The Many Layers Of Stupidity To The Age Verification Plan

Years after abandoning it as an unworkable security nightmare, the UK government’s age verification rules are back – and are actually worse than ever.

It feels like 2017 again. Here we are with an overbearing government desperately trying to protect children by ploughing ahead with an ill-conceived plan to let some shifty private companies stalk the fuck out of everyone online. This week came the announcement that the powers-that-be want to extend the remit of age verification – AV – in the Online Harms Bill. Originally, they were happy to just go after the free ‘tube’ sites like Pornhub and Xvideos, but now they want AV to cover websites that already offer a barrier against children accessing it – the paysites. Ugh, this whole thing just gets dumber by the day…

First, let’s be fair, AV is a criminal’s wet dream. Some of them will hack the databases to gain as many verified credentials as possible. The adult industry isn’t particularly well known for its security. Anybody who has ever subscribed to a website using Epoch or Vendo as a payment processor has probably discovered that they get a lot of very strange emails these days. Mindgeek, the largest pornography operation in the world has suffered numerous security breaches. Digital Playground? Hacked. Brazzers? Hacked. Pornhub? Well, that was hosting malware-embedded adverts from Mindgeek’s Traffic Junkie ad network for over a year.

You’re already taking a bit of a risk when you give one of these companies your credit card details. Now they want photographs and government-issued IDs and the rest of it? Bring on the ID fraud, eh?

However, not everybody is a hacker. Some criminals will set up cloned versions of popular websites to harvest details from horny users entering their credit card details with one hand. Or they’ll want to snap a photo of half-naked Brian already sweating from the prospect of cracking one out to ‘Gemma’s first anal’ or whatever. No doubt Brian will later receive a variant of the “I hacked ur webcam and has vid of u wanking” scam email, only this time with his photograph attached to lend it authenticity.

In general, the ‘I has vid of u wanking’ emails will become a lot more convincing. After all, with a few tweaks to the text, making it clear that the details were grabbed from an AV service, it might convince a few extra marks that there is something to worry about. More people will pay, and Brian and others… well some of them, like the many victims of Zack Morris, will probably just fucking kill themselves.

Remember browser hijackers? They could make a bit of a comeback because that’s just what the world needs. Forcibly sending you on your way to a scam AV service, claiming that the government needs to do AV of you because of the brand new Online Harms Bill. A fair few ‘good little citizens’ will fall for that because it’s not like there are dozens of studies out there that demonstrate how easily people submit to authority. I mean, one guy managed to call a fast food restaurant once and while pretending to be a cop, convinced others to sexually assault an employee. People can be fucking stupid.

Of course, you don’t actually need to scam people this way. Phoney AV services can just as easily turn that ‘Submit’ link into a ransomware download. Or dodgy arse clone sites can install all sorts of other malware. Some iffy sites might even advertise as not having AV purely because they want to lure some paranoid fish to their pond, where they can give somebody the cyber equivalent of a proper fucking mugging.

I could go on about the security issue, but it’s only actually a fraction of the stupidity of this legislation. There’s more…

See, despite what the anti-porno campaigners would have you believe, the majority of porn isn’t an unrelenting parade of violence and degradation targeted at women. Pornographers aren’t stupid. This is a business for them and they know that their business is going to court the ire of any number of campaigners, politicians, moral panic merchants, and all of those other people who believe that freedom of expression should not extend to sexual imagery. Consequently, the majority of the major sites are actually perfectly tame.

Yes, you can make some arguments about the prevalence of (fictional) stepfamily porn and the rest of it, but ultimately, the big companies aren’t producing what the campaigners insist pornography is. These companies don’t produce the type of extreme, violent shit we’re told is so commonplace in the world of adult entertainment. Gamma, another of the world’s largest pornography companies, even censor or ban their own material over infractions such as a wine glass being in the frame because it implies intoxication and dubious consent.

Mindgeek, as much as we all hate them, has done the same thing. They’ve removed entire series of videos from years ago because they no longer adhere to the values of a company that began as a bunch of fucking content thieves.

As I say, it is a business. Therefore, it stands to reason that if Mindgeek, Gamma, Mile High, MetArt, Vixen and the rest of them are making bank through what is essentially vanilla sex with, at worst, some iffy overtones in the storyline, that’s what most people want to see because that’s what they’re paying for. The extreme bullshit out there is niche. They don’t make that much money, because far fewer people want to buy what they’re selling.

But because they don’t make money, they’ll benefit the most from Age Verification laws. Mindgeek, Gamma, Mile High, etc. will look at the law, realise that it’s going to hurt them, and they’ll gladly comply with it because while they will lose some subscribers, it’s better than losing all of their British-based users.

