My two Twitter/X precepts: 1. Anonymous low-follow accounts will not be taken seriously. 2. Abusers & haters will be ignored, blocked & forgotten. Have a nice day 🙏

"Interdire les VPN", c'est ne rien comprendre à ce qu'est un VPN. Un VPN, ce n'est pas un produit, c'est un principe. Un tunnel chiffré entre votre machine et un serveur que vous choisissez. Votre trafic ressort avec l'adresse de ce serveur, point final. C'est de la cryptographie et du routage, rien d'autre. Or ce tunnel chiffré, c'est exactement la même brique technique que le HTTPS de votre banque, le SSH de n'importe quel développeur, le réseau interne de n'importe quelle entreprise. Le chiffrement et le tunneling, ce n'est pas "le truc des hackers", c'est le socle de l'internet moderne. Donc "interdire les VPN", au sens littéral, ça veut dire interdire les tunnels chiffrés. Et interdire les tunnels chiffrés, c'est casser le e-commerce, la banque en ligne, le télétravail, bref tout ce qui fait qu'internet fonctionne. Vous ne pouvez pas tuer l'un sans tuer l'autre. Maintenant le concret, celui qui fait que c'est déjà perdu. Il n'y a pas "un VPN" à bloquer. Vous louez un serveur à 5 euros par mois chez Hetzner, DigitalOcean ou AWS, vous installez WireGuard ou OpenVPN en trois commandes, et vous avez votre propre VPN sur une IP que personne n'a sur sa liste de blocage. Un gamin de 16 ans fait ça pendant la page de pub. Vous pouvez bloquer les IP des fournisseurs commerciaux connus ? Ça ne change rien à l'auto-hébergé. Pour aller plus loin, il vous faut un pare-feu national avec inspection profonde des paquets et liste blanche de protocoles. Autrement dit la Chine, l'Iran, un appareil de surveillance de masse. Et même ça fuit en permanence (Shadowsocks, V2Ray, protocoles obfusqués qui imitent du trafic HTTPS classique). Le choix réel est donc binaire. Soit votre interdiction est du théâtre, contournée en 48 heures. Soit vous construisez une Grande Muraille numérique, et même Pékin n'arrive pas à la fermer complètement. Le fond du problème, c'est que ces gens légifèrent contre l'arithmétique. On ne vote pas une loi contre les mathématiques. Le tunnel chiffré existera tant que le chiffrement existera, et le chiffrement existera tant qu'internet existera. Des bureaucrates qui n'ont jamais écrit une ligne de code de leur vie décident d'interdire une primitive cryptographique qu'ils ne savent même pas définir. Ils ont déjà perdu. C'est le poulet sans tête : ça continue de courir, mais la décision est déjà tombée.

I’m actually a child online safety expert and was one of the pioneers in this space with Club Penguin and so I feel uniquely positioned to critique this. The groomer problem is real but it’s also vastly overstated. The far larger issue we saw at Penguin was suicidality or reports of sexual abuse in the home. There is no solution for lazy/bad parenting. You can implement all the ID laws you want but if parents are going to just hand kids their phones unlocked, those kids will have access to all the same things the parents have unfettered. What I found is that these draconian safety laws actually make it harder to be an honest operator of kids apps because on one hand it’s so much legal risk and so much user friction that it simply becomes uninvestible as a business. Parents will just lie to let their kids use the unfettered internet. For example, I have a friend who works in mobile gaming who has two kids, one above and one below the age limit but separated by just 2 yrs, and the two wanted to play and chat together on Roblox - which is reasonable. To do this, he just verified that his younger kid is old enough for the chat feature when he’s not. This happens all the time and will happen with these laws to. How far do we want to go with this? Scan the face of the user in real-time to make sure it’s not a kid using the device? We could do that but it feels like a massive unwanted intrusion of privacy. That’s how you know this law isn’t about kids. COPPA and GDPR-K and so forth already make it illegal to allow chat and other grooming vectors to kids. What’s really being done here is trying to eliminate online anonymity. And this is a far bigger issue that goes to core speech rights because if you cannot criticize the govt anonymously and if wrong speech is a crime then it becomes easy to identify all the detractors of the govt in power, and ban, fine or jail them for speech crimes. Starmer has already been doing this and he wants to do it at a much bigger scale. Starmer won’t even acknowledge the problem of actual grooming gangs in Britain’s neighborhoods but he’s worried about online grooming? No he’s not, and this hypocrisy gives away the game. What he wants is to kill online anonymity so he can enforce censorship of his unpopular policies. No politician should have this power.

Day 4 of #100daysofCyber - Continued the Pre Security (SEC0) path on TryHackMe - Unlocked the "World Wide Web" badge - Rank increased from top 35% to top 25% - 12 new rooms completed Tomorrow I'm going to see if I can get through the final 2 modules, then move to CyberSecurity 101 (SEC1).

25% of the top 100 porn sites remain accessible, no VPN required. majority of overall global adult porn sites will always remain accessible btw, since OSA places the responsibility on the site operators, and most will just ignore the warnings (similar to how 4chan did). for the record, there are far superior child protection systems that were recommended to past governments, which would have enabled ISP-level blocking using IWF & open source blocklists, etc... but both Conservatives/Labour ignored that advice, and instead have gone with a legal framework that is essentially unenforceable, creates massive work on site operators, and leaves abusive content itself easily accessible in many cases. it never had anything to do with real protection, if it did they'd have implemented the ISP-level and on-device recommendations made previously.

