The United Kingdom‘s controversial Online Safety Act, intended to make the country the “safest place in the world to be online,” is having a troubling, unintended effect. The legislation, which imposes stringent age verification rules and requires platforms to police content, is driving many users, including minors, to seek out privacy-enhancing tools. However, a new investigation has revealed a disturbing irony: in their quest to protect their data from the government, many are inadvertently exposing their information to risky, unregulated free VPN services, some of which are secretly communicating with servers in China and Russia.

A Law that Sparks a Privacy Paradox

The Online Safety Act is designed to protect users from harmful content by placing a “duty of care” on tech companies. Critics, however, argue that the law is a dangerous overreach that threatens free expression and digital privacy by forcing platforms to monitor user activity and potentially weaken encryption. This has led to a surge in the use of VPNs, which can bypass ISP-level blocks and age gates by masking a user’s IP address and encrypting their traffic. For young people, these tools offer an easy way to access restricted content without providing personal identification, which has raised concerns from regulators.

The Hidden Dangers of Free VPNs

While a VPN can offer a sense of security, many free services present a far more insidious threat. Research from Comparitech, building on a report from the Tech Transparency Project (TTP), has found that many popular free VPN apps on both the Apple App Store and Google Play Store are not the privacy shields they claim to be. The investigations confirmed that several popular apps, including Turbo VPN and VPN Proxy Master, were found to be communicating with Chinese domains. Even more concerning, others like QuarkVPN and VPNify were in contact with Russian IP addresses linked to major tech firms. This means that in their attempt to escape perceived government surveillance, users are funneling their entire internet activity through services that could be sharing their data with foreign entities.

Corporate Obfuscation and the Need for Due Diligence

Determining a VPN’s true operational base is notoriously difficult for the average user. Many providers use a complex web of shell companies in privacy-friendly nations to hide the fact that their infrastructure and staff may reside elsewhere. This corporate obfuscation makes it nearly impossible to know who is handling your sensitive data. The investigation highlights the critical importance of user awareness and due diligence. Users concerned about their digital privacy should avoid free services and instead look for reputable VPN providers that publish transparency reports and undergo independent audits of their no-logs policies.

A Cautionary Tale

The situation in the UK serves as a cautionary tale for internet users worldwide. In the quest for online freedom amid intrusive legislation, the solution is not to jump from one potential threat to another. The unintended consequences of the Online Safety Act have shown that a tool meant to achieve privacy can become a potential instrument of foreign state surveillance. By choosing a VPN without proper investigation, users risk trading one set of monitors for another, potentially more dangerous, one, nullifying any intended benefits of using the service in the first place.

Read More: Government to Deploy AI to Catch Criminals Before They Strike