Online Safety Act is here… now what?

On 25 July 2025, the UK Online Safety Act 2023 came into full effect. Let’s take a look at what this means. First off, please be aware this post contains adult topics and views you might disagree with.

Highlights

Wasn’t UK internet already restricted?

Yes. It has been standard for mobile providers to prohibit access to adult websites until the user’s age has been verified. Here’s a copy of O2’s age verification page I found from 2013.

While I’m not sure what the defaults are, it is also standard for broadband providers to provide some sort of parental controls system. BT Parental Controls operates on a DNS filter lists system – even a child could bypass that.

While this isn’t really what the Online Safety Act is about, I might as well mention that various websites hosting or proxying pirated content such as The Pirate Bay and Z-Library are blocked and have been for a long time, though torrent files and magnet links generally do work. Once upon a time, attempting to access such websites would redirect to this page (well, not an Archive.org copy of it, in case that wasn’t obvious).

The child abuse image content list has been filtered by BT (which is practically a monopoly) since 2004. I expect it only covers, you know, real photographs, and I’m not sure why one would go looking for material as illegal as this on the open internet. It should go without saying that I’m fine with this part in principle (would rather something be done about it at the host level than consumer, but it is what it is).

If it were to cover digital illustrations of children, AKA lolicon (and for sake of discussion let’s say these characters are actually children and not 600-year-olds who happen to look and act 6), Wikipedia claims (NOT LEGAL ADVICE) this is legal in Scotland but illegal in the rest of the UK. Which would get difficult because it’s not as if there’s really anything different between Scotland’s internet access and the rest of the UK.

The workarounds

This might come across as a strange starting point for this post, but it helps contextualise a couple points later on. A lot of this is such common knowledge that I believe it’s legal for me to document, at least for the time being.

There’s a couple workarounds I personally use. One is to use a VPN. I use the free tier of ProtonVPN – they claim this connects to a random country but my experience is it’s usually the Netherlands, which seems like a good choice. Note that ProtonVPN will disconnect you for around 5 minutes if you attempt to torrent on the free tier. But Proton seems to be going downhill so I’ll keep my eyes peeled.

If you’re interested in a VPN, shop around. Free VPNs can be fine, but you have to consider why they are free – are they trying to convert you into a paying customer, or simply selling user data? For paid VPNs, don’t listen to YouTubers and anyone else shilling them – I won’t get into the nitty-gritty of that here because that’s not the point of this post, but it has previously been well-summarised by Tom Scott:

The other workaround is to use Tor Browser, which should be better than a plain old VPN privacy-wise. This is slower, as the network is run by volunteers. And people get up to all sorts of stuff on Tor, so expect to hit rate limits and face other restrictions on websites.

Personally, I wouldn’t recommend most UK web surfers use a VPN (or Tor) for general browsing at this time. Just switch it on when you need it, or you’ll have problems – websites using the wrong currency, websites blocking access/locking your account for logging in from a heavily shared or data centre IP address, or even just adding an extra hop to your internet traffic to little or no benefit.

There’s tons of free web proxies as well. They can be useful on public computers where you may be unable to configure a VPN, though I wouldn’t go inputting login credentials into them.

An unintended side effect of archive tools such as the Wayback Machine and archive.today is the fact you can obviously see any pages that they capture. This isn’t much use for anything that requires logging in, but it could be handy in a pinch. Browserling is another service that can be abused – it is for testing your website on different web browsers, but you can also use it to access webpages that are blocked in the UK.

An unethical and possibly fraudulent workaround would be to use someone else’s ID. This is going to happen. If a child uses a parent’s credit card, it shows up on their statement, but for the age verification I’m not aware of any evidence. I’ve heard it claimed you can even use AI-generated driver’s licences for members of parliament, from use-their-id.com, but it doesn’t generate rear photos and generally seems insufficient for this purpose.

And, of course, if there’s anything in particular you visit on a regular basis, just download it to a local, non-cloud-synced, optionally encrypted directory. Storage keeps getting cheaper (a SanDisk 256GB microSD card only costs £16 at the time of writing) and then it can’t be taken away from you through any means. This just seems like a good idea in general…

The list of shows and films that have had cuts made or been pulled completely from streaming services is not insignificant. This even applies to digital books you have purchased. I’m a proponent of physical media for more reasons than this, but that’s a topic for another time.

