Adult content and radicalisation – the sinister realities of the Online Safety Act

As the Online Safety Act begins its phased implementation, the UK government claims the legislation will create a safer digital world for children. While well intended, in reality, the OSA will likely do the opposite.

The legislation is fundamentally flawed – introducing loopholes that children will easily exploit while simultaneously threatening free speech and burdening small online communities with disproportionate liabilities. As we mark Safer Internet Day, it’s important that we understand the consequences of the dangerously flawed new law.

One of the most touted aspects of the Online Safety Act is the mandatory age verification for sites hosting adult content. Yet, this measure is doomed to fail. VPNs, proxy services, adult sites outside of the UK, and the dark web all allow minors to effortlessly bypass the OSA restrictions. Even worse, the OSA restrictions are likely to effectively encourage minors to use sites far more dangerous than those hosted in the UK.

The very users the OSA seeks to protect – the tech-savvy younger generation – will be the first to find their way around it. However, what is even more concerning is that the youngest and most vulnerable users, those too young to understand or bypass these measures, will still be at risk.

Pre-teens, who should be better protected by any online safety legislation, will remain unprotected as easily available adult material continues to filter down. Just as we saw with previous attempts to regulate online content, younger children will still stumble across harmful material, if not be directed to dangerous venues like the dark web via their peers – despite the false sense of protection that comes with the OSA.

On the flip-side, OSA puts adults at risk as they must provide personal data, and at times biometric information, to parties to whom they have no prior relationship and whose security practices are as of yet, effectively untested.

Besides the obvious risk of attackers stealing data from the age verification (AV) providers, there is little doubt that cyber criminals will take advantage of the situation by setting up phishing sites that impersonate AV services. We saw how well criminals impersonated fake parcel delivery services during Covid and how many billions of dollars have been lost to phishing attacks over the years – why give them another opportunity to employ these ruthless tactics against innocent people?

This is, after all, a dynamic already scripted by other restrictive measures, from online gambling bans to restrictions on pirated content. When it comes to online access, determined users always find workarounds; minors being no exception. The illusion of safety created by these age verification mandates does not translate into real world protection. While parents will be lulled into a false sense of security, their children will be left exposed whilst accessing dangerous, and potentially illegal, content.

Perhaps even more concerning is the overreach of this legislation. This law does not just apply to major platforms like Facebook, but extends to any platform that facilitates user-to-user engagement – including small community forums, hobbyist groups, and even local church discussion boards. This means that countless website owners and moderators, including those who are working for organisations dedicated to protecting children, who have no legal teams or compliance departments, will suddenly find themselves potentially facing massive multi-million-pound fines.

Many wonderful organisations, and providers of valuable information and services to they community at large may be forced to cease operations out of a fear of unintentionally violating the Act. All of this damage will occur whilst the threats to minors continue to exist – if not become worse.

Sadly, this is already happening.

Take, for example, the LFGSS, a completely benign, child-friendly community cycling forum, which is closing down due to the overwhelming burden placed on it by the Online Safety Act. If a discussion board for bike enthusiasts is at risk, how many other small communities will vanish for nothing?

This is not just speculation – it is already happening. Many small forums, church groups, and niche online communities may face the same fate and be forced to close rather than take on the high costs of compliance with the OSA – costs that can be prohibitive for small operators even if OSA was intended to target only Silicon Valley giants and platforms hosting adult content. This could disproportionately impact hundreds of thousands of perfectly benign websites in the UK.

If the goal is truly to protect children, there are far more effective and proportionate solutions: filtering and device-level checks. Instead of placing the burden on individual websites, parents should keep control of what their children access online. Parental control software, operating system-level restrictions, and internet service provider-level filtering are vastly superior and precise compared to the blunt instrument of the Online Safety Act and the best efforts of Ofcom – the designated regulator that, despite considerable expenditure, simply doesn’t have the tools for the job.

In addition to filtering, device-level checks represent yet another much safer and much more effective way to protect minors from other threats, such as communications from would-be-abusers or the like, by setting their device to deliver an age-appropriate online experience. This can be achieved without the need for any sensitive information to be divulged throughout the web, whilst shielding minors from content deemed for adults.

By shifting responsibility to individual websites instead of empowering parents, guardians and minors, the path currently chosen by the government is ineffective, worse than the cure that it purports to provide, and exposes internet users to dangers.

Governments that support any such age verification mandates are setting themselves up for a risky political gamble. The OSA is not a step forward; it’s a dangerous misstep destined to fail.

The unintended consequences of the OSA will soon become apparent: minors will still access harmful content; perfectly benign online forums will disappear; precious sensitive data will be disseminated throughout the web and exposed; and free speech will be eroded and the most dangerous online risks to minors. Such as communications from would-be abusers in their physical locations, access to illegal drugs and weapons sold via the dark web, and recruitment attempts by extremist groups, will remain completely unaddressed.

While the OSA may give elected officials bragging rights that they are protecting children, the law – and those supporting it – are, in reality, making the internet more dangerous for the children of the United Kingdom.

Joseph Steinberg is a US cyber security expert.