There's been a number of people touting the idea of a VPN ban, but worth noting it isn't really possible, for multiple reasons. First and foremost, many public sector agencies utilize VPNs themselves, datacenters with international customers are using them, and critical infrastructure also uses a variety of VPN technologies. Therefore any proposed ban would be superficial or performative at best, likely primarily targeting domestic VPN providers. Even regulating those would prove problematic though. Exceptions would be made for commercial/business/corporate use, and domestic providers could pivot around that. At best they may be able to force UK based providers to require ID, but plenty of international providers already ignore UK government demands and will continue to do so - a market which will then only grow. There's other tactics they could use (pressuring providers to block VPN endpoints, etc) but that won't be a problem long term either. This is before we've even gotten into alternative methods/protocols like nostr. VPN bans in China/Iran had some efficacy (but still relatively easy to circumvent) due to the fact they have the national firewall, complete with DPI (deep packet inspection). UK would never be able to replicate this due to our positioning as a global comms hub & existing infrastructure. A very different environment. Labour MPs might rattle on about banning it - but none of it will be based in reality. Just performative nonsense from people that use the internet through either an intern or an iPad. Hence why even the existing legislations they have introduced are laughably easy to circumvent, and why you now have Meta asking questions and giving recommendations that should have been obvious from the start (which is another indicator that the UK gov simply wouldn't have a clue on how to implement a VPN ban).

touchbar m1 is safe for another year 😌

I will not be complying with any form of digital ID through the backdoor, nor any social media restriction. From here on out... VPNs and DoH on everything, and perhaps a pivot towards GrapheneOS and more Linux.

Apple built this exact tool in 2021. Within weeks, security researchers showed it could flag innocent people's content. Apple killed it 16 months later. The UK just gave tech companies three months to build it anyway, threatening prison for executives who refuse. The proposal is for something called client-side scanning. End-to-end encryption (the technology that protects your WhatsApp or Signal messages) works by scrambling your messages on your phone before they leave it. Nobody intercepting them can read them. Client-side scanning changes that sequence: your phone checks every image and message against a database of prohibited content before encrypting it. The lock stays in place, but the inspection happens first. When the government says "scan for nude images," technically they mean "scan everything." The people who invented internet security have already ruled on this. Ronald Rivest helped create RSA encryption, the system behind every padlock icon you see in a browser. Whitfield Diffie invented public-key cryptography, the math that all web security is built on. In October 2021, both co-signed a paper with twelve other leading cryptographers, concluding that device-level scanning undermines security for everyone while giving law enforcement only unreliable gains. Once that infrastructure is on every phone, any government can point it at whatever they decide to ban next. The EU spent three years trying to pass something identical. Germany blocked a Council vote in October 2025. On March 26, 2026, the European Parliament voted 307 to 306 to reject it. One vote. German federal police data from those debates showed roughly 48% of the 300,000 chats reported annually under existing scanning rules were false positives, innocent people's messages treated as criminal evidence. There is one more consequence the announcement left out. The government wants to block nude images on children's devices but not adults'. Enforcing that line means every device in the UK needs to know whether its owner is a child. The only way to do that is mandatory age verification. Signal pointed out where this lands: every UK resident would need to prove their identity just to communicate privately. That means 67 million people submitting identification to use software they already own. The EU rejected this by one vote two and a half months ago. The UK is now attempting it alone.

1) Apple device face scans STAY ON DEVICE. These do not. I also refuse to use my own biometrics for my devices. 2) The backup method is government IDs. This will be necessary in many millions of instances bc facial age estimation is notoriously often wrong. In some cases it needs to figure out get years or days of life - an impossible task. 3) These systems have breached over and over again. And this creates thousands or millions of victims of identity theft. Au10tix, Tea App, Discord's vendor, and more recently one used for weed clubs in Spain Playing this down as trivial is a wild take.

NEVER STOP MAKING THINGS. ALWAYS KEEP CREATING. ALWAYS KEEP GOING.

Day 3 of #100daysofCyber - Continued the Pre Security (SEC0) path on TryHackMe - Unlocked the Webbed badge - Rank increased from top 40% to top 35% - 2 new rooms completed Tomorrow I'm going to try and blitz through a whole load of it so that I can move onto SEC1.

Disturbing. This has nothing to do with protecting children - impartial organisations like IWF already have far methods for that. The real reasons this is happening now is simple... digital ID through the backdoor, and clamping down on anyone debunking Labour disinformation. If it wasn't for social media, there would be many issues in this country that would be swept under the rug.

It’s very obvious the UK government’s new “child-protection” controls on social media are just a prelude to much more rigorous censorship of social media for adults, just like the Online Safety Bill was used to hide footage of recent protests.

people love to complain about AWS pricing but if you've ever tried to dump a bunch of clients onto cheap infrastructure ("fuck around"), given enough time you'll always reach the "find out" stage. granted, there are cheaper options than AWS (OVH/scaleaway, Hetzner, etc...), but if my own experience with hosting clients across different services is anything to go by, headaches can become expensive - a lot of the time it's just better to eat the additional cost. leave the cheaper infrastructure for dev/personal.

Worth noting that while you can't enable ADP anymore - existing accounts that already have it enabled will continue working fine. Just don't disable it, as I suspect it's unlikely you'll be able to re-enable it. Personally mine is still enabled, but if the UK gov ever force existing accounts to disable it then I'll sadly need to consider dropping all Apple products entirely.