Politics

Politically, this is messy. The act passed under a Conservative government (the Sunak ministry) but obviously we’re now under Labour (the Starmer ministry) by the time we’ve got here. As per usual, Nigel Farage is sticking his nose in. I won’t dwell on that – it’s a whole topic in of itself – but I reckon his right-wing party will do better at the next election than I would like.

An obvious claim to make is that this protects the children. That is certainly true, if you have a naïve outlook on the world. Let’s leave young children to one side for the minute and talk about teenagers. The teenage years are incredibly important and I believe it does more harm than good to restrict access at this age. Sex-related questions are ripe for being blocked by automated systems, for example. And so it’s out there, here are the things you can do without being 18 (this is not legal advice and unmentioned exceptions apply):

Airplane is an example of a film that has no age restriction on purchase.
  1. Drink alcohol at home (technically from age 5 but I think CPS would get called if a 5-year-old were to show up to school drunk).
  2. Purchase films/TV containing sexual content (no restriction, 12, 15, or 18 depending on certificate). Online streaming platforms have varying age restrictions.
  3. Sign up to social media platforms such as Facebook (13).
  4. Get married without parental consent in Scotland, or with parental consent in Northern Ireland (16). This may be subject to raise to 18 in future.
  5. Consent (16).
  6. Drink alcohol in public with a meal (16).
  7. Vote in general elections (16 – this changed very recently and was previously 18, except for Scottish elections which were already 16).
  8. Ride a moped (16).
  9. Drive a car or ride a motorcycle up to 125cc/11kW (17).

But what about the porn?

Okay, enough beating around the bush. Per the Online Safety Act explainer, the Primary Priority Content (not to be confused with Priority Content) is:

  • pornography
  • content that encourages, promotes, or provides instructions for either:
    • self-harm
    • eating disorders or
    • suicide

Porn is a big topic (I’ll get onto the other bullet point later). I’ll be focusing on the male perspective here, because males are larger consumer of pornography and I am male. And let’s face it, whenever there’s unwanted advancement or even rape, it’s usually the man to blame. Speaking of, this post has a heterosexual bias but that doesn’t really make a difference – it’s much the same if the material is of a man.

The problem I see is it all gets lumped together. There’s a lot of seriously depraved stuff out there that can be shocking, depict immoral scenes (e.g. non-consensual incest), or give unrealistic expectations. But then there’s also the really softcore stuff, “woman in bikini stays in bikini” level.

There’s also another category, if you like. Traditionally, porn in the West would be of real people. I would guess it generally still is. But now there’s so many illustrations, often in anime style, created by people that eventually end up on “rule 34” websites. Whether that is better or worse, I’m not sure. It enables more creativity, let’s put it that way.

Illegal websites, as in either pirated or hosting non-consensual (actually non-consensual, not acting) images/videos, I have my doubts that they are interested in complying with the Online Safety Act.

In any case, the availability of this stuff is at an all-time high, far beyond what was had before high-speed internet, and what you would previously get in a dirty magazine pales in comparison. Obviously there has been pornos on VHS since the ’80s as well, but it’s much easier to have some private time with a smartphone or laptop than a VCR.

Let’s try to sum up my thoughts:

  1. It is futile to restrict under-18s from accessing pornography (and ridiculous you can have a baby but still not be able to view such stuff). Workarounds will always exist. Even if VPNs get outlawed and the age verification is perfected, there will be non-compliant websites and underground groups.
  2. I can envisage all sorts of problems with enforcing this and drawing the line to begin with, but a multi-tier system wouldn’t be a terrible idea, whereby age verification is only required for the more intense stuff. I think users would be less likely to work around the restrictions if they can still rub one out to something relatively tame.
  3. The onus should be on parents to ensure illicit content cannot be accessed. This can be controlled at either a device or network level, or both. I’m not advocating for doing so, but the option is there. For young children, prohibiting web browser access completely may be reasonable.

What about self-harm and suicide?

I haven’t seen much discussion surrounding the “content that encourages, promotes or provides instructions for…” part. I think that’s taboo enough that no-one is really fighting for it. Websites like Lost All Hope are… how to put it… controversial. Suicide is bad, both because I feel that way and under the Suicide Act 1961 I’m obligated to make it clear that you should not do it. Phone Samaritans or something.

But if someone is determined to kill themselves, I believe it’s actually a net positive to have access to have access to information on these things. As discussed on Lost All Hope, painless and successful methods of killing yourself aren’t immediately apparent, especially if you live in a country where firearms are not readily available.

