Rendered at 08:19:50 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
h4kunamata 8 hours ago [-]
Australia isn't different, but homelab is my jam so solutions were implemented :)
1. Nginx Proxmox LXC container with domains that require digital ID such as X.
I can easily add or remove domains to it via Ansible.
2. Mullvad VPN server/client setup on OPNSense
3. OPNSense Firewall rules with aliases from the local lists from step 1
4. Every time I access X or whatever, OPNSense firewall rule redirects that traffic via the Mullvad VPN Gateway bypassing the digital ID enforcement
5. I host Pihole + Unbound recursive DNS so I have full control over my DNS. Recursive DNS uses the 13 root nameserver, I do not use public DNS such as Google or whatever, in fact, they are all blocked.
My data under my control.
HDBaseT 8 hours ago [-]
>I do not use public DNS such as Google or whatever, in fact, they are all blocked.
Honestly surprised that works given Google loves to hardcode DNS queries using their DNS Resolver into many things (Google TV, Android, etc).
I'm assuming you are using NAT Redirection (Port 53), blocking DNS over TLS - DoT (TCP Port 853), using SNI FIltering to block DNS Over HTTP (DoH). Not sure how you handle Encrypted Client Hello.
h4kunamata 4 hours ago [-]
>Honestly surprised that works given Google loves to hardcode DNS queries using their DNS Resolver into many things (Google TV, Android, etc).
My Samsung smartTV has Google DNS hardcoded in it, that is why I do what I do.
No matter if I set my phone DNS to Google, OPNSense NAT redirects any DNS to Piholes only, and since public DNS, DNS-over-TLS and DNS-over-HTTPS are blocked, only Piholes forward it to Unbound. Only Unbound can request DNS and OPNSense enforces that.
Unbound is recursive DNS with is own caching so everything happens localy, surfing the internet is insane fast.
As for the digital ID, the DNS happens locally but the traffic is forward to Mullvad VPN Gateway.
I don't wanna hide my traffic, I just don't wanna this mass survilance on my personal information. My social media accounts are burner, no real name, no photos, minimal apps installed on my GrapheneOS phone and I have a complete normal digital life without sharing my shit haha
ralferoo 10 minutes ago [-]
> ..., DNS-over-HTTPS are blocked
Not trying to be facetious, but how do you know you are blocking them all? I thought one of the reasons for using DNS-over-HTTPS was to be able to avoid detection.
h4kunamata 8 hours ago [-]
Side note, I do agree with under 16 being denied access to social media.
Spend 5 minutes on X, Instagram or even worse Snapchat for you to see what these minors are doing. A lot generation, all for likes.
GenZ is so cooked, by the time they reach their 30s, damn.
Gen Alpha being born within the digital and AI world is even more cooked.
Chu4eeno 3 hours ago [-]
I don't think social media is any healthier just because people are older, I'd rather just ban them outright.
And from what I remember of the coverage of the scientists presenting their case in the UK there wasn't enough evidence to say whether it had an impact on children.
Personally I think ipad as babysitter is more to blame, but until the proper studies are done it's all just speculation.
h4kunamata 2 hours ago [-]
>Personally I think ipad as babysitter is more to blame, but until the proper studies are done it's all just speculation.
Proper study??
Look around us, kids are talking to ChatGPT instead of running, playing, instead of being kids.
Kids cannot speak and yet have a tablet to interact with, by adulthood those kids are cooked.
Teens at school can't read, they have been using ChatGPT to cheat exams. If somebody tells me that more study is required to prove what is right there in from of our eyes, that somebody is part of the problem, full stop!!
Retr0id 10 hours ago [-]
I've set up a socks5 "proxy multiplexer" that routes requests to different upstream proxies based on the request hostname. For example reddit routes via a VPS in Dublin, and imgur routes via Tor. I believe socks5 is the ideal layer to do the multiplexing at, for web traffic, because the request hostnames are visible to the multiplexer even if ECH/ESNI is in use. It was a oneshot vibecoded solution but it's been pretty solid thus far, so maybe I should open-source it.
I wrap the outbound sock5 traffic in mTLS, so it should look "normal" to anyone packet sniffing (not obvious proxy/VPN traffic), even though stealthiness isn't part of the threat model at the moment.
bigiain 8 hours ago [-]
Perhaps consider putting it in public domain instead of using an "open source" license?
There's a decent legal ethical argument that LLM output isn't copyrightable, and for me a "one shot vibe code" definitely _isn't_ "your creative work", so the copyright that open source licenses rely on probably doesn't exist there.
I wonder if a new category of "non copyrighted shared source code" needs to exist for people who use Gan AUI to create genuinely useful software which would ne a net positive to society if shared, but that doesn't risk murkying the waters and undermining the copyright basis that licenses like GPL and Apache and BSD and MIT rely on?
Retr0id 7 hours ago [-]
I don't believe in copyright, personally.
bigiain 6 hours ago [-]
Whether you believe that copyright _should_ exist is quite different from whether it _actually_ exists and whether there are consequences due to the existence of copyright.
All "open source" licenses rely on copyright. If copyright did not exist, GPL and BSD and MIT (and all the other software license options, open and commercial) would be unenforceable.
