Are Your VPNs Protecting You—or Handing Your Data to Israel?

Right, so Keir Starmer’s Labour government has heralded the Online Safety Act as a landmark piece of legislation. Ministers have triumphantly described it as the most comprehensive attempt to make the internet safer for children, to protect them from the dark corners of the digital world, from adult content and pro-anorexia forums to sites glorifying self-harm and violence. Ofcom’s new enforcement regime, that came into effect yesterday, is marketed as proof that the UK is taking a moral lead where other nations have failed to. Starmer’s government insists that this law represents responsible governance, a balance between technological innovation and child safety, and an answer to long-standing public concern about online harms.
Yet behind this narrative lies a troubling and perhaps even more dangerous consequence. The Online Safety Act, through its intrusive age verification rules, is not just forcing platforms to rethink content distribution—it is forcing ordinary British citizens to surrender sensitive identity information or face being locked out of large parts of the internet. And, as is already becoming clear, millions of Britons are refusing to comply. Instead, they are turning to Virtual Private Networks (VPNs) to bypass these checks. What sounds like a simple act of privacy preservation becomes far more sinister when one asks the question almost no one in Westminster seems to be asking: who exactly owns those VPNs, and what might they be doing with that data? And when that turns out to possibly be Israel, this story takes a whole different turn.
Right, so an investigation by MintPress News has revealed that Kape Technologies, an Israeli-linked company with a history of surveillance-related activity, now owns four of the world’s largest VPN services—ExpressVPN, CyberGhost, Private Internet Access, and ZenMate. Kape’s leadership is also deeply connected to Unit 8200, Israel’s elite cyber-intelligence unit, a group notorious for hacking, metadata collection, and targeted surveillance operations. By pushing Britons into the arms of VPN providers to escape state-imposed digital ID checks, Starmer’s government may inadvertently have created a surveillance pipeline that funnels British citizens’ data through companies with documented ties to a state accused of genocide in Gaza.
So has Starmer, through the Online Safety Act, not only failed to protect privacy but actively endangered it, by driving citizens to platforms that could serve foreign intelligence interests? And given his own pro Israel leanings, did he know he was doing this? And if so, what does this reveal about his government’s priorities, competence, its geopolitical foresight, and its moral judgment at a time when Israel faces global condemnation for war crimes?
The Online Safety Act, passed under a Conservative government in 2023 but championed and now enforced by Starmer’s Labour government, is as ambitious as it is invasive. According to Ofcom’s official guidance, which came into force yesterday, platforms offering adult content or potentially harmful material accessible to children must introduce “robust” age verification. This is no longer a voluntary measure or a matter of platforms self-certifying compliance; it is a legal obligation backed by fines of up to £18 million or 10% of global turnover, and even criminal penalties for senior executives who fail to implement sufficient safeguards.
Ofcom’s own statements reveal how intrusive the regime has become. Age checks must go well beyond “tick-box” declarations of age. Platforms are now expected to use ID document uploads, facial recognition scans, credit card verification, or approved third-party age verification services. The Financial Times has reported on how major tech companies are responding to this demand: Meta, Reddit, TikTok, and others are rolling out algorithmic age estimation, while adult sites are adopting systems provided by companies such as Yoti, which uses AI-backed facial age estimation and identity document verification.
Twitter, is worth singling out here funnily enough, has begun blocking videos of Israel’s atrocities in Gaza for users in the UK based on the new Online Privacy Act, pointing to the mandated age restrictions for sensitive content, but given Twitter doesn’t allow users to manually verify their age, this is amounting to a blanket ban on UK viewers.
Ofcom insists that it will not hold user data itself, but the regulator requires that companies retain sufficient records to demonstrate compliance when audited. This, in effect, ensures that vast amounts of sensitive identity data will be collected and stored, often by third parties.
Privacy groups, as reported by Wired, have already expressed alarm that this will create honeypots of sensitive data just waiting for the next breach – Another Equifax or another Ashley Madison. Many smaller websites are choosing simply to block UK users rather than risk the financial and legal consequences of non-compliance. In practice, the law places ordinary Britons in a difficult position. They must either surrender sensitive personal data—including potentially passports and facial scans—to platforms they may already distrust, or find a way to access content through other means.