For some people, access to the facts is enough to put them off. As an example, on that same website, you’ll see under “Methods” -> “Most Lethal” that methods involving bleeding yourself out rank highly on the agony scale but low for lethality. That’s not worth it. Even the most successful methods (shooting yourself in the head) are by no means guaranteed.

Aiming under the chin with a shotgun can blow off parts of the face causing massive disfiguration, plus a hole through the windpipe, and still not be fatal. Shots to the front of the head may impair brain function (possibly causing paralysis) or affect personality, but still leave the parts of the brain that control bodily functions intact. Shooting through the temples can miss the brain by passing below it, but still sever nerves that go to the eyes, causing blindness.

Of course there can be downsides to education. Before some anti-drug thing at school, I would never have had the idea to sniff lighters. Generally speaking, however, I strongly believe it is better to be informed about these things than not, even if it is an uncomfortable topic. Not so keen on “massive disfiguration” now, are you?

Not even main characters are safe. Trivia: pre-watershed, Moe Szyslak alone has demonstrated failed attempts at hanging, sticking his head in a (presumably gas) oven, preparing to jump off a bridge, and jumping out of a plane. Wikisimpsons also mentions lying on the beach in hopes of being carried away by the tide as a suicide method, but I don’t think that would even work as one.

Social media

So, why are social media platforms of interest? Well, personally, I find it a little annoying being unable to view certain Reddit profiles without completing the age verification process. I’m not talking about the profiles of porn stars here, just normal everyday profiles. Users can either choose to mark their profile as 18+, or have it automatically marked 18+ by the robot on a whim.

It appears to restrict access to all posts tagged NSFW, but the images themselves can still be accessed. Perhaps there’s technical reasons why they can’t check direct access, but the whole implementation comes across as more performative than anything.

Other social media is affected, as well, such as Twitter and Bluesky, but I don’t use them. I received an email from Flickr stating a Flickr Pro subscription will now be required to disable SafeSearch, which costs £60/year if you go for the middle-of-the-road annual billing. That certainly is a money-hungry solution, but I don’t actively use Flickr so no loss there.

Non-social media platforms seem much the same as usual. On BBC iPlayer, I tested registering an account that had a date of birth of 2012 (13 years old), I was able to stream a programme rated 18+ by the BBFC (Peaky Blinders series 2 episode 1) on BBC iPlayer by checking a box. But to buy the DVD you should legally need to prove you’re 18 (though I’ve never had online storefronts ask for documents). Stupid.

Is this website under threat?

Now, let’s speak in terms of Java Cake Games. Does the act matter here? I think not. As far as things like my itch.io page and Discord server are concerned, these services are responsible for compliance with the Online Safety Act and any other regulations.

As the Discord server has no age-restricted channels and does not contain sensitive content, it should be the same as prior (What’s Changing for UK Users Due to the UK Online Safety Act). Likewise, itch.io is only restricting games that have porn-related tags (Our update on the UK Online Safety Act).

What I would be responsible for is this website and anything else hosted on the server such as the Unipop leaderboards. I live in the UK and the server is hosted in the UK. Legally speaking, what matters is if you are serving content to UK visitors, regardless of where you are based, but surely the first two points have some impact in practice.

The website material is broadly suitable for a general audience. I realise, of course, this post is a bit edgy, so who knows, maybe it’ll get dinged by some oversensitive crawler.

The leaderboards are user content of some description, as you are able to enter your own name when playing the game, though the character and length restrictions make it challenging to do anything nefarious. I need to improve that, i.e. get notified when a new entry is added. If someone were to set their name to “tie noose stand on chair” this could technically be in breach of the Online Safety Act? It’s suicide instructions, albeit not very good ones.

All in all, that’s just as well, given it wouldn’t be feasible for me to set up any sort of age verification. It would take up my time, it is by no means free to partner with these age verification companies, and I wouldn’t want to have anything to do with it if there’s ever a data leak.

Going forward, I have decided to host this as an onion site as well. The configuration is a bit iffy, but it’s good enough to get the job done. If you are using the Tor Browser, you can access this blog post at http://blog.xmvdpycprfemmbk7lwar3zeeoua76jmyiyvwh7scveuge4ce3s6gi5id.onion/osa-is-here as well as its clearnet version. Obviously this website isn’t a secret or anything, and both versions are hosted on the same server – serving it over Tor just means faster load times for Tor users.

Click to visit OnlineSafetyAct.co.uk