(I'm less convinced that you seem to be about whether there arte any good reasons for copyright. I believe real "creative people" like authors and musicians and artists and film makers _should_ have a legally enforceable monopoly to control use of and to generate income from their creative work. That shouldn't be "Micky Mouse" effectively eternal control, but there should in my opinion be some legally protected "ownership" that a creator has where they can prevent other people copying/recreating/misusing/profiting from their creation. Whether this should ever have applied to softwares something for a more nuances discussion t6hat a website comment section...)
farnsworthfusor 7 hours ago [-]
If LLM output isn't copyrightable then it's already public domain, even if you say it isn't - if this is true you can just ignore the wishes of the person who thinks they're the copyright holder.
marcus_holmes 6 hours ago [-]
this. The whole licensing of software stands on copyright. If the content is already in the public domain because it was generated by an LLM (copyright only protects human works) then it can't be licensed.
However, there's no compunction to publish the generated code, even if it's public domain.
We end up in a strange nega-OSS world where all code can be used by anyone for any reason, if you can get your hands on it.
PeterStuer 4 hours ago [-]
If you believe this, then this was always the case. LLM's only made it cheaper and more accesible.
marcus_holmes 1 hours ago [-]
Sorry I don't understand, what am I believing that has always been the case?
lmz 7 hours ago [-]
For browser traffic another alternative is proxy autoconfig scripts to put the proxy routing logic in JS.
BLKNSLVR 10 hours ago [-]
Please do open source it, I'd be interested in running something similar.
globular-toast 4 days ago [-]
I'm considering the same thing. I've done the "contact your MP" thing, but it's a waste of time. You just receive a pre-written letter from some minimum wage assistant (or maybe just a bot).
It's either that or I just consider the internet dead and move on. It's nothing like it was 20 years ago anyway. There are other things to do. Many books to read and places to go. We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
echelon_musk 4 days ago [-]
> consider the internet dead and move on. It's nothing like it was 20 years ago anyway. There are other things to do. Many books to read and places to go. We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
I'm pretty much at this stage too. The web/internet was a frontier like the Wild West. But those wild days are gone and are never coming back. Cyberspace has been settled.
gizajob 10 hours ago [-]
The web is only a minuscule part of cyberspace. Once millions of people have an AI supercomputer running a graphical node at home in 3-10 years time, then cyberspace will finally start IMO. The web will look like a catalogue file in comparison.
It’s hard to feel any enthusiasm for democracy watching things you disagree with being pushed through and having no power to stop it. I signed the petition to reverse the OSA and all we got was a canned response.
I’ve come to the conclusion the only thing you can really do is leave when you disagree with the direction of your country, but of course not everyone has the ability to do that.
nozzlegear 9 hours ago [-]
> It’s hard to feel any enthusiasm for democracy watching things you disagree with being pushed through and having no power to stop it.
That often is democracy: what's popular isn't always what's best.
zugi 6 hours ago [-]
That's why democracy shouldn't be worshipped as the end-all be-all key to good government or good society. Or as Churchill put it, democracy is the worst form of government, except for all the others.
Freedom and liberty should be the foundations of a healthy society. Democracy should be reserved only for those things that must be decided collectively and universally enforced.
What kids do on their phones doesn't even come close. Let parents and vendors decide what their kids and customers can do. I've met plenty of well-adjusted kids who aren't on social media because their parents don't let them.
lokar 6 hours ago [-]
I find that many comments on this subject here don’t seem to consider that a majority (perhaps a large majority) of citizens in their nation support these policies
marcus_holmes 6 hours ago [-]
Because they don't understand the technology or the consequences.
When they do, they will change their mind (and probably protest loudly that they never wanted it in the first place).
See Brexit for a clear example.
lokar 5 hours ago [-]
But the argument I see is that the politicians are acting tyrannically against the desire of the voters.
marcus_holmes 1 hours ago [-]
some voters. The voters who actually understand the technology and the consequences
marcus_holmes 6 hours ago [-]
This is what protest is for/about.
If enough people feel strongly about it to go onto the street and wave placards, that starts getting noticed and has to be acknowledged.
Of course, the UK (and others) have started making protests illegal, because they are doing things that we should feel strongly enough about to go and wave placards at them.
HDBaseT 8 hours ago [-]
>Many books to read and places to go
You cannot travel into the US without providing access to your Social Media accounts. Pretty likely you get denied if you say "I don't have social media".
bargainbin 7 hours ago [-]
Incorrect, I don't have social media and tell them as such, it's never an issue.
lokar 7 hours ago [-]
Are they asking? I know they said they would, it I’ve not seen reports of it happening
Chu4eeno 3 hours ago [-]
Good thing I left my abandoned facebook/twitter/instagram accounts undeleted a decade ago.
verzali 4 days ago [-]
Depends on your MP. I have received surprisingly detailed responses to some of my past letters.
If they can't be arsed to answer you, then you shouldn't be arsed to vote for them, at least in my opinion.
TacticalCoder 10 hours ago [-]
> We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
You can also recreate a smaller network and enjoy it as a silo, disconnected from the Internet, at times.
