of cyberspace. Once millions of people have an AI supercomputer running a graphical node at home in 3-10 years time, then cyberspace will finally start IMO. The web will look like a catalogue file in comparison.
Depends on your MP. I have received surprisingly detailed responses to some of my past letters.
If they can't be arsed to answer you, then you shouldn't be arsed to vote for them, at least in my opinion.
Yes definitely. I had one MP for 4 years that would personally reply at all hours. I was getting replies at 10pm. I felt the need to tell him off and turn his phone off. But the other 2 I've interacted with were useless.
>Many books to read and places to go
You cannot travel into the US without providing access to your Social Media accounts. Pretty likely you get denied if you say "I don't have social media".
Incorrect, I don't have social media and tell them as such, it's never an issue.
Are they asking? I know they said they would, it I’ve not seen reports of it happening
Good thing I left my abandoned facebook/twitter/instagram accounts undeleted a decade ago.
> We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
You can also recreate a smaller network and enjoy it as a silo, disconnected from the Internet, at times.
There's no need to be off the grid 24/7 to feel the relief.
It's deeply relaxing to pull the (Internet) plug (I do, literally, physically remove one ethernet cable from a switch right underneath my monitor and I've then got several machines happily communicating only on the LAN: no more Internet).
Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them (I bought a 3D printer for that: I had many things I needed to fix and I knew I'd be able to fix them properly by printing adequate parts). No need for the Internet to model, slice and 3D print.
Such an activity does feel like the computing of yore: it takes me back to a time when it was me and a 8-bit machine. Creating stuff "by code" (which now take physical form at home, which 11-years old me would have find utterly mindboggling btw).
> There are other things to do. Many books to read and places to go.
And hobbies. As a kid from the eighties I love cars from the late 80s/very early 90s: not much electronics, not spying on you. Sure they're a bit of gaz guzzlers but then half the fun is fixing stuff on them and the other half is talking about them with other enthusiasts: there's no need to drive 10 000 kilometers a year with those.
When you take time to disconnect a bit from the Internet, then I'd say when you're online (like I'm now) it all feels way more tolerable.
No need to go full luddite IMO but YMMV.
> It's deeply relaxing to pull the (Internet) plug (I do, literally, physically remove one ethernet cable from a switch right underneath my monitor and I've then got several machines happily communicating only on the LAN: no more Internet).
> Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them
Isn't California proposing to put you in jail for having a 3D printer without an internet connection to tattle on you and killswitch your printer if some unaccountable internet service decides you're printing something "bad"?
:sigh:
I've set up a socks5 "proxy multiplexer" that routes requests to different upstream proxies based on the request hostname. For example reddit routes via a VPS in Dublin, and imgur routes via Tor. I believe socks5 is the ideal layer to do the multiplexing at, for web traffic, because the request hostnames are visible to the multiplexer even if ECH/ESNI is in use. It was a oneshot vibecoded solution but it's been pretty solid thus far, so maybe I should open-source it.
I wrap the outbound sock5 traffic in mTLS, so it should look "normal" to anyone packet sniffing (not obvious proxy/VPN traffic), even though stealthiness isn't part of the threat model at the moment.
Perhaps consider putting it in public domain instead of using an "open source" license?
There's a decent legal ethical argument that LLM output isn't copyrightable, and for me a "one shot vibe code" definitely _isn't_ "your creative work", so the copyright that open source licenses rely on probably doesn't exist there.
I wonder if a new category of "non copyrighted shared source code" needs to exist for people who use Gan AUI to create genuinely useful software which would ne a net positive to society if shared, but that doesn't risk murkying the waters and undermining the copyright basis that licenses like GPL and Apache and BSD and MIT rely on?
If LLM output isn't copyrightable then it's already public domain, even if you say it isn't - if this is true you can just ignore the wishes of the person who thinks they're the copyright holder.
this. The whole licensing of software stands on copyright. If the content is already in the public domain because it was generated by an LLM (copyright only protects human works) then it can't be licensed.
However, there's no compunction to publish the generated code, even if it's public domain.
We end up in a strange nega-OSS world where all code can be used by anyone for any reason, if you can get your hands on it.
