Britain's plans to control internet use

Posted in Opinion on 2026-06-28

If you’re reading this article long after it was written, it may surprise you to learn that it was once commonplace to sign up to a website with nothing more than an email address and password. Most websites did not require login at all, at least for read-only, and a few even allowed anonymous posting. It was the norm for fully thirty years.

Around 2026, various national governments began enacting laws mandating citizens to supply government ID before posting online, downloading software, and various other common uses of an electronic device. At first they marketed this as protecting children, but it very quickly became clear that it was just the vanguard for a much deeper system of government censorship and control.

Background

Like many countries, the United Kingdom sought a way to prevent minors from encountering adult content online. Legal precedent made it unreasonable to ban adult content entirely, and banning children from the internet entirely would be highly impractical.

The solution was to place a barrier between the children and the adult content. Since the beginning of the World Wide Web in the 1990s, the location of that barrier was naturally the kid’s electronic device—parental controls, in other words. It has the best insight into everything the user is doing and the most power to constrain it, all without unnecessarily leaking private information to a third party.

Parents already had a well-established responsibility for their children’s access to media, and this was just an extension of that into the electronic space. By the 2020s, parental controls were so well-trusted that Generation Alpha were nicknamed the iPad kids, and were widely trusted with unsupervised internet access.

In the UK, an additional layer of parental controls was installed at the ISP level in 2013, and soon after it was enabled by default. This was a mild annoyance to adults who had no young children, given that only 42.3% of families had dependent children (source: ONS). Still, it was easily switched off by adult billpayers in families without children; for those who did, it gave the British children the safest internet experience.

The War of Independence

The third possible place to install parental controls was on the web itself. This is largely impractical for several reasons. Critically, most websites, including most adult websites, are located outside of UK legal jurisdiction, and not subject to taxes or fines imposed by Britain—America famously once fought a war over this, and won.

This would not stop the British government from trying. In a 2016 parliamentary debate,

Conservative MP Kit Malthouse complained that his internet speeds slowed in the evenings, for which he blamed other customers clogging up the tubes with gaming and pornography. He claimed to believe that none of the the existing parental controls were effective, and demanded ID verification, on the premise that gambling sites already fulfilled similar requirements. While he believed these ID checks should be at the ISP level, since extra-territorial enforcement against the sites themselves would prove impractical, others in his party insisted on trying the latter.

In the House of Lords in 2017, Conservative peer Lord Ashton of Hyde instead showed strong confidence in the voluntary ISP filters, which covered 95% of home users, the remaining 5% primarily covering niche users and businesses rather than mainstream families. This was enough to stave off the plan until 2023, when the Online Safety Act decided to take another crack at herding cats.

Gambling with the future

The rationale in having websites verify their users is that it’s already applied to certain other adults-only businesses, particularly gambling services and alcohol sales. However, there are major reasons why these are very different.

The current price of a third-party age verification service runs about thirty US cents per user, or about 23 pence. By their very nature, gambling sites already require an initial payment to play, account registration to track results, and financial details to make a payout; thirty cents on top of that is negligible.

Conversely, not-safe-for-work content is widely available for free. Commercial sites are ad-supported, but for as long as the Web has existed, there have been entirely non-commercial personal homepages which featured nudity—Jennicam opened in 1996. Consensual adult nudity has never been illegal in Britain, and Page 3 girls appeared nude in mainstream newspapers since 1970.

Consider this analogy: Imagine for a second that political speech, such as this article, was restricted to adults only. This site would have to pay 30 cents per reader, which would instantly kill the site, since it makes no money. Even if I were wealthy enough to support it, the site’s reach would be limited to those willing to go through a sign-up process. Web crawlers would be unable to read the site, effectively scrubbing it from the surface web, demolishing its circulation—nearly 90% of web traffic comes from Google (source: Forbes, via Semrush).

In effect, ID verification will directly censor all non-commercial NSFW expression.

Unlike gambling, NSFW content is uniquely covered by freedom of speech laws. The United States made it their first amendment, and the European Convention of Human Rights its tenth article. The latter originated from Article 19 of the Universal Declaration of Human Rights, which the Allies defined after World War II to stick it to the Nazis, whose penchant for war crimes and dehumanizing activity necessitated the formal definition of the basic human right to dignity. In short, a nation can lawfully ban or impede access to tobacco, gambling, or alcohol (and the US did in fact once manage the latter), but not freedom of expression, even of the not-work-safe variety.

Even in the commercial NSFW space, the user has a reasonable legal expectation of privacy that doesn’t normally apply, say, when buying alcohol. It isn’t normal for a website to need to see the user’s face, or collect personally identifiable information. (Some adult sites have begun requiring ID from content producers, but as these are generally people appearing naked anyway, the expectation of privacy is lower for them.) It’s as bizarre and intrusive as if your television required you to suddenly show yourself, Noel’s House Party style (or 1984 style, if you feel less whimsical).

Papers, please

Unfortunately, the world governments did not stop there. In October 2025, an attempt to levy a half-million dollar fine against 4chan effectively failed due to impossibility of enforcing UK law on an American website, which by this point had already blocked the UK anyway. Only 2.8% of all websites are hosted in the UK (source: Siteefy). The UK was reminded that demanding compliance from individual websites was egregious and largely unenforceable; existing on-device parental controls, conversely, had a proven track record.