There's no need to be off the grid 24/7 to feel the relief.
It's deeply relaxing to pull the (Internet) plug (I do, literally, physically remove one ethernet cable from a switch right underneath my monitor and I've then got several machines happily communicating only on the LAN: no more Internet).
Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them (I bought a 3D printer for that: I had many things I needed to fix and I knew I'd be able to fix them properly by printing adequate parts). No need for the Internet to model, slice and 3D print.
Such an activity does feel like the computing of yore: it takes me back to a time when it was me and a 8-bit machine. Creating stuff "by code" (which now take physical form at home, which 11-years old me would have find utterly mindboggling btw).
> There are other things to do. Many books to read and places to go.
And hobbies. As a kid from the eighties I love cars from the late 80s/very early 90s: not much electronics, not spying on you. Sure they're a bit of gaz guzzlers but then half the fun is fixing stuff on them and the other half is talking about them with other enthusiasts: there's no need to drive 10 000 kilometers a year with those.
When you take time to disconnect a bit from the Internet, then I'd say when you're online (like I'm now) it all feels way more tolerable.
No need to go full luddite IMO but YMMV.
bigiain 8 hours ago [-]
> It's deeply relaxing to pull the (Internet) plug (I do, literally, physically remove one ethernet cable from a switch right underneath my monitor and I've then got several machines happily communicating only on the LAN: no more Internet).
> Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them
Isn't California proposing to put you in jail for having a 3D printer without an internet connection to tattle on you and killswitch your printer if some unaccountable internet service decides you're printing something "bad"?
:sigh:
cpressland 4 days ago [-]
I’m already using policy based routing on UniFi to send OSA censored websites, imgur for example, via Mullvad VPN - it works for the most part, but for any IPv6 websites it completely breaks as UniFi doesn’t support policy based routes for IPv6.
If the government blocks Mullvad then I’ll just switch to Wireguard on a Helsinki based VPS via Hetzner.
bigiain 7 hours ago [-]
Surely it won't be long before every hyper scalar and even medium sized hosting companies ip address ranges will end up in the block lists for every "questionable" website that is feeling the "chilling effects" from these UK laws?
I used to run my own mail server back until about 2014 or 2015, end even then it was practically impossible to reliably send mail to any of the major email providers from and ip address from Linda/AWS/Hetzner/DigitalOcean et al. I'm pretty sure porn sites and unmoderated web forum type thing that have lawyers advising them will soon be blocking not just UK ip addresses, but the bulk of the easy to identify VPN services and VPS providers.
matt-p 9 hours ago [-]
are you manually maintaining the list of 'OSA censored' sites? Sounds great, just I'm lazy :')
nemoniac 4 days ago [-]
“The Net interprets censorship as damage and routes around it.”
There is no "Net" any more. There probably never was really. The internet protocols were designed for resilience from the start. A key to that is packet-switching over circuit-switching. But this thing we call the "internet" today? This thing where more and more nodes can't even speak directly to each other and nobody even cares (see IPv6)? This thing where 90% of traffic goes to a few large multinationals? It's not that. We have no resistance to censorship.
Chu4eeno 3 hours ago [-]
The problem is that the world is increasingly transitioning from the Internet to regional internet.
There are companies that have gotten very good at virtual border control while selling stuff to e. g. the chinese and russians that are allegedly in talks with the UK govt.
CommanderData 4 days ago [-]
The camp who think VPNs and Tor are a solution to government policies feel like disinformation at times.
VPNs are trivial to ban, the IP space is well known, Wireguard is easily to fingerprint and block.
It will be a cat and mouse game, if the government looses this they'll simply make it illegal to be caught using a VPN including Tor. Which is on the table.
The only way this changes is a less crap party, but almost all including Reform are in favour of more censorship.
Zia Yusuf : "... criticised sections of the legislation that allow ministers to direct regulator Ofcom to modify its rules setting out how companies can comply with requirements to crack down on illegal or harmful content, saying it was “the sort of thing that I think (Chinese president) Xi Jinping himself would blush at the concept of”."
They aren't the solution to bad policy but they are an unfortunately necessary part of regular internet use now.
msephton 9 hours ago [-]
I route a bunch of mine via a proxy server of my own that is hosted outside the EU. This gives me access to Japanese websites and other things.
mschuster91 10 hours ago [-]
> And so, for the first time, I am considering locating something (perhaps a WireGuard node, or a SOCKS proxy, or a recursive DNS server / DNS proxy, or perhaps all of them) somewhere on the Internet outside the UK, so that I can route some traffic through that, as needed, to maintain my access to the web.
Good luck, it will probably impossible as admins fed up with AI scraper bots increasingly choose to outright blanket ban anything not being a residential or business line. There's a reason why there are so many "ethically sourced proxies" aka people installing software on their smart TVs and whatnot that comes with an "monetization SDK" by one of the numerous VPN providers. That's the dirty secret behind a lot of the "bypass youtube/netflix/whatever region lock" VPNs.
farnsworthfusor 7 hours ago [-]
What's dirty about it?