What is most alarming is how little public debate there has been about whether this system is proportionate. The Online Safety Act treats all internet users as potential risks, effectively criminalising adult access to lawful content unless they agree to intrusive monitoring. The China comparisons have come thick and fast. The law assumes that state and corporate control of identity data is inherently trustworthy—a belief history has repeatedly shown to be naïve at best. For many citizens, the response has been obvious: leave the regulated internet behind and take matters into their own hands.
The surge in VPN use therefore, since Ofcom’s enforcement began is entirely predictable. VPNs allow users to mask their location, making it appear as though they are accessing the internet from a country where the Online Safety Act does not apply. By doing so, they can bypass age verification requirements altogether. For some, this is a simple practical decision to preserve privacy. For others, it is a quiet but deliberate act of civil disobedience. It does expose how Starmer’s little scheme here can quite readily be rendered impotent though.
VPN adoption in similar contexts worldwide shows the pattern clearly. In Australia, when adult-content age checks were introduced, VPN subscriptions skyrocketed almost overnight. In Germany, similar rules pushed many citizens to use VPNs rather than hand over ID to adult sites. This is not simply convenience; it is a refusal to comply with what many see as disproportionate state intrusion. In the UK, privacy advocates have already described VPN use as an act of “digital non-cooperation.” It reflects a public vote of no confidence in both government and platform assurances.
What Starmer’s government seems not to have anticipated—or, worse, seems to have ignored—is that by pushing people towards VPNs, it has effectively surrendered control over how Britons’ online privacy is managed. In seeking to control the internet within UK jurisdiction, the law has driven users towards foreign-owned infrastructure instead. And some of the companies now benefiting from this shift may have interests far more concerning than the platforms Starmer sought to regulate.
This brings us on to the MintPress investigation into VPN ownership. Kape Technologies, a company with a history in adware and malware distribution under its former name Crossrider, has rebranded itself as a “privacy-first” tech firm. In recent years, it has rapidly acquired four of the most popular VPN services in the world: ExpressVPN, CyberGhost, Private Internet Access, and ZenMate. Millions of privacy-conscious users now route their internet traffic through infrastructure ultimately owned by Kape.
The problem is not simply corporate consolidation though; it is Kape’s connections. Its leadership includes veterans of Unit 8200, Israel’s elite cyber-intelligence unit, which has a long record of hacking, metadata analysis, and surveillance operations. Unit 8200 is infamous for its involvement in large-scale interception of communications, and its alumni have gone on to form companies like NSO Group, which developed the Pegasus spyware that has been used against journalists, activists, and even government officials across multiple countries.
The risk is obvious. Even if VPNs claim to be “no-log” services, metadata is often still accessible. Connection times, IP address swaps, and server routing patterns can reveal behavioural insights valuable to intelligence agencies. If a state-linked company controls the infrastructure, the opportunity for surveillance increases dramatically. And the timing is significant: Israel is facing international accusations of genocide in Gaza, and pro-Palestinian activists are prime surveillance targets. The prospect that British citizens, including journalists, activists, or simply outspoken critics of Israel’s actions, could now have their online behaviour indirectly exposed to Israeli-linked firms is deeply disturbing.
The most charitable interpretation of Starmer’s policy is that this outcome is an unintended consequence. But good intentions do not negate bad outcomes. By designing a law that pushes citizens into the arms of VPNs, Starmer has created precisely the kind of fragmented, extra-jurisdictional environment where foreign actors thrive. Ofcom can regulate British companies, but it has no authority over Kape Technologies or similar foreign firms. The UK government has previously shown willingness to exclude foreign-owned tech companies on national security grounds—Huawei being the most prominent example. Yet no similar scrutiny has been applied to the VPN market, despite its direct impact on data privacy.
