open source alternatives

getting around the Online Safety Act 2023

getting around the Online Safety Act 2023
Photo by Petter Lagson / Unsplash

The UK’s Online Safety Act 2023’s age verification requirements went into effect on 25 July 2025. This has made a lot of people very angry and been widely regarded as a bad move.

The Act, intended to regulate internet content to protect children from “illegal” or “harmful” content, requires online platforms to manage community-produced content more stringently and empowers Ofcom to block access to websites that fail to comply. In this post, I’m not going to discuss the Act’s complete lack of technical understanding, the authoritarian state censorship it introduces, or how it restricts freedom of expression especially for young LGBTQ+ people. I’ll instead discuss what open source software can be used to circumvent the technical consequences of the Act to enable you to continue to access the internet, even those sites the UK Government has decided you shouldn’t be able to access.

VPNs

As part of their new regulatory responsibilities, websites in certain categories are now checking to see if you’re accessing the site from the UK and requiring age verification if you are. This includes pornography websites but also any websites involving communication between users like social media platforms, forums, and dating websites. Age verification services are being farmed out to proprietary services like Kids Web Services (KWS), a subsidiary of Epic Games, Inc., and Persona Identities, Inc.. Both these companies are proprietary commercial companies and are making profit from this law since the UK Government couldn't be bothered to set up centralised age verification via a public service.

The simple way to circumvent these age verification processes is to present yourself to websites as not being in the UK and the easy way to do that is to use a VPN to change your IP address.

Proton VPN is an open source VPN that routes your traffic through secure servers in Switzerland. Proton VPN is free to use on one device and is available for virtually any major operating system. Proton also offers premium VPN plans to enable more devices and more choice of exit servers. Proton AG is majority owned by the Swiss non-profit Proton Foundation so supporting Proton means supporting online security and privacy.

For a more complex route that gives you more control over your VPN, Infomaniak allows you to create your own VPN using one of their virtual machines. I previously described how I switched over to Infomaniak for green server hosting and this approach would require you to set up a VPN that outputs using your virtual private server.

Tor

However the best way to quickly circumvent age verification barriers or access websites banned by Ofcom is to use the Tor network. I’ve written about Tor previously in a post on open source digital security application and my colleague Kevin Sanders and I have written about the importance of intergrating Tor infrastructure into open publishing infrastructures to ensure long-term availability of open access books.

For desktop computers, Tor Browser is available for all major operating systems and opens a modified Mozilla Firefox browser that connects you automatically to the Tor network, routing your internet communication through multiple relays so that your IP address is effectively obfuscated. This means that whatever site you look at (or anyone monitoring traffic to that site) cannot determine your uniquely identifiable IP address and thus cannot identify you as an individual as a user of the website. This also allows you to access onion sites which are special websites (or mirrors of websites) only accessible via the Tor network. Tor Browser is released under the Mozilla Public License and developed by the Tor Project.

On mobile, Orbot is a free and open source VPN application specifically for the Tor network that will route all traffic from your phone through the many nodes of the Tor network. Simply turn the Orbot connection on and you will appear to be coming from a different IP address. On Android, you can even select which apps and services you want to route through Tor and which you don’t mind using your regular IP address. Orbot is distributed under the 3-clause BSD License and developed by the Guardian Project.

communication

With the Act heavily regulating and banning certain sites for communication with others, for private communication you should stop using DMs on platforms like Bluesky, 𝕏, or Discord and instead use services which offer end-to-end encryption.

Signal is what you should be using for private messaging in place of WhatsApp, iMessage, Facebook Messenger, or the DMs of whatever social media platform. It offers secure end-to-end encrypted messaging, voice calls, and video calls. Telegram is another similar messaging service but their security is not as robust as Signal. Signal is available from Google Play or Apple’s App Store with desktop versions that sync with your mobile device. Signal is distributed under a AGPL-3.0 license and developed by the Signal Technology Foundation whose mission is to "protect free expression and enable secure global communication through open source privacy technology” and whose president Meredith Whittaker has written specifically about the failings of the Online Safety Act 2023:

“The history of digital technology is littered with the magical thinking of governments that have tried and failed to create backdoors that can only be accessed by “the good guys” while remaining secure against threats from “everyone else.” These efforts have failed because what they’re attempting is impossible. The infamous Clipper Chip is only one example. Millions of dollars have been spent on dead ends, and projects shelved over and over again. The truth is that any scheme that provides access for “us” can just as quickly be exploited by “them” – hostile actors eager to compromise critical infrastructures on which the UK’s government, economy, and institutions rely.”

conclusion

I don’t intend to be forced to use commercial age verification services that are making the internet less private and less community-focused and neither should you. I don’t intend to allow the Government to force me to give more personal data to private companies which will inevitably be hacked and compromised one day. If you’re in the UK, you can continue to use the internet without age verification by making these few small changes to how you access certain websites. The UK Government wants to restrict what you can see and do online because the internet creates community that is a threat to capital’s consolidation of power. Don’t comply.