Mozilla is warning that growing efforts to tie VPN access to online age verification systems could damage internet privacy, weaken security protections, and create a heavily restricted “age-gated” web.
The warning comes as governments in the UK and the European Union push for stricter online age assurance rules aimed at protecting minors from harmful content. Policymakers have increasingly discussed whether VPNs should face restrictions because they can be used to bypass age verification systems.
In a submission to the UK government’s “Growing up in the online world” consultation, Mozilla argued that VPNs are essential privacy and security tools used legitimately by millions of people, including children. The company warned that forcing age checks on VPN services would require every user, not just minors, to submit sensitive personal information before accessing baseline privacy protections.
Mozilla specifically rejected the argument that children primarily use VPNs to bypass age restrictions. Citing research from Internet Matters, the organization noted that only 8% of children reported using a VPN in the past year, and just a fraction of those used them to circumvent age gates.
The company warned that mandatory age verification for VPNs could introduce new privacy and security risks at scale. According to Mozilla, requiring identity checks for privacy tools would create large databases of sensitive information that could themselves become attractive targets for hackers and surveillance.
Mozilla also argued that restricting VPN access would likely be ineffective because users can bypass age controls through numerous other methods, including shared accounts, borrowed devices, modified photos for facial verification systems, or alternative circumvention tools.
The debate intensified after EU officials introduced plans for an EU-wide age verification app designed to help platforms block minors from adult content. During a press conference in April, European Commission Executive Vice-President Henna Virkkunen suggested regulators would also need to address ways users could circumvent the system, including through VPNs. The comments triggered backlash from privacy advocates and cybersecurity researchers who feared VPN restrictions could follow.
Mozilla joined a coalition of 19 organizations, including Proton, Mullvad, ExpressVPN, the Tor Project, and the Electronic Frontier Foundation, urging UK lawmakers not to undermine the “open web” through broad age verification mandates and anti-circumvention rules.
Critics argue that widespread age verification systems risk normalizing identity checks across large parts of the internet, potentially extending beyond adult websites to social media, gaming platforms, AI tools, cloud services, and even static websites.
Mozilla instead urged governments to focus on stronger platform moderation, safer product design, parental controls, and digital literacy programs rather than restricting privacy-preserving technologies.