If you believe this, then this was always the case. LLM's only made it cheaper and more accesible.
Sorry I don't understand, what am I believing that has always been the case?
That you could reimplement a software and then be license free. Or did I read you wrong?
That's a separate thing. I mean, valid, and a good point to raise, but I wasn't raising it.
I was more talking about the weird space we're getting into where code is completely open, because it was generated and cannot have any copyright protection, but also unpublished, and so effectively proprietary. The opposite of OSS, where code is available but protected by copyright-based licenses.
That's true. You can write software that duplicates the functionality of existing software and by doing that you can evade the copyright of that software.
I don't believe in copyright, personally.
Whether you believe that copyright _should_ exist is quite different from whether it _actually_ exists and whether there are consequences due to the existence of copyright.
All "open source" licenses rely on copyright. If copyright did not exist, GPL and BSD and MIT (and all the other software license options, open and commercial) would be unenforceable.
(I'm less convinced that you seem to be about whether there arte any good reasons for copyright. I believe real "creative people" like authors and musicians and artists and film makers _should_ have a legally enforceable monopoly to control use of and to generate income from their creative work. That shouldn't be "Micky Mouse" effectively eternal control, but there should in my opinion be some legally protected "ownership" that a creator has where they can prevent other people copying/recreating/misusing/profiting from their creation. Whether this should ever have applied to softwares something for a more nuances discussion t6hat a website comment section...)
For browser traffic another alternative is proxy autoconfig scripts to put the proxy routing logic in JS.
I’m already using policy based routing on UniFi to send OSA censored websites, imgur for example, via Mullvad VPN - it works for the most part, but for any IPv6 websites it completely breaks as UniFi doesn’t support policy based routes for IPv6.
If the government blocks Mullvad then I’ll just switch to Wireguard on a Helsinki based VPS via Hetzner.
Surely it won't be long before every hyper scalar and even medium sized hosting companies ip address ranges will end up in the block lists for every "questionable" website that is feeling the "chilling effects" from these UK laws?
I used to run my own mail server back until about 2014 or 2015, end even then it was practically impossible to reliably send mail to any of the major email providers from and ip address from Linda/AWS/Hetzner/DigitalOcean et al. I'm pretty sure porn sites and unmoderated web forum type thing that have lawyers advising them will soon be blocking not just UK ip addresses, but the bulk of the easy to identify VPN services and VPS providers.
are you manually maintaining the list of 'OSA censored' sites? Sounds great, just I'm lazy :')
“The Net interprets censorship as damage and routes around it.”
-- John Gilmore (probably https://quoteinvestigator.com/2021/07/12/censor/)
There is no "Net" any more. There probably never was really. The internet protocols were designed for resilience from the start. A key to that is packet-switching over circuit-switching. But this thing we call the "internet" today? This thing where more and more nodes can't even speak directly to each other and nobody even cares (see IPv6)? This thing where 90% of traffic goes to a few large multinationals? It's not that. We have no resistance to censorship.
The problem is that the world is increasingly transitioning from the Internet to regional internet.
There are companies that have gotten very good at virtual border control while selling stuff to e. g. the chinese and russians that are allegedly in talks with the UK govt.
I have submitted this before, but for those maybe a bit uncomfortable with setting up a VPS to act as an exit node for Wireguard, my article covers most things:
https://psyonik.tech/posts/a-guide-for-wireguard-vpn-setup-w...
For this particular use case, I would probably suggest something like OVH/Scaleway as they have nodes in France so physical distance between UK and "somewhere else" is low which will affect latency. If you're willing to wait longer and go further, I recommend Infomaniak (Switzerland - they have nodes in Geneva I think/Zurich). Hetzner (a crow favorite) hasn't been that good for me while I was in the UK, I was getting dropped packets even after switching a few VPSes, but might've just been something temporary.
The camp who think VPNs and Tor are a solution to government policies feel like disinformation at times.
VPNs are trivial to ban, the IP space is well known, Wireguard is easily to fingerprint and block.
It will be a cat and mouse game, if the government looses this they'll simply make it illegal to be caught using a VPN including Tor. Which is on the table.
