The UK has seen a steep rise in VPN usage following the enforcement of the Online Safety Act.
On 25 July, Ofcom began implementing new age-verification rules designed to keep children away from adult content. In response, many users started using VPNs. Traffic spiked. So did downloads.
Researchers at vpnMentor tracked a whopping 6,430% increase in VPN demand in the hours after the law came into effect.
“It remained as such for almost two hours before it started dropping at the end of the day, but with spikes of 900% up to 4000% the following days,” researchers said.
Several VPN providers found themselves in the UK App Store’s top ten. Five, to be precise. ProtonVPN reported a 1,400% jump in signups. Our figures were higher.
The Law, in Brief
The Online Safety Act puts the burden of protection on platforms. Adult sites, social media platforms, and search engines that host or surface adult content must verify user age. This includes services like Reddit, Instagram, OnlyFans, and gaming networks like Xbox and PlayStation.
To comply, many have looked to third-party age verification services. Yoti and Persona are the most popular. Some check government-issued ID, while others use facial analysis or banking records. Ofcom has approved a range of methods.
The penalties are eye-watering: fines of up to £18 million or 10% of global turnover, whichever is higher. There are also temporary service bans, criminal charges for senior managers who ignore enforcement notices.
Public Pushback
In practice, these checks have been met with resistance. The law is designed to protect children, but it also asks adults to hand over sensitive data to third parties. This includes facial images, identity documents, and payment information. It’s no surprise that many users are not comfortable with that.
VPNs offer a simple alternative: they mask a user’s location and prevent sites from enforcing local restrictions. This has made them an attractive choice for those unwilling to comply with the new checks.
Risks on Both Sides
Verification systems are not without risk. Some methods are prone to errors. Facial analysis may misjudge age. Email-based checks can be spoofed. False positives can lock out legitimate users. Worse, storing biometric data introduces long-term security concerns. A breach could have lasting consequences.
VPNs, too, are not without issues. “Throughout the years, we’ve been covering different incidents that highlight the dangers of using unreliable VPN services. For instance, VPN-related data breaches have exposed hundreds of millions of records of sensitive information, such as email addresses, passwords, payment details, and personal device data,”
Researchers added that vpnMentor has covered multiple data leaks involving low-quality providers. “In some cases, records included names, emails, browsing history, and device metadata.”
When selecting a VPN, users should consider the basics:
- Strong encryption
- A no-logs policy
- A kill switch to block traffic if the connection drops
- DNS leak protection
These features help protect privacy but are not a cure-all.
A Tension That Won’t Disappear
While the Online Safety Act addresses a real problem (children are too easily exposed to harmful content) the way the law is enforced matters. Once trust is lost, it is hard to rebuild.
This is not the first time legislation has led to a VPN surge and it certainly won’t be the last. People will protect their privacy when they feel it is threatened, even when the law is well-intentioned.
vpnMentor says it does not encourage or condone unlawful use of VPNs, and users should understand their local laws and act accordingly.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.