All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Australia's internet watchdog is laying the groundwork for a VPN ban, or at least something that would function like one for millions of ordinary users. Newly released government documents show the country's eSafety Commissioner wants platforms to detect when someone's using a VPN and treat that connection as a workaround to be blocked. [1]
The documents, released by eSafety this month under freedom of information law, describe VPN detection as a "reasonable step" service providers should take to enforce Australia's age verification rules.
That single line matters well beyond Australia. The same logic is already shaping policy debates in the UK and the EU, and it cuts against the exact reasons most people actually install a VPN: streaming sports from another country, securing a laptop on airport Wi-Fi, or simply keeping an internet provider from logging everything they do.
What this means for your VPN
Why this reaches far beyond anyone dodging an Australian age check
Why the push to detect VPNs is a privacy problem
Bottom line: Australia's VPN ban push is a preview, not an outlier
What the documents actually say about VPN detection
The documents are Senate estimates briefings, prepared for eSafety's April and May 2026 hearings and released this month under freedom of information law.
One, a briefing titled "Online Safety: Industry Codes and Standards," states plainly that "service providers must take reasonable steps to prevent workarounds like VPNs so eSafety will look at this when considering compliance with codes."
It adds that this mirrors eSafety's existing approach to the country's under-16 social media rules, where VPN detection is already treated as a reasonable step to keep underage users off platforms, and that the government's Age Assurance Technology Trial has already confirmed "tech companies can tell when a VPN is in use."
What this means for your VPN
While nobody in Australia is pulling VPN apps from app stores, platforms are now expected to detect when a connection looks like it's coming through a VPN and act on it.
This means that even using a VPN just to protect your data or to stop your ISP from tracking which sites you visit may get you blocked from websites, regardless of whether you’re an adult or not.
eSafety's own guidance on the codes points to the same idea, noting that geolocation technology "has the potential to strengthen age assurance" by flagging when someone may be masking their location.
For AAC readers who've looked into bypassing Australia's age verification rules with a VPN, that's the part worth sitting with: the workaround itself isn't illegal, but platforms are being pushed to get better at spotting it.
Why this reaches far beyond anyone dodging an Australian age check
The UK has already moved on a parallel track. AAC has reported on the UK government's own push to examine VPN restrictions tied to its under-16 social media ban, and on the broader UK age verification rules that triggered a spike in VPN downloads in the first place.
In the U.S., at least one state has floated restrictions tied to VPN use around age verification. None of these are coordinated, but they're pointing the same direction.
Privacy critics see the stakes as bigger than any one country's law.
John Pane, chair of Electronic Frontiers Australia, told TechRadar there's "a reasonably strong possibility" that Australia will go further, calling real VPN restrictions "a bright red line for digital, human rights, and civil liberties groups, academia, and the media."
NordVPN privacy advocate Laura Tyrylyte made a related point to the same outlet: treating VPNs primarily as loopholes ignores that the same tool protects remote workers, journalists, and anyone trying to keep financial data off an unsecured network.
Why the push to detect VPNs is a privacy problem
Catching a VPN reliably means checking connections against known VPN infrastructure and layering in what Meta calls "signals beyond just IP."
Hammond Pearce, a senior lecturer at UNSW's School of Computer Science and Engineering, explained the technical reason this works at all: "Popular, commercial VPNs often have 'known' endpoints, meaning the platform providers can tell if you're using one of those services."
That's a real limitation of the technology, and it applies just as much to someone using a VPN to keep a streaming subscription working abroad as it does to anyone else.
Building a system that can reliably tell the difference means monitoring everyone's connection by default, not just the people breaking a rule. Australian Greens Senator David Shoebridge raised exactly this concern to Information Age, calling the approach worrying precisely because it isn't limited to minors:
"The precedent being set here, of allowing tech companies who are already so data hungry to take and keep even more sensitive information, is appalling."
eSafety's own briefing documents push back on part of that: they state government ID "cannot be the only option" for age checks, and that eSafety "does not expect service providers to retain personal information."
Whether that assurance extends to the VPN-detection signals themselves, as opposed to the age-check data, isn't spelled out anywhere in what's public so far.
All About Cookies' own survey data shows why people are primed to worry regardless: 79% of Americans already say privacy and data security are their top concern with age verification laws in general.
Bottom line: Australia's VPN ban push is a preview, not an outlier
Nobody in Australia is banning VPN software this week. But eSafety's own Senate estimates briefings confirm that VPN detection is now an explicit, written-down expectation for how the country enforces age verification, and that's arguably a bigger deal than a ban would be, because it's quieter and harder to see coming. The UK is having the same fight right now, and the EU isn't far behind.
If you use a VPN for reasons unrelated to age checks, the thing to watch isn't whether Australia bans the software. It's how broadly regulators there, and everywhere else, end up defining "workaround."