- The UK is consulting on the possibility of age-restricting VPNs to prevent minors from bypassing age checks.
- Mozilla warns that circumvention is a ‘marginal reason’ kids use VPNs
- The company maintains that forcing all users to verify their age will create huge data privacy risks.
The UK government is currently exploring new ways to protect children online, but its latest proposals have drawn harsh criticism from one of the biggest advocates for online privacy.
Mozilla, the nonprofit tech giant behind the Firefox browser and Mozilla VPN, warned regulators that restricting the age of virtual private networks (VPNs) would “undermine the privacy and security of all users.”
In a formal submission to the UK Department of Science, Innovation and Technology, Mozilla rejected a recent consultation that considers age restriction to be the best VPN service to prevent minors from bypassing age controls required by the Online Safety Act.
According to Mozilla, forcing every user to verify their age just to access a VPN would create massive new data vulnerabilities without really solving the problem of young people’s online safety.
“The protections children need are protections on the platforms that collect their data, not restrictions on the tools they use to protect themselves from that collection.,“the company stated in its public presentation.
The myth of avoidance
The core of the government’s argument is that children primarily use VPNs as circumvention software to bypass age barriers on social media and adult sites. However, Mozilla’s presentation highlights that this is a “marginal reason” for VPN use among minors.
Citing Internet Matters research published in December 2025, Mozilla noted that only 8% of children had used a VPN in the previous twelve months. Of them, 66% did so to protect their personal data. A later study found that only 7% used a VPN to bypass age restrictions, with most young users bypassing age barriers by simply entering a fake date of birth or using a parent’s login.
Instead, young people trust VPNs for the same reasons as adults. Students regularly connect to public or school networks to complete their assignments, and VPN protection protects them from surveillance and tracking.
If the UK moves forward with mandatory age checks, VPN providers would be forced to verify the age of every customer, requiring millions of adults to hand over sensitive ID documents.
Mozilla warned that this would create an irresistible honeypot for hackers, pointing to a 2023 Discord data breach that leaked 70,000 user ID photos as proof of what happens when platforms collect sensitive documents at scale.
A broader war on encryption
This clash between privacy advocates and regulators is part of a broader trend. The UK government’s child safety plans have repeatedly prompted warnings from the cybersecurity industry that treating VPNs as harmful circumvention tools could expose children to greater dangers.
Recently, Proton, Tor, Mullvad and Mozilla were among 19 organizations urging the UK government not to undermine the open web as new security bills become law. The threat also extends beyond Britain: the EU has recently signaled that VPNs could face restrictions following the launch of its own age verification systems.
Instead of age-limiting critical privacy tools, Mozilla is urging regulators to enforce existing obligations on the platform under the Online Safety Act, encourage parental controls on devices, and invest in digital literacy.
As the company concluded on its official blog: “We are concerned, however, that strong interventions such as mandatory age assurance and restricting access to tools such as VPNs will not be effective in improving the protection provided to young people online, while undermining the fundamental rights of all users.”
