Become a TechRadar Insider
- The UK is consulting on whether to age-restrict VPNs to prevent minors from bypassing age checks
- Mozilla warns that circumvention is a "marginal reason" kids use VPNs
- The company argues that forcing all users to verify their age will create massive data privacy risks
The UK government is currently exploring new ways to protect children online, but its latest proposals have drawn sharp criticism from one of the internet's biggest privacy advocates.
Mozilla, the non-profit tech giant behind the Firefox browser and Mozilla VPN, has warned regulators that age-restricting virtual private networks (VPNs) "would undermine the privacy and security of all users".
In a formal submission to the UK's Department for Science, Innovation and Technology, Mozilla pushed back against a recent consultation that considers age-gating the best VPN services to stop minors from bypassing age checks mandated by the Online Safety Act.
According to Mozilla, forcing every user to verify their age just to access a VPN would create massive new data vulnerabilities without actually solving the problem of youth online safety.
"The protections children need are protections from the platforms collecting their data, not restrictions on the tools they use to shield themselves from that collection," the company stated in its public submission.
The circumvention myth
The core of the government's argument is that children are primarily using VPNs as circumvention software to bypass age gates on social media and adult sites. However, Mozilla's submission highlights that this is a "marginal reason" for VPN use among minors.
Citing research from Internet Matters published in December 2025, Mozilla noted that only 8% of children had used a VPN in the previous twelve months. Of those, 66% did so to protect their personal data. A later study found that only 7% used a VPN to circumvent age restrictions, with most young users bypassing age gates simply by entering a fake birthdate or using a parent's login.
Instead, young people rely on VPNs for the same reasons adults do. Students regularly connect to public or school networks for homework, and VPN protection shields them from surveillance and tracking.
If the UK moves forward with mandatory age checks, VPN providers would be forced to verify the age of every single customer, requiring millions of adults to hand over sensitive identity documents.
Mozilla warned this would create an irresistible honeypot for hackers, pointing to a 2023 Discord data breach that leaked 70,000 user ID photos as proof of what happens when platforms collect sensitive documents at scale.
A wider war on encryption
This clash between privacy advocates and regulators is part of a broader trend. The UK government's child safety plans have repeatedly sparked warnings from the cybersecurity industry that treating VPNs as harmful circumvention tools could expose children to greater dangers.
Recently, Proton, Tor, Mullvad, and Mozilla were among 19 organizations urging the UK government not to undermine the open web as new safety bills become law. The threat also extends beyond Britain, with the EU recently signaling that VPNs could face restrictions following the launch of its own age verification systems.
Rather than age-gating fundamental privacy tools, Mozilla is urging regulators to enforce existing platform obligations under the Online Safety Act, encourage on-device parental controls, and invest in digital literacy.
As the company concluded in its official blog post: "We are concerned, however, that blunt interventions like mandatory age assurance and restricting access to tools like VPNs are not effective in improving the protection afforded to young people online, while undermining the fundamental rights of all users."