Chu4eeno 3 hours ago [-]
Residential proxies aren't usually used for good.
bArray 4 days ago [-]
> In the name of “online safety”, the fundamental rights of both freedom of expression and privacy appear to be under imminent threat.
The current UK government don't actually care about children, if they did then they would actually investigate the child SA gangs, or holding people to account on the Epstein lists. We have seen other countries such as Australia [1] "magically" have the same idea at the same time, so this is likely a global group influencing this push.
> The current proposal to ban people under 16 - who also have the rights to freedom of expression and privacy - from some (as yet not fully delineated) social media services is likely to result in wide-spread verification.
This is the real objective, it will be just like the UK porn verification [2]. To express yourself online, you will soon need to associate your activity with your real identity. With the discussion of clamping down on VPNs, it won't be long before you need to verify your ID just to connect to the internet.
This has been a long time coming. Years ago you could buy a sim card with money already on it, use it, and then throw it away. Now you need to associate some credit card or ID with the sim card and perform some verification process.
> And so, for the first time, I am considering locating something (perhaps a WireGuard node, or a SOCKS proxy, or a recursive DNS server / DNS proxy, or perhaps all of them) somewhere on the Internet outside the UK, so that I can route some traffic through that, as needed, to maintain my access to the web.
It won't be enough. At some point the UK government will just mandate that they should be allowed to perform deep packet inspection, and then there will be nowhere left to hide. These changes are also being rolled out everywhere - which Country do you trust to run your data through?
I remember the New Zealand Christchurch attack on a mosque, and how multiple governments around the world pressured Facebook to remove it entirely [3]. They were more worried about people seeing and sharing the attack, than the attack itself. The manifesto was entirely banned [4], and people were left entirely dependent on the state to convey a narrative about the attack.
I have a feeling that this all fell out of the "Christchurch Call" [5]. I don't think this recent push spearheaded by them, but I believe it had a large influence on the efforts now ongoing.
I agree with everything you have said. I feel so very, very blessed to have had the experience of this world developing that I have had - from my first 300bps BBS connection at probably around age 8 or 9, through 28.8, 56K, ISDN, DSL & up to the gigabit fibre I type this from, I have always from basically from day 1 communicated with other people over a network. It's almost as intrinsic to my being as actual speech at this point. Maybe even more so on many days. But where we are now and headed to, is just so very, very wrong. It's so wrong it shouldn't even need explanation.
I've seen and experienced all manner of things the state would deem verboten, especially for younger eyes, whether it be the anarchists cookbook sparking my enthusiasm for chemistry and engineering, warez igniting my love of software development or the inescapable porn, memes, and other shit that's filled my screen for decade after decade.
I've managed to make it through unscathed, dare I say even somewhat publicly respectable... I'd vote for my kids and any others having my childhood over the toxic stazi-esque nightmare we seem to currently find ourselves in. I LOVED my childhood growing up with the internet, CD-R's, Napster, etc. it inspired me & helped create the life I live today, but now all the kids using tech just look like methed out zombies.
It's also really funny reflecting on this & realising how very little I ever used or valued anything like Facebook, Instagram, etc. whereas things like BBS's, IRC, Discord, Telegram, etc. with random strangers and some shared interests is where I've always felt at home.
SuddsMcDuff 10 hours ago [-]
So many of the outrageous things the UK government is doing, which seem most inexplicable, can be explained by one simple principle - successive governments over the last 30 years have turned this nation into a tinderbox, the purpose of the state and the judiciary in particular has become singular in its effort to prevent a spark from igniting the whole thing. Though they will become ever more authoritarian and tyrannical in their efforts, defenders dilemma applies - eventually, inevitably, they will fail and all hell will break loose. Plan accordingly.
throwaway6af03 9 hours ago [-]
Publishing under a throwaway account for obvious reasons.
I've felt this slide in the UK for a long period of time. I route _all_ of my traffic through Mullvad with DAITA [1] because I think it's the only the likes of chaffing and winnowing [2] that can defeat traffic analysis. The endpoint changes. I have a high-end SBC router. For the moment, I do not obsfucate the fact that the tunnels exist and are wireguard. Mullvad can disguise them effectively with QUIC / SNI obsfucation, or even vless / xray / vmess. They're quite good at that.
I also have an Amsterdam VPS and it runs wireguard. My phone has a wireguard client to it. It's a reputable VPS provider from a major cloud hosting company. It has a reverse WG tunnel to my house not through mullvad (I have a public IPv6 address range, but not IPv4); my phone (and partner, friends etc phones) get access to my local servers and resources and then all traffic goes out anonymously through mullvad. I also have another VPS, paid for in cryptocurrency (XMR) that I mine in the winter (the waste heat is cheaper than gas heating where I live, if you assume the compute is paid for...). This acts as a port forwarding host and it connects via another WG tunnel or two to my server, doing tunnel-in-tunnel, but essentially is a reverse proxy host.
I naturally run a recursive resolver _and_ dnscrypt on the ISP connection for bootstrapping.