However, (not a real site) will look at the law and think ‘Fuck this!’. They’ve probably only got a handful of British subscribers anyway, so who cares? It’s not worth the extra expense to implement AV and try to comply with the laws of a country that is notorious for kowtowing to moral panics at every opportunity. If you think AV is where this stops, you’re fucking wrong because it never stops. Within a year or two, there will be yet another sex-related collective national mental breakdown, and yet more draconian legislation to counteract it.

But because our friends at Absolute Twisted Shit have decided not to comply, they’ve just gained an advantage. People who don’t want to AV have just had all of their typical vanilla porn walled off from them, so it’s only the niche stuff that’s going to be left and a lot of that niche stuff is the violent, depraved shit that we all apparently need protecting from.

Obviously, the argument now is that we can block them. Can we? Really? Are you sure about that? The first problem with blocking sites is that you need to know they exist. Roughly 4% of the Internet is porn but that figure includes singular web pages that contain pornographic material that isn’t connected to what anyone would consider a porn site. It also is based on whoever viewing that website classing it as pornography, and the definition of what constitutes pornography isn’t always clear-cut. A figure used by the anti-pornography group Enough is that there are 1.3m porn sites, and 260m pages of pornography. To me, that seems low, but let’s run with it.

Who is going to be tracking down these 1.3m porn sites to check for their compliance? Who is going to file the tens, maybe even hundreds of thousands of court orders to force ISPs to block non-compliant sites? And by the time you’ve got through all 1.3m, there will probably be 1.5m or more…

And even if you block them at ISP level, it’s trivial to circumvent. Website addresses are IP addresses. Domain names are shortcuts to those addresses. You type in and a request is sent to a DNS Resolver to figure out which IP points to, and then it sends you there.

Thus, if you know the IP of the website you want, you can bypass this immediately. If you don’t, you can move away from your ISP’s DNS resolver to Cloudflare who don’t block shit or any number of alternative DNS resolvers that aren’t going to comply with a blocking request – and who probably won’t have even been given an order in the first place.

You don’t even need a VPN to navigate around ISP website blocking so any site that doesn’t comply with AV is still fair game for you. And because it’s still fair game and you don’t need a VPN, if you’re a ‘pay for your porn’ type, you’re not going to have to deal with the obnoxious behaviour of credit card company fraud checks because you won’t need to try and use your card from a foreign IP. So that’s nice.

Nevermind the fact that the DCMS’s own impact assessment of the original AV proposals indicated a belief that users, including the children they’re trying to protect, would utilise Torrents or Tor to get their naughty fix. The assessment even expressed a concern that children could be led to the deep web where they may end up coming across something far more disturbing than the overwhelming majority of pornographic content that populates the surface web.

But let’s say you are a ‘pay for your porn’ type, but you don’t want to pay for that shit. Fair enough. Enter cryptocurrency – that planet-destroying scourge preventing me from buying an Xbox or getting a new fucking graphics card right now. Several major websites have already started accepting crypto payments, including Naughty America, Scoreland, and MetArt, and so yet another easy form of circumvention is made available with the added bonus that users get to accelerate the Earth’s progression into a fucked up dead-arse planet. That’s something nice for the kids to inherit.

Still, no doubt many will argue that the crucial issue here is will this protect children? No, it won’t. Kids aren’t paying for porn anyway. Most of them also aren’t paying for music, or movies, or TV shows, or any other media they consume. When they want something, they find a less-than-legal way of obtaining it such as Torrents. And then, they’ll share it amongst their friends, and it has never been easier to share media among your buddies. So we’re not protecting kids. If they want it, they’ll find it.

Instead, we are putting the technically illiterate mummies and daddies in a situation that leaves them open to victimisation by cybercriminals. We are probably going to drive some people to suicide. We are taking a shot at any remotely ethical porn company and creating an opening for the unethical ones. We are deputising some dubious private companies and trusting them with people’s most intimate data with fuck all oversight. We are making planet-destroying cryptocurrencies more desirable. We are damaging the earning capabilities of any number of independent sex workers during a time of great economic hardship. We are ignoring our own impact assessments because the findings were contrary to our ideological narrative.

And we are needlessly expanding the surveillance state based on a spurious argument whose proponents don’t even understand the technologies involved.


Help support The Reprobate:



  1. maybe i’m naïve but something doesn’t smell right, if they were really serious about this why wouldn’t they just enact the existing legislation that’s still on the statute and the original draft of the online harms bill was set to repeal (and that’s assuming it still won’t) rather than wasting time on new legislation, there own impact assessment said it was bad i’m hoping this is just all hot air but we’ll see, keep up the pressure.

Comments are closed.