Governments are conducting a sneak attack on the internet and we’re about to lose what we didn’t even know we had.

In the UK, they may have already lost it. The Online Safety Act, which was smuggled into British law on the pretext of restricting access to porn, went live last week. Already it has led to Spotify, Reddit, Twitter/X, YouTube and a load of other websites blocking access unless you upload ID for age verification. The law, which the UK government initially said would only apply to adult content, was written in such a broad way that it brings a huge amount of internet traffic into its orbit. For example, and you can read it here, the law prohibits, without ID verification, access to any content which “realistically depicts serious violence against a fictional creature or the serious injury of a fictional creature.” So, cartoons. SpongeBob. Tom & Jerry. Roadrunner. It would be a joke, but unlike SpongeBob, it’s really not funny. It also prohibits access to any type of "violent content” meaning large amounts of graphic content from the holocaust of Gaza is no longer free to access on sites like Reddit and Twitter/X. Maybe the timing is purely coincidental, but it really doesn’t feel like it.

Because sites don’t want to be liable for showing adult content, even in the form of song lyrics or a comically large hammer to the head of a cartoon cat, the legally expedient thing for them to do is require verification. To verify ages, these sites are using a variety of shady verification companies, some of which have connections to the security state, with a number of them owned and operated by ex-Israeli spies. (Yes I realise this is becoming a common theme).

One of the main Israeli players in the authentication space is AU10TIX, founded by former officers in Israel’s counterintelligence agency, Shin Bet. It’s current CEO is Dan Yerushalmi, a former Unit 8200 Israeli intelligence spook. The facial recognition technology used by AU10TIX is based on the same software used by the IDF and Shin Bet to compile images of every Palestinian who enters Israel from the West Bank. AU10TIX was previously used by Twitter/X to verify user identities when signing up to its premium service. Current AU10TIX clients include PayPal, Google, Uber and international banks including Nordea, Santander and Denmark’s Saxo Bank.

Other Israeli age verification firms run by former Israeli intelligence officers include Scanovate, Identiq and AGEify. There are of course non-Israeli owned verification companies who may not be passing all your details onto the Mossad to check if you’ve ever said free Palestine. But there are no restrictions on what these companies can do with your data, no laws on what data they can collect and who they can sell it to. And if you care about not living under fascism, this is important. More on that later.

It’s not just the UK. A blanket ban on under-16s accessing social media is due to come into force in Australia by the end of the year. The only way to prevent access to under-16s is to know everyone’s age, so the Australian law requires anyone who wants to access a social media site - Instagram, Facebook, Snapchat, Twitter/X, TikTok - to verify themselves using government ID. Law makers in New Zealand are pushing a similar ban.

Beginning next week, YouTube is rolling out ID and age verification for a small number of users. The idea is to test and refine processes before rolling it out globally. States across the US have enacted age verification laws and there is a push for a federal bill to cover the whole country. The EU is pushing ahead with an identikit bill to the UK’s. All of course under the guise of protecting children from adult content.

It’s clever to make the public case for verification hinge on the right to watch porn. Because who wants to defend PornHub? Who wants to look like they’re arguing in favour of kids watching porn? But as we can see from the UK, porn is the trojan horse. Adult content is so broad a category it can come to mean anything remotely violent or sexual. The real goal is the de-anonymisation of the internet. The objective is to know what everyone is doing and where they are, all of the time. Governments know pretty much everything now about your offline life. Where you live, the car you drive, the job you have, the tax you pay. The network of license plate capturing CCTV that saturates most western countries means they can, if they want, know where you’re going as well. And if you leave the country, they know that too. The internet is too anarchistic in this sense. It’s one of the last private spaces in our highly surveilled lives. And governments were always going to want to find ways to prise open a space they couldn’t see into. As the tech lawyer Eric Goldman says, ‘governments always want to know more about us.’ This new drive towards total knowledge, he argues, poses one of the greatest threats to privacy we’ve ever seen.

Most of us have never known true freedom. It seems unbelievable now, but there was a time, barely one hundred years ago, when you didn’t even need to have a passport to cross a border. A time when people weren’t stopped from going where they wanted to go, and staying there for however long they liked, based on arbitrary ideas of nationality. Now borders are harder than ever, we have biometric passports, fingerprint and retina scans at ports and airports, and the idea of nation is culturally dominant. And we’re constantly being tracked on the pretext of protecting the nation.

Using that same pretext in the digital realm, it’s not hyperbolic to say we’re going to lose the internet as we’ve known it. If these laws aren’t stopped, and the ones on the books scaled back or repealed entirely, accessing the internet will be another chore, another pain in the arse, and a further large chipping away of our civil liberties. As Taylor Lorentz, the only journalist on the left covering any of this says, the left ‘have completely dropped the ball.’ The discourse about online censorship and freedom has so far been dominated entirely by the right. This is not unusual. Civil liberties fights, especially those concerning broadly drawn ideas of “freedom”, have in the last decade or so, become the almost exclusive purview of the right.

This needs to change.

Too many people will welcome these censorship laws as necessary protections without thinking through the consequences. Others will excuse them on the basis of ‘nothing to hide, nothing to fear.’ Many will wave it all away as a non-issue, something only to worry about if you’re a criminal.