In March 2026, iPhone users worldwide received an OS update which locked the parental controls on if the user was currently located in the UK, and could only be disabled by linking a credit card, or submitting government-issued ID to Apple. Many grown adults received a crash course in just how strong Apple’s on-device parental controls actually are.

Around 2 million adults in the UK do not have government-issued ID, for one reason or another. In the US, that number is estimated to be 20 million. Many have no credit card either. Freedom of speech, and other connected rights like freedom of association, are now contingent on “papers, please.”

The Android platform was announced as the UK government’s next target, but you would be naive to assume this is only coming for phones. The natural next target is Microsoft Windows—a laptop with a camera is not much different from a phone or tablet. Next, Linux? Canonical, publisher of Ubuntu Linux, is based in the UK, and trivially subject to UK regulator Ofcom, which operates with broad authority to pick its targets and levy summary fines.

The next move announced by the Keir Starmer government is to extend this control to all applications and websites. The excuse is to ban under-16s from social media, but the obvious corollary is that everyone else is banned from using the internet until they show government ID. This is announced to apply even to such consistently work-safe sites as YouTube. Imagine showing photo ID to watch your own television, which shows much more in the way of sex and nudity.

The future of digital control

When he was UK Prime Minister, Keir Starmer suggested a digital ID system for citizens and legal residents, marketing it as a solution to undocumented workers. It wouldn’t work, of course, since such workers are commonly paid cash-in-hand and off-the-books.

Conveniently, the UK has crafted itself has a new problem which might be solved by digital ID.

The current photo ID verification system excludes millions of people, while simultaneously being trivial for teenagers to cheat with account sharing, fake ID, borrowed credit cards, and cameras pointed at video game characters. The existing ID systems also rely on AI, which as an industry is currently losing billions in a profitability crisis which has seen the price to end users multiply—so much for 23 pence per user—or underpaid exploited foreign workers, which raises obvious ethical concerns.

The solution is a free, government-issued digital ID which ties to a unique government identifier. It avoids the thirty cent cost of user acquisition, though really by shifting this to the taxpayer, given the multi-million pound cost and years-long development times inherent to any major government digital project.

By this stage, ID verification is planned to be be mandatory to use any device, website, or app within the UK. Holidaymakers to the UK will find themselves locked out of the web and their usual apps. They will find it strange that their phone is demanding that they scan their passport, and even then all the websites which failed are still blocked.

It’s is going to clash hard with any device that Apple, Google, or Microsoft cannot in practice push an update to, particularly non-closed ecosystems where the user normally has complete control over the software which runs on their device. It will also fail on devices which are no longer supported, including retro devices.

It’s going to clash with the majority of websites. It’s logical for the digital ID to deploy existing passwordless login tech as OAuth, but in the two decades since the OpenID digital identity framework was created, passwordless login is still not widely supported. Even then, there are privacy concerns with the government running OAuth; they can see every site you log into. (So can any OAuth provider, true, but in principle the government usually needs a warrant to get that information from them. I am not naive enough to imagine the government is unaware of this detail.)

How will any of this work?

The EU has been moving to reduce e-waste and planned obsolesence, with a recent proposal to require devices to receive at least five years of security updates. The implication is that this isn’t the norm, meaning the current mandatory on-device ID verification can’t be expected to be applied to anything that isn’t current hardware. Nearly anything pre-2020 is now e-waste, and too bad if you can’t afford to buy a new phone every four years.

And what about older devices? The Nintendo 3DS online services were discontinued in 2024. The Commodore Amiga does have a modern OS update which might be ordered to comply, but it’s a paid product and won’t run on original hardware without additional accessories.

UK regulator Ofcom seems to conceptualize that every device is functionally equivalent to a modern iPhone. One of the latest demands, that devices detect and censor nudity, relies on cutting-edge AI technology to be effective. It simply can’t be done on older technology.

It’s a major increase in government control. In 2013, the UK government praised schools for giving Raspberry Pi computers to students as a means to improve computer literacy. Soon, they could be illegal.

According to Siteefy, there are just under 1.5 billion websites in the world, over 217 million of those currently active, with over 392 million registered web domains. Ofcom cannot possibly have the resources to even index them all, let alone file paperwork to levy fines and blocks against any but a few major sites each year.

None of this was necessary. The time and taxpayer money spent levying imaginary fines would better be spent educating parents about the importance of managing parental controls on their children’s devices. Instead, the government has wrested control of that feature away from parents and given it to the tech corporations, who don’t know your kid and may well unlock their device for a fake ID or your own borrowed credit card.

So the adult sites—and remember that it is not just these, and all websites are next under the gun—are departing the UK userbase rather than pay ransom or violate the privacy and dignity of law-abiding users. I cannot warn you with enough seriousness what happens when legal providers are pushed out of the market, and the black market—including the “dark web”—takes its place.

Previous discussion

• The Online Safety Act is unfit for purpose
• Age verification is identity verification—and worse
• The purpose of a system is what it does

Further reading

• The ‘papers, please’ era of the internet will decimate your privacy
• Scotland’s children’s commissioner hits out at Starmer over teen social media ban
• Nearly a million passports just exposed on the public internet—and anyone could access them with a simple URL
• Discord faces backlash over age checks after data breach exposed 70,000 IDs
• The KIDS Act Would Require Age Checks To Get Online
• Fight Chat Control
• Britannia rule the internet