The only way this changes is a less crap party, but almost all including Reform are in favour of more censorship.
Really?
https://www.theguardian.com/politics/2025/jul/28/reform-uk-v...
https://www.msn.com/en-gb/news/uknews/reform-pledges-to-scra...
https://www.independent.co.uk/news/uk/home-news/nigel-farage...
Zia Yusuf : "... criticised sections of the legislation that allow ministers to direct regulator Ofcom to modify its rules setting out how companies can comply with requirements to crack down on illegal or harmful content, saying it was “the sort of thing that I think (Chinese president) Xi Jinping himself would blush at the concept of”."
And the more radical Restore say this:
They aren't the solution to bad policy but they are an unfortunately necessary part of regular internet use now.
> And so, for the first time, I am considering locating something (perhaps a WireGuard node, or a SOCKS proxy, or a recursive DNS server / DNS proxy, or perhaps all of them) somewhere on the Internet outside the UK, so that I can route some traffic through that, as needed, to maintain my access to the web.
Good luck, it will probably impossible as admins fed up with AI scraper bots increasingly choose to outright blanket ban anything not being a residential or business line. There's a reason why there are so many "ethically sourced proxies" aka people installing software on their smart TVs and whatnot that comes with an "monetization SDK" by one of the numerous VPN providers. That's the dirty secret behind a lot of the "bypass youtube/netflix/whatever region lock" VPNs.
What's dirty about it?
Companies tell their customers (i.e. people who wish to bypass streaming service region restrictions) that they "ethically source IP addresses". The people who provide the IP addresses (i.e. people installing f2p games on their phones or smart TVs that come with the VPN exit gateway SDK) don't know that, because no one reads the T&C.
In the end, both are deceived. The customer thinks there are no ethical issues attached to their VPN provider, the ones whose IP addresses get abused don't even know what's going on.
Been using a VPN on my phone and PC for 20 years. Always use non-UK exit points
I route a bunch of mine via a proxy server of my own that is hosted outside the EU. This gives me access to Japanese websites and other things.
> In the name of “online safety”, the fundamental rights of both freedom of expression and privacy appear to be under imminent threat.
The current UK government don't actually care about children, if they did then they would actually investigate the child SA gangs, or holding people to account on the Epstein lists. We have seen other countries such as Australia [1] "magically" have the same idea at the same time, so this is likely a global group influencing this push.
> The current proposal to ban people under 16 - who also have the rights to freedom of expression and privacy - from some (as yet not fully delineated) social media services is likely to result in wide-spread verification.
This is the real objective, it will be just like the UK porn verification [2]. To express yourself online, you will soon need to associate your activity with your real identity. With the discussion of clamping down on VPNs, it won't be long before you need to verify your ID just to connect to the internet.
This has been a long time coming. Years ago you could buy a sim card with money already on it, use it, and then throw it away. Now you need to associate some credit card or ID with the sim card and perform some verification process.
> And so, for the first time, I am considering locating something (perhaps a WireGuard node, or a SOCKS proxy, or a recursive DNS server / DNS proxy, or perhaps all of them) somewhere on the Internet outside the UK, so that I can route some traffic through that, as needed, to maintain my access to the web.
It won't be enough. At some point the UK government will just mandate that they should be allowed to perform deep packet inspection, and then there will be nowhere left to hide. These changes are also being rolled out everywhere - which Country do you trust to run your data through?
I remember the New Zealand Christchurch attack on a mosque, and how multiple governments around the world pressured Facebook to remove it entirely [3]. They were more worried about people seeing and sharing the attack, than the attack itself. The manifesto was entirely banned [4], and people were left entirely dependent on the state to convey a narrative about the attack.
I have a feeling that this all fell out of the "Christchurch Call" [5]. I don't think this recent push spearheaded by them, but I believe it had a large influence on the efforts now ongoing.
[1] https://www.bbc.com/news/articles/cwyp9d3ddqyo
[2] https://www.ofcom.org.uk/online-safety/protecting-children/a...
[3] https://www.bbc.co.uk/news/business-47620519
[4] https://www.theguardian.com/world/2019/mar/24/censor-bans-ma...
