Utah has become the first U.S. state to hold websites liable for users who mask their location with VPNs. The law requires sites to verify age or face penalties for serving restricted content to minors.
Utah's new legislation creates legal responsibility for websites when users employ VPNs to circumvent age-based content restrictions. Under the law, sites offering age-restricted material—including adult content, gambling, and alcohol sales—must implement verification systems that account for VPN usage.
The statute marks a significant shift in online regulation. Previously, responsibility for accessing age-restricted content fell primarily on users. This law transfers accountability to website operators, requiring them to implement detection methods capable of identifying VPN connections and preventing access to such content.
Websites that fail to comply face liability claims. The law does not specify exact penalties, but creates a legal framework allowing enforcement action against platforms that serve age-restricted content to minors, whether through direct access or VPN masking.
The move raises technical and practical concerns. VPN detection remains imperfect, with many services specifically designed to avoid detection. Compliance could require websites to deny service to all VPN users or implement expensive age-verification systems. Some services may simply block Utah users rather than comply.
Privacy advocates have raised concerns about age-verification requirements, which often demand personal identification data. Such systems create security and privacy risks while potentially excluding legitimate users from legal services.
Other states have considered similar legislation. The regulatory trend reflects growing pressure to restrict minors' online access to adult content and services, though implementation challenges remain significant.
The law's enforceability and constitutional standing have yet to be tested in court. Legal experts question whether holding websites responsible for user behavior enabled by third-party software (VPNs) falls within reasonable regulatory scope.
Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.
Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.
Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.
Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.