Well, well, well. The “age assurance” part of the UK’s Online Safety Act has finally gone into effect, with its age checking requirements kicking in a week and a half ago. And what do you know? It’s turned out to be exactly the privacy-invading, freedom-crushing, technically unworkable disaster that everyone with half a brain predicted it would be.

Let’s start with the most obvious sign that this law is working exactly as poorly as critics warned: VPN usage in the UK has absolutely exploded. Proton VPN reported an 1,800% spike in UK sign-ups. Five of the top ten free apps on Apple’s App Store in the UK are VPNs. When your “child safety” law’s primary achievement is teaching kids how to use VPNs to circumvent it, maybe you’ve missed the mark just a tad.

But the real kicker is what content is now being gatekept behind invasive age verification systems. Users in the UK now need to submit a selfie or government ID to access:

Reddit communities about stopping drinking and smoking, periods, craft beers, and sexual assault support, not to mention documentation of war
Spotify for music videos tagged as 18+
War footage and protest videos on X
Wikipedia is threatening to limit access in the UK (while actively challenging the law)

North Korean operatives seeking and gaining technical jobs with foreign companies kept CrowdStrike busy, accounting for almost one incident response case or investigation per day in the past year, the company said in its annual threat hunting report released Monday.