I agree with everything you have said. I feel so very, very blessed to have had the experience of this world developing that I have had - from my first 300bps BBS connection at probably around age 8 or 9, through 28.8, 56K, ISDN, DSL & up to the gigabit fibre I type this from, I have always from basically from day 1 communicated with other people over a network. It's almost as intrinsic to my being as actual speech at this point. Maybe even more so on many days. But where we are now and headed to, is just so very, very wrong. It's so wrong it shouldn't even need explanation.
I've seen and experienced all manner of things the state would deem verboten, especially for younger eyes, whether it be the anarchists cookbook sparking my enthusiasm for chemistry and engineering, warez igniting my love of software development or the inescapable porn, memes, and other shit that's filled my screen for decade after decade. I've managed to make it through unscathed, dare I say even somewhat publicly respectable... I'd vote for my kids and any others having my childhood over the toxic stazi-esque nightmare we seem to currently find ourselves in. I LOVED my childhood growing up with the internet, CD-R's, Napster, etc. it inspired me & helped create the life I live today, but now all the kids using tech just look like methed out zombies.
It's also really funny reflecting on this & realising how very little I ever used or valued anything like Facebook, Instagram, etc. whereas things like BBS's, IRC, Discord, Telegram, etc. with random strangers and some shared interests is where I've always felt at home.
So many of the outrageous things the UK government is doing, which seem most inexplicable, can be explained by one simple principle - successive governments over the last 30 years have turned this nation into a tinderbox, the purpose of the state and the judiciary in particular has become singular in its effort to prevent a spark from igniting the whole thing. Though they will become ever more authoritarian and tyrannical in their efforts, defenders dilemma applies - eventually, inevitably, they will fail and all hell will break loose. Plan accordingly.
From a UK politics perspective I don't really get this.
New labour certainly have an authoritarian streak. I remember when they tried to introduce ID cards but there was a load of push back. But they are also somewhat friendlier to 'the youf' but this seems squarely aimed at the Daily Mail brigade.
It just seems like they're trying to out conservative, the Conservatives.
Maybe I'm trying to make sense out of something that isn't?
Publishing under a throwaway account for obvious reasons.
I've felt this slide in the UK for a long period of time. I route _all_ of my traffic through Mullvad with DAITA [1] because I think it's the only the likes of chaffing and winnowing [2] that can defeat traffic analysis. The endpoint changes. I have a high-end SBC router. For the moment, I do not obsfucate the fact that the tunnels exist and are wireguard. Mullvad can disguise them effectively with QUIC / SNI obsfucation, or even vless / xray / vmess. They're quite good at that.
I also have an Amsterdam VPS and it runs wireguard. My phone has a wireguard client to it. It's a reputable VPS provider from a major cloud hosting company. It has a reverse WG tunnel to my house not through mullvad (I have a public IPv6 address range, but not IPv4); my phone (and partner, friends etc phones) get access to my local servers and resources and then all traffic goes out anonymously through mullvad. I also have another VPS, paid for in cryptocurrency (XMR) that I mine in the winter (the waste heat is cheaper than gas heating where I live, if you assume the compute is paid for...). This acts as a port forwarding host and it connects via another WG tunnel or two to my server, doing tunnel-in-tunnel, but essentially is a reverse proxy host.
I naturally run a recursive resolver _and_ dnscrypt on the ISP connection for bootstrapping.
This gives me _some_ degree of anonymity, I feel, online: I've inspected the traffic going through the ISP router and you see remarkably little, especially with QUIC SNI spoofing turned on. The volume of traffic is quite large and probably idiosyncratic – the endpoints are known – which is the biggest problem amongst all of this. But I have _privacy_ and for me that matters a lot.
I think this age verification, KYC, show your faces stuff is organised internationally on two very simple predicates:
1) Disinformation or political interference provided by Russia and possibly China have affected national election results in many democracies (Brexit, likely Trump, probably more). Controlling the narrative is increasingly viewed as absolutely required by the political class. This is difficult with social media, and strong identity verification makes it more obvious where at least your enemies are.