This gives me _some_ degree of anonymity, I feel, online: I've inspected the traffic going through the ISP router and you see remarkably little, especially with QUIC SNI spoofing turned on. The volume of traffic is quite large and probably idiosyncratic – the endpoints are known – which is the biggest problem amongst all of this. But I have _privacy_ and for me that matters a lot.
I think this age verification, KYC, show your faces stuff is organised internationally on two very simple predicates:
1) Disinformation or political interference provided by Russia and possibly China have affected national election results in many democracies (Brexit, likely Trump, probably more). Controlling the narrative is increasingly viewed as absolutely required by the political class. This is difficult with social media, and strong identity verification makes it more obvious where at least your enemies are.
2) Online actions are increasingly having real world consequences and the establishment wants to be able to more easily _punish_ those people who have broken "the law". This is related to, but distinct from, point 1. There are plenty of examples of this in the UK – but more widely spread worldwide. Having strong identity verification makes it easy to catch people, and if you do that enough, change behaviour (the single biggest determinant of which is shortening the time between "offending" and being caught).
Minor points I think behind this are:
1) A fear of a large-scale war and worries about information security, population influence, and associated military shadowy figures saying things
2) A fear (or fact) of encryption making any sort of content dragnet much harder. Most large web presences undoubtedly have backdoors but genuine p2p without exposed metadata is a fear of the spook community because they kill people on the basis of metadata and machine learning state-of-the-art...as it was in 2014 [3] -- I am sure they do the same now. The reason for metadata is that it is accessible, by design, everywhere. VPN ± tor usage is probably ubiquitous amongst some genuinely bad actors, and they will have spent considerable resources being able to unmask those actors. Depending on the technique, it may genuinely make it much harder if there is a large fraction of the population actually using those tools.
3) Some genuine transnational rise in avoidable harm, like CSAM; some genuine transnational rise in political harms, like the (oft-religious) right.
"who also have the rights to freedom of expression and privacy", plenty of outlets for people to be expressive in the UK (more so than in the US for example, where the right wing will obviously attack any social media restrictions) that don't involve being fed junk divisive content from mainly US tech companies.
Privacy != anonymity.
Feel free to route your traffic via Wireguard. As long as it is not setup as a service for the mass evasion of age gates by children.
monadgonad 24 minutes ago [-]
> "people under 16", you mean children right?
They're still people, don't be weird.
NVHacker 4 days ago [-]
Nice try ! But the fact that the solution to protecting children comes with the maximum boost of government powers in the online world (across the set of all possible ways to protect children) is not a coincidence.
like_any_other 4 days ago [-]
> Privacy != anonymity.
Exactly. You can have your own misgivings about the UK government at home, in private, and share them with no-one. Or you can share them on the online public square, knowing the UK government will know exactly who wrote them. Good thing they never abuse their power of prosecution!
dofm 4 days ago [-]
The government literally doesn't prosecute anyone.
It is done by the CPS, which operates independently of government and the police.
If I were a betting man I'd place a bet that you are further misinformed about the prosecutions you believe are happening and why. But I am not.
michaelt 11 hours ago [-]
The government literally doesn't prosecute anyone. It is done by the CPS, which the Prime Minister, Kier Starmer, was head of from 2007 to 2013.
like_any_other 4 days ago [-]
> It is done by the CPS, which operates independently of government and the police.
I should have written "state", not "government", you're right. Does that change anything? But, article 35 of the Chinese constitution guarantees their citizens freedom of speech and of the press. You're beyond naive if you believe they're independent.
> If I were a betting man I'd place a bet that you are further misinformed about the prosecutions you believe are happening and why.
UK politicians admitted the Online Safety Act was: “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse” - https://archive.md/2025.08.13-190800/https://www.thetimes.co...
1. Nginx Proxmox LXC container with domains that require digital ID such as X. I can easily add or remove domains to it via Ansible.
2. Mullvad VPN server/client setup on OPNSense
3. OPNSense Firewall rules with aliases from the local lists from step 1
4. Every time I access X or whatever, OPNSense firewall rule redirects that traffic via the Mullvad VPN Gateway bypassing the digital ID enforcement
5. I host Pihole + Unbound recursive DNS so I have full control over my DNS. Recursive DNS uses the 13 root nameserver, I do not use public DNS such as Google or whatever, in fact, they are all blocked.
My data under my control.
Honestly surprised that works given Google loves to hardcode DNS queries using their DNS Resolver into many things (Google TV, Android, etc).
I'm assuming you are using NAT Redirection (Port 53), blocking DNS over TLS - DoT (TCP Port 853), using SNI FIltering to block DNS Over HTTP (DoH). Not sure how you handle Encrypted Client Hello.
My Samsung smartTV has Google DNS hardcoded in it, that is why I do what I do.
No matter if I set my phone DNS to Google, OPNSense NAT redirects any DNS to Piholes only, and since public DNS, DNS-over-TLS and DNS-over-HTTPS are blocked, only Piholes forward it to Unbound. Only Unbound can request DNS and OPNSense enforces that.
Unbound is recursive DNS with is own caching so everything happens localy, surfing the internet is insane fast.
As for the digital ID, the DNS happens locally but the traffic is forward to Mullvad VPN Gateway.
