From 15th July 2019, the UK government has announced a porn ban and that online websites containing over a third of pornography will be banned from access by any users not registered and verified through an official process to prove that they are over the age of 18.
Any individuals wishing to access legal adult pornographic websites after the porn ban comes into place will need to provide their bank details or purchase a card in a shop to gain access to it.
The current verification of the user selecting their date of birth or confirming that they are over the age of 18 will no longer suffice.
Currently some pornographic websites show landing pages that request the user to click a button or enter their date of birth to confirm that they are over the age of 18, however, anyone can do this, whether or not they are actually over 18. The new porn ban regulations require such websites to initiate an age verification process.
Once the UK porn ban is in place, the required systems will involve the verification of an email address and age using different possible options including an SMS, credit card details, driving license or a passport number.
The porn ban law was passed in January, however, has been delayed in order to make it workable covers any site that includes more than 33% of pornographic content.
Margot James, the digital minister, stated that adult content is too easy for children to access online and the introduction of mandatory age verification is the first in the world, she also claims that they have taken the time to balance privacy concerns with the need to protect children from pornography.
The new porn ban law will be enforced by the British Board of Film Classification (BBFC) which will introduce a new AV symbol to inform users whether an age-verification provider is safe.
It is suggested that any websites that do not comply with this requirement would be blocked in the UK, making them inaccessible to normal Internet users and that they would have their payment services withdrawn.
Whilst the Government suggests that 88% of parents with children between 7 and 17 backed the law, the introduction of a porn ban that requires the registration of individuals with official documents and information in order for them to access pornography one that would be open to misuse and potential blackmail, particularly given the number of high profile data breaches that have occurred recently.
Possibly, the most infamous being the Ashley Madison breach in 2015, a website that enabled users to have extramarital affairs, when a group calling themselves “The Impact Team” stole the data of user accounts registered to their site.
This information included user names, addresses, email addresses and threatened to release the information if the website was not immediately shutdown.
During August 2015, the group released 25 gigabytes worth of company data including all user details which allowed those users to be personally identified through the information provided.
The FriendFinder Network including Adult Friend Finder, Penthouse, iCams and Stripshow.com was breached in October 2016 when details of the user accounts registered to the sites were released to cybercrime forums.
The passwords were protected by SHA-1 hashing algorithm which allowed 99 % to be cracked within a month.
However, in addition to those breach, it is suspected that the Equifax data breach may have been coordinated by a nation state in order to identify individuals of note with financial issues for intelligence purposes, a data breach of individuals registered to use pornographic websites would be even more beneficial to such a state.
Given that, in order to access pornography, communication to verify the user must be passed from a central source to the relevant site, the central source could be tricked by a clone site into revealing the details of those stored or the data could be intercepted.
The laws will also not protect any individuals who have a basic understanding of a computer. Software is freely available and already widely used, such as Tor Browser, that would remove the need to register on a central database.
The Tor Browser application can be used to circumvent any such restrictions as the connection is through a VPN from different countries, meaning that any restrictions in the UK would be avoided, it also does not maintain any browsing history activity or cache records that other standard browsers store.
The new privacy laws therefore, whilst they may be well meaning, by being switched on by default, they force any normal adult user the potential embarrassment of ‘signing up’ to access legal pornographic websites, the databases of such users is then also open to misuse and security breach and loss.
Any such data breach would potentially include the user’s name, address, credit card details and an overview of the type of adult material that they had accessed, the website itself, particularly if it related to a specific type of pornography, may be sufficient to use all of those details into blackmailing the user who was accessing a legal adult pornographic site.
To avoid all of these issues, any users who do not wish to ‘sign up’ to access such material can download widely and freely available software that will remove any enforced restrictions.
In addition to this, Internet service providers currently have ‘family’ restrictions in place in order to attempt to prevent user’s from unwittingly visiting pornographic websites or to stop children within the households from visiting such material.
However, this does not work, for example, attempting to visit the archive.org using the Three network, the site is blocked due to ‘potentially containing adult material’, whereas it actually only contains an archived copy of all websites and is as likely to contain pornography as the Internet in general, however, the service provider has blocked it.
It also does not work for social media websites and so it is still entirely possible for those under the age of 18 to use Snapchat, facebook, twitter, instagram etc to encounter pornographic material whilst browsing different profiles.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on enquiries@athenaforensics.co.uk, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.
https://athenaforensics.co.uk/service/mobile-phone-forensic-experts/
https://athenaforensics.co.uk/service/computer-forensic-experts/