2) Online actions are increasingly having real world consequences and the establishment wants to be able to more easily _punish_ those people who have broken "the law". This is related to, but distinct from, point 1. There are plenty of examples of this in the UK – but more widely spread worldwide. Having strong identity verification makes it easy to catch people, and if you do that enough, change behaviour (the single biggest determinant of which is shortening the time between "offending" and being caught).
Minor points I think behind this are:
1) A fear of a large-scale war and worries about information security, population influence, and associated military shadowy figures saying things
2) A fear (or fact) of encryption making any sort of content dragnet much harder. Most large web presences undoubtedly have backdoors but genuine p2p without exposed metadata is a fear of the spook community because they kill people on the basis of metadata and machine learning state-of-the-art...as it was in 2014 [3] -- I am sure they do the same now. The reason for metadata is that it is accessible, by design, everywhere. VPN ± tor usage is probably ubiquitous amongst some genuinely bad actors, and they will have spent considerable resources being able to unmask those actors. Depending on the technique, it may genuinely make it much harder if there is a large fraction of the population actually using those tools.
3) Some genuine transnational rise in avoidable harm, like CSAM; some genuine transnational rise in political harms, like the (oft-religious) right.
[1] https://mullvad.net/en/vpn/daita [2] https://en.wikipedia.org/wiki/Chaffing_and_winnowing [3] https://arstechnica.com/information-technology/2016/02/the-n...
"people under 16", you mean children right?
"who also have the rights to freedom of expression and privacy", plenty of outlets for people to be expressive in the UK (more so than in the US for example, where the right wing will obviously attack any social media restrictions) that don't involve being fed junk divisive content from mainly US tech companies.
Privacy != anonymity.
Feel free to route your traffic via Wireguard. As long as it is not setup as a service for the mass evasion of age gates by children.
Nice try ! But the fact that the solution to protecting children comes with the maximum boost of government powers in the online world (across the set of all possible ways to protect children) is not a coincidence.
> Privacy != anonymity.
Exactly. You can have your own misgivings about the UK government at home, in private, and share them with no-one. Or you can share them on the online public square, knowing the UK government will know exactly who wrote them. Good thing they never abuse their power of prosecution!
The government literally doesn't prosecute anyone.
It is done by the CPS, which operates independently of government and the police.
If I were a betting man I'd place a bet that you are further misinformed about the prosecutions you believe are happening and why. But I am not.
> It is done by the CPS, which operates independently of government and the police.
I should have written "state", not "government", you're right. Does that change anything? But, article 35 of the Chinese constitution guarantees their citizens freedom of speech and of the press. You're beyond naive if you believe they're independent.
> If I were a betting man I'd place a bet that you are further misinformed about the prosecutions you believe are happening and why.
UK politicians admitted the Online Safety Act was: “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse” - https://archive.md/2025.08.13-190800/https://www.thetimes.co...
Even viewing "terrorist" material carries a potential 15 YEAR jail term: https://www.bbc.com/news/uk-41479620
It's OK to be white and similar stickers landed a man in jail: https://www.bbc.com/news/articles/c51zn2l33r9o
https://www.spiked-online.com/2024/03/04/the-tyrannical-jail...
I don't know how much worse you need it to be.
I really do not know how to respond to this and it’s not because your critique is devastating.
The government literally doesn't prosecute anyone. It is done by the CPS, which the Prime Minister, Kier Starmer, was head of from 2007 to 2013.
> "people under 16", you mean children right?
They're still people, don't be weird.
> Privacy != anonymity.
In practice, if you lose one, then you also lose the other.
In practice, they are not the same and therefore, you are not losing anything by giving up the other.
Privacy: Not having your phone's app collecting all sort of information. Why does an album app wanna access your phone, contacts, geo location???
Why do I need to provide a personal document to have access to X?? Some posts won't show if I don't install X App and provide a digital ID which I don't do thanks to OPNSense.
Anonymity: You shouldn't be on the internet in the first place, everything you do and post stays here forever.
Even if you are using burner accounts, if you commit a digital crime, you can be tracked, full stop.
People are using VPN expecting to become "anonym", that is not what it is for.