I don't wanna hide my traffic, I just don't wanna this mass survilance on my personal information. My social media accounts are burner, no real name, no photos, minimal apps installed on my GrapheneOS phone and I have a complete normal digital life without sharing my shit haha
Not trying to be facetious, but how do you know you are blocking them all? I thought one of the reasons for using DNS-over-HTTPS was to be able to avoid detection.
Spend 5 minutes on X, Instagram or even worse Snapchat for you to see what these minors are doing. A lot generation, all for likes.
GenZ is so cooked, by the time they reach their 30s, damn.
Gen Alpha being born within the digital and AI world is even more cooked.
And from what I remember of the coverage of the scientists presenting their case in the UK there wasn't enough evidence to say whether it had an impact on children.
Personally I think ipad as babysitter is more to blame, but until the proper studies are done it's all just speculation.
Proper study??
Look around us, kids are talking to ChatGPT instead of running, playing, instead of being kids.
Kids cannot speak and yet have a tablet to interact with, by adulthood those kids are cooked.
Teens at school can't read, they have been using ChatGPT to cheat exams. If somebody tells me that more study is required to prove what is right there in from of our eyes, that somebody is part of the problem, full stop!!
I wrap the outbound sock5 traffic in mTLS, so it should look "normal" to anyone packet sniffing (not obvious proxy/VPN traffic), even though stealthiness isn't part of the threat model at the moment.
There's a decent legal ethical argument that LLM output isn't copyrightable, and for me a "one shot vibe code" definitely _isn't_ "your creative work", so the copyright that open source licenses rely on probably doesn't exist there.
I wonder if a new category of "non copyrighted shared source code" needs to exist for people who use Gan AUI to create genuinely useful software which would ne a net positive to society if shared, but that doesn't risk murkying the waters and undermining the copyright basis that licenses like GPL and Apache and BSD and MIT rely on?
All "open source" licenses rely on copyright. If copyright did not exist, GPL and BSD and MIT (and all the other software license options, open and commercial) would be unenforceable.
(I'm less convinced that you seem to be about whether there arte any good reasons for copyright. I believe real "creative people" like authors and musicians and artists and film makers _should_ have a legally enforceable monopoly to control use of and to generate income from their creative work. That shouldn't be "Micky Mouse" effectively eternal control, but there should in my opinion be some legally protected "ownership" that a creator has where they can prevent other people copying/recreating/misusing/profiting from their creation. Whether this should ever have applied to softwares something for a more nuances discussion t6hat a website comment section...)
However, there's no compunction to publish the generated code, even if it's public domain.
We end up in a strange nega-OSS world where all code can be used by anyone for any reason, if you can get your hands on it.
It's either that or I just consider the internet dead and move on. It's nothing like it was 20 years ago anyway. There are other things to do. Many books to read and places to go. We had something really cool and we were lucky to experience it while it lasted, but it's gone now.
I'm pretty much at this stage too. The web/internet was a frontier like the Wild West. But those wild days are gone and are never coming back. Cyberspace has been settled.
https://www.youtube.com/watch?v=HkpcYv9Qm5w
I’ve come to the conclusion the only thing you can really do is leave when you disagree with the direction of your country, but of course not everyone has the ability to do that.
That often is democracy: what's popular isn't always what's best.
Freedom and liberty should be the foundations of a healthy society. Democracy should be reserved only for those things that must be decided collectively and universally enforced.
What kids do on their phones doesn't even come close. Let parents and vendors decide what their kids and customers can do. I've met plenty of well-adjusted kids who aren't on social media because their parents don't let them.
When they do, they will change their mind (and probably protest loudly that they never wanted it in the first place).
See Brexit for a clear example.
If enough people feel strongly about it to go onto the street and wave placards, that starts getting noticed and has to be acknowledged.
Of course, the UK (and others) have started making protests illegal, because they are doing things that we should feel strongly enough about to go and wave placards at them.
You cannot travel into the US without providing access to your Social Media accounts. Pretty likely you get denied if you say "I don't have social media".
If they can't be arsed to answer you, then you shouldn't be arsed to vote for them, at least in my opinion.
You can also recreate a smaller network and enjoy it as a silo, disconnected from the Internet, at times.
There's no need to be off the grid 24/7 to feel the relief.
It's deeply relaxing to pull the (Internet) plug (I do, literally, physically remove one ethernet cable from a switch right underneath my monitor and I've then got several machines happily communicating only on the LAN: no more Internet).
Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them (I bought a 3D printer for that: I had many things I needed to fix and I knew I'd be able to fix them properly by printing adequate parts). No need for the Internet to model, slice and 3D print.
Such an activity does feel like the computing of yore: it takes me back to a time when it was me and a 8-bit machine. Creating stuff "by code" (which now take physical form at home, which 11-years old me would have find utterly mindboggling btw).
> There are other things to do. Many books to read and places to go.
And hobbies. As a kid from the eighties I love cars from the late 80s/very early 90s: not much electronics, not spying on you. Sure they're a bit of gaz guzzlers but then half the fun is fixing stuff on them and the other half is talking about them with other enthusiasts: there's no need to drive 10 000 kilometers a year with those.