Firstly, you can only think this way if you are utterly naive, believe politics is a static process and that bad actors, state and private, don’t, and won’t, utilise bad laws. (Can anyone really believe nations financing a holocaust that has killed tens, perhaps hundreds of thousands of children, care about children.) Secondly, and relatedly, governments decide, and regularly expand, who they consider a criminal. For example, the UK’s Labour government have decided saying the words Palestine and Action together in one sentence is now a terrorist offence. Write those words on the internet under your real name, and you will probably have a knock on your door from agents of the security state. In this case, terror legislation was expanded to make criminals out of peaceful protestors. It’s not exactly a stretch to imagine a future where the ability for governments to see all your online activity is utilised to criminalise dissenting political speech and enforce a total police state. Protest and dissent is a foundational tool for citizens to force changes in material conditions. Without it, change comes only at the behest of the elite class.

Thirdly, and as Goldman explains in his conversation with Taylor, the potential for ID theft and fraud is huge. He provides a hypothetical scenario where a viral app targeted at kids is deliberately created by thieves to breach adult content rules and coax millions of kids to hand over their IDs. In the name of protecting children you've created a perfect honey pot for their identities to be harvested and abused.

And even if apps aren’t set up for this purpose, there are constant data breaches by incompetent companies running websites and services. Even if apps and verification companies don’t sell the IDs or hand them over to governments, they will get hacked and all those IDs will end up on the dark web where malicious actors including governments will buy them and use them.

Finally, the burden of controlling what children do online should not fall to governments. It should fall to parents. Entire societies should not bear the price. And it strikes me that in many ways it will only create more problems for parents. In the name of online protection, kids are now going to be sending their official IDs, complete with their faces, to random companies and apps, some of whom are bound to have malicious intent.

Overall, these laws are another signal of the illiberal drift we’re seeing across the west, a reactionary puritanical sentiment that, politically, can only lead to authoritarianism and fascism.

So what can we do about it? At a systemic level, speak up, write to your political representatives, to your MPs, make your opposition known.

At a personal level, there are a number of things we can do to maintain our privacy and anonymity in the face of these crack-downs. I’m not a cyber security expert, so I spoke to someone who is for their top five tips. In order of importance, this is what they said.

1. Get a VPN.

In the context of age verification laws, this is the obvious one. A VPN reroutes your internet traffic through a remote server, providing you with a different IP address to the one assigned by your internet service provider. While a VPN doesn't fully anonymise you, it can be part of making you anonymous. For most people, it'll increase privacy significantly by hiding your location, enabling you to choose which country you want virtually to operate in. For now, with age verification only in certain countries, you can skirt restrictions and censorship with a VPN. The expert stresses that it can’t be any VPN, as some are compromised and some collect and sell data. In their opinion the best is paid Proton VPN (although there is a reasonably functional free version). They also recommend Mullvad VPN as a good option. This website provides more options and compares different VPNs. They emphasise however that having a VPN doesn’t make you invisible. “People need defence in depth.”

2. Switch to Brave browser.

The expert calls this a no-brainer. Brave (which is free) blocks trackers, fingerprints and ads, and this is especially important they say, as 1. lots of malware is delivered via the ad network and 2. ad companies are an extension of the surveillance state. Ad companies hoover up information and sell it to whoever wants to pay for it, including governments. They say that laws preventing government agencies accessing certain digital data can be skirted if that agency purchases the information from a commercial third party. Ads, they say, are also an influence machine, micro targeting people to push them down ideological holes. Also, they say to ditch Google Chrome. And, once considered on a par with Brave, they would no longer recommend Firefox (which gets 90% of its revenue now from Google) or Mozilla. They add that if you only get Brave to have an ad-free YouTube experience, like it’s 2009 again, it’s worth it.

3. Use Signal, not WhatsApp.

They are strong on this one. “Meta products including WhatsApp, Messenger, and Instagram’s messaging service pretend they are private and secure but they aren’t. It’s a complete lie. They regularly hand over data to police and security forces. The WhatsApp claim of end-to-end encryption is not what it seems. The messages themselves are encrypted, but unlike Signal, none of the metadata, such as who you’re messaging, the time of those messages, your profile image and who you’re in groups with, is encrypted. And metadata is what gets people killed. Signal does everything WhatsApp does and is infinitely safer. There is no reason to still be on WhatsApp.” They also advise against Telegram as a messenger.

4. Use a password manager

A password manager autogenerates and stores passwords for you. You only need to remember one master password to access the manager itself, then from there, everything else is done for you. The best is Proton Pass. Set it up, install it as a browser extension and once installed it will begin randomly and automatically generating and saving passwords for you. “Most people have one or two passwords for everything,” the expert says. “Hackers find one password and spray hundreds of sites with it, regularly leading to individuals losing tens or hundreds of accounts at once to the hackers. A password manager stops this.”

5. Switch from Outlook or Gmail to Proton Mail

“Microsoft and Google,” they say, “have become part of the surveillance state.” With Proton Mail your emails are encrypted. You can do a one click import of all emails, and a one click forwarding rule from old email addresses. They emphasise however that “email itself as a protocol is outdated and insecure. Emails should be reserved for communicating with companies, while everything else such as talking to your friends, family, and comrades should be via Signal or in person. Signal's encryption is much stronger, but if you are going to email, use Proton Mail.”

The expert makes a final point: “This is about digital self defence. We need to take preventative action taken to safeguard our data and ourselves. And we really need to stop giving out this data now so it's not used to round us up in the future.”

The de-anonymising of our online activity will provide the perfect architecture for end-stage fascism. And across the west, we are moving ever-closer to this stage.

We still have a chance to stop it.

Where laws are already up and running, it’s still early days. We can adopt the above tips, disrupt their efforts and refuse to comply.

On this one, we have agency, and we have the tools.

Let’s use them.

(If you would like to get in touch with the cyber security expert I spoke to for this piece, they can be contacted at this link. They welcome questions and can provide more advice.)