There is also a political dimension. Starmer has consistently been criticised for his pro-Israel stance, including his reluctance to condemn Israeli military actions in Gaza. Whether through negligence, naivety, or political convenience, his government has shown little interest in scrutinising Israeli-linked tech firms, even as they gain unprecedented access to British internet traffic. Given Starmer’s pro Israel leanings, its impossible to not countenance the thought at least, that he might know this and did it anyway. Surely the thought of people using VPN’s must have occurred to the government right? They must know who’s behind these or am I giving them too much credit for competence they simply don’t have?
History offers ample warning about how safety-driven laws become surveillance tools. South Korea’s real-name internet law, designed to curb cyberbullying, quickly led to mass data leaks and was eventually struck down as unconstitutional. India’s Aadhaar system, once billed as a welfare distribution mechanism, has expanded into a surveillance tool used to track activists and dissidents. The UK’s own Investigatory Powers Act, introduced as an anti-terror measure, has been used far more broadly than originally intended. Pegasus spyware, designed for counter-terrorism, has been used to monitor journalists and human rights workers.
The Online Safety Act fits perfectly into this pattern. Laws designed to “protect” inevitably expand in scope and create infrastructure that others—especially foreign intelligence agencies—are quick to exploit. The very same fear used to justify these laws, whether of terrorism or child exploitation, becomes the excuse for ever-greater encroachment.
Starmer had alternatives. The UK could have pursued privacy-preserving age assurance systems using zero-knowledge proofs or device-based parental controls rather than mass ID collection. The government could have required all age verification to be handled by UK-regulated, publicly accountable providers, explicitly banning foreign companies with intelligence ties. Open-source auditing could have ensured that verification systems could be trusted. Educational campaigns and platform accountability—fining companies for harmful recommendation algorithms rather than policing ordinary users—could have addressed the root causes of online harms without criminalising private access.
Most importantly, Starmer’s government should have conducted a geopolitical risk assessment, as it has in other sectors. Just as Huawei was barred from 5G infrastructure, Kape and similar companies could have been scrutinised or even restricted from marketing themselves as privacy tools to UK citizens. Instead, Starmer’s government has created conditions where British citizens now pay foreign companies—some with links to intelligence agencies—for the illusion of privacy.
The question of who owns VPNs is not abstract or academic; it is deeply political, especially now. Israel’s actions in Gaza, condemned by numerous human rights organisations as war crimes and even genocide, make it a uniquely unfit custodian of global privacy infrastructure. Pro-Palestinian activists, BDS organisers, and journalists are high-value targets for Israeli surveillance. By pushing UK citizens towards VPNs controlled by companies with Israeli intelligence ties, Starmer’s government may be indirectly enabling the very surveillance of those who oppose such atrocities.
This raises a grim moral question. In the name of protecting children from online harm, has Starmer’s government made it easier for a foreign power accused of genocide to monitor its critics? In a world where surveillance is a tool of political warfare, this is not just negligence; it borders on complicity. I struggle to believe this government is unaware of this.
Keir Starmer promised a safer, more accountable internet. But his Online Safety Act has done the opposite. It has created a system where British citizens must choose between surrendering their identities to domestic corporations or trusting foreign companies with dubious links. In driving people to VPNs owned by Israeli-linked firms, the government has potentially exposed activists, journalists, and ordinary citizens to surveillance by a state accused of war crimes.
This is not just a failure of policy; it is a failure of moral and political judgment. Starmer claims to stand for human rights, yet his government’s flagship digital policy may now be delivering British data into the hands of a state condemned on the world stage for its human rights abuses. If this is what safety looks like, you have to ask: who is Starmer really keeping safe? The children he claims to protect—or the governments and corporations he seems unwilling to challenge? If you’re going down the VPN route, choose wisely.
It’s not like Israeli subterfuge isn’t well known and well documented either, not just digitally, but physically too. Mysterious blasts have been going off in Iran, so talk naturally goes to whether Israel is responsible and are they attempting to restart war with the Iranians again or is this more their typical abuse of a ceasefire going on, or is it something else completely? Check out this video recommendation here to find out as your suggested next watch.
Please do also hit like, share and subscribe if you haven’t done so already so as to ensure you don’t miss out on all new daily content as well as spreading the word and helping to support the channel at the same time which is very much appreciated, holding power to account for ordinary working class people and I will hopefully catch you on the next vid. Cheers folks.