When you take time to disconnect a bit from the Internet, then I'd say when you're online (like I'm now) it all feels way more tolerable.
No need to go full luddite IMO but YMMV.
> Maybe I'm having fun with my latest acquisition: modelling parts to fix stuff left and right around the house by 3D printing them
Isn't California proposing to put you in jail for having a 3D printer without an internet connection to tattle on you and killswitch your printer if some unaccountable internet service decides you're printing something "bad"?
:sigh:
If the government blocks Mullvad then I’ll just switch to Wireguard on a Helsinki based VPS via Hetzner.
I used to run my own mail server back until about 2014 or 2015, end even then it was practically impossible to reliably send mail to any of the major email providers from and ip address from Linda/AWS/Hetzner/DigitalOcean et al. I'm pretty sure porn sites and unmoderated web forum type thing that have lawyers advising them will soon be blocking not just UK ip addresses, but the bulk of the easy to identify VPN services and VPS providers.
-- John Gilmore (probably https://quoteinvestigator.com/2021/07/12/censor/)
There are companies that have gotten very good at virtual border control while selling stuff to e. g. the chinese and russians that are allegedly in talks with the UK govt.
VPNs are trivial to ban, the IP space is well known, Wireguard is easily to fingerprint and block.
It will be a cat and mouse game, if the government looses this they'll simply make it illegal to be caught using a VPN including Tor. Which is on the table.
The only way this changes is a less crap party, but almost all including Reform are in favour of more censorship.
https://www.theguardian.com/politics/2025/jul/28/reform-uk-v...
https://www.msn.com/en-gb/news/uknews/reform-pledges-to-scra...
https://www.independent.co.uk/news/uk/home-news/nigel-farage...
Zia Yusuf : "... criticised sections of the legislation that allow ministers to direct regulator Ofcom to modify its rules setting out how companies can comply with requirements to crack down on illegal or harmful content, saying it was “the sort of thing that I think (Chinese president) Xi Jinping himself would blush at the concept of”."
And the more radical Restore say this:
https://www.restorebritain.org.uk/restore_civil_liberties
Good luck, it will probably impossible as admins fed up with AI scraper bots increasingly choose to outright blanket ban anything not being a residential or business line. There's a reason why there are so many "ethically sourced proxies" aka people installing software on their smart TVs and whatnot that comes with an "monetization SDK" by one of the numerous VPN providers. That's the dirty secret behind a lot of the "bypass youtube/netflix/whatever region lock" VPNs.
The current UK government don't actually care about children, if they did then they would actually investigate the child SA gangs, or holding people to account on the Epstein lists. We have seen other countries such as Australia [1] "magically" have the same idea at the same time, so this is likely a global group influencing this push.
> The current proposal to ban people under 16 - who also have the rights to freedom of expression and privacy - from some (as yet not fully delineated) social media services is likely to result in wide-spread verification.
This is the real objective, it will be just like the UK porn verification [2]. To express yourself online, you will soon need to associate your activity with your real identity. With the discussion of clamping down on VPNs, it won't be long before you need to verify your ID just to connect to the internet.
This has been a long time coming. Years ago you could buy a sim card with money already on it, use it, and then throw it away. Now you need to associate some credit card or ID with the sim card and perform some verification process.
> And so, for the first time, I am considering locating something (perhaps a WireGuard node, or a SOCKS proxy, or a recursive DNS server / DNS proxy, or perhaps all of them) somewhere on the Internet outside the UK, so that I can route some traffic through that, as needed, to maintain my access to the web.
It won't be enough. At some point the UK government will just mandate that they should be allowed to perform deep packet inspection, and then there will be nowhere left to hide. These changes are also being rolled out everywhere - which Country do you trust to run your data through?
I remember the New Zealand Christchurch attack on a mosque, and how multiple governments around the world pressured Facebook to remove it entirely [3]. They were more worried about people seeing and sharing the attack, than the attack itself. The manifesto was entirely banned [4], and people were left entirely dependent on the state to convey a narrative about the attack.
I have a feeling that this all fell out of the "Christchurch Call" [5]. I don't think this recent push spearheaded by them, but I believe it had a large influence on the efforts now ongoing.
[1] https://www.bbc.com/news/articles/cwyp9d3ddqyo
[2] https://www.ofcom.org.uk/online-safety/protecting-children/a...
[3] https://www.bbc.co.uk/news/business-47620519
[4] https://www.theguardian.com/world/2019/mar/24/censor-bans-ma...
[5] https://www.christchurchcall.org/
I've seen and experienced all manner of things the state would deem verboten, especially for younger eyes, whether it be the anarchists cookbook sparking my enthusiasm for chemistry and engineering, warez igniting my love of software development or the inescapable porn, memes, and other shit that's filled my screen for decade after decade. I've managed to make it through unscathed, dare I say even somewhat publicly respectable... I'd vote for my kids and any others having my childhood over the toxic stazi-esque nightmare we seem to currently find ourselves in. I LOVED my childhood growing up with the internet, CD-R's, Napster, etc. it inspired me & helped create the life I live today, but now all the kids using tech just look like methed out zombies.
