Social media platforms that comply with Australia’s new social media ban for under-16 users must also attempt to stop such users from using virtual private networks (VPNs) to appear as though they are outside the country, according to guidance issued by Australia’s eSafety Commissioner.
The much-anticipated ban kicks in on December 10, and a spike in VPN usage is expected as a corollary.
To curb this, social media apps may try to identify and blacklist IP addresses associated with popular VPN services. Platforms may also monitor internet traffic patterns to identify under-16 users operating from within Australia while using VPNs.
However, the key point is that the responsibility for keeping VPN usage in check falls squarely on all social media platforms that comply with the new rules.
What Does Australia’s Guidance Say About VPN Monitoring?
The eSafety Commissioner states that social media platforms can use location-based signals to determine whether an account holder resides in Australia but is using a VPN to bypass age restrictions. These signals may include:
- IP address(es)
- GPS or other location services
- Device language and time settings
- Device identifiers
- An Australian phone number
- App store, operating system (OS), or account settings
- A user’s photos, tags, connections, engagement, or activity
Notably, the guidance says that the presence of such signals “is expected” to trigger an age-assurance process or prompt a review of accounts that have already undergone checks.
How Can Social Media Platforms Identify VPN Users?
One method, as mentioned earlier, involves identifying and blacklisting IP addresses linked to popular VPN services. But this could lead to unintended consequences, such as:
- A ‘cat and mouse game’ between social media apps and VPN companies, where such companies simply deploy new IP addresses to evade the imposed restrictions.
- This method might also mean legitimate adult users who use VPNs getting blocked from accessing social media platforms.
Platforms might also deploy deep packet inspection (DPI) to analyse internet traffic and detect VPN-specific fingerprints. This technique is especially effective against VPN protocols such as OpenVPN and WireGuard, which have distinct traffic signatures that differ from standard web traffic. However, VPNs that use advanced obfuscation, like Surfshark and Proton VPN, may still slip past such monitoring efforts.
More realistically, platforms may cross-reference a user’s IP address with their GPS coordinates or historical IP address data. Comparing location coordinates with an IP address is generally effective, especially since users often grant apps permission to access location data for tagging posts or finding “local” content.
VPN Usage Patterns Under Social Media Ban and the Case of ‘Free VPNs’
Interest around VPNs has historically surged in countries and regions that have introduced strict content restrictions recently.
Advertisements
For example, online searches for VPNs surged in the U.S. state of Missouri after mandatory age verification requirements were introduced. Similarly, the UK saw over a 1,000% increase in VPN sign-ups following the rollout of the Online Safety Act.
Google Trends data shows no immediate spike in VPN search interest in Australia yet. However, several major VPN services, such as ExpressVPN and NordVPN, are already among the country’s top-grossing utility apps, according to Sensor Tower.
Under-16 users may drive a surge in VPN demand as soon as the December 10 ban comes into force. A key concern is that minors may turn to ‘free VPNs’ to bypass the restrictions.
This poses significant risks. Free VPNs often monetise user data by selling it to third-party advertisers. Many also lack adequate encryption or may even introduce malware onto a user’s device.
Also Read:
Support our journalism:
For You
Source link