Wisconsin legislators have found a new villain in their quest to save people from themselves: the Virtual Private Network.
The state’s latest moral technology initiative, split into Assembly Bill 105 and Senate Bill 130, would force adult websites to verify user ages and ban anyone connecting through a VPN.
It passed the Assembly in March and now waits in the Senate, where someone will have to pretend this is enforceable.
Supporters are selling the plan as a way to “protect minors from explicit material.”
The bill’s machinery reads like a privacy demolition project written by people who still call tech support to reset passwords.
The law would apply to any site that “knowingly and intentionally publishes or distributes material harmful to minors.” It then defines that material as anything lacking “serious literary, artistic, political, or scientific value for minors.”
The wording is broad enough to rope in half the internet, yet somehow manages to exclude “bona fide news” (as to be determined by the state) and cloud platforms that don’t create the content themselves.
Whether that covers social media depends on who you ask: lawyers, lobbyists, or whichever intern wrote the definitions section.
The bill instructs websites to delete verification data after access is granted or denied.
That sounds good until you recall how the tech industry handles deletion promises.
Au10tix left user records exposed for a year after pledging to delete them within 30 days. Tea suffered multiple breaches despite assurances of immediate deletion. In the real world, “deleted” often means “archived on an unsecured server until a hacker finds it.”
The headline feature is a rule penalizing anyone who uses a VPN to access restricted material. VPNs encrypt internet traffic and disguise user locations, which lawmakers apparently see as a threat to order.
The logic is that if people can hide their IP addresses, the state can’t check their ID to ensure they’re old enough to view certain content. That’s technically true and philosophically disturbing.
Officials in other places are already cheering this idea. Michigan introduced a proposal requiring internet providers to detect and block VPN traffic.
If Wisconsin adopts the rule, VPN users would become collateral damage. Journalists, activists, and everyday users who rely on encryption for safety would be swept up in the ban.
The bill’s VPN clause is built on a fantasy of control that ignores how the internet works.
VPNs use encryption and obfuscation to hide their traffic, making it nearly impossible for websites to detect them if the VPN provider implements enough measures.
To comply, adult sites would have to block every VPN connection worldwide or collect biometric data from users to prove identity. Either approach would create new privacy risks while pretending to solve an old one.
As always, lawmakers insist they’re protecting children. But the bill’s real achievement is to turn privacy itself into something suspicious. By targeting VPNs and forcing ID checks, the legislation pushes the internet toward a future where every click is tagged with your real name and birthdate, waiting for the next data breach to make it public.
Wisconsin’s plan imagines a digital world policed by filters, IDs, and trust in the very corporations that keep leaking personal data. If this is what child safety looks like, it’s hard to tell where protection ends and surveillance begins.