It's also really funny reflecting on this & realising how very little I ever used or valued anything like Facebook, Instagram, etc. whereas things like BBS's, IRC, Discord, Telegram, etc. with random strangers and some shared interests is where I've always felt at home.
I've felt this slide in the UK for a long period of time. I route _all_ of my traffic through Mullvad with DAITA [1] because I think it's the only the likes of chaffing and winnowing [2] that can defeat traffic analysis. The endpoint changes. I have a high-end SBC router. For the moment, I do not obsfucate the fact that the tunnels exist and are wireguard. Mullvad can disguise them effectively with QUIC / SNI obsfucation, or even vless / xray / vmess. They're quite good at that.
I also have an Amsterdam VPS and it runs wireguard. My phone has a wireguard client to it. It's a reputable VPS provider from a major cloud hosting company. It has a reverse WG tunnel to my house not through mullvad (I have a public IPv6 address range, but not IPv4); my phone (and partner, friends etc phones) get access to my local servers and resources and then all traffic goes out anonymously through mullvad. I also have another VPS, paid for in cryptocurrency (XMR) that I mine in the winter (the waste heat is cheaper than gas heating where I live, if you assume the compute is paid for...). This acts as a port forwarding host and it connects via another WG tunnel or two to my server, doing tunnel-in-tunnel, but essentially is a reverse proxy host.
I naturally run a recursive resolver _and_ dnscrypt on the ISP connection for bootstrapping.
This gives me _some_ degree of anonymity, I feel, online: I've inspected the traffic going through the ISP router and you see remarkably little, especially with QUIC SNI spoofing turned on. The volume of traffic is quite large and probably idiosyncratic – the endpoints are known – which is the biggest problem amongst all of this. But I have _privacy_ and for me that matters a lot.
I think this age verification, KYC, show your faces stuff is organised internationally on two very simple predicates:
1) Disinformation or political interference provided by Russia and possibly China have affected national election results in many democracies (Brexit, likely Trump, probably more). Controlling the narrative is increasingly viewed as absolutely required by the political class. This is difficult with social media, and strong identity verification makes it more obvious where at least your enemies are.
2) Online actions are increasingly having real world consequences and the establishment wants to be able to more easily _punish_ those people who have broken "the law". This is related to, but distinct from, point 1. There are plenty of examples of this in the UK – but more widely spread worldwide. Having strong identity verification makes it easy to catch people, and if you do that enough, change behaviour (the single biggest determinant of which is shortening the time between "offending" and being caught).
Minor points I think behind this are:
1) A fear of a large-scale war and worries about information security, population influence, and associated military shadowy figures saying things
2) A fear (or fact) of encryption making any sort of content dragnet much harder. Most large web presences undoubtedly have backdoors but genuine p2p without exposed metadata is a fear of the spook community because they kill people on the basis of metadata and machine learning state-of-the-art...as it was in 2014 [3] -- I am sure they do the same now. The reason for metadata is that it is accessible, by design, everywhere. VPN ± tor usage is probably ubiquitous amongst some genuinely bad actors, and they will have spent considerable resources being able to unmask those actors. Depending on the technique, it may genuinely make it much harder if there is a large fraction of the population actually using those tools.
3) Some genuine transnational rise in avoidable harm, like CSAM; some genuine transnational rise in political harms, like the (oft-religious) right.
[1] https://mullvad.net/en/vpn/daita [2] https://en.wikipedia.org/wiki/Chaffing_and_winnowing [3] https://arstechnica.com/information-technology/2016/02/the-n...
"who also have the rights to freedom of expression and privacy", plenty of outlets for people to be expressive in the UK (more so than in the US for example, where the right wing will obviously attack any social media restrictions) that don't involve being fed junk divisive content from mainly US tech companies.
Privacy != anonymity.
Feel free to route your traffic via Wireguard. As long as it is not setup as a service for the mass evasion of age gates by children.
They're still people, don't be weird.
Exactly. You can have your own misgivings about the UK government at home, in private, and share them with no-one. Or you can share them on the online public square, knowing the UK government will know exactly who wrote them. Good thing they never abuse their power of prosecution!
It is done by the CPS, which operates independently of government and the police.
If I were a betting man I'd place a bet that you are further misinformed about the prosecutions you believe are happening and why. But I am not.
I should have written "state", not "government", you're right. Does that change anything? But, article 35 of the Chinese constitution guarantees their citizens freedom of speech and of the press. You're beyond naive if you believe they're independent.
> If I were a betting man I'd place a bet that you are further misinformed about the prosecutions you believe are happening and why.
UK politicians admitted the Online Safety Act was: “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse” - https://archive.md/2025.08.13-190800/https://www.thetimes.co...
Even viewing "terrorist" material carries a potential 15 YEAR jail term: https://www.bbc.com/news/uk-41479620
It's OK to be white and similar stickers landed a man in jail: https://www.bbc.com/news/articles/c51zn2l33r9o
https://www.spiked-online.com/2024/03/04/the-tyrannical-jail...
I don't know how much worse you need it to be.
In practice, if you lose one, then you also lose the other.